#######
# hello.pl
########
print "hello";

##</code><code>##

/*
perl_tracer.c This is completed adapted from some stuff I've seen. 
I'm really not an expert on linux and debugging.
*/
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/user.h>   /* For constantsORIG_EAX etc */
#include <sys/reg.h>
#include <stdio.h>

int pipefd[2];

int
main()
{   
    int i, status;
    pid_t child;
    long orig_eax;
    long lastcall = 0;
    pipe(pipefd);
    child = fork();
    if(child == 0) 
    {
        //pipes so we can get the stdout from the child
        //doesn't work perfect yet.
 	close(pipefd[0]);
	dup2(pipefd[1], 1); 
	dup2(pipefd[1], 2);
	close(pipefd[1]);
        ptrace(PTRACE_TRACEME, 0, NULL, NULL);
	execl("/usr/bin/perl", "perl", "hello.pl", NULL );
    }
     else 
    {
     i = 0;
     while(1)
     {
 	    wait(&status); 
	    if (WIFEXITED(status) || WIFSIGNALED(status))
	    {
	      break;
	    }
        orig_eax = ptrace(PTRACE_PEEKUSER,child, 8 * ORIG_RAX,NULL);
       	//We can kill the process if we get a malicious sys call.   
       	/*if (orig_eax == 10){ kill(child, SIGKILL); }*/
	printf("%d time system call %ld\n", i++, orig_eax);
	
	ptrace(PTRACE_SYSCALL, child, NULL, NULL);
	lastcall = orig_eax;
     }//end of while
     char buffer[1024];
     // close the write end of the pipe in the parent
     close(pipefd[1]);  
     while (read(pipefd[0], buffer, sizeof(buffer)) != 0)
     {//prints with some garbage at the end.
        printf("Child says : %.*s", 1024, buffer);
     }
    }//end of else.
    return 0;
}