Adding custom struct types to strace
https://stackoverflow.com/questions/1374246
-
21-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to reverse-engineer a user-mode shared object that interacts with a kernel driver via ioctl syscalls. I have a header file with definitions for the kernel driver's ioctl interface (i.e. #defines for ioctl command numbers, and struct definitions for the various data sent to ioctl).
I see that strace has the ability to de-reference user pointers that are passed into system calls, but it obviously can't de-reference my custom structs that are passed into ioctl. Is there an easy way to add my definitions to strace so that I can get meaningful data being passed into ioctl, rather than just a pointer address?
I have the source for strace and have successfully compiled/installed it, but all of my attempts to include my own header have had no effect.
Solution
The strace build doesn't automatically introspect structures and generate parsers for them -- you'll have to write some code to handle your structures.
OTHER TIPS
The easiest way to achieve this may be to write a library interposer for ioctl(). There's a nice guide to doing this on Linux here.
You can check for the custom command numbers which your application uses; and dump out the structs for these.
