SlideShare a Scribd company logo

Zone IDA Proc

T
Tzung-Bi Shih

This document describes a project called ZoneIDAProc that aims to provide an interface for accessing internal process states. It discusses related work, the problem statement, design, implementation details, examples, and conclusions. The key points are that ZoneIDAProc will export a Linux proc-like interface to allow querying and manipulating a process's internal states through code instrumentation and a virtual file system without requiring debug symbols. It provides examples of basic read/write access, monitoring a main thread with a spy thread, exploring process symbols, and fully instrumenting and accessing a target program.

Software
1 of 16
Download to read offline
PyCon APAC 2015 ZoneIDAProc Tzung-Bi Shih <penvirus@gmail.com>
PyCon APAC 2015 Motivation Course assignment of Operating System everything is a file (descriptor) QA engineer often checks process internal states via checking debug logs the log.. trustworthy? 2
PyCon APAC 2015 Related Works Debugger (process trace-able utility) variable monitoring / tampering code instrumentation 3 => debug symbols are required => accessing interface is domain-specific
PyCon APAC 2015 Problem Statement 4 We wish to deliver defect-less software to customers. To verify behavior of our program is correct, QA engineer often triggers state transition inside the process and checks new state is as expected. However, most internal states are available only in debug logs which may not trustworthy enough. We will use Instrumentation-based Dynamic Accessing Proc to export an interface for accessing the internal states easily.
PyCon APAC 2015 Design exporting interface Aggregation for relevant states structured addressing Manipulation on specified state fine-grained access 5 => something like Linux proc[1] => directory, read-only file, read-write file Example: - endpoint - ip - port - name
PyCon APAC 2015 Design accessing internal state Unawareness of aimed process process trace Freshness of internal states on-demand access dedicated (spy) thread 6
PyCon APAC 2015 Implementation Linux proc-like interface Virtual File System[2] Filesystem in Userspace[3] 7
PyCon APAC 2015 Implementation code instrumentation[4] Easy version gdb Difficult version “ptrace(2)”[5][6] 8 - LSM Yama[7] - CAP_SYS_PTRACE - PTRACE_TRACEME - … $ sudo setcap cap_sys_ptrace+eip ./gdb
PyCon APAC 2015 Example[8] basic read/write 1 import time 2 from ida_proc import IDAProc 3 4 app = IDAProc() 5 6 @app.route('/time') 7 def ctime(): 8 return time.ctime() 9 10 def register_for_data(): 11 data = dict() 12 data['data'] = 'default' 13 14 @app.route('/test/data') 15 def getter(): 16 return data['data'] 17 18 @app.route('/test/data', method='SET') 19 def setter(d): 20 data['data'] = d 21 return data['data'] 22 23 if __name__ == '__main__': 24 register_for_data() 25 app.run() 9 exported path writable
PyCon APAC 2015 Example spy thread 8 data = dict() 9 data['data'] = 'default' 10 11 def main(): 12 while True: 13 print "[%s] data['data'] = %s" % (time.ctime(), data['data']) 14 sleep(1) 15 16 def proc(): 17 app = IDAProc() 18 19 @app.route('data') 20 def getter(): 21 return data['data'] 22 23 @app.route('data', method='SET') 24 def setter(d): 25 data['data'] = d 26 return data['data'] 27 28 def fusermount(): 29 p = subprocess.Popen(['/bin/fusermount', '-u', app.get_mount_point()], close_fds=True, shell=False) 30 p.communicate() 31 atexit.register(fusermount) 32 33 app.run() 34 35 if __name__ == '__main__': 36 t = threading.Thread(target=proc) 37 t.daemon = True 38 t.start() 39 spawn(main).join() the spy thread has no idea about when will the main thread be terminated main thread
PyCon APAC 2015 Example symbol explorer 9 app = IDAProc() 10 11 Endpoint = namedtuple('Endpoint', ['host', 'port']) 12 end_1 = Endpoint('1.1.1.1', 1111) 13 14 end_2 = Endpoint(host='2.2.2.2', port=2222) 15 end_3 = Endpoint(port=3333, host='3.3.3.3') 16 Pair = namedtuple('Pair', ['src', 'dst']) 17 pair = Pair(src=end_2, dst=end_3) 18 19 def make_kv(path, m, k): 20 @app.route(path) 21 def getter(): 22 return m[k] 23 24 __expand_type__ = (Endpoint, Pair) 25 def expand_object(prefix, obj): 26 for k,v in obj.__dict__.items(): 27 if k.startswith('__'): 28 continue 29 if (inspect.ismodule(v) or inspect.isroutine(v) or inspect.isclass(v)): 30 continue 31 32 path = '%s/%s' % (prefix, k) 33 if type(v) in __expand_type__: 34 expand_object(path, v) 35 else: 36 make_kv(path, obj.__dict__, k) 37 38 if __name__ == '__main__': 39 expand_object('/', __main__) 40 app.run() 11 some test data skip uninterested
PyCon APAC 2015 Example all-in-one: target program 1 import time 2 from collections import namedtuple 3 4 Endpoint = namedtuple('Endpoint', ['host', 'port']) 5 end_1 = Endpoint('1.1.1.1', 1111) 6 7 end_2 = Endpoint(host='2.2.2.2', port=2222) 8 end_3 = Endpoint(port=3333, host='3.3.3.3') 9 Pair = namedtuple('Pair', ['src', 'dst']) 10 pair = Pair(src=end_2, dst=end_3) 11 12 data = 'default' 13 14 while True: 15 current = time.ctime() 16 print '[%s] data = %s' % (current, data) 17 time.sleep(1) 12
PyCon APAC 2015 Example all-in-one: intruder 7 def instrument_code(pid, filename): 9 cmd = list() 10 cmd.append('./gdb') ...ignored... 15 cmd.append('--pid') 16 cmd.append('%s' % pid) 17 cmd.append(''--eval-command=call dlopen("/tmp/pycode_instrumentation.so", 2)'') 18 cmd.append(''--eval-command=call instrument_file("%s")'' % filename) ...ignored... 22 23 if __name__ == '__main__': ...ignored... 28 pid = int(sys.argv[1]) 30 filename = '/tmp/zone_ida_instrumentation.py' 32 code = ''' ...ignored... 72 ''' 73 74 with open(filename, 'w') as f: 75 f.write(code) 76 instrument_code(pid, filename) 77 78 os.remove(filename) 13 execute code within the target process’ memory
PyCon APAC 2015 Example all-in-one: pycode_instrumentation 1 int instrument_file(const char *filename) 2 { ...ignored... 10 if(!_Py_IsInitialized()){ 11 printf("Py_IsInitialized returned false.n"); 12 goto error; 13 } 14 15 PyInterpreterState *head = _PyInterpreterState_Head(); 16 if(head == NULL) { 17 printf("Interpreter is not initializedn"); 18 goto error; 19 } 20 21 PyGILState_STATE pyGILState = _PyGILState_Ensure(); 22 fp = fopen(filename, "r"); 23 if(fp == NULL) { 24 printf("file %s doesn't exist", filename); 25 goto error; 26 } 27 _PyRun_SimpleFile(fp, "Instrumentation"); 28 _PyGILState_Release(pyGILState); 29 30 if(fp) 31 fclose(fp); 32 return 1; ...ignored... 37 } 14 key point
PyCon APAC 2015 Conclusion Proc could be an alternative configuration interface persistent configuration file is still needed Share states between main thread and spy thread beware of race condition 15
PyCon APAC 2015 References [1]: http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html [2]: http://en.wikipedia.org/wiki/Virtual_file_system [3]: http://fuse.sourceforge.net/ [4]: http://stackoverflow.com/questions/8755211/what-is-meant-by-the-term-instrumentation [5]: http://www.linuxjournal.com/article/6100 [6]: http://www.linuxjournal.com/node/6210 [7]: https://www.kernel.org/doc/Documentation/security/Yama.txt [8]: https://github.com/penvirus/ZoneIDAProc 16

Recommended

Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Tzung-Bi Shih
 
The origin: Init (compact version)
The origin: Init (compact version)The origin: Init (compact version)
The origin: Init (compact version)
Tzung-Bi Shih
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the Seal
Tzung-Bi Shih
 
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemesCsw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
 
Architecture for Massively Parallel HDL Simulations
Architecture for Massively Parallel HDL Simulations Architecture for Massively Parallel HDL Simulations
Architecture for Massively Parallel HDL Simulations
DVClub
 
TensorFlow XLA RPC
TensorFlow XLA RPCTensorFlow XLA RPC
TensorFlow XLA RPC
Mr. Vengineer
 
TVM VTA (TSIM)
TVM VTA (TSIM) TVM VTA (TSIM)
TVM VTA (TSIM)
Mr. Vengineer
 
C++17 now
C++17 nowC++17 now
C++17 now
corehard_by
 

Recommended

Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Tzung-Bi Shih
 
The origin: Init (compact version)
The origin: Init (compact version)The origin: Init (compact version)
The origin: Init (compact version)
Tzung-Bi Shih
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the Seal
Tzung-Bi Shih
 
Csw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemesCsw2016 gawlik bypassing_differentdefenseschemes
Csw2016 gawlik bypassing_differentdefenseschemes
CanSecWest
 
Architecture for Massively Parallel HDL Simulations
Architecture for Massively Parallel HDL Simulations Architecture for Massively Parallel HDL Simulations
Architecture for Massively Parallel HDL Simulations
DVClub
 
TensorFlow XLA RPC
TensorFlow XLA RPCTensorFlow XLA RPC
TensorFlow XLA RPC
Mr. Vengineer
 
TVM VTA (TSIM)
TVM VTA (TSIM) TVM VTA (TSIM)
TVM VTA (TSIM)
Mr. Vengineer
 
C++17 now
C++17 nowC++17 now
C++17 now
corehard_by
 
Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Bridge TensorFlow to run on Intel nGraph backends (v0.4)Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Mr. Vengineer
 
Joel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMDJoel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMD
Sergey Platonov
 
Multithreading done right
Multithreading done rightMultithreading done right
Multithreading done right
Platonov Sergey
 
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Bridge TensorFlow to run on Intel nGraph backends (v0.5)Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Mr. Vengineer
 
Clang tidy
Clang tidyClang tidy
Clang tidy
Yury Yafimachau
 
Modern c++
Modern c++Modern c++
Modern c++
Jorge Martinez de Salinas
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - Compilations
HSA Foundation
 
The Ring programming language version 1.5.3 book - Part 89 of 184
The Ring programming language version 1.5.3 book - Part 89 of 184The Ring programming language version 1.5.3 book - Part 89 of 184
The Ring programming language version 1.5.3 book - Part 89 of 184
Mahmoud Samir Fayed
 
Concurrency Concepts in Java
Concurrency Concepts in JavaConcurrency Concepts in Java
Concurrency Concepts in Java
Doug Hawkins
 
JVM Mechanics
JVM MechanicsJVM Mechanics
JVM Mechanics
Doug Hawkins
 
Debugging of (C)Python applications
Debugging of (C)Python applicationsDebugging of (C)Python applications
Debugging of (C)Python applications
Roman Podoliaka
 
Евгений Крутько, Многопоточные вычисления, современный подход.
Евгений Крутько, Многопоточные вычисления, современный подход.Евгений Крутько, Многопоточные вычисления, современный подход.
Евгений Крутько, Многопоточные вычисления, современный подход.
Platonov Sergey
 
Valgrind
ValgrindValgrind
Valgrind
aidanshribman
 
Whats new in_csharp4
Whats new in_csharp4Whats new in_csharp4
Whats new in_csharp4
Abed Bukhari
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
Ji Hun Kim
 
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
PROIDEA
 
Python sqlite3 - flask
Python sqlite3 - flaskPython sqlite3 - flask
Python sqlite3 - flask
Eueung Mulyana
 
Software Testing - Invited Lecture at UNSW Sydney
Software Testing - Invited Lecture at UNSW SydneySoftware Testing - Invited Lecture at UNSW Sydney
Software Testing - Invited Lecture at UNSW Sydney
julien.ponge
 
Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friends
nuc13us
 
Neider
NeiderNeider
Neider
RedvolucionCesarNorte
 
We Are Museums 2016 workshop: Introduction to usability testing
We Are Museums 2016 workshop: Introduction to usability testingWe Are Museums 2016 workshop: Introduction to usability testing
We Are Museums 2016 workshop: Introduction to usability testing
Tiana Tasich
 

More Related Content

What's hot

Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Bridge TensorFlow to run on Intel nGraph backends (v0.4)Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Mr. Vengineer
 
Joel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMDJoel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMD
Sergey Platonov
 
Multithreading done right
Multithreading done rightMultithreading done right
Multithreading done right
Platonov Sergey
 
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Bridge TensorFlow to run on Intel nGraph backends (v0.5)Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Mr. Vengineer
 
Clang tidy
Clang tidyClang tidy
Clang tidy
Yury Yafimachau
 
Modern c++
Modern c++Modern c++
Modern c++
Jorge Martinez de Salinas
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - Compilations
HSA Foundation
 
The Ring programming language version 1.5.3 book - Part 89 of 184
The Ring programming language version 1.5.3 book - Part 89 of 184The Ring programming language version 1.5.3 book - Part 89 of 184
The Ring programming language version 1.5.3 book - Part 89 of 184
Mahmoud Samir Fayed
 
Concurrency Concepts in Java
Concurrency Concepts in JavaConcurrency Concepts in Java
Concurrency Concepts in Java
Doug Hawkins
 
JVM Mechanics
JVM MechanicsJVM Mechanics
JVM Mechanics
Doug Hawkins
 
Debugging of (C)Python applications
Debugging of (C)Python applicationsDebugging of (C)Python applications
Debugging of (C)Python applications
Roman Podoliaka
 
