Adding custom struct types to strace

views:

154

answers:

+4 Q:

Adding custom struct types to strace

I'm trying to reverse-engineer a user-mode shared object that interacts with a kernel driver via ioctl syscalls. I have a header file with definitions for the kernel driver's ioctl interface (i.e. #defines for ioctl command numbers, and struct definitions for the various data sent to ioctl).

I see that strace has the ability to de-reference user pointers that are passed into system calls, but it obviously can't de-reference my custom structs that are passed into ioctl. Is there an easy way to add my definitions to strace so that I can get meaningful data being passed into ioctl, rather than just a pointer address?

I have the source for strace and have successfully compiled/installed it, but all of my attempts to include my own header have had no effect.

+1 A:

The easiest way to achieve this may be to write a library interposer for ioctl(). There's a nice guide to doing this on Linux here.

You can check for the custom command numbers which your application uses; and dump out the structs for these.

Dave Rigby 2009-09-05 11:51:53

+1 A:

The strace build doesn't automatically introspect structures and generate parsers for them -- you'll have to write some code to handle your structures.

2009-09-05 19:31:14

I see. Simply including the definition of my struct is not enough. I'm marking this as the accepted answer because it addresses the question. Although Dave's answer is another good way to accomplish my goal.

Kyle Gagnet 2009-09-25 15:28:11

ansaurus

tags:

views:

answers:

Adding custom struct types to strace

related questions