def attach(self): if not self.attached: self.attached = True ptrace_attach(self.pid) if not self.process: self.process = self.tracer.addProcess(self.pid, True) self.maps.extend(self.process.readMappings()[0:4])
def attach(self, seize=False): if self.is_attached: return info("Attach process %s" % self.pid) if not seize: #add by jasper ptrace_attach(self.pid) else: self.is_seized = True ptrace_seize(self.pid) self.is_attached = True
def trace(pid): ptrace_attach(pid) if wait_status() == -1: return -1 print "-- start traceing %d ..." %pid while True: ptrace_syscall(pid) if wait_status() == -1: ptrace_detach(pid) return -1 regs = ptrace_getregs(pid) res = SYSCALL_NAMES.get(regs.orig_rax) if res == "clone" or res == "fork" or res == "vfork" or res == "execve": limit = resource.getrlimit(resource.RLIMIT_NPROC) if regs.rax > 0 and regs.rax < limit[1]: print "create new child: %s" %regs.rax return 0
def attach(self): if self.is_attached: return info("Attach process %s" % self.pid) ptrace_attach(self.pid) self.is_attached = True
def attach(self): return ptrace_attach(self.pid)