ragweed 0.1.7.3 → 0.2.0.pre1

data/lib/ragweed/debuggertux.rb

@@ -1,5 +1,4 @@
 require ::File.join(::File.dirname(__FILE__),'wraptux')
-## Modeled after wraposx written by tduehr
 
 module Ragweed; end
 
@@ -13,102 +12,87 @@ module Ragweed; end
 ##     debugger and define your own on_whatever events. If you handle an event
 ##     that Debuggertux already handles, call "super", too.
 class Ragweed::Debuggertux
-  # include Ragweed
-
-  attr_reader :pid
-  attr_reader :status
-  attr_reader :exited
-  attr_accessor :breakpoints
+  attr_reader :pid, :status, :exited
+  attr_accessor :breakpoints, :mapped_regions
 
   ## Class to handle installing/uninstalling breakpoints
   class Breakpoint
 
-    INT3 = 0xCC ## obviously x86 specific debugger here
+    INT3 = 0xCC
 
-    attr_accessor :orig
+    attr_accessor :orig, :bppid, :function, :installed
     attr_reader :addr
-    attr_accessor :function
 
-    ## bp: parent for method_missing calls
     ## ip: insertion point
     ## callable: lambda to be called when breakpoint is hit
+    ## p: process ID
     ## name: name of breakpoint
-    def initialize(bp, ip, callable, name = "")
-      @@bpid ||= 0
-      @bp = bp
+    def initialize(ip, callable, p, name = "")
+	  @bppid = p
       @function = name
       @addr = ip
       @callable = callable
       @installed = false
+      @exited = false
       @orig = 0
-      @bpid = (@@bpid += 1)
-    end ## breakpoint initialize
+    end
 
-    ## Install a breakpoint (replace instruction with int3)
     def install
-      ## Replace the original instruction with an int3
-      @orig = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::PEEK_TEXT, $ppid, @addr, 0)   ## Backup the old inst
+      @orig = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::PEEK_TEXT, @bppid, @addr, 0)
       if @orig != -1
-        new = (@orig & ~0xff) | INT3;
-        Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::POKE_TEXT, $ppid, @addr, new)
+        n = (@orig & ~0xff) | INT3;
+        Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::POKE_TEXT, @bppid, @addr, n)
         @installed = true
       else
         @installed = false
       end
     end
 
-    ## Uninstall the breakpoint
     def uninstall
-      ## Put back the original instruction
       if @orig != INT3
-        Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::POKE_TEXT, $ppid, @addr, @orig)
+        a = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::POKE_TEXT, @bppid, @addr, @orig)
         @installed = false
       end
     end
 
     def installed?; @installed; end
     def call(*args); @callable.call(*args) if @callable != nil; end
-    def method_missing(meth, *args); @bp.send(meth, *args); end
-  end ## Breakpoint Class
+  end
 
   ## init object
   ## p: pid of process to be debugged
   ## opts: default options for automatically doing things (attach and install)
-  def initialize(pid,opts={}) ## Debuggertux Class
-    @pid = pid
+  def initialize(pid, opts) ## Debuggertux Class
+    if p.to_i.kind_of? Fixnum
+      @pid = pid.to_i
+    else
+      raise "Provide a PID"
+    end
 
-    ## FIXME - globals are bad...
-    $ppid = @pid ## temporary work around
     @opts = opts
 
     default_opts(opts)
     @installed = false
     @attached = false
 
-    ## Store all breakpoints in this hash
-    @breakpoints = Hash.new do |h, k|
-        bps = Array.new
-        def bps.call(*args); each {|bp| bp.call(*args)}; end
-        def bps.install; each {|bp| bp.install}; end
-        def bps.uninstall; each {|bp| bp.uninstall}; end
-        def bps.orig; each {|bp| dp.orig}; end
-        h[k] = bps
-    end
-    @opts.each {|k, v| try(k) if v}
+    @mapped_regions = Hash.new
+    @breakpoints = Hash.new
+    @opts.each { |k, v| try(k) if v }
   end
 
-  ## This is crude!
   def self.find_by_regex(rx)
     a = Dir.entries("/proc/")
-    a.delete_if do |x| x == '.'; end
-    a.delete_if do |x| x == '..'; end
-    a.delete_if do |x| x =~ /[a-z]/; end
+    a.delete_if { |x| x == '.' }
+    a.delete_if { |x| x == '..' }
+    a.delete_if { |x| x =~ /[a-z]/i }
+    
     a.each do |x|
       f = File.read("/proc/#{x}/cmdline")
-      if f =~ rx
+      if f =~ rx and x.to_i != Process.pid.to_i
         return x
       end
     end
+	return nil
   end
 
   def install_bps
@@ -125,12 +109,125 @@ class Ragweed::Debuggertux
     @installed = false
   end
 
