def test_02_decode_max(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.execvp('true', ('/dev/null', ))
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'execve':
arg = syscall.get_arg(pid, 1)
path = strarray.decode(pid, arg, 0, 9)
self.assertEqual(path, '/dev/null')
break
try:
trace.kill(pid)
except OSError:
pass
def test_02_set_no(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), 0)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'kill':
syscall.set_no(pid, syscall.INVALID)
scno = syscall.get_no(pid)
self.assertEqual(scno, syscall.INVALID)
break
try:
trace.kill(pid)
except OSError:
pass
def test_01_decode(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.execvp("true", ("/dev/null",))
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGSTOP, "%#x" % status)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
while True:
trace.syscall_entry(pid, 0)
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGTRAP, "%#x" % status)
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == "execve":
arg = syscall.get_arg(pid, 1)
path = strarray.decode(pid, arg, 0)
self.assertEqual(path, "/dev/null")
break
try:
trace.kill(pid)
except OSError:
pass
def test_02_decode_max(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.execvp('true', ('/dev/null',))
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGSTOP, "%#x" % status)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
while True:
trace.syscall_entry(pid, 0)
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGTRAP, "%#x" % status)
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'execve':
arg = syscall.get_arg(pid, 1)
path = strarray.decode(pid, arg, 0, 9)
self.assertEqual(path, '/dev/null')
break
try: trace.kill(pid)
except OSError: pass
def test_02_set_no(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), 0)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'kill':
syscall.set_no(pid, syscall.INVALID)
scno = syscall.get_no(pid)
self.assertEqual(scno, syscall.INVALID)
break
try: trace.kill(pid)
except OSError: pass
def test_03_get_ret_success(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), 0)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
insyscall = False
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if insyscall and name == 'kill':
ret = syscall.get_ret(pid)
self.assertEqual(ret, 0)
if not insyscall:
insyscall = True
else:
insyscall = False
def test_02_decode_max(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.execvp('true', ('/dev/null',))
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'execve':
arg = syscall.get_arg(pid, 1)
path = strarray.decode(pid, arg, 0, 9)
self.assertEqual(path, '/dev/null')
break
try: trace.kill(pid)
except OSError: pass
def test_03_encode(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
try:
open('/dev/null', 'r')
except IOError:
os._exit(0)
else:
os._exit(1)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'open':
string.encode(pid, 0, '/dev/NULL')
self.assert_(os.WIFEXITED(status))
self.assertEqual(os.WEXITSTATUS(status), 0)
def test_03_get_ret_success(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), 0)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
insyscall = False
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if insyscall and name == 'kill':
ret = syscall.get_ret(pid)
self.assertEqual(ret, 0)
if not insyscall:
insyscall = True
else:
insyscall = False
def test_02_set_no(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), 0)
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGSTOP, "%#x" % status)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
while True:
trace.syscall_entry(pid, 0)
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGTRAP, "%#x" % status)
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'kill':
syscall.set_no(pid, syscall.INVALID)
scno = syscall.get_no(pid)
self.assertEqual(scno, syscall.INVALID)
break
try: trace.kill(pid)
except OSError: pass
def test_02_decode_max(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
open('/dev/null', 'r')
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGSTOP, "%#x" % status)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
while True:
trace.syscall_entry(pid, 0)
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGTRAP, "%#x" % status)
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'open':
path = string.decode(pid, 0, 9)
self.assertEqual(path, '/dev/null')
break
try: trace.kill(pid)
except OSError: pass
def test_02_get(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os._exit(13)
else: # parent
os.waitpid(pid, 0)
bit = bitness.get(pid)
self.assertEqual(bit, bitness.DEFAULT)
try: trace.kill(pid)
except OSError: pass
def test_02_event_stop(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_STOP)
try: trace.kill(pid)
except OSError: pass
def test_02_event_stop(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_STOP)
try:
trace.kill(pid)
except OSError:
pass
def test_12_event_exit_signal(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), signal.SIGKILL)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_EXIT_SIGNAL)
