Results 1 to 9 of 9

Thread: [C + Linux] Tracy

  1. #1
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default [C + Linux] Tracy

    Hi,

    This is another project I have been working on (with two other students) over the last 5 months. Right now it is much more polished and complete than Rubberfuse and I opened the repository to the public two days ago.

    The project is really quite low level, even for C.

    Goals:
    • Education
    • Provide an easy to use, cross architecture system call tracing and injection interface usable by debuggers and other tools.


    Skills:
    • C
    • Linux
    • Debuggers
    • ptrace system call


    Tools:
    • Linux
    • GCC



    Introduction

    Tracy is an system call tracing and injection framework. It allows you to monitor and modify system calls made by a process on the lowest possible level in userspace. You can use this library (Tracy) to create all kinds of tools, ranging from special debuggers, transparent proxifiers, rootkits, guided program testing, […].

    I wrote a small paper on the project. It's a bit messy but there was this deadline...

    http://wizzup.org/tracy.pdf (.tex file can be found in report/ in the github repo)

    Documentation can be found in tracydoc/ (https://github.com/MerlijnWajer/tracy/blob/master/doc)

    Intro: https://github.com/MerlijnWajer/trac...ydoc/intro.rst
    API: https://github.com/MerlijnWajer/trac.../reference.rst

    Current status

    Tracy is not a finished product, but it is already quite usable, has a somewhat mature API and works at least on the following platforms (using Linux):

    • ARM
    • Intel x86 (32 bit)
    • AMD 64 (64 bit)


    *BSD support is planned but not a priority.

    We have several example programs, the most notable one is Soxy, a SOCKS 5 proxifier for IPv4 and TCP (no UDP and IPv6 yet, sorry).

    Source: https://github.com/MerlijnWajer/tracy

    Contact

    Here or on github.
    Last edited by Wizzup?; 12-27-2012 at 11:35 AM.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  2. #2
    Join Date
    Dec 2011
    Location
    Nj
    Posts
    2,341
    Mentioned
    1 Post(s)
    Quoted
    18 Post(s)

    Default

    This looks promising.
    ~Rez

    For the basics of the basics of pascal, try my TuT. ||Photoshop Editing ||MapleResourceDung Script || Book a flight! BuySellTrip

  3. #3
    Join Date
    Dec 2007
    Posts
    2,112
    Mentioned
    71 Post(s)
    Quoted
    580 Post(s)

    Default

    is this injection coming to SRL ?

  4. #4
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Kasi View Post
    is this injection coming to SRL ?
    Hm... hardly. It operates on a very low level, but if you somehow want to play around with Runescape on a very low level, it may be fun.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  5. #5
    Join Date
    Jan 2011
    Location
    Denver, CO
    Posts
    1,351
    Mentioned
    2 Post(s)
    Quoted
    72 Post(s)

    Default

    So it's kinda like CheatEngine then?

  6. #6
    Join Date
    Dec 2011
    Location
    Nj
    Posts
    2,341
    Mentioned
    1 Post(s)
    Quoted
    18 Post(s)

    Default

    Im just wondering, as a low level programmer still only learning Java, what would be the point or function of monitoring a system call?

    Does it mean you could track most decisions sent by/to the system?
    ~Rez

    For the basics of the basics of pascal, try my TuT. ||Photoshop Editing ||MapleResourceDung Script || Book a flight! BuySellTrip

  7. #7
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    Quote Originally Posted by Rezozo View Post
    Im just wondering, as a low level programmer still only learning Java, what would be the point or function of monitoring a system call?

    Does it mean you could track most decisions sent by/to the system?
    ~Rez
    Java is low level? :S


    You monitor a call to see what it does or what addresses or things it interacts with.
    You can block or intercept that call if it isn't what you want. Monitoring calls would be good for reverse engineering stuffs.
    I am Ggzz..
    Hackintosher

  8. #8
    Join Date
    Dec 2011
    Location
    Nj
    Posts
    2,341
    Mentioned
    1 Post(s)
    Quoted
    18 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    Java is low level? :S


    You monitor a call to see what it does or what addresses or things it interacts with.
    You can block or intercept that call if it isn't what you want. Monitoring calls would be good for reverse engineering stuffs.
    I see, does that mean it monitors all calls? Are there different types of calls besides system ones?

    If you can block/intercept a call, would it be possible to change it on a moments notice as well?
    ~Rez

    For the basics of the basics of pascal, try my TuT. ||Photoshop Editing ||MapleResourceDung Script || Book a flight! BuySellTrip

  9. #9
    Join Date
    Jan 2011
    Location
    Denver, CO
    Posts
    1,351
    Mentioned
    2 Post(s)
    Quoted
    72 Post(s)

    Default

    Quote Originally Posted by Rezozo View Post
    I see, does that mean it monitors all calls? Are there different types of calls besides system ones?
    The only way a program gets anything done is by using system calls, whether it be by writing to a file, allocating or freeing memory, or sending output to the screen.

    Quote Originally Posted by Rezozo View Post
    If you can block/intercept a call, would it be possible to change it on a moments notice as well?
    ~Rez
    Yes, that's why he said it supports system call injection.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •