GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sydbox → pinktrace

sydbox / pinktrace

Licence: other
Pink's Tracing Library

Programming Languages

c
50402 projects - #5 most used programming language
perl
6916 projects
python
139335 projects - #7 most used programming language
M4
1887 projects
Makefile
30231 projects
shell
77523 projects

Labels

x86-64doxygenx86itaniumarm64aarch64autotoolspowerpcstracepydoctorpowerpc64

Projects that are alternatives of or similar to pinktrace

Keystone
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
Stars: ✭ 1,654 (+8170%)
Mutual labels:  x86-64, x86, arm64, powerpc
Rappel
A linux-based assembly REPL for x86, amd64, armv7, and armv8
Stars: ✭ 818 (+3990%)
Mutual labels:  x86-64, x86, arm64, aarch64
Unisimd Assembler
SIMD macro assembler unified for ARM, MIPS, PPC and x86
Stars: ✭ 63 (+215%)
Mutual labels:  x86-64, x86, aarch64, powerpc
Keypatch
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Stars: ✭ 939 (+4595%)
Mutual labels:  x86-64, x86, arm64, powerpc
Mandibule
linux elf injector for x86 x86_64 arm arm64
Stars: ✭ 171 (+755%)
Mutual labels:  x86-64, x86, arm64, aarch64
Capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Stars: ✭ 5,374 (+26770%)
Mutual labels:  x86-64, x86, arm64, powerpc
Unicorn
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, X86)
Stars: ✭ 4,934 (+24570%)
Mutual labels:  x86-64, x86, arm64, powerpc
profiler-api
The portable version of JetBrains profiler API for .NET Framework / .NET Core / .NET / .NET Standard / Mono
Stars: ✭ 21 (+5%)
Mutual labels:  x86-64, x86, arm64, aarch64
Reko
Reko is a binary decompiler.
Stars: ✭ 942 (+4610%)
Mutual labels:  x86-64, x86, aarch64
Docker Homebridge
Homebridge Docker. HomeKit support for the impatient using Docker on x86_64, Raspberry Pi (armhf) and ARM64. Includes ffmpeg + libfdk-aac.
Stars: ✭ 1,847 (+9135%)
Mutual labels:  x86-64, arm64, aarch64
Mcsema
Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode
Stars: ✭ 2,198 (+10890%)
Mutual labels:  x86-64, x86, aarch64
Asmjit
Machine code generation for C++
Stars: ✭ 2,874 (+14270%)
Mutual labels:  x86-64, x86, aarch64
Wag
WebAssembly compiler implemented in Go
Stars: ✭ 177 (+785%)
Mutual labels:  x86-64, arm64, aarch64
libcluon
libcluon is a small and efficient, single-file and header-only library written in modern C++ to power microservices.
Stars: ✭ 81 (+305%)
Mutual labels:  x86-64, aarch64, powerpc
peekaboo
An standalone execution trace library built on DynamoRIO.
Stars: ✭ 17 (-15%)
Mutual labels:  x86-64, x86, aarch64
Corehook
A library that simplifies intercepting application function calls using managed code and the .NET Core runtime
Stars: ✭ 191 (+855%)
Mutual labels:  x86-64, x86, arm64
cross
“Zero setup” cross compilation and “cross testing” of Rust crates
Stars: ✭ 3,550 (+17650%)
Mutual labels:  x86, aarch64, powerpc
fdtd3d
fdtd3d is an open source 1D, 2D, 3D FDTD electromagnetics solver with MPI, OpenMP and CUDA support for x86, arm, arm64 architectures
Stars: ✭ 77 (+285%)
Mutual labels:  x86, arm64, aarch64
Cemu
Cheap EMUlator: lightweight multi-architecture assembly playground
Stars: ✭ 666 (+3230%)
Mutual labels:  x86-64, aarch64, powerpc
Arm now
arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose.
Stars: ✭ 719 (+3495%)
Mutual labels:  x86-64, x86, powerpc
View All Similar Projects ➔

PinkTrace: Pink's Tracing Library

C99 library which is a lightweight wrapper for ptrace hiding away architectural details.

Please read the file INSTALL-git for installation instructions.

Download

Release tarballs are located at https://dev.exherbo.org/distfiles/pinktrace/

The main GIT is located at exherbo.org. To clone, use one of:

There's a GitHub mirror at https://github.com/sydbox/pinktrace. To clone, use one of:

Description

Using PinkTrace, it is easily possible to read/change system calls or system call arguments. This means you can deny a specific system call from executing altogether or only if a system call argument matches a certain value. You can also change the system call to execute a different system call or change the arguments of the system call so it takes a different integer or a different string as argument.

Reference

An extensive API reference is available at https://dev.exherbo.org/~alip/pinktrace/api/c/

Background

The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.

  • See ptrace manual page on more information regarding ptrace.
  • See strace which is a diagnostic, debugging and instructional userspace utility for Linux which also uses ptrace().
  • See gdb for the GNU Debugger which allows you to see what is going on inside another program while it executes using ptrace().

Operating Systems

PinkTrace runs on Linux only. Version 5.0.0 or later is recommended. Enabling the CONFIG_CROSS_MEMORY_ATTACH kernel option allows PinkTrace to make use of the process_vm_readv, and process_vm_writev system calls to transfer data to and from tracee's address space which is much faster and more reliable than using ptrace to do the same.

Note: Make sure you run PinkTrace on a system with ptrace() enabled. One of the most common ways to restrict ptrace() usage is Yama. Use the command sysctl kernel.yama.ptrace_scope to check if ptrace() usage is restricted. The sysctl settings (writable only with CAP_SYS_PTRACE) are:

0 - classic ptrace permissions: a process can PTRACE_ATTACH to any other
    process running under the same uid, as long as it is dumpable (i.e.
    did not transition uids, start privileged, or have called
    prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
    unchanged.

1 - restricted ptrace: a process must have a predefined relationship
    with the inferior it wants to call PTRACE_ATTACH on. By default,
    this relationship is that of only its descendants when the above
    classic criteria is also met. To change the relationship, an
    inferior can call prctl(PR_SET_PTRACER, debugger, ...) to declare
    an allowed debugger PID to call PTRACE_ATTACH on the inferior.
    Using PTRACE_TRACEME is unchanged.

2 - admin-only attach: only processes with CAP_SYS_PTRACE may use ptrace
    with PTRACE_ATTACH, or through children calling PTRACE_TRACEME.

3 - no attach: no processes may use ptrace with PTRACE_ATTACH nor via
    PTRACE_TRACEME. Once set, this sysctl value cannot be changed.

Architectures

PinkTrace is supported on the following architectures:

License

PinkTrace is released under the terms of the GNU Lesser General Public License version 2.1 or later; see the file COPYING for details. PinkTrace Python bindings is released under the terms of the CNRI Python Open Source GPL Compatible License Agreement; see the file python/COPYING for details.

Bugs

Hey you, out there beyond the wall,
Breaking bottles in the hall,
Can you help me?

You may use the PinkTrace GitHub page to submit issues or pull requests.

You may also contact the primary author Alï Polatel directly for any questions. Mail is preferred. Attaching poems encourages consideration tremendously.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].