mem_edit/mem_edit/linux.py

"""
Implementation of Process class for Linux
"""

from os import strerror
import os
import os.path
import signal
import ctypes
import ctypes.util
import logging
from pathlib import Path

from .abstract import Process as AbstractProcess
from .utils import ctypes_buffer_t, MemEditError


logger = logging.getLogger(__name__)


ptrace_commands = {
    'PTRACE_GETREGS': 12,
    'PTRACE_SETREGS': 13,
    'PTRACE_ATTACH': 16,
    'PTRACE_DETACH': 17,
    'PTRACE_SYSCALL': 24,
    'PTRACE_SEIZE': 16902,
    }


# import ptrace() from libc
_libc = ctypes.CDLL(ctypes.util.find_library('c'), use_errno=True)
_ptrace = _libc.ptrace
_ptrace.argtypes = (ctypes.c_ulong,) * 4
_ptrace.restype = ctypes.c_long


def ptrace(
        command: int,
        pid: int = 0,
        arg1: int = 0,
        arg2: int = 0,
        ) -> int:
    """
    Call ptrace() with the provided pid and arguments. See `man ptrace`.
    """
    logger.debug(f'ptrace({command}, {pid}, {arg1}, {arg2})')
    result = _ptrace(command, pid, arg1, arg2)
    if result == -1:
        err_no = ctypes.get_errno()
        if err_no:
            raise MemEditError(f'ptrace({command}, {pid}, {arg1}, {arg2})'
                               + f' failed with error {err_no}: {strerror(err_no)}')
    return result


class Process(AbstractProcess):
    pid: int | None

    def __init__(self, process_id: int) -> None:
        ptrace(ptrace_commands['PTRACE_SEIZE'], process_id)
        self.pid = process_id

    def close(self) -> None:
        if self.pid is None:
            return
        os.kill(self.pid, signal.SIGSTOP)
        os.waitpid(self.pid, 0)
        ptrace(ptrace_commands['PTRACE_DETACH'], self.pid, 0, 0)
        os.kill(self.pid, signal.SIGCONT)
        self.pid = None

    def write_memory(self, base_address: int, write_buffer: ctypes_buffer_t) -> None:
        with Path(f'/proc/{self.pid}/mem').open('rb+') as mem:
            mem.seek(base_address)
            mem.write(write_buffer)

    def read_memory(self, base_address: int, read_buffer: ctypes_buffer_t) -> ctypes_buffer_t:
        with Path(f'/proc/{self.pid}/mem').open('rb+') as mem:
            mem.seek(base_address)
            mem.readinto(read_buffer)
        return read_buffer

    def get_path(self) -> str | None:
        try:
            with Path(f'/proc/{self.pid}/cmdline').open('rb') as ff:
                return ff.read().decode().split('\x00')[0]
        except FileNotFoundError:
            return None

    @staticmethod
    def list_available_pids() -> list[int]:
        pids = []
        for pid_str in os.listdir('/proc'):
            try:
                pids.append(int(pid_str))
            except ValueError:
                continue
        return pids

    @staticmethod
    def get_pid_by_name(target_name: str) -> int | None:
        for pid in Process.list_available_pids():
            try:
                logger.debug(f'Checking name for pid {pid}')
                with Path(f'/proc/{pid}/cmdline').open('rb') as cmdline:
                    path = cmdline.read().decode().split('\x00')[0]
            except FileNotFoundError:
                continue

            name = Path(path).name
            logger.debug(f'Name was "{name}"')
            if path is not None and name == target_name:
                return pid

        logger.info(f'Found no process with name {target_name}')
        return None

    def list_mapped_regions(self, writeable_only: bool = True) -> list[tuple[int, int]]:
        regions = []
        with Path(f'/proc/{self.pid}/maps').open('r') as maps:
            for line in maps:
                bounds, privileges = line.split()[0:2]

                if 'r' not in privileges:
                    continue

                if writeable_only and 'w' not in privileges:
                    continue

                start, stop = (int(bound, 16) for bound in bounds.split('-'))
                regions.append((start, stop))
        return regions
initial commit 2017-06-21 01:29:38 -07:00			`"""`
			`Implementation of Process class for Linux`
			`"""`

			`from os import strerror`
			`import os`
			`import os.path`
			`import signal`
			`import ctypes`
			`import ctypes.util`
			`import logging`
use pathlib 2024-08-01 00:23:25 -07:00			`from pathlib import Path`
initial commit 2017-06-21 01:29:38 -07:00
			`from .abstract import Process as AbstractProcess`
			`from .utils import ctypes_buffer_t, MemEditError`


			`logger = logging.getLogger(__name__)`


			`ptrace_commands = {`
cosmetic and typing-related changes 2020-11-01 20:16:46 -08:00			`'PTRACE_GETREGS': 12,`
			`'PTRACE_SETREGS': 13,`
			`'PTRACE_ATTACH': 16,`
			`'PTRACE_DETACH': 17,`
			`'PTRACE_SYSCALL': 24,`
			`'PTRACE_SEIZE': 16902,`
			`}`
initial commit 2017-06-21 01:29:38 -07:00

			`# import ptrace() from libc`
			`_libc = ctypes.CDLL(ctypes.util.find_library('c'), use_errno=True)`
			`_ptrace = _libc.ptrace`
			`_ptrace.argtypes = (ctypes.c_ulong,) * 4`
			`_ptrace.restype = ctypes.c_long`


modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def ptrace(`
			`command: int,`
			`pid: int = 0,`
			`arg1: int = 0,`
			`arg2: int = 0,`
			`) -> int:`
initial commit 2017-06-21 01:29:38 -07:00			`"""`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			Call ptrace() with the provided pid and arguments. See `man ptrace`.
initial commit 2017-06-21 01:29:38 -07:00			`"""`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`logger.debug(f'ptrace({command}, {pid}, {arg1}, {arg2})')`
initial commit 2017-06-21 01:29:38 -07:00			`result = _ptrace(command, pid, arg1, arg2)`
			`if result == -1:`
Style fixes 2017-06-21 01:44:57 -07:00			`err_no = ctypes.get_errno()`
			`if err_no:`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`raise MemEditError(f'ptrace({command}, {pid}, {arg1}, {arg2})'`
			`+ f' failed with error {err_no}: {strerror(err_no)}')`
initial commit 2017-06-21 01:29:38 -07:00			`return result`


			`class Process(AbstractProcess):`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`pid: int \| None`
initial commit 2017-06-21 01:29:38 -07:00
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def __init__(self, process_id: int) -> None:`
initial commit 2017-06-21 01:29:38 -07:00			`ptrace(ptrace_commands['PTRACE_SEIZE'], process_id)`
			`self.pid = process_id`

modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def close(self) -> None:`
early bailout conditions caught by type check 2024-03-30 17:41:44 -07:00			`if self.pid is None:`
			`return`
whitespace fixes 2019-10-27 13:05:27 -07:00			`os.kill(self.pid, signal.SIGSTOP)`
linux: wait for process before detach, and send SIGCONT I had issues with the ptrace call failing because the process had not yet stopped from SIGSTOP. From this stackoverflow answer, it seems that you can use waitpid to wait until the process is actually stopped. In python, this is exposed as os.waitpid. https://stackoverflow.com/questions/20510300/ptrace-detach-fails-after-ptrace-cont-with-errno-esrch#20525326 Additionally, the process was left frozen. I send a SIGCONT to continue the process after the detach, so that it isn't left stopped. 2022-04-30 22:37:17 -05:00			`os.waitpid(self.pid, 0)`
initial commit 2017-06-21 01:29:38 -07:00			`ptrace(ptrace_commands['PTRACE_DETACH'], self.pid, 0, 0)`
linux: wait for process before detach, and send SIGCONT I had issues with the ptrace call failing because the process had not yet stopped from SIGSTOP. From this stackoverflow answer, it seems that you can use waitpid to wait until the process is actually stopped. In python, this is exposed as os.waitpid. https://stackoverflow.com/questions/20510300/ptrace-detach-fails-after-ptrace-cont-with-errno-esrch#20525326 Additionally, the process was left frozen. I send a SIGCONT to continue the process after the detach, so that it isn't left stopped. 2022-04-30 22:37:17 -05:00			`os.kill(self.pid, signal.SIGCONT)`
initial commit 2017-06-21 01:29:38 -07:00			`self.pid = None`

modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def write_memory(self, base_address: int, write_buffer: ctypes_buffer_t) -> None:`
use pathlib 2024-08-01 00:23:25 -07:00			`with Path(f'/proc/{self.pid}/mem').open('rb+') as mem:`
initial commit 2017-06-21 01:29:38 -07:00			`mem.seek(base_address)`
			`mem.write(write_buffer)`

			`def read_memory(self, base_address: int, read_buffer: ctypes_buffer_t) -> ctypes_buffer_t:`
use pathlib 2024-08-01 00:23:25 -07:00			`with Path(f'/proc/{self.pid}/mem').open('rb+') as mem:`
initial commit 2017-06-21 01:29:38 -07:00			`mem.seek(base_address)`
			`mem.readinto(read_buffer)`
			`return read_buffer`

get_path should return None on failure 2024-03-30 17:41:23 -07:00			`def get_path(self) -> str \| None:`
initial commit 2017-06-21 01:29:38 -07:00			`try:`
use pathlib 2024-08-01 00:23:25 -07:00			`with Path(f'/proc/{self.pid}/cmdline').open('rb') as ff:`
get_path should return None on failure 2024-03-30 17:41:23 -07:00			`return ff.read().decode().split('\x00')[0]`
initial commit 2017-06-21 01:29:38 -07:00			`except FileNotFoundError:`
get_path should return None on failure 2024-03-30 17:41:23 -07:00			`return None`
initial commit 2017-06-21 01:29:38 -07:00
			`@staticmethod`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def list_available_pids() -> list[int]:`
initial commit 2017-06-21 01:29:38 -07:00			`pids = []`
			`for pid_str in os.listdir('/proc'):`
			`try:`
			`pids.append(int(pid_str))`
			`except ValueError:`
			`continue`
			`return pids`

			`@staticmethod`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def get_pid_by_name(target_name: str) -> int \| None:`
initial commit 2017-06-21 01:29:38 -07:00			`for pid in Process.list_available_pids():`
			`try:`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`logger.debug(f'Checking name for pid {pid}')`
use pathlib 2024-08-01 00:23:25 -07:00			`with Path(f'/proc/{pid}/cmdline').open('rb') as cmdline:`
initial commit 2017-06-21 01:29:38 -07:00			`path = cmdline.read().decode().split('\x00')[0]`
			`except FileNotFoundError:`
			`continue`

use pathlib 2024-08-01 00:23:25 -07:00			`name = Path(path).name`
modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`logger.debug(f'Name was "{name}"')`
initial commit 2017-06-21 01:29:38 -07:00			`if path is not None and name == target_name:`
			`return pid`

modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`logger.info(f'Found no process with name {target_name}')`
initial commit 2017-06-21 01:29:38 -07:00			`return None`

modernize some code style indentation, type annotations, f-strings 2024-03-30 17:40:18 -07:00			`def list_mapped_regions(self, writeable_only: bool = True) -> list[tuple[int, int]]:`
initial commit 2017-06-21 01:29:38 -07:00			`regions = []`
use pathlib 2024-08-01 00:23:25 -07:00			`with Path(f'/proc/{self.pid}/maps').open('r') as maps:`
initial commit 2017-06-21 01:29:38 -07:00			`for line in maps:`
			`bounds, privileges = line.split()[0:2]`

			`if 'r' not in privileges:`
			`continue`

			`if writeable_only and 'w' not in privileges:`
			`continue`

			`start, stop = (int(bound, 16) for bound in bounds.split('-'))`
			`regions.append((start, stop))`
			`return regions`