ptracer

package

v0.11.2 Latest Latest Go to latest Published: Feb 22, 2025 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/criyle/go-sandbox

Documentation ¶

Rendered for

Overview ¶

Package ptracer provides platform independent ptrace pooling loop interface to trace program syscalls on Linux.

Index ¶

Constants
Variables
type Context
type Handler
type Runner
type TraceAction
type Tracer
- func (t *Tracer) Trace(c context.Context) (result runner.Result)

Constants ¶

View Source

const (
	NT_PRSTATUS        = 1
	NT_ARM_SYSTEM_CALL = 0x404

	PTRACE_SET_SYSCALL = 23
)

ptrace constants

Variables ¶

View Source

var (
	// UseVMReadv determine whether use ProcessVMReadv syscall to read str
	// initial true and becomes false if tried and failed with ENOSYS
	UseVMReadv = true
)

Functions ¶

This section is empty.

Types ¶

type Context ¶

type Context struct {
	// Pid is current context process pid
	Pid int
	// contains filtered or unexported fields
}

Context is the context for current syscall trap used to retrive syscall number and arguments

func (*Context) Arg0 ¶

func (c *Context) Arg0() uint

Arg0 gets the arg0 for the current syscall

func (*Context) Arg1 ¶

func (c *Context) Arg1() uint

Arg1 gets the arg1 for the current syscall

func (*Context) Arg2 ¶

func (c *Context) Arg2() uint

Arg2 gets the arg2 for the current syscall

func (*Context) Arg3 ¶

func (c *Context) Arg3() uint

Arg3 gets the arg3 for the current syscall

func (*Context) Arg4 ¶

func (c *Context) Arg4() uint

Arg4 gets the arg4 for the current syscall

func (*Context) Arg5 ¶

func (c *Context) Arg5() uint

Arg5 gets the arg5 for the current syscall

func (*Context) GetString ¶

func (c *Context) GetString(addr uintptr) string

GetString get the string from process data segment

func (*Context) SetReturnValue ¶

func (c *Context) SetReturnValue(retval int)

SetReturnValue set the return value if skip the syscall

func (*Context) SyscallNo ¶

func (c *Context) SyscallNo() uint

SyscallNo get current syscall no

type Handler ¶

type Handler interface {
	// Handle returns action take to the traced program
	Handle(*Context) TraceAction

	// Debug prints debug information when in debug mode
	Debug(v ...interface{})
}

Handler defines customized handler for traced syscall

type Runner ¶

type Runner interface {
	// Starts starts the child process and return pid and error if failed
	// the child process should enable ptrace and should stop before ptrace
	Start() (int, error)
}

Runner represents the process runner

type TraceAction ¶

type TraceAction int

TraceAction defines the action returned by TraceHandle

const (
	// TraceAllow does not do anything
	TraceAllow TraceAction = iota
	// TraceBan skips the syscall and set the return code specified by SetReturnCode
	TraceBan
	// TraceKill referred as dangerous action have been detected
	TraceKill
)

type Tracer ¶

type Tracer struct {
	Handler
	Runner
	runner.Limit
}

Tracer defines a ptracer instance

func (*Tracer) Trace ¶

func (t *Tracer) Trace(c context.Context) (result runner.Result)

Trace start and traces all child process by runner in the calling goroutine parameter done used to cancel work, start is used notify child starts

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL