TARDIS icon indicating copy to clipboard operation
TARDIS copied to clipboard

Published 20 hours ago verified publisher icon DavidBuchanan314

Fix vdso

Open bigb4ng opened this issue 1 year ago • 2 comments

Closes #6.

In order to disable vDSOI replace the AT_SYSINFO_EHDR tag in tracee auxv with AT_IGNORE as suggested by this gist.

To do that I first assume the rsp will point to argc after execve call. Then I find auxv at rsp + argc + argc*wordsize (argv[]) + envp (skip until first NULL). A simple iteration should yield AT_SYSINFO_EHDR 😎

Some related and unrelated changes:

  • Refactored ptrace magic to separate ptrace.c.
  • Cleaned up child trace logic and replaced with TRACEME call
  • Added some minor error handling.

bigb4ng avatar Apr 20 '24 12:04 bigb4ng

How does this interact with ptrace debugging? Specifically can you still use e.g. gdb with a program run with tardis (since it will now be ptracing itself)?

maxbla avatar Apr 22 '24 15:04 maxbla

@maxbla Hey! I haven't changed tracer-tracee relationship. Tardis is not ptracing it's main thread, just sets up child thread as a tracee (and parent as tracer) before calling execve. This was just a stylistic choice that simplified code a little.

As before, you can debug tardis, but not a program run with it.

bigb4ng avatar Apr 22 '24 17:04 bigb4ng