diff --git a/src/basset.cpp b/src/basset.cpp index 358ab06..d30182d 100644 --- a/src/basset.cpp +++ b/src/basset.cpp @@ -4,6 +4,13 @@ #include #include +#include + +#undef PTRACE_GET_SYSCALL_INFO +#undef PTRACE_SETOPTIONS +#undef PTRACE_SYSCALL +#undef PTRACE_TRACEME + #include using std::cerr; @@ -30,8 +37,40 @@ int main(int argc, char *argv[]) { } else if (WIFSTOPPED(wstatus)) { cerr << pid << " stopped\n"; - if (ptrace(PTRACE_CONT, pid, nullptr, nullptr) == -1) { - perror("cannot ptrace(PTRACE_CONT)"); + if (ptrace(PTRACE_SETOPTIONS, pid, nullptr, + PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | + PTRACE_O_TRACEVFORK | PTRACE_O_TRACEEXEC | + PTRACE_O_TRACESYSGOOD) == -1) { + perror("cannot ptrace(PTRACE_SETOPTIONS)"); + } + + ptrace_syscall_info data; + + if (auto res = + ptrace(PTRACE_GET_SYSCALL_INFO, pid, sizeof(data), &data)) { + if (res == -1) { + perror("cannot ptrace(PTRACE_GET_SYSCALL_INFO)"); + } else if (res > sizeof(data)) { + cerr << "some data truncated\n"; + } else { + switch (data.op) { + case PTRACE_SYSCALL_INFO_ENTRY: + cerr << "entering syscall " << data.entry.nr << '\n'; + break; + case PTRACE_SYSCALL_INFO_EXIT: + cerr << "syscall returned " << data.exit.rval << '\n'; + break; + case PTRACE_SYSCALL_INFO_SECCOMP: + case PTRACE_SYSCALL_INFO_NONE: + default: + cerr << "unexpected syscall operation: " + << static_cast(data.op) << '\n'; + } + } + } + + if (ptrace(PTRACE_SYSCALL, pid, nullptr, nullptr) == -1) { + perror("cannot ptrace(PTRACE_SYSCALL)"); } } else if (WIFCONTINUED(wstatus)) { cerr << pid << " continued\n";