+  ## This has not been fully tested yet
+  def set_options(option)
+    r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETOPTIONS, @pid, 0, option)
+  end
+
   ## Attach calls install_bps so dont forget to call breakpoint_set
   ## BEFORE attach or explicitly call install_bps
   def attach(opts=@opts)
-    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::ATTACH, @pid, 0, 0)
-    @attached = true
-    self.install_bps if (opts[:install] and not @installed)
+    r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::ATTACH, @pid, 0, 0)
+    if r != -1
+        @attached = true
+        on_attach
+        self.install_bps if (opts[:install] and not @installed)
+    else
+        raise "Attach failed!"
+    end
+  end
+
+  ## This method returns a hash of mapped regions
+  ## The hash is also stored as @mapped_regions
+  ## key = Start address of region
+  ## value = Size of the region
+  def mapped
+      @mapped_regions.clear if @mapped_regions
+
+      File.read("/proc/#{pid}/maps").each_line do |l|
+        s,e = l.split('-')
+        e = e.split(' ').first
+        sz = e.to_i(16) - s.to_i(16)
+        @mapped_regions.store(s.to_i(16), sz)
+      end
+  end
+
+  ## Return a name for a range if possible
+  def get_mapping_name(val)
+    File.read("/proc/#{pid}/maps").each_line do |l|
+        base = l.split('-').first
+        max = l[0,17].split('-',2)[1]
+        if base.to_i(16) <= val && val <= max.to_i(16)
+            return l.split(' ').last
+        end
+    end
+    nil
+  end
+
+  ## Parse procfs and create a hash containing
+  ## a listing of each mapped shared object
+  def self.shared_libraries(p)
+
+      raise "pid is 0" if p.to_i == 0
+
+      if @shared_objects
+        @shared_objects.clear
+      else
+        @shared_objects = Hash.new
+      end
+
+      File.read("/proc/#{p}/maps").each_line do |l|
+          if l =~ /[a-zA-Z0-9].so/ && l =~ /xp /
+              lib = l.split(' ', 6)
+              sa = l.split('-', 0)
+
+              if lib[5] =~ /vdso/
+                next
+              end
+
+              lib = lib[5].strip
+              lib.gsub!(/[\s\n]+/, "")
+              @shared_objects.store(sa[0], lib)
+            end
+        end
+    return @shared_objects
+  end
+
+  ## Search a specific page for a value
+  ## Should be used by most of the search_* methods
+  def search_page(base, max, val)
+    loc = Array.new
+
+    while base.to_i < max.to_i
+        r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::PEEK_TEXT, @pid, base, 0)
+        if r == val
+            loc.push(base)
+        end
+        base += 1
+    end
+
+    loc
+  end
+
+  ## Search the heap for a value
+  def search_heap(val)
+    loc = Array.new
+    File.read("/proc/#{pid}/maps").each_line do |l|
+      if l =~ /\[heap\]/
+        s,e = l.split('-')
+        e = e.split(' ').first
+        s = s.to_i(16)
+        e = e.to_i(16)
+        sz = e - s
+        max = s + sz
+        loc = search_page(s, max, val)
+      end
+    end
+    loc
+  end
+
+  ## Search all mapped regions for a value
+  def search_process(val)
+    loc = Array.new
+    self.mapped
+    @mapped_regions.each_pair do |k,v|
+        if k == 0 or v == 0
+            next
+        end
+        max = k+v
+        loc.concat(search_page(k, max, val))
+    end
+    loc
   end
 
   def continue
@@ -143,8 +240,8 @@ class Ragweed::Debuggertux
     Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::DETACH, @pid, 0, 0)
   end
 
-  def stepp
-	on_stepp
+  def single_step
+	on_single_step
     ret = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::STEP, @pid, 1, 0)
   end
 
@@ -156,39 +253,20 @@ class Ragweed::Debuggertux
     if not callable and block_given?
       callable = block
     end
-    @breakpoints[ip] << Breakpoint.new(self, ip, callable, name)
+    @breakpoints.each_key { |k| if k == ip then return end }
+    bp = Breakpoint.new(ip, callable, @pid, name)
+    @breakpoints[ip] = bp
   end
 
