TracedProgram is a program traced by ptrace
type TracedProgram struct { Entries []mapreader.Entry // contains filtered or unexported fields }
func Trace(pid int, logger logr.Logger) (*TracedProgram, error)
Trace ptrace all threads of a process
func (p *TracedProgram) Detach() error
Detach detaches from all threads of the processes
func (p *TracedProgram) FindSymbolInEntry(symbolName string, entry *mapreader.Entry) (uint64, uint64, error)
FindSymbolInEntry finds symbol in entry through parsing elf
func (p *TracedProgram) GetLibBuffer(entry *mapreader.Entry) (*[]byte, error)
GetLibBuffer reads an entry
func (p *TracedProgram) JumpToFakeFunc(originAddr uint64, targetAddr uint64) error
JumpToFakeFunc writes jmp instruction to jump to fake function
func (p *TracedProgram) Mmap(length uint64, fd uint64) (uint64, error)
Mmap runs mmap syscall
func (p *TracedProgram) MmapSlice(slice []byte) (*mapreader.Entry, error)
MmapSlice mmaps a slice and return it's addr
func (p *TracedProgram) Pid() int
Pid return the pid of traced program
func (p *TracedProgram) Protect() error
Protect will backup regs and rip into fields
func (p *TracedProgram) PtraceWriteSlice(addr uint64, buffer []byte) error
PtraceWriteSlice uses ptrace rather than process_vm_write to write a buffer into addr
func (p *TracedProgram) ReadSlice(addr uint64, size uint64) (*[]byte, error)
ReadSlice reads from addr and return a slice
func (p *TracedProgram) Restore() error
Restore will restore regs and rip from fields
func (p *TracedProgram) Step() error
Step moves one step forward
func (p *TracedProgram) Syscall(number uint64, args ...uint64) (uint64, error)
Syscall runs a syscall at main thread of process
func (p *TracedProgram) Wait() error
Wait waits until the process stops
func (p *TracedProgram) WriteSlice(addr uint64, buffer []byte) error
WriteSlice writes a buffer into addr
func (p *TracedProgram) WriteUint64ToAddr(addr uint64, value uint64) error
WriteUint64ToAddr writes uint64 to addr