From f70369ec987890591012faab157482be337e281c Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 21 Jul 2025 16:56:18 +0200 Subject: [PATCH] thesis: Complete 2.8 --- thesis/Makefile | 2 +- thesis/listings/intercept-client.txt | 73 ++++++++++++++++++++++++++++ thesis/src/02.intercept.tex | 35 ++++++++++--- 3 files changed, 103 insertions(+), 7 deletions(-) create mode 100644 thesis/listings/intercept-client.txt diff --git a/thesis/Makefile b/thesis/Makefile index a4f0038..e874184 100644 --- a/thesis/Makefile +++ b/thesis/Makefile @@ -2,7 +2,7 @@ .PHONY: all clean clean-out all: thesis.pdf clean-out -%.pdf: %.tex $(wildcard src/*) +%.pdf: %.tex $(wildcard src/*) $(wildcard listings/*) latexmk -pdf $< clean: diff --git a/thesis/listings/intercept-client.txt b/thesis/listings/intercept-client.txt new file mode 100644 index 0000000..38444fd --- /dev/null +++ b/thesis/listings/intercept-client.txt @@ -0,0 +1,73 @@ +1747639484.855979238 17036 17036 \ + getopt(2, 0x7ffdff7b20b8:[0x7ffdff7b3eb3:"/home/lorenz/client", 0x7ffdff7b3ee6:\ + "http://www.complang.tuwien.ac.at/"], 0x61520b0190f2:"hp:o:d:"): 0x61520b017ac5 \ + (/home/lorenz/client+0x1ac5, client.c:186) +1747639484.856009998 17036 17036 \ + return -1 +1747639484.859018930 17036 17036 \ + getaddrinfo(0x7ffdff7b0e70:"www.complang.tuwien.ac.at", 0x61520b019052:"http", 0x7ffdff7b0c30:\ + [{ai_flags: 0x0:|, ai_family: 0:AF_UNSPEC, ai_socktype: 1:SOCK_STREAM, ai_protocol: 0, \ + ai_addrlen: 0, ai_addr: (nil):{}, ai_canonname: (nil):"", ai_next: (nil)}], 0x7ffdff7b0c10): \ + 0x61520b01747b (/home/lorenz/client+0x147b, client.c:74) +1747639484.870971294 17036 17036 \ + return 0:SUCCESS; errno 0; res=0x615238e79e00:[{ai_flags: 0x0:|, ai_family: 2:AF_INET, \ + ai_socktype: 1:SOCK_STREAM, ai_protocol: 6, ai_addrlen: 16, ai_addr: 0x615238e79e30:{sa_family: \ + 2:AF_INET, sin_addr: "128.130.173.64", sin_port: 80}, ai_canonname: (nil):"", ai_next: (nil)}] +1747639484.870983698 17036 17036 \ + socket(2:AF_INET, 1:SOCK_STREAM, 6): 0x61520b0174f2 (/home/lorenz/client+0x14f2, client.c:81) +1747639484.870991734 17036 17036 \ + return 7; errno 0 +1747639484.870998006 17036 17036 \ + connect(7, 0x615238e79e30:{sa_family: 2:AF_INET, sin_addr: "128.130.173.64", sin_port: 80}, 16): \ + 0x61520b0175f3 (/home/lorenz/client+0x15f3, client.c:104) +1747639484.877322756 17036 17036 \ + return 0; errno 0 +1747639484.877333157 17036 17036 \ + freeaddrinfo(0x615238e79e00): 0x61520b017638 (/home/lorenz/client+0x1638, client.c:114) +1747639484.877358736 17036 17036 \ + return +1747639484.877364678 17036 17036 \ + send(7, 0x7ffdff7b0f70:"GET / HTTP/1.1\r\nHost: www.complang.tuwien.ac.at\r\nUser-Agent: \ + osue-12119052/1.0\r\nConnection: close\r\n\r\n", 101, 0x0:|): 0x61520b017f5c \ + (/home/lorenz/client+0x1f5c, client.c:277) +1747639484.877385048 17036 17036 \ + return 101; errno 0 +1747639484.877390719 17036 17036 \ + recv(7, 0x7ffdff7b0f70, 4095, 0x2:|MSG_PEEK|): 0x61520b017fa1 (/home/lorenz/client+0x1fa1, \ + client.c:284) +1747639484.885364636 17036 17036 \ + return 2674; errno 0; buf=0x7ffdff7b0f70:"HTTP/1.1 200 OK\r\n\ + Date: Mon, 19 May 2025 07:24:44 GMT\r\n\ + Server: Apache/2.4.62 (Debian) OpenSSL/3.0.15\r\n\ + Last-Modified: Thu, 25 Aug 2022 14:41:10 GMT\r\n\ + ETag: \"944-5e711c9dd0ce5\"\r\nAccept-Ranges: bytes\r\nContent-Length: 2372\r\n\ + Vary: Accept-Encoding\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\ + \n\n\ +[-- omitted --] + \n" +1747639484.889134948 17036 17036 \ + recv(7, 0x7ffdff7b0f70, 302, 0x0:|): 0x61520b018062 (/home/lorenz/client+0x2062, client.c:300) +1747639484.889148325 17036 17036 \ + return 302; errno 0; buf=0x7ffdff7b0f70:"HTTP/1.1 200 OK\r\n\ + Date: Mon, 19 May 2025 07:24:44 GMT\r\n\ + Server: Apache/2.4.62 (Debian) OpenSSL/3.0.15\r\n\ + Last-Modified: Thu, 25 Aug 2022 14:41:10 GMT\r\n\ + ETag: \"944-5e711c9dd0ce5\"\r\nAccept-Ranges: bytes\r\nContent-Length: 2372\r\n\ + Vary: Accept-Encoding\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n" +1747639484.889156551 17036 17036 \ + recv(7, 0x7ffdff7b0f70, 4096, 0x0:|): 0x61520b018442 (/home/lorenz/client+0x2442, client.c:360) +1747639484.889160779 17036 17036 \ + return 2372; errno 0; buf=0x7ffdff7b0f70:"\ + \n\n\ +[-- omitted --] + \n" +1747639484.889196809 17036 17036 \ + recv(7, 0x7ffdff7b0f70, 4096, 0x0:|): 0x61520b018442 (/home/lorenz/client+0x2442, client.c:360) +1747639484.889200556 17036 17036 \ + return 0; errno 0; buf=0x7ffdff7b0f70:"" +1747639484.889203532 17036 17036 \ + close(7): 0x61520b018489 (/home/lorenz/client+0x2489, client.c:375) +1747639484.889214523 17036 17036 \ + return 0; errno 0 diff --git a/thesis/src/02.intercept.tex b/thesis/src/02.intercept.tex index e208780..8fde929 100644 --- a/thesis/src/02.intercept.tex +++ b/thesis/src/02.intercept.tex @@ -453,6 +453,16 @@ These other environment variables are described in the following: By default, function calls from everywhere are intercepted. \end{description} +The shared object currently supports intercepting the following functions: +\texttt{malloc}, \texttt{calloc}, \texttt{realloc}, \texttt{reallocarray}, \texttt{free}, \texttt{getopt}, \texttt{exit}, +\texttt{read}, \texttt{pread}, \texttt{write}, \texttt{pwrite}, \texttt{close}, \texttt{sigaction}, \texttt{sem\_init}, +\texttt{sem\_open}, \texttt{sem\_post}, \texttt{sem\_wait}, \texttt{sem\_trywait}, \texttt{sem\_timedwait}, \texttt{sem\_getvalue}, +\texttt{sem\_close}, \texttt{sem\_unlink}, \texttt{sem\_destroy}, \texttt{shm\_open}, \texttt{shm\_unlink}, \texttt{mmap}, +\texttt{munmap}, \texttt{ftruncate}, \texttt{fork}, \texttt{wait}, \texttt{waitpid}, \texttt{execl}, \texttt{execlp}, +\texttt{execle}, \texttt{execv}, \texttt{execvp}, \texttt{execvpe}, \texttt{execve}, \texttt{fexecve}, \texttt{pipe}, +\texttt{dup}, \texttt{dup2}, \texttt{dup3}, \texttt{socket}, \texttt{bind}, \texttt{listen}, \texttt{accept}, \texttt{connect}, +\texttt{getaddrinfo}, \texttt{freeaddrinfo}, \texttt{send}, \texttt{sendto}, \texttt{sendmsg}, \texttt{recv}, \texttt{recvfrom}, +\texttt{recvmsg}, \texttt{getline}, \texttt{getdelim}. \section{\texttt{intercept} Command}\label{sec:intercept-command} @@ -498,7 +508,25 @@ intercept [-h] [-F FUNCTIONS] [-s] [-o | -L LIBRARIES] \ \section{Example}\label{sec:intercepting-example} -Lorem Ipsum. +To make it easier for the reader listing \ref{lst:intercept-client} provides some recorded function calls. +Most lines had to be broken up into multiple lines for better readability. +The recorded calls stem from a program written by myself as a solution for an assignment in the Operating Systems course at university. +It is a simple HTTP client. +The program was invoked using \texttt{./intercept -o -{}- ./client http://www.complang.tuwien.ac.at/}. + +The first number on each line indicates unix time with nanosecond precision. +The second and third numbers correspond to the process ID and thread ID respectively. +Each line contains either a recorded call to a function or a recorded return of a function. +After the arguments of each function call a colon (\texttt{:}) indicates the beginning of meta-information. +This information always includes the return address to where the function jumps when completed. +If available, the interpretation of the return address is also provided. +This includes the offset relative to the calling binary and a source file and line number combination if the binary was compiled using \texttt{gcc -g} or \texttt{gcc -gdwarf}. + +\begin{listing}[htbp] + \inputminted[fontsize=\tiny]{text}{listings/intercept-client.txt} + \caption{Recoreded function calls from \texttt{./client}.} + \label{lst:intercept-client} +\end{listing} \section{Analyzing Intercepted Function Calls}\label{sec:analyzing-intercepted-function-calls} @@ -506,11 +534,6 @@ Lorem Ipsum. Lorem Ipsum. -\section{Parsing Intercepted Function Calls in Python}\label{sec:parsing-intercepted-function-calls} - -Lorem Ipsum. - - \section{Automated Testing on Intercepted Function Calls}\label{sec:automated-testing-on-intercepted-function-calls} Lorem Ipsum.