hstrace 0.0.5

Syscall tracing from command line and as a library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

use crate::value::map_output;
use crate::value::Value;
use crate::Ident;
use crate::SyscallParameters;
use crate::{Definition, SyscallError};
use colored::Colorize;
use std::fmt;

/// This will format line
pub struct TraceOutput {
    /// Process id where syscall occured
    pub pid: usize,

    /// Syscall index number for current kernel
    pub nr: usize,

    /// Syscall name, if it was resolved
    pub ident: Ident,

    /// In-out variables
    pub variables: Vec<Value>,

    /// Out return code
    pub out: Option<Result<Value, SyscallError>>,
}

impl TraceOutput {
    pub(crate) fn new(ident: Ident, nr: usize, variables: Vec<Value>, pid: usize) -> Self {
        TraceOutput {
            ident,
            nr,
            variables,
            out: None,
            pid,
        }
    }

    pub(crate) fn from_definition<T>(
        ptrace: &mut T,
        definition: &Definition,
        info: &SyscallParameters,
    ) -> Self
    where
        T: crate::Tracer,
    {
        let mut variables: Vec<Value> = Vec::new();

        // FIXME this initialization could be more performant, but type should be Vec<Option<Value>>, notice rev below
        for _ in 0..definition.var_types.len() {
            variables.push(Value::None);
        }

        for (idx, var_type) in definition.var_types.iter().enumerate().rev() {
            let mapped_val = info.transform_value(idx, ptrace, var_type, &variables);

            variables[idx] = mapped_val;
        }

        TraceOutput::new(definition.ident, info.nr, variables, info.pid)
    }

    pub(crate) fn update_exit<T>(&mut self, ptrace: &mut T, info: &SyscallParameters)
    where
        T: crate::Tracer,
    {
        let definition = info.get_definition().unwrap();

        // set output
        self.out = Some(map_output(
            &definition.out_value,
            info.exit.is_error,
            info.exit.rval,
        ));

        // set variables
        let mut updated_variables: Vec<Option<Value>> = Vec::with_capacity(self.variables.len());

        for idx in 0..self.variables.len() {
            let val =
                info.transform_value(idx, ptrace, &definition.var_types[idx], &self.variables);

            if let Value::Skip = val {
                // skip this, was input value
                updated_variables.push(None);
            } else {
                //*out = val;
                updated_variables.push(Some(val));
            }
        }

        for (idx, transformed_input) in updated_variables.into_iter().enumerate() {
            if let Some(input) = transformed_input {
                self.variables[idx] = input;
            }
        }
    }
}

impl fmt::Debug for TraceOutput {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        let var_strs: Vec<String> = self
            .variables
            .iter()
            .map(|a| format!("{}", format!("{:?}", a).cyan()))
            .collect();

        let ident_str = match &self.ident {
            Ident::Unknown => format!("__unknown"),
            _ => format!("{}", self.ident.to_string().to_lowercase()),
        }
        .yellow();

        let out_var = match self.out.as_ref() {
            Some(o) => match o {
                Ok(o) => format!("{:?}", o).green(),
                Err(e) => format!("-1 {:?} ({})", e, e.to_errno().desc()).magenta(),
            },
            None => format!("?").yellow(),
        };

        write!(
            f,
            "[{}] {}{}{}{} = {}", // [pid] ...
            self.pid,
            ident_str,
            "(".purple(),
            var_strs.join(", "),
            ")".purple(),
            out_var,
        )
    }
}