in reply to Re^2: Embed perl problem
in thread Embed perl problem

A program can only be traced by one process, so if it is being traced (before anyone else) by itself, it will not allow any other tracer to trace it (lots of workarounds here...). Additionally, when a trace is initiated a SIGSTOP is sent. Try installing a handler for SIGSTOP. It worked for me but I don't know why.

/* bliako modified https://reverseengineering.stackexchange.com/a/1931
   for https://perlmonks.org/?node_id=3333;parent=1229102
   KILL it with SIGKILL (kill -9)
   29/01/2019
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ptrace.h>
#include <unistd.h>
#include <signal.h>

void intHandler(int sig) { printf("got signal %d\n", sig); }

int main(void){
    printf("my pid: %d\n", getpid());

    char *e;
    if( (e=getenv("TRACEME")) != NULL && (strcmp(e,"0")==0) ){
        printf("Will not be traced...\n");
        signal(SIGSTOP, intHandler);
        if (ptrace(PTRACE_TRACEME, 0, 1, 0) == -1) 
        {
            printf("don't trace me !!\n");
            return 1;
        }
    }
    // normal execution
    for(int i=0;;i++){
        printf("i=%d\n", i);
        sleep(1);
    }
    return 0;
}

[download]
gcc tracee.c -o tracee && TRACEME=0 tracee

strace -p <PID-from-traceed>

strace: attach: ptrace(PTRACE_SEIZE, 11091): Operation not permitted

[download]

while tracee continues counting on

or

TRACEME=1 tracee

strace -p <PID-from-tracee>

[download]

bw, bliako

ps. Please share your findings. Most answers are in the manual and let's keep to Perl less the reaper traces us. brrrrr

Replies are listed 'Best First'.
Re^4: Embed perl problem
by Noves Castro (Novice) on Feb 02, 2019 at 18:33 UTC

    I think i found the problem. when i run this code its ok:

    //test.c
eval_pv("code normal");

    [download]

    but when i use this , program stops:

    //test.c
void decode(char * block, char *key, int len) {
 //decode action goes here
}

char block[] = "encoded perl code like {0xaa,0xb9,0xb5}";
decode(block,"key",len);
eval_pv(block);

    [download]

    also when i print the decoded string for debug purpose its same as original code.

[reply]
[d/l]
[select]

      It smells like a missing string terminator, the NULL at the end of your block. printf() might be a lot less sensitive than eval_pv() when feeding it with a football-field worth of core. The initialiser char block[]="abc"; puts a NULL at the end whereas char block[] = {0xaa,0xbb,0xcc} doesn't... and do not attempt to add one as it's a const. Long story short, add a 0x0 after 0xcc and make sure your decode() keeps it there.

[reply]
[d/l]
[select]

        no chance. seems problem comes from calling system("ls -a"); in my code. when i using ptrace in c together with system calls in my perl code program stop running with + Stopped message at the end of program.

[reply]

In Section Seekers of Perl Wisdom