From 18b0fc7474025d5a46372538a5285ebb62d7f332 Mon Sep 17 00:00:00 2001 From: cecio Date: Sat, 14 Dec 2024 00:08:48 +0100 Subject: [PATCH] [REFACT] processing command line for child processes --- TinyTracer.cpp | 38 ++++++++++++++++++++++++++++++++++++++ install32_64/run_me.bat | 4 ++-- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/TinyTracer.cpp b/TinyTracer.cpp index 8563deb..1f365dd 100644 --- a/TinyTracer.cpp +++ b/TinyTracer.cpp @@ -55,6 +55,9 @@ TraceLog traceLog; // last shellcode to which the transition got redirected: std::set m_tracedShellc; +// Full pin path +std::string pinPath; + /* ===================================================================== */ // Command line switches /* ===================================================================== */ @@ -1317,6 +1320,39 @@ BOOL FollowChild(CHILD_PROCESS childProcess, VOID * userData) if (m_Settings.followChildprocesses) { OS_PROCESS_ID childPid = CHILD_PROCESS_GetId(childProcess); std::cerr << "Following Subprocess: " << childPid << std::endl; + + // Get child process command line + INT childArgc; + CHAR const* const* childArgv; + CHILD_PROCESS_GetCommandLine(childProcess, &childArgc, &childArgv); + // Set Pin's command line for child process, rebuilding with the same options skipping "-m" + INT pinArgc = 0; + const INT pinArgcMax = 40; + CHAR const* pinArgv[pinArgcMax]; + + pinArgv[pinArgc++] = pinPath.c_str(); + pinArgv[pinArgc++] = "-follow_execv"; + pinArgv[pinArgc++] = "-t"; + pinArgv[pinArgc++] = PIN_ToolFullPath(); + pinArgv[pinArgc++] = "-o"; + pinArgv[pinArgc++] = KnobOutputFile.Value().c_str(); + pinArgv[pinArgc++] = "-s"; + pinArgv[pinArgc++] = KnobIniFile.Value().c_str(); + pinArgv[pinArgc++] = "-b"; + pinArgv[pinArgc++] = KnobWatchListFile.Value().c_str(); + pinArgv[pinArgc++] = "-x"; + pinArgv[pinArgc++] = KnobExcludedListFile.Value().c_str(); + pinArgv[pinArgc++] = "-p"; + pinArgv[pinArgc++] = KnobStopOffsets.Value().c_str(); + pinArgv[pinArgc++] = "-l"; + pinArgv[pinArgc++] = KnobSyscallsTable.Value().c_str(); + pinArgv[pinArgc++] = "--"; + // Now copy the child command line + for (int i = 0; i < childArgc && pinArgc < pinArgcMax; i++) { + pinArgv[pinArgc++] = childArgv[i]; + } + + CHILD_PROCESS_SetPinCommandLine(childProcess, pinArgc, pinArgv); return TRUE; } // If the callback return FALSE, the child is not followed @@ -1341,6 +1377,8 @@ int main(int argc, char *argv[]) return Usage(); } + pinPath = argv[0]; + std::string app_name = KnobModuleName.Value(); if (app_name.length() == 0) { // init App Name: diff --git a/install32_64/run_me.bat b/install32_64/run_me.bat index 863e593..dea01d6 100644 --- a/install32_64/run_me.bat +++ b/install32_64/run_me.bat @@ -97,8 +97,8 @@ if [%IS_ADMIN%] == [A] ( set ADMIN_CMD=%PIN_TOOLS_DIR%\sudo.vbs -set DLL_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%DLL_LOAD%" "%TARGET_APP%" %DLL_EXPORTS% -set EXE_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%TARGET_APP%" %EXE_ARGS% +set DLL_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -m "%TRACED_MODULE%" -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%DLL_LOAD%" "%TARGET_APP%" %DLL_EXPORTS% +set EXE_CMD=%PIN_DIR%\pin.exe -follow_execv -t %PINTOOL% -m "%TRACED_MODULE%" -o %TAG_FILE% -s %SETTINGS_FILE% -b "%WATCH_BEFORE%" -x "%EXCLUDED_FUNC%" -p "%STOP_OFFSETS%" -l "%SYSCALLS_TABLE%" -- "%TARGET_APP%" %EXE_ARGS% ;rem "Trace EXE" if [%PE_TYPE%] == [exe] (