Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- #include <cstdio>
- #include <cstdlib>
- #include <chrono>
- #include <thread>
- #include <sys/types.h>
- #include <sys/ptrace.h>
- #include <unistd.h>
- #include <sys/user.h>
- #ifdef __x86_64__
- typedef struct
- {
- unsigned long r15;
- unsigned long r14;
- unsigned long r13;
- unsigned long r12;
- unsigned long rbp;
- unsigned long rbx;
- unsigned long r11;
- unsigned long r10;
- unsigned long r9;
- unsigned long r8;
- unsigned long rax;
- unsigned long rcx;
- unsigned long rdx;
- unsigned long rsi;
- unsigned long rdi;
- unsigned long orig_rax;
- unsigned long rip;
- unsigned long cs;
- unsigned long eflags;
- unsigned long rsp;
- unsigned long ss;
- unsigned long fs_base;
- unsigned long gs_base;
- unsigned long ds;
- unsigned long es;
- unsigned long fs;
- unsigned long gs;
- } user_regs_struct;
- #elif defined __i386__
- typedef struct
- {
- unsigned long ebx;
- unsigned long ecx;
- unsigned long edx;
- unsigned long esi;
- unsigned long edi;
- unsigned long ebp;
- unsigned long eax;
- unsigned long ds;
- unsigned long es;
- unsigned long fs;
- unsigned long gs;
- unsigned long orig_eax;
- unsigned long eip;
- unsigned long cs;
- unsigned long eflags;
- unsigned long esp;
- unsigned long ss;
- } user_regs_struct;
- #elif defined(__arm__)
- #endif
- void SetRegisters(pid_t pid)
- {
- user_regs_struct regs;
- long result = ptrace(PTRACE_GETREGS, pid, NULL, ®s);
- if (result == 0)
- {
- #ifdef __x86_64__
- std::cout<<"Read Register: "<<std::hex<<regs.rax<<"\n";
- regs.rax = 0xDEADBEEF;
- #elif defined __i386__
- std::cout<<"Read Register: "<<std::hex<<regs.eax<<"\n";
- regs.eax = 0xDEADBEEF;
- #endif
- result = ptrace(PTRACE_SETREGS, pid, NULL, ®s);
- if (result == 0)
- {
- std::cout<<"Failed To Set Registers\n";
- }
- }
- else
- {
- std::cout<<"Failed To Read Registers\n";
- }
- }
- void GetRegisters(pid_t pid)
- {
- struct user_regs_struct regs;
- long result = ptrace(PTRACE_GETREGS, pid, NULL, ®s);
- if (result == 0)
- {
- #ifdef __x86_64__
- std::cout<<"Read Registers: "<<regs.rax<<"\n";
- #elif defined __i386__
- std::cout<<"Read Registers: "<<regs.eax<<"\n";
- #endif
- }
- }
- template<typename T>
- void ReadPages(pid_t pid, void* offset, T* value)
- {
- char buffer[256] = {0};
- sprintf(buffer, "/proc/%d/mem", pid);
- FILE* fd = fopen(buffer, "r");
- wait(pid, nullptr, 0);
- fseek(fd, reinterpret_cast<std::ptrdiff_t>(offset), SEEK_SET);
- fread(value, 1, sizeof(T), fd);
- fclose(fd);
- }
- int main(int argc, const char * argv[]) {
- if (argc > 2) {
- std::boolalpha(std::cout);
- std::int32_t pid = std::atoi(argv[1]);
- std::ptrdiff_t addr = std::atoll(argv[2]);
- std::cout<<"ATTACHING TO PROCESS: "<<pid<<"\n";
- std::int32_t result = ptrace(PT_ATTACH, pid, nullptr, 0);
- std::cout<<"ATTACHED: "<<static_cast<bool>(result == 0)<<"\n";
- std::this_thread::sleep_for(std::chrono::seconds(1));
- GetRegisters(pid);
- SetRegisters(pid);
- int val = 0;
- ReadPages<int>(pid, addr, &val);
- std::cout<<"Read Integer: "<<val<<" at Address: "<<std::hex<<reinterpret_cast<void*>(addr)<<"\n";
- result = ptrace (PT_CONTINUE, pid, nullptr, 0);
- std::cout<<"CONTINUED: "<<static_cast<bool>(result == 0)<<"\n";
- result = ptrace (PT_DETACH, pid, nullptr, 0);
- std::cout<<"DETACHED: "<<static_cast<bool>(result == 0)<<"\n";
- }
- else {
- std::cout<<"Terminating.. PID or Addr Argument Missing..\n";
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
