main.c revision 31899 
1/*
2 * Copryight 1997 Sean Eric Fagan
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 *    must display the following acknowledgement:
14 *	This product includes software developed by Sean Eric Fagan
15 * 4. Neither the name of the author may be used to endorse or promote
16 *    products derived from this software without specific prior written
17 *    permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 */
32
33/*
34 * The main module for truss.  Suprisingly simple, but, then, the other
35 * files handle the bulk of the work.  And, of course, the kernel has to
36 * do a lot of the work :).
37 */
38/*
39 * $Id: main.c,v 1.5 1997/12/13 03:13:47 sef Exp $
40 */
41
42#include <stdio.h>
43#include <stdlib.h>
44#include <string.h>
45#include <errno.h>
46#include <err.h>
47#include <signal.h>
48#include <fcntl.h>
49#include <unistd.h>
50#include <sys/ioctl.h>
51#include <sys/pioctl.h>
52
53extern int setup_and_wait(char **);
54extern int start_tracing(int, int);
55extern void i386_syscall_entry(int, int);
56extern void i386_syscall_exit(int, int);
57extern void i386_linux_syscall_entry(int, int);
58extern void i386_linux_syscall_exit(int, int);
59
60/*
61 * These should really be parameterized -- I don't like having globals,
62 * but this is the easiest way, right now, to deal with them.
63 */
64
65int pid = 0;
66int nosigs = 0;
67FILE *outfile = stderr;
68char *prog;
69int Procfd;
70char progtype[50];	/* OS and type of executable */
71
72static inline void
73usage(void) {
74  fprintf(stderr, "usage:  %s [-o <file>] [-S] { [-p <pid> ] | "
75	  "[ <command> <args>] }\n", prog);
76  exit(1);
77}
78
79struct ex_types {
80  char *type;
81  void (*enter_syscall)(int, int);
82  void (*exit_syscall)(int, int);
83} ex_types[] = {
84  { "FreeBSD a.out", i386_syscall_entry, i386_syscall_exit },
85  { "FreeBSD ELF", i386_syscall_entry, i386_syscall_exit },
86  { "Linux ELF", i386_linux_syscall_entry, i386_linux_syscall_exit },
87  { 0, 0, 0 },
88};
89
90/*
91 * Set the execution type.  This is called after every exec, and when
92 * a process is first monitored.  The procfs pseudo-file "etype" has
93 * the execution module type -- see /proc/curproc/etype for an example.
94 */
95
96static struct ex_types *
97set_etype() {
98  struct ex_types *funcs;
99  char etype[24];
100  char progtype[32];
101  int fd;
102
103  sprintf(etype, "/proc/%d/etype", pid);
104  if ((fd = open(etype, O_RDONLY)) == -1) {
105    strcpy(progtype, "FreeBSD a.out");
106  } else {
107    int len = read(fd, progtype, sizeof(progtype));
108    progtype[len-1] = '\0';
109    close(fd);
110  }
111
112  for (funcs = ex_types; funcs->type; funcs++)
113    if (!strcmp(funcs->type, progtype))
114      break;
115
116  return funcs;
117}
118
119main(int ac, char **av) {
120  int mask;
121  int c;
122  int i;
123  char **command;
124  struct procfs_status pfs;
125  char etype[25];
126  struct ex_types *funcs;
127  int fd;
128  int in_exec = 0;
129
130  prog = av[0];
131
132  while ((c = getopt(ac, av, "p:o:S")) != EOF) {
133    switch (c) {
134    case 'p':	/* specified pid */
135      pid = atoi(optarg);
136      break;
137    case 'o':	/* Specified output file */
138      if ((outfile = fopen(optarg, "w")) == NULL) {
139	fprintf (stderr, "%s:  cannot open %s\n", av[0], optarg);
140	exit(1);
141      }
142      break;
143    case 'S':	/* Don't trace signals */
144      nosigs = 1;
145      break;
146    default:
147      usage();
148    }
149  }
150
151  ac -= optind; av += optind;
152  if ((pid == 0 && ac == 0) || (pid != 0 && ac != 0))
153    usage();
154
155  /*
156   * If truss starts the process itself, it will ignore some signals --
157   * they should be passed off to the process, which may or may not
158   * exit.  If, however, we are examining an already-running process,
159   * then we restore the event mask on these same signals.
160   */
161
162  if (pid == 0) {	/* Start a command ourselves */
163    command = av;
164    pid = setup_and_wait(command);
165    signal(SIGINT, SIG_IGN);
166    signal(SIGTERM, SIG_IGN);
167    signal(SIGQUIT, SIG_IGN);
168  } else {
169    extern void restore_proc(int);
170    signal(SIGINT, restore_proc);
171    signal(SIGTERM, restore_proc);
172    signal(SIGQUIT, restore_proc);
173  }
174
175
176  /*
177   * At this point, if we started the process, it is stopped waiting to
178   * be woken up, either in exit() or in execve().
179   */
180
181  Procfd = start_tracing(pid, S_EXEC | S_SCE | S_SCX | S_CORE | S_EXIT |
182		     (nosigs ? 0 : S_SIG));
183  pfs.why = 0;
184
185  funcs = set_etype();
186  /*
187   * At this point, it's a simple loop, waiting for the process to
188   * stop, finding out why, printing out why, and then continuing it.
189   * All of the grunt work is done in the support routines.
190   */
191
192  do {
193    int val = 0;
194
195    if (ioctl(Procfd, PIOCWAIT, &pfs) == -1)
196      perror("PIOCWAIT top of loop");
197    else {
198      switch(i = pfs.why) {
199      case S_SCE:
200	funcs->enter_syscall(pid, pfs.val);
201	break;
202      case S_SCX:
203	/*
204	 * This is so we don't get two messages for an exec -- one
205	 * for the S_EXEC, and one for the syscall exit.  It also,
206	 * conveniently, ensures that the first message printed out
207	 * isn't the return-from-syscall used to create the process.
208	 */
209
210	if (in_exec) {
211	  in_exec = 0;
212	  break;
213	}
214	funcs->exit_syscall(pid, pfs.val);
215	break;
216      case S_SIG:
217	fprintf(outfile, "SIGNAL %d\n", pfs.val);
218	break;
219      case S_EXIT:
220	fprintf (outfile, "process exit, rval = %d\n", pfs.val);
221	break;
222      case S_EXEC:
223	funcs = set_etype();
224	in_exec = 1;
225	break;
226      default:
227	fprintf (outfile, "Process stopped because of:  %d\n", i);
228	break;
229      }
230    }
231    if (ioctl(Procfd, PIOCCONT, val) == -1)
232      perror("PIOCCONT");
233  } while (pfs.why != S_EXIT);
234  return 0;
235}
236