-  ## remove breakpoint with id bpid at insertion point or
-  ## remove all breakpoints at insertion point if bpid not given
-  ## ip: Insertion point
-  ## bpid: id of breakpoint to be removed
-  def breakpoint_clear(ip, bpid=nil)
-    if not bpid
-      @breakpoints[ip].uninstall
-      @breakpoints[ip].delete ip
-    else
-      found = nil
-      @breakpoints[ip].each_with_index do |bp, i|
-        if bp.bpid == bpid
-          found = i
-          if bp.orig != Breakpoint::INT3
-            if @breakpoints[op][i+1]
-              @breakpoints[ip][i + 1].orig = bp.orig
-            else
-              bp.uninstall
-            end
-          end
-        end
-      end
-      raise "could not find bp ##{bpid} at ##{ip}" if not found
-      @breakpoints[ip].delete_at(found) if found
-    end
+  ## Remove a breakpoint by ip
+  def breakpoint_clear(ip)
+    bp = @breakpoints[ip]
+    return nil if bp.nil?
+    bp.uninstall
   end
 
-  ##loop for wait()
-  ##times: the number of wait calls to make
-  ##       if nil loop will continue indefinitely
+  ## loop for wait()
+  ## times: the number of wait calls to make
   def loop(times=nil)
     if times.kind_of? Numeric
       times.times do
@@ -199,19 +277,28 @@ class Ragweed::Debuggertux
     end
   end
 
+  def wexitstatus(status)
+    (((status) & 0xff00) >> 8)
+  end
+
+  def wtermsig(status)
+    ((status) & 0x7f)
+  end
+
   ## This wait must be smart, it has to wait for a signal
   ## when SIGTRAP is received we need to see if one of our
   ## breakpoints has fired. If it has then execute the block
   ## originally stored with it. If its a different signal,
   ## then process it accordingly and move on
   def wait(opts = 0)
-    r = Ragweed::Wraptux::waitpid(@pid,opts)
-    status = r[1]
-    wstatus = status & 0x7f
-    signal = status >> 8
+    r, status = Ragweed::Wraptux::waitpid(@pid, opts)
+    wstatus = wtermsig(status)
+    signal = wexitstatus(status)
+    event_code = (status >> 16)
     found = false
-    if r[0] != 0    ## Check the ret
-      case  ## FIXME - I need better logic (use Signal module)
+
+    if r[0] != -1    ## Check the ret
+      case ## FIXME - I need better logic (use Signal module)
       when wstatus == 0 ##WIFEXITED
         @exited = true
         self.on_exit
@@ -225,119 +312,159 @@ class Ragweed::Debuggertux
       when signal == Ragweed::Wraptux::Signal::SIGILL
         self.on_illegalinst
       when signal == Ragweed::Wraptux::Signal::SIGTRAP
-        ## Check if EIP matches a breakpoint we have set
+        self.on_sigtrap
         r = self.get_registers
-        eip = r[:eip]
+        eip = r.eip
         eip -= 1
-        if @breakpoints.has_key?(eip)
-          found = true
-          self.on_breakpoint
-        else
-          puts "We got a SIGTRAP but not at our breakpoint... continuing"
+        case
+          when @breakpoints.has_key?(eip)
+            found = true
+            self.on_breakpoint
+            self.continue
+          when event_code == Ragweed::Wraptux::Ptrace::EventCodes::FORK
+                p = FFI::MemoryPointer.new(:int, 1)
+                Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::GETEVENTMSG, @pid, 0, p.to_i)
+                ## Fix up the PID in each breakpoint
+                if (1..65535) === p.get_int32(0) && @opts[:fork] == true
+                    @breakpoints.each_pair do |k,v|
+                        v.each do |b|
+                            b.bppid = p[:pid]
+                        end
+                    end
+
+                    @pid = p[:pid]
+                    self.on_fork_child(@pid)
+                end
+            when event_code == Ragweed::Wraptux::Ptrace::EventCodes::EXEC
+            when event_code == Ragweed::Wraptux::Ptrace::EventCodes::CLONE
+            when event_code == Ragweed::Wraptux::Ptrace::EventCodes::VFORK
+            when event_code == Ragweed::Wraptux::Ptrace::EventCodes::EXIT
+                ## Not done yet
+          else
+            self.continue
         end
-        self.continue
+      when signal == Ragweed::Wraptux::Signal::SIGCHLD
+        self.on_sigchild
+      when signal == Ragweed::Wraptux::Signal::SIGTERM
+        self.on_sigterm
       when signal == Ragweed::Wraptux::Signal::SIGCONT
         self.continue
       when signal == Ragweed::Wraptux::Signal::SIGSTOP
+        self.on_sigstop
+        Ragweed::Wraptux::kill(@pid, Ragweed::Wraptux::Signal::SIGCONT)
         self.continue
+	  when signal == Ragweed::Wraptux::Signal::SIGWINCH
+		self.continue
       else
         raise "Add more signal handlers (##{signal})"
       end
     end
   end
 
-  ## Return an array of thread PIDs
   def self.threads(pid)
-    a = Dir.entries("/proc/#{pid}/task/")
+	begin
+	    a = Dir.entries("/proc/#{pid}/task/")
+	rescue
+		puts "No such PID: #{pid}"
+		return
+	end
     a.delete_if { |x| x == '.' }
     a.delete_if { |x| x == '..' }
   end
 
