README
¶
riptracer
Execution tracer written in go. Think strace/ltrace for arbitrary code locations. Set breakpoints, manipulate memory/registers, etc...
Why?
I created this because I wanted to learn more about implementing a debugger on Linux.
I've been a longtime fan of usercorn. I even have a repo of example script usercorn_examples. But there are some drawbacks to having to emulate everything. Not all the system calls are implemented, and if the binary does threading, we're probably in for a rough time. I wanted to debug a threaded binary without emulating, and have custom debug functionality
Why not just use gdb?
With the power of gdb and some gdb scripts we'd be able to do similar functionality, but we'd need gdb on our target system, along with python for the scripting etc... All of which is fine, and totally possible, but a nicely compiled go binary can be deployed without having to worry about the dependencies needed. I want to spend time learning and debugging, not cross-compiling and in dependency hell. The real reason is what I already gave, I wanted to know how debuggers work in linux. What better way to implement one yourself.
Disclaimer
This is a toy project, I'll updated for as long as I find it useful and interesting. My aim here is not to rewrite strace/strace/dtrace/gdb/rr etc... You should totally use those for anything serious.
Documentation
¶
Index ¶
- Constants
- Variables
- func CBFunctionArgs(pid int, bp BreakPoint)
- func CBPrintRegisters(pid int, bp BreakPoint)
- func CBPrintStack(pid int, bp BreakPoint)
- func Dump(buff []byte)
- type BreakPoint
- type CallBackFunction
- type Tracer
- func (t *Tracer) ConvertOffsetToAddress(breakAddress uintptr) uintptr
- func (t *Tracer) EnableVerbose()
- func (t *Tracer) GetBaseAddress() (uintptr, error)
- func (t *Tracer) GetMemMaps() ([]*procfs.ProcMap, error)
- func (t *Tracer) SetBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)
- func (t *Tracer) SetBreakpointRelative(breakAddress uintptr, cb CallBackFunction)
- func (t *Tracer) SetExeComparisonLength(length int)
- func (t *Tracer) SetFollowForks(enable bool)
- func (t *Tracer) Start()
Constants ¶
const DEFAULTEXECMPLENGTH = 32
How many bytes we want to use to compare mem to executable
Variables ¶
var Blue = "\033[34m"
var Cyan = "\033[36m"
var Gray = "\033[37m"
var Green = "\033[32m"
var Purple = "\033[35m"
var Red = "\033[31m"
var Reset = "\033[0m"
var White = "\033[97m"
var Yellow = "\033[33m"
Functions ¶
func CBFunctionArgs ¶
func CBFunctionArgs(pid int, bp BreakPoint)
func CBPrintRegisters ¶
func CBPrintRegisters(pid int, bp BreakPoint)
func CBPrintStack ¶
func CBPrintStack(pid int, bp BreakPoint)
Types ¶
type BreakPoint ¶
type BreakPoint struct {
Address uintptr
OriginalCode *[]byte
Hits int
Callbacks []CallBackFunction
}
type CallBackFunction ¶
type CallBackFunction func(int, BreakPoint) // CallBack Function Pointer
type Tracer ¶
type Tracer struct {
Process *os.Process
ProcFS procfs.FS
// contains filtered or unexported fields
}
func NewTracerFromPid ¶
func NewTracerStartCommand ¶
func (*Tracer) ConvertOffsetToAddress ¶
func (*Tracer) EnableVerbose ¶
func (t *Tracer) EnableVerbose()
func (*Tracer) GetBaseAddress ¶
func (*Tracer) SetBreakpointAbsolute ¶
func (t *Tracer) SetBreakpointAbsolute(breakAddress uintptr, cb CallBackFunction)
func (*Tracer) SetBreakpointRelative ¶
func (t *Tracer) SetBreakpointRelative(breakAddress uintptr, cb CallBackFunction)
func (*Tracer) SetExeComparisonLength ¶
func (*Tracer) SetFollowForks ¶
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
examples
|
|
|
2018_angstrom_product_key
command
|
|
|
forked
command
|
|
|
multithreaded
command
|