Dumping syscall args

src/CMakeLists.txt

@@ -1 +1 @@
-add_executable(sandbox main.c param.c sandbox.c ovr_syscall/ovr_write.c ovr_syscall/ovr_open.c ovr_syscall/ovr_close.c)
+add_executable(sandbox main.c exec.c param.c sandbox.c ovr_syscall/ovr_write.c ovr_syscall/ovr_open.c ovr_syscall/ovr_close.c)

src/exec.c

@@ -0,0 +1,11 @@
+#include <unistd.h>
+#include "sandbox.h"
+
+void doExec(int pid_parent, const t_param *params)
+{
+	char **argv = (char **)params->cmd;
+
+	//TODO check return value
+	execvp(argv[0], argv);
+}
+

src/ovr_syscall/ovr_close.c

@@ -7,10 +7,9 @@
 /* DEBUG HEADER */
 #include <stdio.h>
 
-int ovr_close(struct s_sandboxenv *env, unsigned long long int _fd,
-				unsigned long long int _none_0, unsigned long long int _none_1)
+int ovr_close(struct s_sandboxenv *env)
 {
-	int fd = (int) _fd;
+	int fd = (int) env->syscall_args[0];
 
 
 	printf("DO close ! ([%d])\n", fd);

src/ovr_syscall/ovr_open.c

@@ -7,13 +7,11 @@
 /* DEBUG HEADER */
 #include <stdio.h>
 
-int ovr_open(struct s_sandboxenv *env, unsigned long long int _pathname,
-				unsigned long long int _flags, unsigned long long int _mode)
+int ovr_open(struct s_sandboxenv *env)
 {
-	const char *pathname = (const char *) _pathname;
-	int flags = (int) _flags;
-	mode_t mode = (mode_t) _mode;
-
+	const char *pathname = (const char *) env->syscall_args[0];
+	int flags = (int) env->syscall_args[1];
+	mode_t mode = (mode_t) env->syscall_args[2];
 
 	printf("DO open ! ([%x], [%d], [%d])\n", pathname, flags, mode);
 	fflush(stdout);

src/ovr_syscall/ovr_write.c

@@ -4,16 +4,14 @@
 /* DEBUG HEADER */
 #include <stdio.h>
 
-int ovr_write(struct s_sandboxenv *env, unsigned long long int _fd,
-				unsigned long long int _buf, unsigned long long int _buflen)
+int ovr_write(struct s_sandboxenv *env)
 {
-	int fd = (int) _fd;
-	int buflen = (int) _buflen;
-	//char *buf = strndup((char*)_buf, buflen);
-	char *buf = (char *) _buf;
+	int fd = (int) env->syscall_args[0];
+	char *buf = (char *) env->syscall_args[1];
+	int buflen = (int) env->syscall_args[2];
 
 
-	printf("DO WRITE ! ([%d], [%x], [%d])\n", env->registers.rbx, (size_t) buf, buflen);
+	printf("DO WRITE ! ([%d], [%x], [%d])\n", fd, buf, buflen);
 	fflush(stdout);
 	//env->registers.orig_rax = -1;
 	return 0;

src/param.c

@@ -4,6 +4,8 @@
 #include <string.h>
 #include "sandbox.h"
 
+// TODO man 2 getopt
+
 void print_help(const char *progname, int exit_status)
 {
 	fprintf(stderr, "Usage: %s [options] [--] command\n", progname);

src/sandbox.c

@@ -1,36 +1,29 @@
-
 #include <sys/ptrace.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/reg.h>
+#include <sys/uio.h>
 #include <strings.h>
+#include <string.h>
 #include <unistd.h>
+#include <elf.h>
 #include "sandbox.h"
 
-
 /* DEBUG HEADER */
 #include <stdio.h>
 
-void doExec(int pid_parent, const t_param *params)
-{
-	char **argv = (char **)params->cmd;
-
-	//TODO check return value
-	execvp(argv[0], argv);
-}
-
-int manageSyscall(struct s_sandboxenv *env)
+static inline void get_args(struct s_sandboxenv *env)
 {
-	t_syscall_fnc ovr_fnc;
-
-	/*
-		printf("CALL %d\n", (int) env->registers.orig_rax);
-		fflush(stdout);
-	*/
-	if (env->registers.orig_rax >= NR_syscalls ||
-			!(ovr_fnc = env->functions[(int) env->registers.orig_rax]))
-		return 0;
-	(ovr_fnc)(env, env->registers.rbx, env->registers.rcx, env->registers.rdx);
-	return 1;
+#ifdef __x86_64__
+	REGISTER_TYPE result[] = { env->registers.rdi, env->registers.rsi,
+			env->registers.rdx, env->registers.r10,
+			env->registers.r8, env->registers.r9 };
+#else
+	REGISTER_TYPE result[] = { env->registers.ebx, env->registers.ecx,
+			env->registers.edx, env->registers.esi,
+			env->registers.edi, env->registers.ebp };
+#endif
+	memcpy(env->syscall_args, result, sizeof(REGISTER_TYPE) * 6);
 }
 
 static inline void init_syscalls(struct s_sandboxenv *env)
@@ -51,10 +44,23 @@ static inline int waitForSyscall(const int pid)
 	return 0;
 }
 
+int manageSyscall(struct s_sandboxenv *env)
+{
+	t_syscall_fnc ovr_fnc;
+
+	if (env->registers.orig_rax >= NR_syscalls ||
+			!(ovr_fnc = env->functions[(int) env->registers.orig_rax]))
+		return 0;
+	get_args(env);
+	(ovr_fnc)(env);
+	return 1;
+}
+
 void doTrace(int pid, const t_param *params)
 {
 	int status;
 	struct s_sandboxenv sandbox_env;
+	struct iovec iov = { &(sandbox_env.registers), sizeof(sandbox_env.registers) };
 
 	ptrace(PTRACE_ATTACH, pid, 0, 0);
 	kill(pid, SIGTRAP);
@@ -67,14 +73,14 @@ void doTrace(int pid, const t_param *params)
 	{
 		if (waitForSyscall(pid))
 			break;
-
-		ptrace(PTRACE_GETREGS, pid, 0, &(sandbox_env.registers));
-		// getregsset ?
+		ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov);
 		if (manageSyscall(&sandbox_env))
 			ptrace(PTRACE_SETREGS, pid, 0, &(sandbox_env.registers));
-
 		if (waitForSyscall(pid))
 			break;
+		iov.iov_len = sizeof(sandbox_env.registers);
+		ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov);
+		manageSyscall(&sandbox_env);
 	}
 }
 

src/sandbox.h

@@ -8,44 +8,25 @@
 #  define NR_syscalls 386
 # endif
 
-/*
-# if defined __x86_64__
-#   define RAX rax
-#   define RBX rbx
-#   define RCX rcx
-#   define RDX rdx
-#   define RSP rsp
-#   define RBP rbp
-#   define RIP rip
-#   define RDI rdi
-#   define RSI rsi
-#   define FMT "%016lx"
+# ifdef __x86_64__
+#  define REGISTER_TYPE unsigned long long int
 # else
-#   define RAX eax
-#   define RBX ebx
-#   define RCX ecx
-#   define RDX edx
-#   define RSP esp
-#   define RBP ebp
-#   define RIP eip
-#   define RDI edi
-#   define RSI esi
-#   define FMT "%08lx"
+#  define REGISTER_TYPE long int
 # endif
-*/
 
 typedef struct {
 	const char **cmd;
 } t_param;
 
 struct s_sandboxenv;
-typedef int(* t_syscall_fnc)(struct s_sandboxenv *, unsigned long long int, unsigned long long int, unsigned long long int);
+typedef int(* t_syscall_fnc)(struct s_sandboxenv *);
 
 struct s_sandboxenv {
 	const t_param *params;
 	t_syscall_fnc functions[NR_syscalls];
 	int child_pid;
 	struct user_regs_struct registers;
+	REGISTER_TYPE syscall_args[6];
 };
 
 /* params.c */
@@ -54,6 +35,11 @@ t_param *parse_argv(const char **av);
 
 /* sandbox.c */
 int launch_program(const t_param *params);
+int manageSyscall(struct s_sandboxenv *env);
+void doTrace(int pid, const t_param *params);
+
+/* exec.c */
+void doExec(int pid_parent, const t_param *params);
 
 # include "sandbox_syscall.h"
 

src/sandbox_syscall.h

@@ -1,10 +1,8 @@
 #ifndef  SANDBOX_SYSCALL_H__
 # define SANDBOX_SYSCALL_H__
 
-# define SANDBOX_OVERRITE_PARAMS struct s_sandboxenv *, unsigned long long int, unsigned long long int, unsigned long long int
-
-int ovr_open(SANDBOX_OVERRITE_PARAMS);
-int ovr_close(SANDBOX_OVERRITE_PARAMS);
-int ovr_write(SANDBOX_OVERRITE_PARAMS);
+int ovr_open(struct s_sandboxenv *);
+int ovr_close(struct s_sandboxenv *);
+int ovr_write(struct s_sandboxenv *);
 
 #endif /* SANDBOX_SYSCALL_H__ */