PDA

View Full Version : [C + Linux] Tracy



Wizzup?
10-23-2012, 09:26 PM
Hi,

This is another project I have been working on (with two other students) over the last 5 months. Right now it is much more polished and complete than Rubberfuse (http://villavu.com/forum/showthread.php?t=91342) and I opened the repository to the public two days ago.

The project is really quite low level, even for C.

Goals:

Education
Provide an easy to use, cross architecture system call tracing and injection interface usable by debuggers and other tools.


Skills:

C
Linux
Debuggers
ptrace system call


Tools:

Linux
GCC



Introduction

Tracy is an system call tracing and injection framework. It allows you to monitor and modify system calls made by a process on the lowest possible level in userspace. You can use this library (Tracy) to create all kinds of tools, ranging from special debuggers, transparent proxifiers, rootkits, guided program testing, […].

I wrote a small paper on the project. It's a bit messy but there was this deadline... ;)

http://wizzup.org/tracy.pdf (.tex file can be found in report/ in the github repo)

Documentation can be found in tracydoc/ (https://github.com/MerlijnWajer/tracy/blob/master/doc)

Intro: https://github.com/MerlijnWajer/tracy/blob/master/tracydoc/intro.rst
API: https://github.com/MerlijnWajer/tracy/blob/master/tracydoc/reference.rst

Current status

Tracy is not a finished product, but it is already quite usable, has a somewhat mature API and works at least on the following platforms (using Linux):


ARM
Intel x86 (32 bit)
AMD 64 (64 bit)


*BSD support is planned but not a priority.

We have several example programs, the most notable one is Soxy, a SOCKS 5 proxifier for IPv4 and TCP (no UDP and IPv6 yet, sorry).

Source: https://github.com/MerlijnWajer/tracy

Contact

Here or on github.

Rezozo
12-27-2012, 04:16 AM
This looks promising.
~Rez

Kasi
12-27-2012, 03:49 PM
is this injection coming to SRL ? ;)

Wizzup?
12-27-2012, 11:45 PM
is this injection coming to SRL ? ;)

Hm... hardly. It operates on a very low level, but if you somehow want to play around with Runescape on a very low level, it may be fun. ;)

Echo_
12-29-2012, 01:51 AM
So it's kinda like CheatEngine then?

Rezozo
12-29-2012, 01:58 AM
Im just wondering, as a low level programmer still only learning Java, what would be the point or function of monitoring a system call?

Does it mean you could track most decisions sent by/to the system?
~Rez

Brandon
12-30-2012, 03:18 AM
Im just wondering, as a low level programmer still only learning Java, what would be the point or function of monitoring a system call?

Does it mean you could track most decisions sent by/to the system?
~Rez

Java is low level? :S


You monitor a call to see what it does or what addresses or things it interacts with.
You can block or intercept that call if it isn't what you want. Monitoring calls would be good for reverse engineering stuffs.

Rezozo
12-30-2012, 06:22 AM
Java is low level? :S


You monitor a call to see what it does or what addresses or things it interacts with.
You can block or intercept that call if it isn't what you want. Monitoring calls would be good for reverse engineering stuffs.

I see, does that mean it monitors all calls? Are there different types of calls besides system ones?

If you can block/intercept a call, would it be possible to change it on a moments notice as well?
~Rez

Echo_
12-30-2012, 07:20 PM
I see, does that mean it monitors all calls? Are there different types of calls besides system ones?

The only way a program gets anything done is by using system calls, whether it be by writing to a file, allocating or freeing memory, or sending output to the screen.



If you can block/intercept a call, would it be possible to change it on a moments notice as well?
~Rez

Yes, that's why he said it supports system call injection.