A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types and values using Ptrace during program execution.

Overview

print-function-args-debugger

A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types and values using Ptrace during program execution.

Setup POC

git clone [email protected]:finixbit/print-function-args-debugger.git
cd print-function-args-debugger

# To rebuild this image you must use `docker-compose build`
docker-compose run poc bash

cd /poc
make all

# binary must be compiled with debug info
/poc/debugger /path/to/binary

Testcases

Running test case 1

commands

cd /poc
make run_test1

outputs

/poc/debugger /poc/examples/bin/test1
0x000000000040115b	(Set breakpoint for main)
0x0000000000401149	(Set breakpoint for _Z9testcase4iPcS_)
0x000000000040113b	(Set breakpoint for _Z9testcase3iPc)
0x000000000040112c	(Set breakpoint for _Z9testcase2ic)
0x0000000000401122	(Set breakpoint for _Z9testcase1i)

............................................
[*] 0x40115b
[*] main(
	int argc<1>,
	char **argv<0x7ffce4cd5a88 = '[ 0x7ffce4cd5ebb= ]'>)
[*] examples/test1.cc:18
............................................
[*] 0x401122
[*] testcase1()
[*] examples/test1.cc:6
............................................
[*] 0x40112c
[*] testcase2(
	int data1<555>,
	char data2<65>)
[*] examples/test1.cc:9
............................................
[*] 0x40113b
[*] testcase3(
	int data1<555>,
	char *data2<0x9cae70>)
[*] examples/test1.cc:12
............................................
[*] 0x401149
[*] testcase4(
	int data1<555>,
	char *data2<0x9cae90>,
	char *data3<0x9caeb0>)
[*] examples/test1.cc:15

Running test case 2

commands

cd /poc
make run_test2

outputs

/poc/debugger /poc/examples/bin/test2
0x0000000000401167	(Set breakpoint for main)
0x000000000040114f	(Set breakpoint for _Z9testcase47data4_t)
0x0000000000401138	(Set breakpoint for _Z9testcase37data3_t)
0x000000000040112d	(Set breakpoint for _Z9testcase27data2_t)
0x0000000000401122	(Set breakpoint for _Z9testcase17data1_t)

............................................
[*] 0x401167
[*] main(
	int argc<1>,
	char **argv<0x7ffd55820928 = '[ 0x7ffd55821ebb= ]'>)
[*] examples/test2.cc:39
............................................
[*] 0x401122
[*] testcase1()
[*] examples/test2.cc:27
............................................
[*] 0x40112d
datatype_idx  = 1
complex_idx   = 0
fn_index      = 32
cu_index      = 0
member= name 1
member= value 4
[*] testcase2(data2_t param<...>)
[*] examples/test2.cc:30
............................................
[*] 0x401138
datatype_idx  = 1
complex_idx   = 0
fn_index      = 31
cu_index      = 0
member= value 4
member= name 1
[*] testcase3(data3_t param<...>)
[*] examples/test2.cc:33
............................................
[*] 0x40114f
datatype_idx  = 1
complex_idx   = 0
fn_index      = 30
cu_index      = 0
member= name 1
member= value 4
[*] testcase4(data4_t param<...>)
[*] examples/test2.cc:36

Running test case 3

commands

cd /poc
make run_test3

outputs

/poc/debugger /poc/examples/bin/test3
0x0000000000401177	(Set breakpoint for main)
0x000000000040115a	(Set breakpoint for _Z9testcase47data4_ti)
0x000000000040113e	(Set breakpoint for _Z9testcase37data3_ti)
0x0000000000401130	(Set breakpoint for _Z9testcase27data2_ti)
0x0000000000401122	(Set breakpoint for _Z9testcase17data1_ti)

............................................
[*] 0x401177
[*] main(
	int argc<1>,
	char **argv<0x7ffe2a7895f8 = '[ 0x7ffe2a789ebb= ]'>)
[*] examples/test3.cc:38
............................................
[*] 0x401122
[*] testcase1()
[*] examples/test3.cc:26
............................................
[*] 0x401130
datatype_idx  = 1
complex_idx   = 0
fn_index      = 32
cu_index      = 0
member= name 1
member= value 4
[*] testcase2(
	data2_t param<...>,
	int param2<900>)
[*] examples/test3.cc:29
............................................
[*] 0x40113e
datatype_idx  = 1
complex_idx   = 0
fn_index      = 31
cu_index      = 0
member= value 4
member= name 1
[*] testcase3(
	data3_t param<...>,
	int param2<28335728>)
[*] examples/test3.cc:32
............................................
[*] 0x40115a
datatype_idx  = 1
complex_idx   = 0
fn_index      = 30
cu_index      = 0
member= name 1
member= value 4
[*] testcase4(
	data4_t param<...>,
	int param2<444>)
[*] examples/test3.cc:35

