Skip to content

Commit

Permalink
.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rxOred
rxOred committed Mar 13, 2022
1 parent 50ca2f7 commit 1d89b69
Show file tree
Hide file tree
Showing 10 changed files with 870 additions and 255 deletions.
2 changes: 2 additions & 0 deletions include/zkelf.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
#include <sys/stat.h>
#include <sys/types.h>

// TODO replace architecture dependant getters and setters with constexpr

namespace ZkElf {

enum ELFFLAGS : u8_t {
Expand Down
97 changes: 97 additions & 0 deletions include/zkmap.hh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
#ifndef ZKMAP_HH
#define ZKMAP_HH

#include "zktypes.hh"
#include <string>
#include <vector>
#include <memory>

#define MAPPATH "/proc/%d/maps"
#define MEMPATH "/proc/%d/mem"
#define CMDLINE "/proc/%d/cmdline"

namespace ZkProcess {
struct page_t {
public:
page_t(addr_t saddr, addr_t eaddr, std::string permissions,
std::string name);

inline addr_t GetPageStartAddress(void) const
{
return page_saddr;
}
inline addr_t GetPageEndAddress(void) const
{
return page_eaddr;
}
inline std::string GetPagePermissions(void) const
{
return page_permissions;
}
inline std::string GetPageName(void) const
{
return page_name;
}
private:
addr_t page_saddr;
addr_t page_eaddr;
std::string page_permissions;
std::string page_name;
};

class MemoryMap {
public:
MemoryMap(pid_t pid, u8_t flag);
~MemoryMap();

addr_t GetModuleBaseAddress(const char *module_name) const;
addr_t GetModuleEndAddress(const char *module_name) const;
std::shared_ptr<page_t> GetModulePage(const char *module_name)
const;

inline std::shared_ptr<page_t> GetBasePage(void) const
{
return mm_pageinfo[0];
}
inline std::shared_ptr<page_t> GetLastPage(void) const
{
return *mm_pageinfo.end();
}
inline std::vector<std::shared_ptr<page_t>>::const_iterator
GetIteratorBegin(void) const
{
return mm_pageinfo.begin();
}
inline std::vector<std::shared_ptr<page_t>>::const_iterator
GetIteratorLast(void) const
{
return mm_pageinfo.end();
}
inline std::pair<std::vector<std::shared_ptr<page_t>>::const_iterator,
std::vector<std::shared_ptr<page_t>>::const_iterator>
GetIteratorsBeginEnd(void) const
{
return std::make_pair(mm_pageinfo.begin(), mm_pageinfo.end());
}
inline addr_t GetBaseAddress(void) const
{
return mm_pageinfo[0]->GetPageStartAddress();
}
inline addr_t GetBaseEndAddress(void) const
{
return mm_pageinfo[0]->GetPageEndAddress();
}
inline std::vector<std::shared_ptr<page_t>> GetMemoryPages(void) const
{
return mm_pageinfo;
}
bool IsMapped(addr_t addr) const;

// TODO virtualAlloc /protect
private:
u8_t mm_flags = 0;
std::vector<std::shared_ptr<page_t>> mm_pageinfo;
};
};

#endif // ZKMAP_HH
206 changes: 18 additions & 188 deletions include/zkprocess.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,20 +23,12 @@
#include <sys/ptrace.h>
#include <random>

#define MAPPATH "/proc/%d/maps"
#define MEMPATH "/proc/%d/mem"
#define CMDLINE "/proc/%d/cmdline"

#define DEFAULT_SNAPSHOT_COUNT 5
#define DEFAULT_SNAPSHOT_STACK_SZ 1024
#define DEFAULT_SNAPSHOT_INSTR 64

// TODO check if p_log is null. if so dont queue the log

#define CHECKFLAGS_AND_ATTACH \
if(!ZK_CHECK_FLAGS(PTRACE_ATTACH_NOW, p_flags) && \
!ZK_CHECK_FLAGS(PTRACE_START_NOW, p_flags)) { \
p_log->PushLog("attaching tp process", \
p_log->PushLog("attaching to process", \
ZkLog::LOG_LEVEL_DEBUG); \
DetachFromProcess(); \
}
Expand Down Expand Up @@ -100,13 +92,13 @@ namespace ZkProcess {
// This enum describes ptrace stopped process state
enum PTRACE_STOP_STATE : u8_t {
// ptrace-stop state - tracee is ready accept ptrace commands
// such as PTRACE_PEEKDATA / PTRACE_POKEDATA / PTRACE_GETREGS
// and so on
PTRACE_STOP_NOT_STOPPED = 0,
PTRACE_STOP_SIGNAL_DELIVERY,
PTRACE_STOP_GROUP,
PTRACE_STOP_SYSCALL,
PTRACE_STOP_PTRACE_EVENT,


PTRACE_STOP_PTRACE_EVENT
};

