Implemented examplary wirekit that logs open/openat filenames
This commit is contained in:
parent
9d3166a657
commit
93e7ee7973
@ -0,0 +1,102 @@
|
||||
#include <iostream>
|
||||
#include <sys/syscall.h>
|
||||
#include <unordered_set>
|
||||
#include <string>
|
||||
#include <linux/limits.h> // For PATH_MAX
|
||||
|
||||
#include "wirekit.hpp"
|
||||
|
||||
/*
|
||||
To show the paradigms implemented in rewire, this simple wirekit compiles a list
|
||||
of all files a program opens and prints it after the program exits!
|
||||
*/
|
||||
std::unordered_set<std::string> opened_files;
|
||||
|
||||
char BUF[PATH_MAX + 1] = { 0 };
|
||||
|
||||
void open_entry() {
|
||||
user_regs_struct regs;
|
||||
if (rewire_subject_get_regs(®s) != REWIRE_SUCCESS) {
|
||||
std::cout << "Rewire failed to get tracee registers!" << std::endl;
|
||||
return;
|
||||
}
|
||||
|
||||
uint32_t read;
|
||||
if (rewire_subject_load_cstr((const char*)regs.rdi, BUF, &read, sizeof(BUF) - 1) != REWIRE_SUCCESS) {
|
||||
std::cout << "Rewire failed to extract pathname handed to open()!" << std::endl;
|
||||
return;
|
||||
}
|
||||
|
||||
// Log opened file
|
||||
opened_files.emplace(BUF);
|
||||
}
|
||||
|
||||
void openat_entry() {
|
||||
user_regs_struct regs;
|
||||
if (rewire_subject_get_regs(®s) != REWIRE_SUCCESS) {
|
||||
std::cout << "Rewire failed to get tracee registers!" << std::endl;
|
||||
return;
|
||||
}
|
||||
|
||||
uint32_t read;
|
||||
if (rewire_subject_load_cstr((const char*)regs.rsi, BUF, &read, sizeof(BUF) - 1) != REWIRE_SUCCESS) {
|
||||
std::cout << "Rewire failed to extract pathname handed to open()!" << std::endl;
|
||||
return;
|
||||
}
|
||||
|
||||
// Log opened file
|
||||
opened_files.emplace(BUF);
|
||||
}
|
||||
|
||||
err_t wirekit_prepare() {
|
||||
/*
|
||||
wirekit_prepare is called once after the wirekit is loaded.
|
||||
Use it to initialize any local data here!
|
||||
*/
|
||||
std::cout << "There is nothing to prepare in this wirekit :)" << std::endl;
|
||||
return REWIRE_SUCCESS;
|
||||
}
|
||||
|
||||
err_t wirekit_command_start(int argc, const char* const* argv) {
|
||||
/*
|
||||
wirekit_command_start is called for every command, before the first thread is spawned.
|
||||
In shell mode, rewire calls this function multiple times.
|
||||
Use it to register system call hooks!
|
||||
*/
|
||||
|
||||
std::cout << "Executing \"" << argv[0] << "\" with arguments [ ";
|
||||
for (int i = 1; i < argc; i++)
|
||||
std::cout << "\"" << argv[i] << "\"" << (i < argc - 1 ? ", " : "");
|
||||
std::cout << " ]" << std::endl;
|
||||
|
||||
if (rewire_syscall_hook(SYS_open, open_entry, nullptr) != REWIRE_SUCCESS ||
|
||||
rewire_syscall_hook(SYS_openat, openat_entry, nullptr) != REWIRE_SUCCESS) {
|
||||
std::cout << "Failed to register entry hooks for open and openat system calls!" << std::endl;
|
||||
return REWIRE_FAILURE;
|
||||
}
|
||||
|
||||
return REWIRE_SUCCESS;
|
||||
}
|
||||
|
||||
void wirekit_command_exit() {
|
||||
/*
|
||||
wirekit_command_exit is called after each command exits.
|
||||
In shell mode, rewire calls this function multiple times.
|
||||
Use it to wrap up and reset wirekit data before the next command is started!
|
||||
*/
|
||||
std::cout << "The command opened the following files:" << std::endl;
|
||||
for (const std::string& f : opened_files)
|
||||
std::cout << " \"" << f << "\"" << std::endl;
|
||||
|
||||
opened_files.clear(); // Next commands starts on empty set (could also be done in beginning of wirekit_command_start)
|
||||
}
|
||||
|
||||
/*
|
||||
void wirekit_subject_start() {
|
||||
// wirekit_subject_start is called whenever a new thread (subject), under the current command, first performs a system call
|
||||
}
|
||||
|
||||
void wirekit_subject_exit() {
|
||||
// wirekit_subject_exit is called whenever a thread exits under the current command
|
||||
}
|
||||
*/
|
||||
Loading…
Reference in New Issue
Block a user