-  ## Gets the registers for the given process
   def get_registers
-    size = Ragweed::Wraptux::SIZEOFLONG * 17
-    regs = Array.new(size)
-    regs = regs.to_ptr
-    regs.struct!('LLLLLLLLLLLLLLLLL', :ebx,:ecx,:edx,:esi,:edi,:ebp,:eax,:xds,:xes,:xfs,:xgs,:orig_eax,:eip,:xcs,:eflags,:esp,:xss)
+    regs = FFI::MemoryPointer.new(Ragweed::Wraptux::PTRegs, 1)
     Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::GETREGS, @pid, 0, regs.to_i)
-    return regs
+    return Ragweed::Wraptux::PTRegs.new regs
   end
 
-  ## Sets registers for the given process
-  def set_registers(r)
-    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETREGS, @pid, 0, r.to_i)
+  def set_registers(regs)
+    Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETREGS, @pid, 0, regs.to_ptr.address)
   end
 
   ## Here we need to do something about the bp
-  ## we just hit. We have a block to execute
+  ## we just hit. We have a block to execute.
+  ## Remember if you implement this on your own
+  ## make sure to call super, and also realize
+  ## EIP won't look correct until this runs
   def on_breakpoint
-    r = self.get_registers
-    eip = r[:eip]
+    r = get_registers
+    eip = r.eip
     eip -= 1
 
     ## Call the block associated with the breakpoint
     @breakpoints[eip].call(r, self)
 
-    if @breakpoints[eip].first.installed?
-      @breakpoints[eip].first.uninstall
-      r[:eip] = eip
-      set_registers(r)
-      stepp
-      ## ptrace peektext returns -1 upon reinstallation of bp without calling
-      ## waitpid() if that occurs the breakpoint cannot be reinstalled
-      Ragweed::Wraptux::waitpid(@pid, 0)
-      @breakpoints[eip].first.install
+    ## The block may have called breakpoint_clear
+    del = true if !@breakpoints[eip].installed?
+
+    ## Uninstall and single step the bp
+    @breakpoints[eip].uninstall
+    r.eip = eip
+    set_registers(r)
+    single_step
+
+    ## ptrace peektext returns -1 upon reinstallation of bp without calling
+    ## waitpid() if that occurs the breakpoint cannot be reinstalled
+    Ragweed::Wraptux::waitpid(@pid, 0)
+
+    if del == true
+        ## The breakpoint block may have called breakpoint_clear
+        @breakpoints.delete(eip)
+    else
+        @breakpoints[eip].install
     end
-  end
+end
 
-  def print_regs
-    regs = self.get_registers
-    puts "eip %08x" % regs[:eip]
-    puts "edi %08x" % regs[:esi]
-    puts "edi %08x" % regs[:edi]
-    puts "esp %08x" % regs[:esp]
-    puts "eax %08x" % regs[:eax]
-    puts "ebx %08x" % regs[:ebx]
-    puts "ecx %08x" % regs[:ecx]
-    puts "edx %08x" % regs[:edx]
+  def print_registers
+    regs = get_registers
+    puts "eip %08x" % regs.eip
+    puts "esi %08x" % regs.esi
+    puts "edi %08x" % regs.edi
+    puts "esp %08x" % regs.esp
+    puts "eax %08x" % regs.eax
+    puts "ebx %08x" % regs.ebx
+    puts "ecx %08x" % regs.ecx
+    puts "edx %08x" % regs.edx
   end
 
   def on_exit
-    #puts "process exited"
   end
 
   def on_illegalinst
-    #puts "illegal instruction"
-    exit
   end
 
   def on_attach
-    #puts "attached to process"
   end
 
   def on_detach
-    #puts "process detached"
+  end
+
+  def on_sigchild
+  end
+
+  def on_sigterm
+  end
+
+  def on_sigtrap
   end
 
   def on_continue
-    #puts "process continued"
   end
 
-  def on_stopped
-    #puts "process stopped"
+  def on_sigstop
   end
 
   def on_signal
-    #puts "process received signal"
   end
 
-  def on_stepp
-    #puts "single stepping"
+  def on_single_step
+  end
+
+  def on_fork_child(pid)
   end
 
   def on_segv
-    print_regs
-    exit
   end
 
   def default_opts(opts)

data/lib/ragweed/rasm.rb

@@ -5,7 +5,7 @@ module Ragweed; end
 module Ragweed::Rasm
 
   # :stopdoc:
-  VERSION = '0.1.7.3'
+  VERSION = File.read(File.join(File.dirname(__FILE__),"..","..","VERSION")).strip
   LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
   PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
   # :startdoc: