riptracer

package module
v0.0.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2023 License: GPL-3.0 Imports: 19 Imported by: 3

README

Example Tests Unit Tests

riptracer

Execution tracer written in go. Think strace/ltrace for arbitrary code locations. Set breakpoints, manipulate memory/registers, etc...

Why?

Do you know how implement a software breakpoint, or a how to set a hardware breakpoint? I had used both in gdb for years without understanding exactly how these are implemented. I wanted to change that, and so what better way than implementing a debugger yourself?

I've been a longtime fan of usercorn. I even have a repo of example script usercorn_examples. But there are some drawbacks to having to emulate everything. Not all the system calls are implemented, and if the binary does threading, we're probably in for a rough time. I wanted to debug a threaded binary without emulating, and have custom debug functionality.

Why not just use gdb?

With the power of gdb and some gdb scripts we'd be able to do similar functionality, but we'd need gdb on our target system, along with python for the scripting etc... All of which is fine, and totally possible, but a nicely compiled go binary can be deployed without having to worry about the dependencies needed. I want to spend time learning and debugging, not cross-compiling and in dependency hell.

Disclaimer

This is a toy project, I'll update it for as long as I find it useful and interesting. My aim here is not to rewrite strace/strace/dtrace/gdb/rr etc... You should totally use those for anything serious.

Documentation

Index

Constants

View Source 
const DEFAULTEXECMPLENGTH = 32

How many bytes we want to use to compare mem to executable

View Source 
const DR_OFFSET = 0x350

https://en.wikipedia.org/wiki/X86_debug_register

View Source 
const REG_SIZE = 0x8

Variables

View Source 
var Blue = "\033[34m"
View Source 
var Cyan = "\033[36m"
View Source 
var Gray = "\033[37m"
View Source 
var Green = "\033[32m"
View Source 
var Purple = "\033[35m"
View Source 
var Red = "\033[31m"
View Source 
var Reset = "\033[0m"
View Source 
var White = "\033[97m"
View Source 
var Yellow = "\033[33m"

Functions

func CBFunctionArgs 

func CBFunctionArgs(pid int, bp BreakPoint)

func CBPrintRegisters 

func CBPrintRegisters(pid int, bp BreakPoint)

func CBPrintStack 

func CBPrintStack(pid int, bp BreakPoint)

func Dump 

func Dump(buff []byte)

Types

type BreakPoint 

type BreakPoint struct {
	Address      uintptr
	OriginalCode *[]byte
	Hits         int
	Callbacks    []CallBackFunction
}

type CallBackFunction 

type CallBackFunction func(int, BreakPoint) // CallBack Function Pointer

type ELF32_Rela added in v0.0.6 

type ELF32_Rela struct {
	R_offset uint32
	R_info   ELF32_Rela_Info
	R_addend int32
}

type ELF32_Rela_Info added in v0.0.6 

type ELF32_Rela_Info struct {
	Type uint32
	Sym  uint32
}

type ELF64_Rela added in v0.0.6 

type ELF64_Rela struct {
	R_offset uint64
	R_info   ELF64_Rela_Info
	R_addend int64
}

type ELF64_Rela_Info added in v0.0.6 

type ELF64_Rela_Info struct {
	Type uint32
	Sym  uint32
}

type SymbolResolver added in v0.0.6 

type SymbolResolver struct {
	PLT []elf.Symbol
	// contains filtered or unexported fields
}

func NewSymbolResolver added in v0.0.6 

func NewSymbolResolver(filepath string) (*SymbolResolver, error)

func (*SymbolResolver) GetPLTOffsetBySymName added in v0.0.6 

func (s *SymbolResolver) GetPLTOffsetBySymName(symName string) (uintptr, error)

func (*SymbolResolver) GetPLTSymNameByOffset added in v0.0.7 

func (s *SymbolResolver) GetPLTSymNameByOffset(offset uint64) (string, error)

type Tracer 

type Tracer struct {
	Process *os.Process
	ProcFS  procfs.FS
	// contains filtered or unexported fields
}

func NewTracerFromPid 

func NewTracerFromPid(pid int) (*Tracer, error)

func NewTracerStartCommand 

func NewTracerStartCommand(cmd_str string) (*Tracer, error)

func (*Tracer) ConvertOffsetToAddress 

func (t *Tracer) ConvertOffsetToAddress(breakAddress uintptr) uintptr

func (*Tracer) EnableVerbose 

func (t *Tracer) EnableVerbose()

func (*Tracer) GetBaseAddress 

func (t *Tracer) GetBaseAddress() (uintptr, error)

func (*Tracer) GetMemMaps 

func (t *Tracer) GetMemMaps() ([]*procfs.ProcMap, error)

func (*Tracer) SetBreakpointAbsolute 

func (t *Tracer) SetBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)

func (*Tracer) SetBreakpointRelative 

func (t *Tracer) SetBreakpointRelative(breakAddress uintptr, cb CallBackFunction)

func (*Tracer) SetExeComparisonLength 

func (t *Tracer) SetExeComparisonLength(length int)

func (*Tracer) SetFollowForks 

func (t *Tracer) SetFollowForks(enable bool)

func (*Tracer) SetHWBreakpointAbsolute added in v0.0.10 

func (t *Tracer) SetHWBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)

func (*Tracer) SetHWBreakpointRelative added in v0.0.10 

func (t *Tracer) SetHWBreakpointRelative(breakAddress uintptr, cb CallBackFunction)

func (*Tracer) Start 

func (t *Tracer) Start()

func (*Tracer) Stop added in v0.0.9 

func (t *Tracer) Stop()

Source Files

View all Source files

Directories

Path Synopsis
examples
2018_angstrom_product_key
forked
forky
multithreaded

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.