[REFACT] processing command line for child processes

hasherezade · Dec 13, 2024 · 18b0fc7 · 18b0fc7
1 parent f7421e1
commit 18b0fc7
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/TinyTracer.cpp b/TinyTracer.cpp
@@ -55,6 +55,9 @@ TraceLog traceLog;
 // last shellcode to which the transition got redirected:
 std::set<ADDRINT> m_tracedShellc;
 
+// Full pin path
+std::string pinPath;
+
 /* ===================================================================== */
 // Command line switches
 /* ===================================================================== */
@@ -1317,6 +1320,39 @@ BOOL FollowChild(CHILD_PROCESS childProcess, VOID * userData)
     if (m_Settings.followChildprocesses) {
         OS_PROCESS_ID childPid = CHILD_PROCESS_GetId(childProcess);
         std::cerr << "Following Subprocess: " << childPid << std::endl;
+
+        // Get child process command line
+        INT childArgc;
+        CHAR const* const* childArgv;
+        CHILD_PROCESS_GetCommandLine(childProcess, &childArgc, &childArgv);
+        // Set Pin's command line for child process, rebuilding with the same options skipping "-m"
+        INT pinArgc = 0;
+        const INT pinArgcMax = 40;
+        CHAR const* pinArgv[pinArgcMax];
+
+        pinArgv[pinArgc++] = pinPath.c_str();
+        pinArgv[pinArgc++] = "-follow_execv";
+        pinArgv[pinArgc++] = "-t";
+        pinArgv[pinArgc++] = PIN_ToolFullPath();
+        pinArgv[pinArgc++] = "-o";
+        pinArgv[pinArgc++] = KnobOutputFile.Value().c_str();
+        pinArgv[pinArgc++] = "-s";
+        pinArgv[pinArgc++] = KnobIniFile.Value().c_str();
+        pinArgv[pinArgc++] = "-b";
+        pinArgv[pinArgc++] = KnobWatchListFile.Value().c_str();
+        pinArgv[pinArgc++] = "-x";
+        pinArgv[pinArgc++] = KnobExcludedListFile.Value().c_str();
+        pinArgv[pinArgc++] = "-p";
+        pinArgv[pinArgc++] = KnobStopOffsets.Value().c_str();
+        pinArgv[pinArgc++] = "-l";
+        pinArgv[pinArgc++] = KnobSyscallsTable.Value().c_str();
+        pinArgv[pinArgc++] = "--";
+        // Now copy the child command line
+        for (int i = 0; i < childArgc && pinArgc < pinArgcMax; i++) {
+            pinArgv[pinArgc++] = childArgv[i];
+        }
+
+        CHILD_PROCESS_SetPinCommandLine(childProcess, pinArgc, pinArgv);
         return TRUE;
     }
     // If the callback return FALSE, the child is not followed
@@ -1341,6 +1377,8 @@ int main(int argc, char *argv[])
         return Usage();
     }
 
+    pinPath = argv[0];
+
     std::string app_name = KnobModuleName.Value();
     if (app_name.length() == 0) {
         // init App Name:

diff --git a/install32_64/run_me.bat b/install32_64/run_me.bat
@@ -97,8 +97,8 @@ if [%IS_ADMIN%] == [A] (
 
 set ADMIN_CMD=%PIN_TOOLS_DIR%\sudo.vbs
 
-set DLL_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%DLL_LOAD%" "%TARGET_APP%" %DLL_EXPORTS%
-set EXE_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%TARGET_APP%" %EXE_ARGS%
+set DLL_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -m "%TRACED_MODULE%" -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%DLL_LOAD%" "%TARGET_APP%" %DLL_EXPORTS%
+set EXE_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -m "%TRACED_MODULE%" -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%TARGET_APP%" %EXE_ARGS%
 
 ;rem "Trace EXE"
 if [%PE_TYPE%] == [exe] (