diff --git a/include/zkelf.hh b/include/zkelf.hh index 3d0dd9d..5aa4d0e 100644 --- a/include/zkelf.hh +++ b/include/zkelf.hh @@ -445,8 +445,7 @@ public: [[nodiscard]] void *get_memory_map() const; [[nodiscard]] std::size_t get_map_size() const; - [[nodiscard]] std::variant get_elf_source( - ) const; + [[nodiscard]] std::variant get_elf_source() const; [[nodiscard]] ehdr_t *get_elf_header() const; [[nodiscard]] phdr_t *get_program_header_table() const; @@ -521,9 +520,10 @@ enum class elf_options : zktypes::u8_t { // ElfObj by default class ZkElf { public: - ZkElf(std::variant, ElfObj> obj, - std::variant options = elf_read_only{}, - std::optional log = std::nullopt); + ZkElf(std::variant, ElfObj> obj, + std::variant options = + elf_read_only{}, + std::optional log = std::nullopt); ZkElf(const ZkElf &) = delete; ZkElf(ZkElf &&) = delete; @@ -855,7 +855,7 @@ public: friend std::shared_ptr load_elf_writable_from_file( const char *path, std::optional save_options, std::optional log); - + friend void load_elf_from_memory(); private: @@ -868,7 +868,9 @@ std::shared_ptr load_elf_from_file( const char *path, std::optional log = std::nullopt); std::shared_ptr load_elf_writable_from_file( - const char *path, std::optional save_options = elf_save_options::ELF_AUTO_SAVE, + const char *path, + std::optional save_options = + elf_save_options::ELF_AUTO_SAVE, std::optional log = std::nullopt); void load_elf_from_memory(); diff --git a/include/zkhooks.hh b/include/zkhooks.hh index 9e60c1e..3ef7691 100644 --- a/include/zkhooks.hh +++ b/include/zkhooks.hh @@ -1,4 +1,4 @@ #ifndef ZKHOOKS_HH #define ZKHOOKS_HH -#endif // ZKHOOKS_HH +#endif // ZKHOOKS_HH diff --git a/include/zklog.hh b/include/zklog.hh index 9feaacf..2d6466e 100644 --- a/include/zklog.hh +++ b/include/zklog.hh @@ -34,9 +34,7 @@ public: inline std::string get_log_message(void) { return l_string; } inline log_level get_log_level(void) { return l_level; } - inline log_error_code get_log_error_code(void) { - return l_error_code; - } + inline log_error_code get_log_error_code(void) { return l_error_code; } private: std::string l_string; @@ -56,7 +54,7 @@ public: void push_log(std::string log_string, log_level level, std::optional error_code = log_error_code::LOG_ERROR_NONE); - std::tuple pop_log(void); + std::tuple pop_log(void); log_level peek_log_level(void); private: diff --git a/include/zkmemorymap.hh b/include/zkmemorymap.hh index bd35990..2454843 100644 --- a/include/zkmemorymap.hh +++ b/include/zkmemorymap.hh @@ -21,13 +21,13 @@ public: page_t(typename T::addr_t saddr, typename T::addr_t eaddr, std::string permissions, std::optional name = std::nullopt) - :page_saddr(saddr), - page_eaddr(eaddr), - page_permissions(std::move(permissions)), - page_name(std::move(name)) {} - + : page_saddr(saddr), + page_eaddr(eaddr), + page_permissions(std::move(permissions)), + page_name(std::move(name)) {} + page_t(const page_t&) = default; - page_t(page_t&&) noexcept = default; + page_t(page_t&&) noexcept = default; inline typename T::addr_t get_page_start_address() const { return page_saddr; @@ -39,8 +39,8 @@ public: return page_permissions; } [[nodiscard]] inline std::string