支持32位进程、支持指定指定syscall函数名

SeeFlowerX · Nov 24, 2022 · fabd62a · fabd62a
1 parent b988ca9
commit fabd62a
Show file tree

Hide file tree

Showing 9 changed files with 480 additions and 25 deletions.
diff --git a/Makefile b/Makefile
@@ -34,7 +34,7 @@ ebpf:
 
 .PHONY: assets
 assets:
-	$(CMD_GO) run github.com/shuLhan/go-bindata/cmd/go-bindata -pkg assets -o "app/assets/ebpf_probe.go" $(wildcard ./app/bytecode/*.o app/config/table.json)
+	$(CMD_GO) run github.com/shuLhan/go-bindata/cmd/go-bindata -pkg assets -o "app/assets/ebpf_probe.go" $(wildcard ./app/bytecode/*.o app/config/table*.json)
 
 .PHONY: build
 build:

diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@ adb shell chmod +x /data/local/tmp/estrace
 进入`adb shell`，`在root用户下`执行命令，示例如下
 
 ```bash
-/data/local/tmp/estrace --name com.starbucks.cn --nr 221 --getlr -o trace.log
+/data/local/tmp/estrace --name com.starbucks.cn --syscall execve --getlr -o trace.log
 ```
 
 ![](./images/Snipaste_2022-11-22_17-10-18.png)
@@ -103,9 +103,8 @@ adb push bin/estrace /data/local/tmp
 
 # TODO
 
-- 支持32位进程
 - 更详细的信息输出
-- 指定syscall函数名而不是系统调用号
+- 对于启动的shell进程似乎追踪不到返回结果，待优化逻辑
 
 # Thanks
 

diff --git a/app/config/config_global.go b/app/config/config_global.go
@@ -8,6 +8,7 @@ type GlobalConfig struct {
     Uid      uint64
     Pid      uint64
     NR       uint64
+    SysCall  string
     LogFile  string
     Is32Bit  bool
     ExecPath string
@@ -18,6 +19,15 @@ type Filter struct {
     pid uint32
     nr  uint32
 }
+
+func (this *Filter) GetNR() uint32 {
+    return this.nr
+}
+
+func (this *Filter) UpdateNR(nr uint32) {
+    this.nr = nr
+}
+
 type Arch struct {
     is_32bit bool
 }

diff --git a/app/config/config_sys.go b/app/config/config_sys.go
@@ -1,5 +1,10 @@
 package config
 
+import (
+	"fmt"
+	"strconv"
+)
+
 type TableConfig struct {
 	Count uint32
 	Name  string
@@ -13,6 +18,31 @@ func NewSysTableConfig() SysTableConfig {
 	return config
 }
 
-func loadConfig() {
-	// 从assets中直接加载 解析为结构体
+func (this *SysTableConfig) GetNR(syscall string) (int, error) {
+	target_nr := -1
+	for nr, config := range *this {
+		if config.Name == syscall {
+			nr, _ := strconv.ParseUint(nr, 10, 32)
+			target_nr = int(nr)
+		}
+	}
+	if target_nr == -1 {
+		return target_nr, fmt.Errorf("can not find nr for syscall:%s", syscall)
+	}
+	return target_nr, nil
+}
+
+func (this *SysTableConfig) CheckNR(nr uint32) error {
+	nr_str := strconv.FormatUint(uint64(nr), 10)
+	has_nr := false
+	for nr := range *this {
+		if nr == nr_str {
+			has_nr = true
+			break
+		}
+	}
+	if !has_nr {
+		return fmt.Errorf("invalid nr:%d", nr)
+	}
+	return nil
 }