-
Notifications
You must be signed in to change notification settings - Fork 0
/
sctracer.c
76 lines (58 loc) · 1.53 KB
/
sctracer.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// Jesse Kennedy
// CPSC 322 Project 1
// Fall 2015
#define SIZE 1024
#define NUMCALLS 326 // Number of system calls in Linux
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/ptrace.h>
#include <sys/reg.h>
#include <sys/wait.h>
FILE *fout;
char args[SIZE];
int syscall[NUMCALLS];
int main(int argc, char **argv) {
pid_t child = fork();
if (child == 0) {
strcpy(args, argv[1]);
for (int i = 2; i < (argc - 1); i++) {
strcat(args, " ");
strcat(args, argv[i]);
}
char *arguments[SIZE];
char *tmp = strtok(args, " ");
char **ptr = arguments;
while (tmp) {
*(ptr++) = tmp;
tmp = strtok(NULL, " ");
}
ptrace(PTRACE_TRACEME);
child = getpid();
kill(child, SIGSTOP);
execvp(arguments[0], arguments);
} else {
int stat, count;
waitpid(child, &stat, 0);
ptrace(PTRACE_SETOPTIONS, child, 0, PTRACE_O_TRACESYSGOOD);
while (1) {
do {
ptrace(PTRACE_SYSCALL, child, 0, 0);
waitpid(child, &stat, 0);
if (WIFEXITED(stat)) {
fout = fopen(argv[argc - 1], "w");
for (int i = 0; i < NUMCALLS; i++) {
if (syscall[i])
fprintf(fout, "%d\t%d\n", i, syscall[i]);
}
fclose(fout);
return 1;
}
} while (!(WIFSTOPPED(stat) && WSTOPSIG(stat) & 0x80));
count = ptrace(PTRACE_PEEKUSER, child, sizeof(long) * ORIG_RAX, 0);
syscall[count]++;
ptrace(PTRACE_SYSCALL, child, 0, 0);
waitpid(child, &stat, 0);
}
}
}