get_page_name() const { - return page_name.value_or(""); - } + return page_name.value_or(""); + } private: typename T::addr_t page_saddr; @@ -54,7 +54,7 @@ class MemoryMap { public: explicit MemoryMap(pid_t pid); void parse_memory_map(); - std::vector> get_memory_map() const; + std::vector> get_memory_map() const; std::optional get_module_start_address( const char* module_name) const; std::optional get_module_end_address( @@ -70,8 +70,8 @@ public: inline const page_t& get_end_page() const { return *mm_pageinfo.end(); } - inline typename std::vector>::const_iterator get_iterator_begin( - ) const { + inline typename std::vector>::const_iterator + get_iterator_begin() const { return mm_pageinfo.begin(); } diff --git a/include/zkptrace.hh b/include/zkptrace.hh index dbf033d..f0c7a46 100644 --- a/include/zkptrace.hh +++ b/include/zkptrace.hh @@ -118,16 +118,19 @@ public: ~Ptrace(); explicit Ptrace(char *const *path, - std::optional flags = PTRACE_START_NOW | - PTRACE_DISABLE_ASLR, - std::optional log = std::nullopt); + std::optional flags = + PTRACE_START_NOW | PTRACE_DISABLE_ASLR, + std::optional log = std::nullopt); explicit Ptrace(pid_t pid, - std::optional flags = PTRACE_ATTACH_NOW, - std::optional log = std::nullopt); + std::optional flags = PTRACE_ATTACH_NOW, + std::optional log = std::nullopt); [[nodiscard]] inline pid_t get_pid() const { return p_pid; } - [[nodiscard]] inline PROCESS_STATE get_process_state() const { return p_state; } - [[nodiscard]] inline PROCESS_STATE_INFO get_process_state_info() const { + [[nodiscard]] inline PROCESS_STATE get_process_state() const { + return p_state; + } + [[nodiscard]] inline PROCESS_STATE_INFO get_process_state_info() + const { return p_state_info; } diff --git a/include/zksignal.hh b/include/zksignal.hh index 847609d..058f17f 100644 --- a/include/zksignal.hh +++ b/include/zksignal.hh @@ -1,37 +1,35 @@ #ifndef ZKSIG_HH #define ZKSIG_HH -#include "zktypes.hh" #include #include +#include "zktypes.hh" + namespace ZkProcess { - class Signal { - public: - Signal(pid_t pid); - Signal(const Signal&) =default; - Signal(Signal&&) =default; +class Signal { +public: + Signal(pid_t pid); + Signal(const Signal&) = default; + Signal(Signal&&) = default; + + bool SignalProcess(int signal) const; + inline bool SignalStopProcess(void) const { + return SignalProcess(SIGSTOP); + } + inline bool SignalKillProcess(void) const { + return SignalProcess(SIGKILL); + } + inline bool SignalContinueProcess(void) const { + return SignalProcess(SIGCONT); + } + inline bool SignalTrapProcess(void) const { + return SignalProcess(SIGTRAP); + } - bool SignalProcess(int signal) const; - inline bool SignalStopProcess(void) const - { - return SignalProcess(SIGSTOP); - } - inline bool SignalKillProcess(void) const - { - return SignalProcess(SIGKILL); - } - inline bool SignalContinueProcess(void) const - { - return SignalProcess(SIGCONT); - } - inline bool SignalTrapProcess(void) const - { - return SignalProcess(SIGTRAP); - } - private: - pid_t s_pid; - }; +private: + pid_t s_pid; }; +}; // namespace ZkProcess -#endif // ZKSIG_HH +#endif // ZKSIG_HH diff --git a/include/zksnapshot.hh b/include/zksnapshot.hh index 