returns the address size of the process, based on its cpu
# File metasm/os/linux.rb, line 676 def addrsz cpu.size end
return the invocation commandline, from /proc/pid/cmdline this is manipulable by the target itself
# File metasm/os/linux.rb, line 666 def cmdline @cmdline ||= File.read("/proc/#{pid}/cmdline") rescue '' end
returns the CPU for the process, by reading /proc/pid/exe
# File metasm/os/linux.rb, line 681 def cpu e = ELF.load_file("/proc/#{pid}/exe") # dont decode shdr/phdr, this is 2x faster for repeated debugger spawn e.decode_header(0, false, false) e.cpu end
# File metasm/os/linux.rb, line 617 def debugger @debugger ||= LinDebugger.new(@pid) end
# File metasm/os/linux.rb, line 692 def kill(signr=9) ::Process.kill(signr, @pid) end
return a list of [addr_start, length, perms, file]
# File metasm/os/linux.rb, line 643 def mappings list = [] File.readlines("/proc/#{pid}/maps").each { |l| l = l.split addrstart, addrend = l[0].split('-').map { |i| i.to_i 16 } list << [addrstart, addrend-addrstart, l[1], l[5]] } list rescue [] end
returns/create a LinuxRemoteString
# File metasm/os/linux.rb, line 612 def memory @memory ||= LinuxRemoteString.new(pid) end
returns the list of loaded Modules, incl start address & path read from /proc/pid/maps
# File metasm/os/linux.rb, line 624 def modules list = [] seen = {} File.readlines("/proc/#{pid}/maps").each { |l| # 08048000-08064000 r-xp 000000 08:01 4234 /usr/bin/true l = l.split next if l.length < 6 or seen[l[-1]] seen[l[-1]] = true m = Module.new m.addr = l[0].to_i(16) m.path = l[-1] list << m } list rescue [] end
# File metasm/os/linux.rb, line 671 def path cmdline.split(0.chr)[0] end
# File metasm/os/linux.rb, line 688 def terminate kill end
returns a list of threads sharing this process address space read from /proc/pid/task/
# File metasm/os/linux.rb, line 657 def threads Dir.entries("/proc/#{pid}/task/").grep(/^\d+$/).map { |tid| tid.to_i } rescue # TODO handle pthread stuff (eg 2.4 kernels) [pid] end