def run_tracee(tracee_binary):
'''
load tracee binary into memory.
return tracee pid
'''
# start tracee process and load tracee_binary into memory
pid = os.fork()
if pid == 0: # within tracee
# make tracee process tracable for tracer
pyptrace.traceme()
# stop and wake up tracer
os.kill(os.getpid(), signal.SIGSTOP)
# load tracee_binary
abs_tracee_binary_path = os.path.abspath(tracee_binary)
tracee_binary_name = os.path.basename(abs_tracee_binary_path)
ret = os.execv(abs_tracee_binary_path, [tracee_binary_name])
if ret:
raise Exception('execv failed, we were in bit trouble now')
elif pid > 0: # within tracer
# wait for tracee to set traceme
os.waitpid(pid, 0)
# set PTRACE_O_EXITKILL for tracee
pyptrace.setoptions(pid, pyptrace.PTRACE_O_EXITKILL)
# make tracee run execve
pyptrace.cont(pid)
# wait for execve of tracee to stop
os.waitpid(pid, 0)
# we've done our job
# tracee has been started and pause now
else:
# ignore
pass
return pid
评论列表
文章目录