129b749..ff622ad 100644 --- a/include/zksnapshot.hh +++ b/include/zksnapshot.hh @@ -27,7 +27,7 @@ public: snapshot_t(zktypes::u8_t flags, registers_t *regs, void *stack, void *instr); snapshot_t(const snapshot_t &) = default; - snapshot_t(snapshot_t &&) = default; + snapshot_t(snapshot_t &&) = default; ~snapshot_t(); @@ -51,8 +51,8 @@ public: std::optional count = DEFAULT_SNAPSHOT_COUNT, std::optional log = std::nullopt); Snapshot(const Snapshot &) = default; - Snapshot(Snapshot &&) = default; - + Snapshot(Snapshot &&) = default; + ~Snapshot() = default; bool save_snapshot(zktypes::u8_t flags); bool restore_snapshot(void); diff --git a/include/zktypes.hh b/include/zktypes.hh index ed289fb..2e2e7b6 100644 --- a/include/zktypes.hh +++ b/include/zktypes.hh @@ -37,8 +37,8 @@ struct x64 : public zktypes { using off_t = std::uint64_t; }; -using eventcodes_t = __ptrace_eventcodes; +using eventcodes_t = __ptrace_eventcodes; // TODO make this independant -using registers_t = struct user_regs_struct; +using registers_t = struct user_regs_struct; #endif // ZKTYPES_HH diff --git a/include/zkutils.hh b/include/zkutils.hh index b865cc9..11e650d 100644 --- a/include/zkutils.hh +++ b/include/zkutils.hh @@ -21,17 +21,17 @@ namespace zkutils { -std::pair open_file(const char *path, bool should_writable = false); +std::pair open_file(const char *path, + bool should_writable = false); template -bool validate_magic_number(T a[size], T b[size]) -{ - for (int i = 0; i < size; ++i) { - if (a[i] != b[i]) { - return false; - } - } - return true; +bool validate_magic_number(T a[size], T b[size]) { + for (int i = 0; i < size; ++i) { + if (a[i] != b[i]) { + return false; + } + } + return true; } inline void save_memory_map(const char *path, void *memory_map, @@ -48,8 +48,8 @@ inline void save_memory_map(const char *path, void *memory_map, } } -inline void save_buffer_to_file(const char *path, off_t offset, void *buffer, - int buffer_size) noexcept { +inline void save_buffer_to_file(const char *path, off_t offset, + void *buffer, int buffer_size) noexcept { int fd = open(path, O_CREAT | O_WRONLY, 0666); if (fd < 0) { throw zkexcept::file_not_found_error(); @@ -63,8 +63,8 @@ inline void save_buffer_to_file(const char *path, off_t offset, void *buffer, } template -int patch_address(typename T::u8_t *buffer, size_t len, typename T::addr_t addr, - typename T::u8_t *magic) { +int patch_address(typename T::u8_t *buffer, size_t len, + typename T::addr_t addr, typename T::u8_t *magic) { int count = 0; for (int i = 0; i < len; i++) { printf("%x\n", buffer[i]); diff --git a/src/zkelf.cc b/src/zkelf.cc index 5139cb9..d65e49b 100644 --- a/src/zkelf.cc +++ b/src/zkelf.cc @@ -20,7 +20,7 @@ #include "zktypes.hh" #include "zkutils.hh" -// default is to load elf with elf_read_only +// default is to load elf with elf_read_only std::shared_ptr zkelf::load_elf_from_file( const char *path, std::optional log) { auto pair = zkutils::open_file(path, false); @@ -35,25 +35,21 @@ std::shared_ptr zkelf::load_elf_from_file( if (core->ei_class == (zktypes::u8_t)ei_class::ELFCLASS32) { std::shared_ptr ptr = std::make_shared( ElfObj((void *)pair.first, pair.second, path), - elf_read_only{}, - log - ); + elf_read_only{}, log); return ptr; } else if (core->ei_class == (zktypes::u8_t)ei_class::ELFCLASS64) { std::shared_ptr ptr = std::make_shared( ElfObj((void *)pair.first, pair.second, path), - elf_read_only{}, - log - ); + elf_read_only{}, log); return ptr; } else { throw zkexcept::invalid_file_type_error(); } } -// default is to load elf with elf_read_write and ELF_AUTO_SAVE +// default is to load elf with elf_read_write and ELF_AUTO_SAVE std::shared_ptr zkelf::load_elf_writable_from_file( - const char *path, std::optional save_options, + const char *path, std::optional save_options, std::optional log) { auto pair = zkutils::open_file(path, false); auto *core = (elf_core *)pair.first; @@ -67,23 +63,18 @@ std::shared_ptr zkelf::load_elf_writable_from_file( if (core->ei_class == (zktypes::u8_t)ei_class::ELFCLASS32) { std::shared_ptr ptr = std::make_shared( ElfObj((void *)pair.first, pair.second, path), - elf_read_write { elf_save_options::ELF_AUTO_SAVE }, - log - ); + elf_read_write{elf_save_options::ELF_AUTO_SAVE}, log); return ptr; } else if (core->ei_class == (zktypes::u8_t)ei_class::ELFCLASS64) { std::shared_ptr ptr = std::make_shared( ElfObj((void *)pair.first, pair.second, path), - elf_read_write {elf_save_options::ELF_AUTO_SAVE}, - log - ); + elf_read_write{elf_save_options::ELF_AUTO_SAVE}, log); return ptr; } else { throw zkexcept::invalid_file_type_error(); } } - void zkelf::load_elf_from_memory() { // load from memory using ptrace } @@ -93,16 +84,18 @@ zkelf::ElfObj::ElfObj(void *map, std::size_t size, std::variant s) : e_memory_map(map), e_map_size(size), e_source(s) { e_ehdr = (ehdr_t *)e_memory_map; - e_phdrtab = (phdr_t *)((zktypes::u8_t *)e_memory_map + e_ehdr->elf_phoff); - e_shdrtab = (shdr_t *)((zktypes::u8_t *)e_memory_map + e_ehdr->elf_shoff); + e_phdrtab = + (phdr_t *)((zktypes::u8_t *)e_memory_map + e_ehdr->elf_phoff); + e_shdrtab = + (shdr_t *)((zktypes::u8_t *)e_memory_map + e_ehdr->elf_shoff); if (e_ehdr->elf_shstrndx == static_cast(sh_n::SHN_UNDEF) || e_ehdr->elf_shstrndx > e_ehdr->elf_shnum || e_shdrtab[e_ehdr->elf_shstrndx].sh_offset > size) { e_is_stripped = true; } else { - e_shstrtab = - (strtab_t)e_memory_map + e_shdrtab[e_ehdr->elf_shstrndx].sh_offset; + e_shstrtab = (strtab_t)e_memory_map + + e_shdrtab[e_ehdr->elf_shstrndx].sh_offset; } } @@ -121,8 +114,9 @@ std::size_t zkelf::ElfObj::get_map_size() const { return e_map_size; } -template -std::variant zkelf::ElfObj::get_elf_source() const { +template +std::variant zkelf::ElfObj::get_elf_source() + const { return e_source; } @@ -142,8 +136,7 @@ zkelf::shdr_t *zkelf::ElfObj::get_section_header_table() const { } template -zkelf::strtab_t zkelf::ElfObj::get_section_header_string_table( - ) const { +zkelf::strtab_t zkelf::ElfObj::get_section_header_string_table() const { return e_shstrtab; } @@ -163,8 +156,7 @@ zkelf::symtab_t *zkelf::ElfObj::get_symbol_table() const { } template -zkelf::symtab_t *zkelf::ElfObj::get_dynamic_symbol_table( - ) const { +zkelf::symtab_t *zkelf::ElfObj::get_dynamic_symbol_table() const { return e_dynsym; } @@ -216,12 +208,11 @@ void zkelf::ElfObj::set_program_header_table(void *new_phdr) { template