[RFC] GSoC 2017 proposal draft: advanced syscall tampering and filtering with Lua
Eugene Syromyatnikov
evgsyr at gmail.com
Thu Mar 30 03:28:55 UTC 2017
Hello.
On Sat, Mar 25, 2017 at 10:58:16PM +0300, Victor Krapivensky wrote:
> The first draft of my proposal can be found here:
>
> https://gist.github.com/shdown/a1f3f2bce1210f55389bacf406030b25
>
> As for now, it is incomplete (does not even contain schedule) and will
> surely be updated and enhanced later.
>
> Please provide some feedback.
The one quite interesting aspect, from my point of view, is the way you
expect to access (and modify) argument data. For example, some syscalls
(like sendmsg or evdev/dm ioctls or siginfo-related ones) have quite
non-trivial argument semantics — pointers upon pointers upon pointers;
related decoders have quite significant amount of code in order to
retrieve them. Note also, that argument decoding also depends on
tracee's ABI and the values of other arguments (various "dispatcher"
calls like ioctl or prctl are good example). Do you have any ideas
regarding the subject?
There was some project last year [1], which constructed some internal
representation of retrieved syscall arguments as a byproduct of its
implementation, but it is strictly tailored for usage by the output
formatting backend.
[1] https://github.com/lineprinter/strace/wiki/GSoC-related-information
More information about the Strace-devel
mailing list