watchpoint/watch.cpp at master · kasikci/watchpoint · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#include <signal.h>
#include <syscall.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/user.h>

int var;

enum {
  DR7_BREAK_ON_EXEC  = 0,
  DR7_BREAK_ON_WRITE = 1,
  DR7_BREAK_ON_RW    = 3,
};

enum {
  DR7_LEN_1 = 0,
  DR7_LEN_2 = 1,
  DR7_LEN_4 = 3,
};

typedef struct {
  char l0:1;
  char g0:1;
  char l1:1;
  char g1:1;
  char l2:1;
  char g2:1;
  char l3:1;
  char g3:1;
  char le:1;
  char ge:1;
  char pad1:3;
  char gd:1;
  char pad2:2;
  char rw0:2;
  char len0:2;
  char rw1:2;
  char len1:2;
  char rw2:2;
  char len2:2;
  char rw3:2;
  char len3:2;
} dr7_t;

//typedef void sighandler_t(int, siginfo_t*, void*);

void trap(int sig, siginfo_t* info, void* ctx) {
  printf("new value: %d\n", var);
}

int watchpoint(void* addr) {
  pid_t child;
  pid_t parent = getpid();
  struct sigaction trap_action;
  int child_stat = 0;

  sigaction(SIGTRAP, NULL, &trap_action);
  trap_action.sa_sigaction = trap;
  trap_action.sa_flags = SA_SIGINFO | SA_RESTART | SA_NODEFER;
  sigaction(SIGTRAP, &trap_action, NULL);

  if ((child = fork()) == 0) {
    int retval = EXIT_SUCCESS;

    dr7_t dr7 = {0};
    dr7.l0 = 1;
    dr7.rw0 = DR7_BREAK_ON_RW;
    dr7.len0 = DR7_LEN_4;

    if (ptrace(PTRACE_ATTACH, parent, NULL, NULL)) {
      exit(EXIT_FAILURE);
    }

    wait(NULL);
    printf("put\n");
    if (ptrace(PTRACE_POKEUSER, parent, offsetof(struct user, u_debugreg[0]), (void*)&var)) {
      retval = EXIT_FAILURE;
    }

    if (ptrace(PTRACE_POKEUSER, parent, offsetof(struct user, u_debugreg[7]), dr7)) {
      retval = EXIT_FAILURE;
    }

    if (ptrace(PTRACE_DETACH, parent, NULL, NULL)) {
      retval = EXIT_FAILURE;
    }

    exit(retval);
  }

  waitpid(child, &child_stat, 0);
  if (WEXITSTATUS(child_stat)) {
    printf("child exit !0\n");
    return 1;
  }

  return 0;
}

int main(int argc, char * argv[]) {
  int i;

  printf("init value: %d\n", var);

  watchpoint(&var);

  for (i = 0; i < 10; i++) {
    var++;
  }
  if(var)
    printf("var");

  return 0;
}