void zkelf::ElfObj::set_section_header_string_table(void *new_tab) { if (e_shstrtab != nullptr) { - memcpy( - (void *)&((zktypes::u8_t *)get_memory_map()) - [e_shdrtab[e_ehdr->elf_shstrndx].sh_offset], - new_tab, - ((zktypes::u8_t *) - get_memory_map())[e_shdrtab[e_ehdr->elf_shstrndx].sh_size]); + memcpy((void *)&((zktypes::u8_t *)get_memory_map()) + [e_shdrtab[e_ehdr->elf_shstrndx].sh_offset], + new_tab, + ((zktypes::u8_t *)get_memory_map()) + [e_shdrtab[e_ehdr->elf_shstrndx].sh_size]); } else { e_shstrtab = (strtab_t)new_tab; } @@ -257,10 +248,10 @@ void zkelf::ElfObj::set_note_section(void *new_note) { e_nhdr = (nhdr_t *)new_note; } -zkelf::ZkElf::ZkElf(std::variant, ElfObj> obj, - std::variant options, - std::optional log) - : elf_file_options(options), elf_object(obj), elf_log(log) {} +zkelf::ZkElf::ZkElf(std::variant, ElfObj> obj, + std::variant options, + std::optional log) + : elf_file_options(options), elf_object(obj), elf_log(log) {} bool zkelf::ZkElf::load_symbol_data() { std::array indexes{}; @@ -490,7 +481,9 @@ zkelf::e_type zkelf::ZkElf::get_elf_type(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_type; } - return std::get_if>(&elf_object)->get_elf_header()->elf_type; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_type; } zkelf::e_machine zkelf::ZkElf::get_elf_machine(void) const { @@ -515,28 +508,36 @@ zktypes::u64_t zkelf::ZkElf::get_elf_entry_point(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_entry; } - return std::get_if>(&elf_object)->get_elf_header()->elf_entry; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_entry; } zktypes::u64_t zkelf::ZkElf::get_elf_phdr_offset(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_phoff; } - return std::get_if>(&elf_object)->get_elf_header()->elf_phoff; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_phoff; } zktypes::u64_t zkelf::ZkElf::get_elf_shdr_offset(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_shoff; } - return std::get_if>(&elf_object)->get_elf_header()->elf_shoff; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_shoff; } zktypes::u32_t zkelf::ZkElf::get_elf_flags(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_flags; } - return std::get_if>(&elf_object)->get_elf_header()->elf_flags; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_flags; } zktypes::u16_t zkelf::ZkElf::get_elf_header_size(void) const { @@ -561,7 +562,9 @@ zktypes::u16_t zkelf::ZkElf::get_elf_phdr_entry_count(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_phnum; } - return std::get_if>(&elf_object)->get_elf_header()->elf_phnum; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_phnum; } zktypes::u16_t zkelf::ZkElf::get_elf_shdr_entry_size(void) const { @@ -577,7 +580,9 @@ zktypes::u16_t zkelf::ZkElf::get_elf_shdr_entry_count(void) const { if (auto elf = std::get_if>(&elf_object)) { return elf->get_elf_header()->elf_shnum; } - return std::get_if>(&elf_object)->get_elf_header()->elf_shnum; + return std::get_if>(&elf_object) + ->get_elf_header() + ->elf_shnum; } zktypes::u16_t zkelf::ZkElf::get_elf_shdr_string_table_index(void) const { diff --git a/src/zkhooks.cc b/src/zkhooks.cc index fb20459..aee8f39 100644 --- a/src/zkhooks.cc +++ b/src/zkhooks.cc @@ -1,5 +1,6 @@ #include "zkhooks.hh" -#include "zktypes.hh" + #include #include +#include "zktypes.hh" diff --git a/src/zklog.cc b/src/zklog.cc index 323653e..ae7d6a5 100644 --- a/src/zklog.cc +++ b/src/zklog.cc @@ -13,9 +13,9 @@ void zklog::ZkLog::clear_log(void) { } void zklog::ZkLog::push_log(std::string log_string, log_level level, - std::optional error_code) { - l_log.emplace(log_string, level, error_code.value_or( - log_error_code::LOG_ERROR_NONE)); + std::optional error_code) { + l_log.emplace(log_string, level, + error_code.value_or(log_error_code::LOG_ERROR_NONE)); } std::tuple diff --git a/src/zkprocess.cc b/src/zkprocess.cc index 8eb7b25..7dd81a0 100644 --- a/src/zkprocess.cc +++ b/src/zkprocess.cc @@ -18,7 +18,9 @@ zkprocess::ZkProcess::ZkProcess( std::variant>, std::shared_ptr>> p, - std::variant>, std::shared_ptr>> mm) + std::variant>, + std::shared_ptr>> + mm) : p_elf(std::move(elf)), p_ptrace(std::move(p)), p_memory_map(std::move(mm)) {} @@ -32,14 +34,16 @@ std::shared_ptr zkprocess::load_process_from_file( if (arch == zkelf::ei_class::ELFCLASS64) { auto p_ptrace = std::make_shared>(path, PTRACE_DISABLE_ASLR, log); - auto p_memory_map = std::make_shared>(p_ptrace->get_pid()); + auto p_memory_map = + std::make_shared>(p_ptrace->get_pid()); auto ptr = std::make_shared(p_elf, p_ptrace, p_memory_map); return ptr; } else if (arch == zkelf::ei_class::ELFCLASS32) { auto p_ptrace = std::make_shared>(path, PTRACE_DISABLE_ASLR, log); - auto p_memory_map = std::make_shared>(p_ptrace->get_pid()); + auto p_memory_map = + std::make_shared>(p_ptrace->get_pid()); auto ptr = std::make_shared(p_elf, p_ptrace, p_memory_map); return ptr; diff --git a/src/zksignal.cc b/src/zksignal.cc index b9ff251..d0e304d 100644 --- a/src/zksignal.cc +++ b/src/zksignal.cc @@ -1,15 +1,11 @@ #include "zksignal.hh" -ZkProcess::Signal::Signal(pid_t pid) - :s_pid(pid) -{} +ZkProcess::Signal::Signal(pid_t pid) : s_pid(pid) {} -bool ZkProcess::Signal::SignalProcess(int signal) const -{ +bool ZkProcess::Signal::SignalProcess(int signal) const { if (kill(s_pid, signal) < 0) { return false; - } - else { + } else { return true; } } diff --git a/src/zksnapshot.cc b/src/zksnapshot.cc index bee6f72..be59a30 100644 --- a/src/zksnapshot.cc +++ b/src/zksnapshot.cc @@ -104,7 +104,7 @@ bool zkprocess::Snapshot::save_snapshot(zktypes::u8_t flags) { } try { s_ptrace.read_process_memory(stack, regs->rsp, - DEFAULT_SNAPSHOT_STACK_SZ); + DEFAULT_SNAPSHOT_STACK_SZ); } catch (zkexcept::ptrace_error &e) { std::cerr << e.what(); std::exit(1); @@ -115,7 +115,8 @@ bool zkprocess::Snapshot::save_snapshot(zktypes::u8_t flags) { throw std::runtime_error("failed to allocate memory\n"); } try { - s_ptrace.read_process_memory(instr, regs->rip, DEFAULT_SNAPSHOT_INSTR); + s_ptrace.read_process_memory(instr, regs->rip, + DEFAULT_SNAPSHOT_INSTR); } catch (zkexcept::ptrace_error &e) { std::cerr << e.what(); std::exit(1); @@ -148,13 +149,15 @@ bool zkprocess::Snapshot::save_snapshot(zktypes::u8_t flags) { throw std::runtime_error("failed to allocate memory\n"); } try { - s_ptrace.read_process_memory(instr, regs->rip, DEFAULT_SNAPSHOT_INSTR); + s_ptrace.read_process_memory(instr, regs->rip, + DEFAULT_SNAPSHOT_INSTR); } catch (zkexcept::ptrace_error &e) { std::cerr << e.what(); std::exit(1); } } - s_snapshots.push(std::make_unique(flags, regs, stack, instr)); + s_snapshots.push( + std::make_unique(flags, regs, stack, instr)); return true; } @@ -174,15 +177,16 @@ bool zkprocess::Snapshot::restore_snapshot(void) { if (ZK_CHECK_FLAGS( static_cast(snapshot_flags::PROCESS_SNAP_ALL), s_snapshots.top()->get_flags())) { - s_ptrace.write_process_memory(s_snapshots.top()->get_stack(), regs->rsp, - DEFAULT_SNAPSHOT_STACK_SZ); + s_ptrace.write_process_memory(s_snapshots.top()->get_stack(), + regs->rsp, + DEFAULT_SNAPSHOT_STACK_SZ); } else { int stack_frame_sz = regs->rbp - regs->rsp; - s_ptrace.write_process_memory(s_snapshots.top()->get_stack(), regs->rsp, - stack_frame_sz); + s_ptrace.write_process_memory(s_snapshots.top()->get_stack(), + regs->rsp, stack_frame_sz); } - s_ptrace.write_process_memory(s_snapshots.top()->get_instructions(), regs->rip, - DEFAULT_SNAPSHOT_INSTR); + s_ptrace.write_process_memory(s_snapshots.top()->get_instructions(), + regs->rip, DEFAULT_SNAPSHOT_INSTR); s_snapshots.top().reset(); s_snapshots.pop(); diff --git a/test/a.out b/test/a.out old mode 100755 new mode 100644 index e289403..357d335 Binary files a/test/a.out and b/test/a.out differ diff --git a/test/elf_get.cpp b/test/elf_get.cpp index b27fe85..d904f6f 100644 --- a/test/elf_get.cpp +++ b/test/elf_get.cpp @@ -1,9 +1,7 @@ #include - #include -int main(int argc, char *argv[]) -{ +int main(int argc, char *argv[]) { if (argc < 2) { printf("Expected a program"); return -1; @@ -14,26 +12,29 @@ int main(int argc, char *argv[]) printf("parsing elf binary"); printf("is stripped: %lx\n", elf->is_stripped()); - printf("elf size: %lx\n", elf->get_map_size()); + printf("elf size: %lx\n", elf->get_map_size()); printf("elf class: %lx\n", elf->get_elf_class()); - printf("elf encoding: %lx\n", elf->get_elf_encoding()); - printf("elf osabi: %lx\n", elf->get_elf_osabi()); - printf("elf types: %lx\n", elf->get_elf_type()); - printf("elf machine: %lx\n", elf->get_elf_machine()); - printf("elf version: %lx\n", elf->get_elf_version()); - printf("elf entry: %lx\n", elf->get_elf_entry_point()); - printf("elf phdr offset: %lx\n", elf->get_elf_phdr_offset()); - printf("elf shdr offset: %lx\n", elf->get_elf_shdr_offset()); - printf("elf flags: %lx\n", elf->get_elf_flags()); - printf("elf header size: %lx\n", elf->get_elf_header_size()); + printf("elf encoding: %lx\n", elf->get_elf_encoding()); + printf("elf osabi: %lx\n", elf->get_elf_osabi()); + printf("elf types: %lx\n", elf->get_elf_type()); + printf("elf machine: %lx\n", elf->get_elf_machine()); + printf("elf version: %lx\n", elf->get_elf_version()); + printf("elf entry: %lx\n", elf->get_elf_entry_point()); + printf("elf phdr offset: %lx\n", elf->get_elf_phdr_offset()); + printf("elf shdr offset: %lx\n", elf->get_elf_shdr_offset()); + printf("elf flags: %lx\n", elf->get_elf_flags()); + printf("elf header size: %lx\n", elf->get_elf_header_size()); printf("elf phdr entry count: %lx\n", elf->get_elf_phdr_entry_count()); - printf("elf phdr entry size: %lx\n", elf->get_elf_phdr_entry_size()); + printf("elf phdr entry size: %lx\n", elf->get_elf_phdr_entry_size()); printf("elf shdr entry count: %lx\n", elf->get_elf_shdr_entry_count()); - printf("elf shdr entry size: %lx\n", elf->get_elf_shdr_entry_size()); - printf("elf string table index: %lx\n", elf->get_elf_shdr_string_table_index()); + printf("elf shdr entry size: %lx\n", elf->get_elf_shdr_entry_size()); + printf("elf string table index: %lx\n", + elf->get_elf_shdr_string_table_index()); printf("program header table"); - printf("type\toffset\tvaddress\tpaddress\tflags\tfilesize\tmemorysize\talignment\t"); + printf( + "type\toffset\tvaddress\tpaddress\tflags\tfilesize\tmemorysize\tal" + "ignment\t"); for (std::size_t i = 0; i < elf->get_elf_phdr_entry_count(); i++) { printf("%lx\t", elf->get_segment_type(i)); printf("%lx\t", elf->get_segment_offset(i)); @@ -47,7 +48,9 @@ int main(int argc, char *argv[]) puts(""); printf("section header table "); - printf("nameindex\t type \t flags \t address \t offset \t size \t addralign \t entrysz \t link \t info"); + printf( + "nameindex\t type \t flags \t address \t offset \t size \t " + "addralign \t entrysz \t link \t info"); for (std::size_t i = 0; i < elf->get_elf_shdr_entry_count(); i++) { printf("%lx\t", elf->get_section_name_index(i)); printf("%lx\t", elf->get_section_type(i)); diff --git a/test/memory-map.cpp b/test/memory-map.cpp index e57e428..c3506a4 100644 --- a/test/memory-map.cpp +++ b/test/memory-map.cpp @@ -24,7 +24,7 @@ int main(int argc, char* argv[]) { std::cout << "architecture : x64\n"; auto mm = proc->get_memory_map_if_x64(); mm->parse_memory_map(); - + std::cout << "base address is " << std::hex << mm->get_base_address() << std::endl; diff --git a/test/process.cpp b/test/process.cpp index 55018ce..e1658e1 100644 --- a/test/process.cpp +++ b/test/process.cpp @@ -1,7 +1,6 @@ #include -int main(int argc, char *argv[]) -{ +int main(int argc, char* argv[]) { if (argc < 2) { printf("Expected a process\n"); return -1; @@ -12,5 +11,4 @@ int main(int argc, char *argv[]) s[1] = nullptr; auto proc = zkprocess::load_process_from_file(s, std::nullopt); - } diff --git a/test/snapshot.cpp b/test/snapshot.cpp index 983d221..71bf5d6 100644 --- a/test/snapshot.cpp +++ b/test/snapshot.cpp @@ -1,7 +1,6 @@ #include -void print_registers(registers_t& regs) -{ +void print_registers(registers_t ®s) { std::cout << "rax : " << std::hex << regs.rax << std::endl; std::cout << "rbx : " << std::hex << regs.rbx << std::endl; std::cout << "rcx : " << std::hex << regs.rcx << std::endl; @@ -11,8 +10,7 @@ void print_registers(registers_t& regs) std::cout << "rip : " << std::hex << regs.rip << std::endl; } -int main(int argc, char *argv[]) -{ +int main(int argc, char *argv[]) { if (argc < 2) { puts("expected an argument"); exit(1); @@ -22,13 +20,13 @@ int main(int argc, char *argv[]) s[0] = argv[1]; s[1] = nullptr; ZkLog::Log log; - ZkProcess::Ptrace ptrace((const char **)s, 0, ZkProcess::PTRACE_START_NOW, - &log); + ZkProcess::Ptrace ptrace((const char **)s, 0, + ZkProcess::PTRACE_START_NOW, &log); ZkProcess::Snapshot snapshot; registers_t regs; - std::cout << "[+] registers before snapshot" <