try: trace.kill(pid)
except OSError: pass
def test_03_event_syscall(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
time.sleep(1)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_SYSCALL)
try: trace.kill(pid)
except OSError: pass
def test_10_event_genuine(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), signal.SIGTSTP)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_GENUINE)
try: trace.kill(pid)
except OSError: pass
def test_08_event_exec(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.execvp("/bin/true", ("true",))
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXEC)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_EXEC)
try: trace.kill(pid)
except OSError: pass
def test_12_event_exit_signal(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), signal.SIGKILL)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_EXIT_SIGNAL)
try:
trace.kill(pid)
except OSError:
pass
def test_09_event_exit(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os._exit(13)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXIT)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_EXIT)
msg = trace.geteventmsg(pid)
self.assertEqual(os.WEXITSTATUS(msg), 13)
try: trace.kill(pid)
except OSError: pass
def test_08_event_exec(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.execvp("/bin/true", ("true", ))
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXEC)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_EXEC)
try:
trace.kill(pid)
except OSError:
pass
def test_10_event_genuine(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.kill(os.getpid(), signal.SIGTSTP)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_GENUINE)
try:
trace.kill(pid)
except OSError:
pass
def test_03_event_syscall(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
time.sleep(1)
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_SYSCALL)
try:
trace.kill(pid)
except OSError:
pass
def test_04_get_ret_fail(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
try:
open('')
except IOError:
pass
os._exit(0)
else: # parent
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGSTOP, "%#x" % status)
# Loop until we get to the open() system call as there's no
# guarantee that other system calls won't be called beforehand.
stop_at_exit = False
while True:
if stop_at_exit:
trace.syscall_exit(pid, 0)
else:
trace.syscall_entry(pid, 0)
pid, status = os.waitpid(pid, 0)
self.assert_(os.WIFSTOPPED(status), "%#x" % status)
self.assertEqual(os.WSTOPSIG(status), signal.SIGTRAP, "%#x" % status)
scno = syscall.get_no(pid)
name = syscall.name(scno)
if name == 'open':
stop_at_exit = True
continue
elif stop_at_exit:
ret = syscall.get_ret(pid)
self.assertEqual(ret, -errno.ENOENT)
break
try: trace.kill(pid)
except OSError: pass
def test_09_event_exit(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os._exit(13)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_EXIT)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_EXIT)
msg = trace.geteventmsg(pid)
self.assertEqual(os.WEXITSTATUS(msg), 13)
try:
trace.kill(pid)
except OSError:
pass
def test_04_event_fork(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.fork()
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_FORK)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_FORK)
try:
child = trace.geteventmsg(pid)
trace.kill(child)
trace.kill(pid)
except OSError: pass
def test_06_set_ret_fail(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
try:
os.kill(os.getpid(), 0)
except OSError:
os._exit(0)
else:
os._exit(1)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
insyscall = False
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if insyscall and name == 'kill':
syscall.set_ret(pid, -errno.EPERM)
if not insyscall:
insyscall = True
else:
insyscall = False
self.assert_(os.WIFEXITED(status))
self.assertEqual(os.WEXITSTATUS(status), 0)
def test_06_set_ret_fail(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
try:
os.kill(os.getpid(), 0)
except OSError:
os._exit(0)
else:
os._exit(1)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD)
# Loop until we get to the kill() system call as there's no
# guarantee that other system calls won't be called beforehand.
ev = -1
insyscall = False
while ev != event.EVENT_EXIT_GENUINE:
trace.syscall(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
if ev == event.EVENT_SYSCALL:
scno = syscall.get_no(pid)
name = syscall.name(scno)
if insyscall and name == 'kill':
syscall.set_ret(pid, -errno.EPERM)
if not insyscall:
insyscall = True
else:
insyscall = False
self.assert_(os.WIFEXITED(status))
self.assertEqual(os.WEXITSTATUS(status), 0)
def test_04_event_fork(self):
pid = os.fork()
if not pid: # child
trace.me()
os.kill(os.getpid(), signal.SIGSTOP)
os.fork()
os._exit(0)
else: # parent
os.waitpid(pid, 0)
trace.setup(pid, trace.OPTION_SYSGOOD | trace.OPTION_FORK)
trace.cont(pid)
pid, status = os.waitpid(pid, 0)
ev = event.decide(status)
self.assertEqual(ev, event.EVENT_FORK)
try:
child = trace.geteventmsg(pid)
trace.kill(child)
trace.kill(pid)
except OSError:
pass