ileitch-hijack 0.1.3 → 0.1.4

data/bin/hijack

@@ -1,20 +1,25 @@
 #!/usr/bin/env ruby
 require 'optparse'
-$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require File.dirname(__FILE__) + '/../lib/hijack'
 require 'hijack'
 
 options = {}
 usage = 'Usage: hijack [options] <PID>'
-ARGV.clone.options do |opts|
+pid = ARGV.find {|o| o =~ /\d/}
+new_argv = ARGV.clone
+new_argv.delete(pid)
+
+new_argv.options do |opts|
   opts.banner = usage
   opts.on("--gdb-debug", "Print gdb activity to the console.") { |v| options[:gdb_debug] = v }
+  opts.on("-e", "--execute=FILE", String, "Execute the specified file in the remote process.") { |v| options[:execute] = v }
   opts.on("-h", "--help", "Show this help message.") { puts opts; exit }
   opts.parse!
 end
 
-if ARGV.last.nil?
+if pid.nil? || pid.to_s == ''
   puts usage
   exit 1
 end
 
-Hijack.start(ARGV.last, options)
+Hijack.start(pid, options)

data/examples/rails_dispatcher.rb

@@ -0,0 +1,12 @@
+ActionController::Dispatcher.class_eval do
+  class << self
+    def dispatch_with_spying(cgi, session_options, output)
+      env = cgi.__send__(:env_table)
+      puts "#{Time.now.strftime('%Y/%m/%d %H:%M:%S')} - #{env['REMOTE_ADDR']} - #{env['REQUEST_URI']}"
+      dispatch_without_spying(cgi, session_options, output)
+    end
+
+    alias_method :dispatch_without_spying, :dispatch
+    alias_method :dispatch, :dispatch_with_spying
+  end
+end

data/lib/hijack.rb

@@ -0,0 +1,31 @@
+$:.unshift(File.dirname(__FILE__))
+require 'stringio'
+require 'drb'
+require 'drb/unix'
+require 'rbconfig'
+require 'irb'
+require 'irb/completion'
+require 'hijack/console'
+require 'hijack/gdb'
+require 'hijack/payload'
+require 'hijack/helper'
+require 'hijack/workspace'
+
+module Hijack
+  def self.start(pid, options)
+    @@options = options
+    Console.new(pid)
+  end
+
+  def self.options
+    @@options
+  end
+
+  def self.socket_for(pid)
+    "drbunix:/#{socket_path_for(pid)}"
+  end
+
+  def self.socket_path_for(pid)
+    "/tmp/hijack.#{pid}.sock"
+  end
+end

data/lib/hijack/console.rb

@@ -0,0 +1,139 @@
+module Hijack
+  class Console
+    def initialize(pid)
+      @pid = pid
+      @remote = nil
+      check_pid
+      str = "=> Hijacking..."
+      $stdout.write(str)
+      $stdout.flush
+      Payload.inject(@pid)
+      signal_drb_start
+      connect
+      $stdout.write("\b" * str.size)
+      $stdout.flush
+      mirror_process
+      banner
+      execute_file
+      start_output_receiver
+      start_irb
+    end
+
+  protected
+    def check_pid
+      begin
+        Process.kill(0, @pid.to_i)
+      rescue Errno::EPERM
+        puts "=> You do not have the correct permissions to hijack #{@pid}"
+        exit 1
+      rescue Errno::ESRCH
+        puts "=> No such process #{@pid}"
+        exit 1
+      end
+    end
+
+    def signal_drb_start
+      Process.kill('USR1', @pid.to_i)
+      loop do
+        break if File.exists?(Hijack.socket_path_for(@pid))
+        sleep 0.1
+      end
+    end
+
+    def connect
+      @remote = DRbObject.new(nil, Hijack.socket_for(@pid))
+    end
+
+    module OutputReceiver
+      @@mute = false
+
+      def self.mute
+        @@mute = true
+      end
+
+      def self.unmute
+        @@mute = false
+      end
+
+      def self.write(where, str)
+        Object.const_get(where.upcase).write(str) unless @@mute
+      end
+
+      def self.puts(where, str)
+        Object.const_get(where.upcase).puts(str) unless @@mute
+      end
+    end
+
+    def start_output_receiver
+      DRb.start_service(Hijack.socket_for(Process.pid), OutputReceiver)
+      @remote.evaluate("__hijack_output_receiver_ready_#{Process.pid}")
+    end
+
+    def mirror_process
+      # Attempt to require all files currently loaded by the remote process so DRb can dump as many objects as possible.
+      #
+      # We have to first require everything in reverse order and then in the original order.
+      # This is because when you require file_a.rb which first sets a constant then requires file_b.rb
+      # the $" array will contain file_b.rb before file_a.rb. But if we require file_b.rb before file_a.rb
+      # we'll get a missing constant error.
+      load_path, loaded_files = @remote.evaluate('[$:, $"]')
+      to_load = (loaded_files - $").uniq
+      completion_percentage = 0
+      str = '=> Mirroring: '
+      percent_str = ''
+      $stdout.write(str)
+      $stdout.flush
+      $:.clear
+      $:.push(*load_path)
+      orig_stderr = $stderr
+      $stderr = File.open('/dev/null')
+      (to_load.reverse + to_load).each_with_index do |file, i|
+        begin
+          require file
+        rescue Exception, LoadError
+        end
+        $stdout.write("\b" * percent_str.size)
+        $stdout.flush
+        percent_str = "#{(((i + 1) / (to_load.size * 2).to_f) * 100.0).round}%"
+        $stdout.write(percent_str)
+        $stdout.flush
+      end
+      $stderr = orig_stderr
+      $stdout.write("\b" * (str.size + percent_str.size))
+      $stdout.flush
+    end
+
+    def start_irb
+      ARGV.replace ["--simple-prompt"]
+      IRB.setup(nil)
+      workspace = Hijack::Workspace.new
+      workspace.remote = @remote
+      workspace.pid = @pid
+      irb = IRB::Irb.new(workspace)
+      @CONF = IRB.instance_variable_get(:@CONF)
+      @CONF[:IRB_RC].call irb.context if @CONF[:IRB_RC]
+      @CONF[:MAIN_CONTEXT] = irb.context
+      @CONF[:PROMPT_MODE] = :SIMPLE
+      trap('SIGINT') { irb.signal_handle }
+      catch(:IRB_EXIT) { irb.eval_input }
+    end
+
+    def banner
+      script, ruby_version, platform, hijack_version = @remote.evaluate('[$0, RUBY_VERSION, RUBY_PLATFORM]')
+      puts "=> Hijacked #{@pid} (#{script}) (ruby #{ruby_version} [#{platform}])"
+    end
+
+    def execute_file
+      if Hijack.options[:execute]
+        if File.exists?(Hijack.options[:execute])
+          $stdout.write("=> Executing #{Hijack.options[:execute]}... ")
+          $stdout.flush
+          @remote.evaluate(File.read(Hijack.options[:execute]))
+          puts "done!"
+        else
+          puts "=> Can't find #{Hijack.options[:execute]} to execute!"
+        end
+      end
+    end
+  end
+end

data/lib/hijack/gdb.rb

@@ -0,0 +1,52 @@
+# Based on gdb.rb by Jamis Buck, thanks Jamis!
+
+module Hijack
+  class GDB
+    def initialize(pid)
+      @verbose = Hijack.options[:gdb_debug]
+      exec_path = File.join(Config::CONFIG['bindir'], Config::CONFIG['RUBY_INSTALL_NAME'] + Config::CONFIG['EXEEXT'])
+      @gdb = IO.popen("gdb -q #{exec_path} #{pid} 2>&1", 'r+')
+      wait
+    end
+
+    def attached_to_ruby_process?
+      # TODO: Implement me
+      true
+    end
+
+    def eval(cmd)
+      call("(void)rb_eval_string(#{cmd.strip.gsub(/"/, '\"').inspect})")
+    end
+
+    def detach
+      @gdb.puts('detach')
+      wait
+      @gdb.puts('quit')
+      @gdb.close
+    end
+
+  protected
+    def call(cmd)
+      puts "(gdb) call #{cmd}" if @verbose
+      @gdb.puts("call #{cmd}")
+      wait
+    end
+
+    def wait
+      lines = []
+      line = ''
+      while result = IO.select([@gdb])
+        next if result.empty?
+        c = @gdb.read(1)
+        break if c.nil?
+        line << c
+        break if line == "(gdb) " || line == " >"
+        if line[-1] == ?\n
+          lines << line
+          line = ""
+        end
+      end
+      puts lines.map { |l| "> #{l}" } if @verbose
+    end
+  end
+end

