Some additions to https://thume.ca/2023/12/02/tracing-methods

kutrace_large.jpg

kutrace_medium.jpg

kutrace_smol.jpg

magic_trace.png

perftrace_pie.diff

diff --git a/perftrace.py b/perftrace.py
index d9af385..96aa929 100644
--- a/perftrace.py
+++ b/perftrace.py
@@ -43,7 +43,7 @@ class StoppedChild:
     Utilities to start a process in a stopped state so you can attach
     perf breakpoints to it
     """
-    def __init__(self, launch_fn):
+    def __init__(self, bin_name, launch_fn):
         pid = os.fork()
         if pid == 0:
             SO.ptrace_traceme()
@@ -53,6 +53,17 @@ class StoppedChild:
         # Wait for ptrace stop
         os.waitpid(pid, 0)
         self.pid = pid
+
+        # Extract the base address for gef-style PIE breakpoints
+        maps_fn = f'/proc/{pid}/maps'
+        with open(maps_fn) as f:
+            for line in f:
+                tokens = line.split()
+                if tokens[-1] == bin_name:
+                    self.base_addr = int(tokens[0].split('-')[0], 16)
+                    break
+            else:
+                raise Exception(f'Failed to find the base address in {maps_fn}')
     
     def resume(self):
         SO.ptrace_detach(self.pid)
@@ -98,13 +109,13 @@ class Breakpoint:
     
 
 if __name__ == "__main__":
-    child = StoppedChild(lambda: os.execv("./cache", ["./cache"]))
-    bp = Breakpoint(child.pid, 0x402720, ["SI", "DI"], one_time=False)
-    bp2 = Breakpoint(child.pid, 0x402ff0, ["SI", "DI"], one_time=True)
+    bin_name = "/usr/bin/uname"
+    child = StoppedChild(bin_name, lambda: os.execv(bin_name, [bin_name]))
+    bp = Breakpoint(child.pid, child.base_addr + 0x2646, ["SI", "DI"], one_time=False)
     child.resume()
     # Process is running at this time...
     child.wait()
-    events = sorted(itertools.chain(bp.results(), bp2.results()), key=lambda x: x.time)
+    events = sorted(itertools.chain(bp.results()), key=lambda x: x.time)
     for sample in events:
         print(sample)