trace

package
v0.0.0-...-e83addd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 12, 2021 License: GPL-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GenregsPrint is for general purpose registers.
	GenregsPrint = []rprint{
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
		{/* contains filtered or unexported fields */},
	}
	// AllregsPrint is for all registers, even useless ones.
	AllregsPrint = append(GenregsPrint,
		[]rprint{
			{name: "Fs_base", format: "%016x"},
			{name: "Gs_base", format: "%016x"},
			{name: "Cs", format: "%04x"},
			{name: "Ds", format: "%04x"},
			{name: "Es", format: "%04x"},
			{name: "Fs", format: "%04x"},
			{name: "Gs", format: "%04x"},
			{name: "Ss", format: "%04x"},
		}...)
	// RegsPrint allows for selecting which regs to print
	RegsPrint = GenregsPrint
)
View Source 
var Debug = func(string, ...interface{}) {}

Functions

func Args 

func Args(t Trace, r *syscall.PtraceRegs, nargs int) []uintptr

Args returns the top nargs args, going down the stack if needed. The max is 6. This is UEFI calling convention.

func Asm 

func Asm(d *x86asm.Inst, pc uint64) string

Asm returns a string for the given instruction at the given pc

func CallInfo 

func CallInfo(_ *unix.SignalfdSiginfo, inst *x86asm.Inst, r *syscall.PtraceRegs) string

CallInfo provides calling info for a function.

func Disasm 

func Disasm(t Trace) (string, error)

Disasm returns a string for the disassembled instruction.

func GetReg 

func GetReg(r *syscall.PtraceRegs, reg x86asm.Reg) (*uint64, error)

GetReg gets a register value from the Tracee. This code does not do any ptrace calls to get registers. It returns a pointer so the register can be read and modified. 

func Header(w io.Writer) error

Header prints out a header register.

func Inst 

func Inst(t Trace) (*x86asm.Inst, *syscall.PtraceRegs, string, error)

Inst retrieves an instruction from the traced process. It returns an x86asm.Inst, Ptraceregs, a string in GNU syntax, and and error It gets messy if the Rip is in unaddressable space; that means we must fetch the saved Rip from [Rsp].

func Params 

func Params(r *syscall.PtraceRegs, arg0, arg1 uintptr)

Params sets paramers in %rcx, %rdx

func Pointer 

func Pointer(t Trace, inst *x86asm.Inst, r *syscall.PtraceRegs, arg int) (uintptr, error)

Pointer returns the data pointed to by args[arg]

func Pop 

func Pop(t Trace, r *syscall.PtraceRegs) (uint64, error)

Pop pops the stack and returns what was at TOS.

func ReadStupidString 

func ReadStupidString(t Trace, address uintptr) (string, error)

ReadStupidString reads a UEFI-style string, i.e. one composed of words, not bytes. We're gonna party like it's 1899.

func ReadWord 

func ReadWord(t Trace, address uintptr) (uint64, error)

ReadWord reads the given word from the inferior's address space.

func RegDiff 

func RegDiff(w io.Writer, r, p *syscall.PtraceRegs) error

RegDiff compares to PtraceRegs and prints out only the ones that have changed, as .csv

func Regs 

func Regs(w io.Writer, r *syscall.PtraceRegs) error

Regs prints out registers as .csv.

func SetDebug 

func SetDebug(f func(string, ...interface{}))

func SetIPtr 

func SetIPtr(t Trace, addr uintptr) error

SetIPtr sets the instruction pointer for a Tracee.

func WriteWord 

func WriteWord(t Trace, address uintptr, word uint64) error

WriteWord writes the given word into the inferior's address space.

Types

type Trace 

type Trace interface {
	Event() unix.SignalfdSiginfo
	NewProc(id int) error
	ReadWord(address uintptr) (uint64, error)
	Read(address uintptr, data []byte) error
	Write(address uintptr, data []byte) error
	GetRegs() (*syscall.PtraceRegs, error)
	SetRegs(pr *syscall.PtraceRegs) error
	SingleStep(onoff bool) error
	Run() error
	Tab() []byte
}

Trace is the interface to a traced process

func New 

func New(n string) (Trace, error)

New returns a new Trace. The kind is determined by the parameter.

Source Files

View all Source files

Directories

Path Synopsis
Package kvm provides an interface to the kvm system call.
 Package kvm provides an interface to the kvm system call.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.