Beispiel #1
0
// readMemoryAligned is a wrapper for ptrace(PTRACE_PEEKTEXT) that attempts to
// make all calls wordsize-aligned. (See comment from writeMemoryAligned)
func (p *Process) readMemoryAligned(where uint64, bytes []byte) (count int, err error) {
	p.ensureNotRunning()

	wordSize := int(unsafe.Sizeof(uintptr(0)))
	whereAligned := where & uint64(^(wordSize - 1))
	firstWordOffset := int(where - whereAligned)
	lenBytes := len(bytes)
	total := 0

	wordRead := make([]byte, wordSize)
	for i := 0; i < lenBytes; {
		cnt, err := syscall.PtracePeekText(p.Pid, uintptr(whereAligned), wordRead)

		if err != nil || cnt != wordSize {
			panic(err.Error())
			return total, err
		}

		i += copy(bytes[i:lenBytes], wordRead[firstWordOffset:])

		firstWordOffset = 0
		total = i
	}

	return total, nil
}
func (t *thread) ptracePeekText(addr uintptr, out []byte) (int, os.Error) {
	c, err := syscall.PtracePeekText(t.tid, addr, out)
	if traceMem {
		fmt.Printf("peek(%#x) => %v, %v\n", addr, out, err)
	}
	return c, os.NewSyscallError("ptrace(PEEKTEXT)", err)
}
Beispiel #3
0
func readStringArg(pid int, addr uintptr) (s string, err error) {
	buf := make([]byte, unsafe.Sizeof(addr))
	done := false
	err = nil
	for done == false {
		_, err := syscall.PtracePeekText(pid, addr, buf)
		if err != nil {
			fmt.Printf("Error (ptrace): %v\n", err)
		} else {
			for b := range buf {
				if buf[b] == 0 {
					done = true
					break
				} else {
					s += string(buf[b])
					if len(s) > 90 {
						s += "..."
						break
					}
				}
			}
		}
		addr += unsafe.Sizeof(addr)
	}
	return s, nil
}
Beispiel #4
0
func (pt *Ptrace) Read(b []byte) (n int, err error) {
	n, err = syscall.PtracePeekText(pt.Proc.Pid, uintptr(pt.Addr), b)
	if err != nil {
		return 0, err
	}
	pt.Addr += uint64(n)
	return n, nil
}
Beispiel #5
0
func peek(pid int, addr uint64, data []byte) error {
	n, err := syscall.PtracePeekText(pid, uintptr(addr), data)
	if err != nil {
		return err
	}
	if n != len(data) {
		return fmt.Errorf("peek: got %d bytes, want %d", len(data))
	}
	return nil
}
Beispiel #6
0
func readUIntArg(pid int, addr uintptr) (uint64, error) {
	buf := make([]byte, unsafe.Sizeof(addr))

	_, err := syscall.PtracePeekText(pid, addr, buf)
	if err != nil {
		fmt.Printf("Error (ptrace): %v\n", err)
		return 0, err
	} else {
		i := binary.LittleEndian.Uint64(buf)
		return i, nil
	}
	return 0, errors.New("Error.")
}
Beispiel #7
0
func (s *Server) ptracePeek(pid int, addr uintptr, out []byte) (err error) {
	s.fc <- func() error {
		n, err := syscall.PtracePeekText(pid, addr, out)
		if err != nil {
			return err
		}
		if n != len(out) {
			return fmt.Errorf("ptracePeek: peeked %d bytes, want %d", n, len(out))
		}
		return nil
	}
	return <-s.ec
}
Beispiel #8
0
Datei: util.go Projekt: Safe3/oz
func readBytesArg(pid int, size int, addr uintptr) (blob []byte, err error) {
	buf := make([]byte, unsafe.Sizeof(addr))
	err = nil
	i := 0
	var x uint
	x = 0
	a := uint(addr)

	for i < size {
		_, err := syscall.PtracePeekText(pid, uintptr(a+(x*uint(unsafe.Sizeof(addr)))), buf)
		if err != nil {
			fmt.Printf("Error (ptrace): %v\n", err)
		} else {
			if (size - i) >= int(unsafe.Sizeof(addr)) {
				blob = append(blob, buf...)
			} else {
				blob = append(blob, buf[:(size-i)]...)
			}
			i += len(buf)
			x++
		}
	}
	return blob, err
}
Beispiel #9
0
func (t *Tracer) PeekText(addr uintptr, out []byte) (int, error) {
	return syscall.PtracePeekText(t.Process.Pid, addr, out)
}