data/lib/hijack/helper.rb

@@ -0,0 +1,28 @@
+module Hijack
+  module Helper
+    class << self
+      def helpers
+        ['hijack_mute', 'hijack_unmute']
+      end
+
+      def find_helper(statements)
+        helpers.include?(statements.strip) ? statements.strip : nil
+      end
+
+      def helpers_like(str)
+        found = helpers.find_all { |helper| helper =~ Regexp.new(str) }
+        found.empty? ? nil : found
+      end
+
+      def hijack_mute(remote)
+        Hijack::Console::OutputReceiver.mute
+        true
+      end
+
+      def hijack_unmute(remote)
+        Hijack::Console::OutputReceiver.unmute
+        true
+      end
+    end
+  end
+end

data/lib/hijack/payload.rb

@@ -0,0 +1,78 @@
+module Hijack
+  class Payload
+    def self.inject(pid)
+      gdb = GDB.new(pid)
+      unless gdb.attached_to_ruby_process?
+        puts "\n=> #{pid} doesn't appear to be a Ruby process!"
+        exit 1
+      end
+      gdb.eval(payload(pid))
+      gdb.detach
+    end
+
+    def self.payload(pid)
+      <<-EOS
+        require 'stringio'
+        require 'drb'
+
+        unless defined?(Hijack)
+          module Hijack
+            class OutputCopier
+              def self.remote
+                @@remote
+              end
+
+              def self.start(pid)
+                @@remote = DRbObject.new(nil, 'drbunix://tmp/hijack.' + pid + '.sock')
+
+                class << $stdout
+                  def write_with_copying(str)
+                    write_without_copying(str)
+                    Hijack::OutputCopier.remote.write('stdout', str) rescue nil
+                  end
+                  alias_method :write_without_copying, :write
+                  alias_method :write, :write_with_copying
+                end
+
+                class << $stderr
+                  def write_with_copying(str)
+                    write_without_copying(str)
+                    Hijack::OutputCopier.remote.write('stderr', str) rescue nil
+                  end
+                  alias_method :write_without_copying, :write
+                  alias_method :write, :write_with_copying
+                end
+              end
+            end
+
+            class Evaluator
+              def initialize(context)
+                @context = context
+                @file = __FILE__
+              end
+
+              def evaluate(rb)
+                if rb =~ /__hijack_output_receiver_ready_([\\d]+)/
+                  OutputCopier.start($1)
+                elsif rb =~ /__hijack_get_remote_file_name/
+                  @file
+                else
+                  @context.instance_eval(rb)
+                end
+              end
+            end
+
+            def self.start(context)
+              return if @service && @service.alive?
+              evaluator = Hijack::Evaluator.new(context)
+              @service = DRb.start_service('#{Hijack.socket_for(pid)}', evaluator)
+              File.chmod(0600, '#{Hijack.socket_path_for(pid)}')
+            end
+          end
+        end
+        __hijack_context = self
+        Signal.trap('USR1') { Hijack.start(__hijack_context) }
+      EOS
+    end
+  end
+end

data/lib/hijack/workspace.rb

@@ -0,0 +1,34 @@
+module Hijack
+  HijackCompletionProc = proc {|input|
+    bind = IRB.conf[:MAIN_CONTEXT].workspace.binding
+    if helpers = Helper.helpers_like(input)
+      helpers
+    else
+      IRB::InputCompletor::CompletionProc.call(input)
+    end
+  }
+  Readline.completion_proc = HijackCompletionProc
+
+  class Workspace < IRB::WorkSpace
+    attr_accessor :remote, :pid
+    def evaluate(context, statements, file = __FILE__, line = __LINE__)
+      if statements =~ /(IRB\.|exit)/
+        super
+      elsif helper = Hijack::Helper.find_helper(statements)
+        Hijack::Helper.send(helper, remote)
+      else
+        begin
+          result = remote.evaluate(statements)
+        rescue DRb::DRbConnError
+          puts "=> Lost connection to #{@pid}!"
+          exit 1
+        end
+        if result.kind_of?(DRb::DRbUnknown)
+          puts "=> Hijack: Unable to dump unknown object type '#{result.name}', try inspecting it instead."
+          return nil
+        end
+        result
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: ileitch-hijack
 version: !ruby/object:Gem::Version 
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors: 
 - Ian Leitch
@@ -26,6 +26,15 @@ files:
 - README.rdoc
 - Rakefile
 - TODO
+- lib/hijack
+- lib/hijack.rb
+- lib/hijack/console.rb
+- lib/hijack/gdb.rb
+- lib/hijack/helper.rb
+- lib/hijack/payload.rb
+- lib/hijack/workspace.rb
+- examples/rails_dispatcher.rb
+- bin/hijack
 has_rdoc: true
 homepage: http://github.com/ileitch/hijack
 licenses: