stracers-core 0.1.0

Library for tracing system calls and signals
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

/// Represents a single syscall that has been observed (after both entry and exit).
pub struct SyscallEvent {
    pub pid: i32,
    pub number: u64,
    pub name: Option<&'static str>,
    pub args: [u64; 6],
    pub ret: Option<i64>,
    pub decoded_args: Vec<DecodedArg>,
}

/// A pretty-printed syscall argument.
pub enum DecodedArg {
    /// Raw hex value (fallback when no decoding is available).
    Raw(u64),
    /// File descriptor, e.g. `3` or a symbolic name like `AT_FDCWD`.
    Fd(i32),
    /// Null-terminated path string read from tracee memory.
    Path(String),
    /// Bitwise OR of named flags, e.g. `O_RDONLY|O_CLOEXEC`.
    Flags(String),
    /// A buffer shown as a quoted byte string (truncated).
    Buf(Vec<u8>, usize),
    /// An opaque pointer/address, displayed as hex.
    Addr(u64),
    /// A plain integer (signed).
    Int(i64),
    /// An unsigned size value.
    Size(u64),
}

impl std::fmt::Display for DecodedArg {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            DecodedArg::Raw(v) => write!(f, "{:#x}", v),
            DecodedArg::Fd(fd) => {
                match *fd {
                    -100 => write!(f, "AT_FDCWD"),
                    _ => write!(f, "{}", fd),
                }
            }
            DecodedArg::Path(s) => write!(f, "\"{}\"", s),
            DecodedArg::Flags(s) => write!(f, "{}", s),
            DecodedArg::Buf(bytes, total_len) => {
                write!(f, "\"")?;
                for &b in bytes.iter().take(32) {
                    match b {
                        b'\n' => write!(f, "\\n")?,
                        b'\r' => write!(f, "\\r")?,
                        b'\t' => write!(f, "\\t")?,
                        b'\\' => write!(f, "\\\\")?,
                        b'"' => write!(f, "\\\"")?,
                        0x20..=0x7e => write!(f, "{}", b as char)?,
                        _ => write!(f, "\\x{:02x}", b)?,
                    }
                }
                write!(f, "\"")?;
                if *total_len > 32 {
                    write!(f, "...({} bytes)", total_len)?;
                }
                Ok(())
            }
            DecodedArg::Addr(v) => {
                if *v == 0 {
                    write!(f, "NULL")
                } else {
                    write!(f, "{:#x}", v)
                }
            }
            DecodedArg::Int(v) => write!(f, "{}", v),
            DecodedArg::Size(v) => write!(f, "{}", v),
        }
    }
}