Add FunctionExecutionModel, use ptrace #8
Description
model design:
struct FunctionExecutionModel {
std::shared_ptr<SymbolName> function;
std::chrono::high_resolution_clock::time_point start;
std::chrono::high_resolution_clock::time_point end;
std::vector<std::unique_ptr<AnyObject>> arguments; // should be any extra data?
std::unique_ptr<AnyObject> result; // should be any extra data?
};
struct AnyObject { // TODO: rename it
ObjectType type;
std::string data;
};ptrace references:
http://www.linuxjournal.com/article/6100?page=0,1
http://www.linuxjournal.com/article/6210
https://github.com/toddlipcon/pmp/blob/master/pmp.cc
http://man7.org/linux/man-pages/man2/ptrace.2.html
https://stackoverflow.com/questions/20510300/ptrace-detach-fails-after-ptrace-cont-with-errno-esrch
https://unix.stackexchange.com/questions/258955/what-does-esrch-mean
breakpoint implementation A
get method table
replace instruction to 0xcc
receive sigint
replace instruction back
next step
replace instruction to 0xcc
breakpoint implementation B (more stable)
set function enter breakpoint
- get method table
- replace instruction to 0xcc
- allocate memory of restore point and fill with { original instruction, jmp to next instruction }
set function exit breakpoint
- enumerate assembly instructions (in function address range)
- find `ret` (there may be more than one)
- replace instruction to 0xcc
- allocate memory of restore point and fill with { original instruction(ret) }
receive sigint
- dump context
- find thread id
- if breakpoint is function enter
- set threads[id].function = function
- set threads[id].start = now
- if breakpoint is function exit
- get threads[id].function
- get threads[id].start
- build FunctionExecutionModel and feed analyzer
- set context.pc = restore point
- load context
Should add backtrace when function is called?
It's useful to analysis calls like malloc or new.