Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
Muli Ben-Yehuda wrote: >> 2. Syscall generation - program calls one syscall, you make it call >>three. >> > > Interesting... I assume this is without kernel support (e.g., UML's > SKAs patches). > I wouldn't be able to call it "user space" if it was. I should point out that, ptrace being ptrace, some level of understanding (and even duplication) of what the kernel is doing was necessary. I can think of no syscall so platform dependent as ptrace. I made every attempt (and I'll talk about that as well) to make the code as free of #ifdefs as possible. Shachar ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
On Thu, Jan 17, 2008 at 02:12:31PM +0200, Shachar Shemesh wrote: > 1. Automatic manipulation. Unlike strace, fakeroot-ng actually >changes the program while running. Unlike gdb, it does so >automatically. When I did this in the past, it was always intimately tied to what the victim was doing. I'll be very interested in hearing how you got around it. > 2. Syscall generation - program calls one syscall, you make it call >three. Interesting... I assume this is without kernel support (e.g., UML's SKAs patches). > 3. Recursive debuggers support - run strace (or fakeroot-ng, but at > least at the moment not gdb) from within the fakeroot environment. Fun. Looking forward to the talk. Cheres, Muli ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
Dan Shimshoni wrote: >> Certainly ptrace has been used to both trace and modify running >> binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. >> Yes, I am aware of all of the above except memfetch (I did not remember the names of dumpmem, but I did attend your lecture at the time). fakeroot-ng does take it a step further. I'll just point out a couple or three things (those that are either already implemented or will be implemented by the lecture): 1. Automatic manipulation. Unlike strace, fakeroot-ng actually changes the program while running. Unlike gdb, it does so automatically. 2. Syscall generation - program calls one syscall, you make it call three. 3. Recursive debuggers support - run strace (or fakeroot-ng, but at least at the moment not gdb) from within the fakeroot environment. > You forgot system call tracker hijacking. > syscall-tracker is not a user-space solution. > DS > Shachar ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
>Certainly ptrace has been used to both trace and modify running >binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. You forgot system call tracker hijacking. DS On Jan 17, 2008 1:08 PM, Muli Ben-Yehuda <[EMAIL PROTECTED]> wrote: > On Thu, Jan 17, 2008 at 12:45:10PM +0200, Shachar Shemesh wrote: > > > Fakeroot-ng is a (as far as I know) first attempt to do the things > > usually done with LD_PRELOAD using the ptrace mechanism. It was both > > the trigger and the root cause of this lecture. > > Not sure what you mean by "things usually done with LD_PRELOAD?" > Certainly ptrace has been used to both trace and modify running > binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. I think > I even gave a haifux talk on run-time modification of programs using > ptrace for fun an profit a few years ago. > > > The lecture will look at fakeroot, fakechroot, fakeroot-ng and > > strace, at varying degrees of depths, mostly because all four chose > > slightly different approaches for solving, fundamentally, the same > > problem. > > They did? > > Sounds like an interesting talk, will try to attend. > > [1] http://www.mulix.org/dumpmem.html > [2] http://lcamtuf.coredump.cx/soft/memfetch.tgz > > Cheers, > Muli > > ___ > Haifux mailing list > Haifux@haifux.org > http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux > ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
>I think >I even gave a haifux talk on run-time modification of programs using > ptrace for fun an profit a few years ago. There is surely a profit and a lot of fun around here, but indeed there was a "ptrace - Playing Debugger Chess" lecture by you, http://www.haifux.org/lectures/115/ I don't know who has a profit here (and who has fun...) Rgs, Yossi -Original Message- From: Muli Ben-Yehuda [mailto:[EMAIL PROTECTED] Sent: Thu 1/17/2008 1:08 PM To: Shachar Shemesh Cc: arbel yossi; Haifa linux club; linux-il Subject: Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh On Thu, Jan 17, 2008 at 12:45:10PM +0200, Shachar Shemesh wrote: > Fakeroot-ng is a (as far as I know) first attempt to do the things > usually done with LD_PRELOAD using the ptrace mechanism. It was both > the trigger and the root cause of this lecture. Not sure what you mean by "things usually done with LD_PRELOAD?" Certainly ptrace has been used to both trace and modify running binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. I think I even gave a haifux talk on run-time modification of programs using ptrace for fun an profit a few years ago. > The lecture will look at fakeroot, fakechroot, fakeroot-ng and > strace, at varying degrees of depths, mostly because all four chose > slightly different approaches for solving, fundamentally, the same > problem. They did? Sounds like an interesting talk, will try to attend. [1] http://www.mulix.org/dumpmem.html [2] http://lcamtuf.coredump.cx/soft/memfetch.tgz Cheers, Muli ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
On Thu, Jan 17, 2008 at 12:45:10PM +0200, Shachar Shemesh wrote: > Fakeroot-ng is a (as far as I know) first attempt to do the things > usually done with LD_PRELOAD using the ptrace mechanism. It was both > the trigger and the root cause of this lecture. Not sure what you mean by "things usually done with LD_PRELOAD?" Certainly ptrace has been used to both trace and modify running binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. I think I even gave a haifux talk on run-time modification of programs using ptrace for fun an profit a few years ago. > The lecture will look at fakeroot, fakechroot, fakeroot-ng and > strace, at varying degrees of depths, mostly because all four chose > slightly different approaches for solving, fundamentally, the same > problem. They did? Sounds like an interesting talk, will try to attend. [1] http://www.mulix.org/dumpmem.html [2] http://lcamtuf.coredump.cx/soft/memfetch.tgz Cheers, Muli ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
arbel yossi wrote: > Hi, > It is not clear from this post whether the lecture will deal > with fakeroot-ng or not. The Abstract talks about various techniques > but does not mention fakeroot-ng, while the title includes both. > > Regards, > Yossi > Fakeroot-ng is a (as far as I know) first attempt to do the things usually done with LD_PRELOAD using the ptrace mechanism. It was both the trigger and the root cause of this lecture. The lecture will look at fakeroot, fakechroot, fakeroot-ng and strace, at varying degrees of depths, mostly because all four chose slightly different approaches for solving, fundamentally, the same problem. Shachar ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
Hi, It is not clear from this post whether the lecture will deal with fakeroot-ng or not. The Abstract talks about various techniques but does not mention fakeroot-ng, while the title includes both. Regards, Yossi -Original Message- From: [EMAIL PROTECTED] on behalf of Orr Dunkelman Sent: Thu 1/17/2008 10:15 AM To: Haifa linux club; linux-il Subject: [Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh Next Monday, 21th of Janaury, at 18:30 the Haifa Linux Club, will gather to Shachar Shemesh's lecture about User space syscall tracing and manipulation - fakeroot-ng Abstract Various techniques will be shown for wrapping another program's system calls. All techniques employ user-space only technology. This will range from the trivial (LD_PRELOAD) to the sophisticated (PTRACE+trampoline code). We will also discuss the various advantages and disadvantages of each technique. == We meet in Taub building, room 6. For location information see: http://www.haifux.org/where.html Attendance is free, and you are all invited! == Future Lectures: Crawling in Lightning Everybody! 11/2/2008 Tapping into the Fountain of CPUs---On Operating System Support for Programmable DevicesMuli Ben-Yehuda 25/2/2008 We are always interested in hearing your talks and ideas. If you wish to give a talk, hold a discussion, or just plan some event haifux might be interested in, please contact us at [EMAIL PROTECTED] -- Orr Dunkelman, [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys. The key corresponds to [EMAIL PROTECTED]) ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
