Python ptrace_syscall Examples

Example #1

File: process.py Project: thuylt83/darkc0de-old-stuff

 def syscall(self, signum=0):
     message = "Break process %s at next syscall" % self.pid
     if signum:
         message += ": continue with %s" % signalName(signum)
     info(message)
     ptrace_syscall(self.pid, signum)
     self.is_stopped = False

Example #2

File: process.py Project: tuwid/darkc0de-old-stuff

 def syscall(self, signum=0):
     message = "Break process %s at next syscall" % self.pid
     if signum:
         message += ": continue with %s" % signalName(signum)
     info(message)
     ptrace_syscall(self.pid, signum)
     self.is_stopped = False

Example #3

File: subprocess_trace.py Project: HengWang/code

def trace(pid):

    ptrace_attach(pid)
    if wait_status() == -1:
        return -1
    print "-- start traceing %d ..." %pid

    while True:
        ptrace_syscall(pid)
        if wait_status() == -1:
            ptrace_detach(pid)
            return -1
        regs = ptrace_getregs(pid)
        res = SYSCALL_NAMES.get(regs.orig_rax)
        if res == "clone" or res == "fork" or res == "vfork" or res == "execve":
            limit = resource.getrlimit(resource.RLIMIT_NPROC)
            if regs.rax > 0 and regs.rax < limit[1]:
                print "create new child: %s" %regs.rax
    return 0

Example #4

File: process.py Project: pavlix/python-ptrace

 def syscall(self, signum=0):
     signum = self.filterSignal(signum)
     ptrace_syscall(self.pid, signum)
     self.is_stopped = False

Example #5

File: process.py Project: haxkor/forkever

 def syscall(self, signum=0):
     signum = self.filterSignal(signum)
     ptrace_syscall(self.pid, signum)
     self.is_stopped = False