hayajo/ptraceout.go

## ptraceout.go
package main

import "fmt"
import "log"
import "os"
import "strconv"
import "syscall"

func main() {
	var err error

	if len(os.Args) < 2 {
		log.Fatal("specify pid")
	}

	pid, err := strconv.Atoi(os.Args[1])
	if err != nil {
		log.Fatalf("invalid pid %s", os.Args[1])
	}

	fmt.Printf("attach to %d\n", pid)

	err = syscall.PtraceAttach(pid)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("attached to %d\n", pid)

	syscall.PtraceSetOptions(pid, syscall.PTRACE_O_TRACESYSGOOD)

	var is_enter_stop bool
	var prev_orig_rax uint64

	for {
		var status syscall.WaitStatus
		var rusage syscall.Rusage
		var regsout syscall.PtraceRegs

		syscall.Wait4(pid, &status, 0, &rusage)
		if status.Exited() {
			break
		} else if status.Stopped() && status.StopSignal() == (syscall.SIGTRAP|0x80) {
			syscall.PtraceGetRegs(pid, &regsout)
			if prev_orig_rax == regsout.Orig_rax {
				is_enter_stop = false
			} else {
				is_enter_stop = true
			}
			prev_orig_rax = regsout.Orig_rax
			if is_enter_stop && regsout.Orig_rax == syscall.SYS_WRITE {
				// fmt.Printf("%d %d %d %d %d\n", regsout.Orig_rax, regsout.Rax, regsout.Rsi, regsout.Rdx, regsout.Rdi)
				peek_and_output(pid, (uintptr)(regsout.Rsi), (uintptr)(regsout.Rdx), (int)(regsout.Rdi))
			}
		}
		syscall.PtraceSyscall(pid, 0)
	}
}

func peek_and_output(pid int, addr, size uintptr, fd int) {
	if fd != syscall.Stdout && fd != syscall.Stderr {
		return
	}

	buffer := make([]byte, size)
	syscall.PtracePeekData(pid, addr, buffer)

	var out *os.File
	if fd == syscall.Stdout {
		out = os.Stdout
	} else {
		out = os.Stderr
	}

	out.Write(buffer)
	out.Sync()
}
	package main

	import "fmt"
	import "log"
	import "os"
	import "strconv"
	import "syscall"

	func main() {
	var err error

	if len(os.Args) < 2 {
	log.Fatal("specify pid")
	}

	pid, err := strconv.Atoi(os.Args[1])
	if err != nil {
	log.Fatalf("invalid pid %s", os.Args[1])
	}

	fmt.Printf("attach to %d\n", pid)

	err = syscall.PtraceAttach(pid)
	if err != nil {
	log.Fatal(err)
	}
	fmt.Printf("attached to %d\n", pid)

	syscall.PtraceSetOptions(pid, syscall.PTRACE_O_TRACESYSGOOD)

	var is_enter_stop bool
	var prev_orig_rax uint64

	for {
	var status syscall.WaitStatus
	var rusage syscall.Rusage
	var regsout syscall.PtraceRegs

	syscall.Wait4(pid, &status, 0, &rusage)
	if status.Exited() {
	break
	} else if status.Stopped() && status.StopSignal() == (syscall.SIGTRAP\|0x80) {
	syscall.PtraceGetRegs(pid, &regsout)
	if prev_orig_rax == regsout.Orig_rax {
	is_enter_stop = false
	} else {
	is_enter_stop = true
	}
	prev_orig_rax = regsout.Orig_rax
	if is_enter_stop && regsout.Orig_rax == syscall.SYS_WRITE {
	// fmt.Printf("%d %d %d %d %d\n", regsout.Orig_rax, regsout.Rax, regsout.Rsi, regsout.Rdx, regsout.Rdi)
	peek_and_output(pid, (uintptr)(regsout.Rsi), (uintptr)(regsout.Rdx), (int)(regsout.Rdi))
	}
	}
	syscall.PtraceSyscall(pid, 0)
	}
	}

	func peek_and_output(pid int, addr, size uintptr, fd int) {
	if fd != syscall.Stdout && fd != syscall.Stderr {
	return
	}

	buffer := make([]byte, size)
	syscall.PtracePeekData(pid, addr, buffer)

	var out *os.File
	if fd == syscall.Stdout {
	out = os.Stdout
	} else {
	out = os.Stderr
	}

	out.Write(buffer)
	out.Sync()
	}