Running test case 4

commands

cd /poc
make run_test4

outputs

/poc/debugger /poc/examples/bin/test4
0x000000000040114e	(Set breakpoint for main)
0x0000000000401143	(Set breakpoint for _Z9testcase4P7data4_t)
0x0000000000401138	(Set breakpoint for _Z9testcase3P7data3_t)
0x000000000040112d	(Set breakpoint for _Z9testcase2P7data2_t)
0x0000000000401122	(Set breakpoint for _Z9testcase1P7data1_t)

............................................
[*] 0x40114e
[*] main(
	int argc<1>,
	char **argv<0x7ffe78c63b78 = '[ 0x7ffe78c63ebb= ]'>)
[*] examples/test4.cc:40

............................................
[*] 0x401122
[*] testcase1(data1_t *param<0x7ffe78c63a78>)
[*] examples/test4.cc:27
............................................
[*] 0x40112d
[*] testcase2(data2_t *param<0x7ffe78c63a70>)
[*] examples/test4.cc:30
............................................
[*] 0x401138
[*] testcase3(data3_t *param<0x7ffe78c63a60>)
[*] examples/test4.cc:33
............................................
[*] 0x401143
[*] testcase4(data4_t *param<0x7ffe78c63a50>)
[*] examples/test4.cc:36
Owner
*finixbit
C, Python, Haskell, Program Analysis, Debugger Internals, Security Research
*finixbit
anthemtotheego 349 Aug 11, 2022
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

Custom HellsGate Implementation Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe pr

Bobby Cooke 88 Jun 20, 2022
OpenVi is an enhanced and portable implementation of the Berkeley vi / ex text editor, originally developed by Bill Joy.

OpenVi is an enhanced and portable implementation of the Berkeley vi / ex text editor, originally developed by Bill Joy.

Jeffrey H. Johnson 91 Aug 9, 2022
Obfuscator refactored and extended from OLLVM.

OLLVM++ Obfuscator refactored and extended from OLLVM. Environment Ubuntu 18.04.5 LTS LLVM 12.0.1 Clang 12.0.1 CMake 3.21.1 Usage Compile Obfuscation

34r7hm4n 392 Aug 9, 2022
A small proof-of-concept for using disk devices for DMA on Windows.

ddma A small proof-of-concept for using disk devices for DMA on Windows. Why Some native hypervisors (i.e. Hyper-V) allow the guest unvirtualized devi

null 42 Jun 7, 2022
An implementation and proof-of-concept of Process Forking.

ForkPlayground A library to implement the Process Forking attack described in this blog post. ForkLib - C++ library that implements the Process Forkin

Bill Demirkapi 154 Aug 8, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 161 Aug 5, 2022
Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file.

ExecFS Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file. $ ./ex

Camel Coder 28 Aug 5, 2022
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)

Osiris This repository contains the implementation of the Osiris framework discussed in the research paper "Osiris: Automated Discovery of Microarchit

CISPA 38 Aug 8, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r

anthemtotheego 119 Jul 29, 2022
A proof-of-concept port of uxn to the STM32duino environment

ArdUxno-demo A quick-and-dirty proof-of-concept port of Devine Lu Linvega's amazing Uxn virtual stack machine to an STM32 microcontroller. uxn.c and u

Cass Smith 12 Feb 9, 2022
The Machinery IDL - Proof of Concept

The Machinery IDL - Proof of Concept This is a proof of concept for an Interface Description Language isomorphic with C for describing C11 ABI compati

null 6 Jul 21, 2022
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

Marco Bonelli 20 Jun 22, 2022
Proof of Concept (PoC) CVE-2021-4034

PwnKit-Exploit CVE-2021-4034 @c0br40x help to make this section in README!! Proof of Concept [email protected]:~/PwnKit-Exploit$ make cc -Wall exploit.

Luis Javier 51 Jul 16, 2022
Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE

staystaystay staystaystay is a proof of concept exploit for CVE-2021-1585, a man in the middle or evil endpoint RCE issue affecting Cisco ASA Device M

Jake Baines 8 Jun 23, 2022
Proof of Concept 'GeoPackage' to Arrow Converter

gpkg The goal of gpkg is to provide a proof-of-concept reader for SQLite queries into Arrow C Data interface structures. Installation You can install

Dewey Dunnington 8 May 20, 2022
Arbitrary Precision provides C++ long integer types that behave as basic integer types. This library aims to be intuitive and versatile in usage, rather than fast.

Arbitrary Precision (AP) Cross-platform and cross-standard header-only arbitrary precision arithmetic library. Currently it offers integer types that

null 16 Aug 3, 2022
This repository shows my all (maybe all) solved problem (CodeForces & AtCoder) and their description with my Codes!!!

Submissions Auto-generated with ❤ using Harwest Introduction A repository to keep track of problem solving practice, containing solutions from platfor

Obaydullah Khan  3 Aug 4, 2022
A simple Linux kernel module that kills ptrace tracer and its tracees

dont_trace dont_trace is a simple Linux kernel module that kills ptrace tracer and its tracees. This kernel module relies upon the Linux kernel task_s

null 5 Mar 31, 2022