// exit status of the process
Expand Down Expand Up @@ -136,138 +128,15 @@ namespace ZkProcess {
PROCESS_SNAP_FUNC
};

struct page_t {
public:
page_t(addr_t saddr, addr_t eaddr, std::string permissions,
std::string name);

inline addr_t GetPageStartAddress(void) const
{
return page_saddr;
}
inline addr_t GetPageEndAddress(void) const
{
return page_eaddr;
}
inline std::string GetPagePermissions(void) const
{
return page_permissions;
}
inline std::string GetPageName(void) const
{
return page_name;
}
private:
addr_t page_saddr;
addr_t page_eaddr;
std::string page_permissions;
std::string page_name;
};

class MemoryMap {
private:
u8_t mm_flags = 0;
std::vector<std::shared_ptr<page_t>> mm_pageinfo;
public:
MemoryMap(pid_t pid, u8_t flag);
~MemoryMap();

addr_t GetModuleBaseAddress(const char *module_name) const;
addr_t GetModuleEndAddress(const char *module_name) const;
std::shared_ptr<page_t> GetModulePage(const char *module_name)
const;

inline std::shared_ptr<page_t> GetBasePage(void) const
{
return mm_pageinfo[0];
}
inline std::shared_ptr<page_t> GetLastPage(void) const
{
return *mm_pageinfo.end();
}
inline std::vector<std::shared_ptr<page_t>>::const_iterator
GetIteratorBegin(void) const
{
return mm_pageinfo.begin();
}
inline std::vector<std::shared_ptr<page_t>>::const_iterator
GetIteratorLast(void) const
{
return mm_pageinfo.end();
}
inline std::pair<std::vector<std::shared_ptr<page_t>>::const_iterator,
std::vector<std::shared_ptr<page_t>>::const_iterator>
GetIteratorsBeginEnd(void) const
{
return std::make_pair(mm_pageinfo.begin(), mm_pageinfo.end());
}
inline addr_t GetBaseAddress(void) const
{
return mm_pageinfo[0]->GetPageStartAddress();
}
inline addr_t GetBaseEndAddress(void) const
{
return mm_pageinfo[0]->GetPageEndAddress();
}
inline std::vector<std::shared_ptr<page_t>> GetMemoryPages(void) const
{
return mm_pageinfo;
}
bool IsMapped(addr_t addr) const;

// TODO virtualAlloc /protect
};

class Signal {
private:
siginfo_t s_siginfo;
pid_t s_pid;
public:
Signal(pid_t pid)
:s_pid(pid)
{// TODO initialize s_siginfo to 0x0
}
bool SignalProcess(int signal) const
{
if (kill(s_pid, signal) < 0) return false;
else return true;
}
inline bool SignalStopProcess(void) const
{
return SignalProcess(SIGSTOP);
}
inline bool SignalKillProcess(void) const
{
return SignalProcess(SIGKILL);
}
inline bool SignalContinueProcess(void) const
{
return SignalProcess(SIGCONT);
}
inline bool SignalTrapProcess(void) const
{
return SignalProcess(SIGTRAP);
}
};

class Ptrace {
private:
u8_t p_flags = 0;

PROCESS_STATE p_state = PROCESS_NOT_STARTED;
PROCESS_STATE_INFO p_state_info;

std::shared_ptr<MemoryMap> p_memmap;
ZkLog::Log *p_log;
pid_t p_pid;
public:

// pathname = filepath to elf binary which should be forkd
// and execed with ptrace
// pid = pid for a currently active process
// regs = register struct
Ptrace(const char **pathname, pid_t pid, u8_t flags, ZkLog::Log *log);
Ptrace(const char **pathname, pid_t pid, u8_t flags);
Ptrace(const char **pathname, pid_t pid, u8_t flags,
ZkLog::Log *log);
Ptrace(const char **pathname, pid_t pid, u8_t flags,
ZkProcess::Snapshot *snapshot);
Ptrace(const char **pathname, pid_t pid, u8_t flags,
ZkLog::Log *log, ZkProcess::Snapshot *snapshot);
~Ptrace();

inline std::shared_ptr<MemoryMap> GetMemoryMap(void) const
Expand All @@ -290,7 +159,7 @@ namespace ZkProcess {
void KillProcess(void);
bool ContinueProcess(bool pass_signal);

void WaitForProcess(int options);
PROCESS_STATE WaitForProcess(int options);

PROCESS_STATE SignalProcess(int signal);
PROCESS_STATE SignalStopProcess(void);
Expand All @@ -317,56 +186,17 @@ namespace ZkProcess {
//TODO methods to read thread state using registers
// CreateThread


private:
bool isPtraceStopped(void) const;
};

// queue to store process state
struct snapshot_t {
public:
snapshot_t(u8_t flags, registers_t *regs, void *stack,
void *instr);

~snapshot_t();
u8_t p_flags = 0;

inline u8_t GetFlags(void) const
{
return ps_flags;
}
inline registers_t *GetRegisters(void) const
{
return ps_registers;
}
inline void *GetStack(void) const
{
return ps_stack;
}
inline void *GetInstructions(void) const
{
return ps_instructions;
}
private:
// generic information about amount of the captured data
u8_t ps_flags;
registers_t *ps_registers;
void *ps_stack;
void *ps_instructions;
};
PROCESS_STATE p_state = PROCESS_NOT_STARTED;
PROCESS_STATE_INFO p_state_info;
pid_t p_pid;
std::shared_ptr<ZkProcess::MemoryMap> p_memmap;

class Snapshot {
private:
int s_count = DEFAULT_SNAPSHOT_COUNT;
std::queue<std::shared_ptr<snapshot_t>> s_snapshots;
ZkLog::Log *s_log;
public:
Snapshot();
Snapshot(int count);
Snapshot(int count, ZkLog::Log *log);
~Snapshot();
ZkLog::Log *p_log;

bool SaveSnapshot(ZkProcess::Ptrace &ptrace, u8_t flags);
bool RestoreSnapshot(ZkProcess::Ptrace &ptrace);
bool isPtraceStopped(void) const;
};
};

Expand Down
Loading

0 comments on commit 1d89b69

Please sign in to comment.