Евгений Крутько, Многопоточные вычисления, современный подход.
Евгений Крутько, Многопоточные вычисления, современный подход.Евгений Крутько, Многопоточные вычисления, современный подход.
Евгений Крутько, Многопоточные вычисления, современный подход.
Platonov Sergey
 
Valgrind
ValgrindValgrind
Valgrind
aidanshribman
 
Whats new in_csharp4
Whats new in_csharp4Whats new in_csharp4
Whats new in_csharp4
Abed Bukhari
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
Ji Hun Kim
 
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
PROIDEA
 
Python sqlite3 - flask
Python sqlite3 - flaskPython sqlite3 - flask
Python sqlite3 - flask
Eueung Mulyana
 
Software Testing - Invited Lecture at UNSW Sydney
Software Testing - Invited Lecture at UNSW SydneySoftware Testing - Invited Lecture at UNSW Sydney
Software Testing - Invited Lecture at UNSW Sydney
julien.ponge
 
Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friends
nuc13us
 

What's hot (20)

Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Bridge TensorFlow to run on Intel nGraph backends (v0.4)Bridge TensorFlow to run on Intel nGraph backends (v0.4)
Bridge TensorFlow to run on Intel nGraph backends (v0.4)
 
Joel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMDJoel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMD
 
Multithreading done right
Multithreading done rightMultithreading done right
Multithreading done right
 
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Bridge TensorFlow to run on Intel nGraph backends (v0.5)Bridge TensorFlow to run on Intel nGraph backends (v0.5)
Bridge TensorFlow to run on Intel nGraph backends (v0.5)
 
Clang tidy
Clang tidyClang tidy
Clang tidy
 
Modern c++
Modern c++Modern c++
Modern c++
 
ISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - CompilationsISCA Final Presentaiton - Compilations
ISCA Final Presentaiton - Compilations
 
The Ring programming language version 1.5.3 book - Part 89 of 184
The Ring programming language version 1.5.3 book - Part 89 of 184The Ring programming language version 1.5.3 book - Part 89 of 184
The Ring programming language version 1.5.3 book - Part 89 of 184
 
Concurrency Concepts in Java
Concurrency Concepts in JavaConcurrency Concepts in Java
Concurrency Concepts in Java
 
JVM Mechanics
JVM MechanicsJVM Mechanics
JVM Mechanics
 
Debugging of (C)Python applications
Debugging of (C)Python applicationsDebugging of (C)Python applications
Debugging of (C)Python applications
 
Евгений Крутько, Многопоточные вычисления, современный подход.
Евгений Крутько, Многопоточные вычисления, современный подход.Евгений Крутько, Многопоточные вычисления, современный подход.
Евгений Крутько, Многопоточные вычисления, современный подход.
 
Valgrind
ValgrindValgrind
Valgrind
 
Whats new in_csharp4
Whats new in_csharp4Whats new in_csharp4
Whats new in_csharp4
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
 
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
4Developers 2018: Evolution of C++ Class Design (Mariusz Łapiński)
 
Python sqlite3 - flask
Python sqlite3 - flaskPython sqlite3 - flask
Python sqlite3 - flask
 
Software Testing - Invited Lecture at UNSW Sydney
Software Testing - Invited Lecture at UNSW SydneySoftware Testing - Invited Lecture at UNSW Sydney
Software Testing - Invited Lecture at UNSW Sydney
 
Rop and it's friends
Rop and it's friendsRop and it's friends
Rop and it's friends
 

Viewers also liked

Neider
NeiderNeider
Neider
RedvolucionCesarNorte
 
We Are Museums 2016 workshop: Introduction to usability testing
We Are Museums 2016 workshop: Introduction to usability testingWe Are Museums 2016 workshop: Introduction to usability testing
We Are Museums 2016 workshop: Introduction to usability testing
Tiana Tasich
 
Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...
Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...
Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...
Stone Soup Creative
 
Prinsip dasar dan peran koperasai
Prinsip dasar dan peran koperasaiPrinsip dasar dan peran koperasai
Prinsip dasar dan peran koperasaiNenengYuyuRohana
 
C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891
C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891
C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891
Vera Kovaleva
 
Presentationv1 Part1
Presentationv1 Part1Presentationv1 Part1
Presentationv1 Part1
Abhishek Mago
 
Dalton Sample Sheets
Dalton Sample SheetsDalton Sample Sheets
Dalton Sample Sheets
Elizabeth (Liz) Dalton
 
Keynote &amp; on stage interview (carbo)
Keynote &amp; on stage interview (carbo)Keynote &amp; on stage interview (carbo)
Keynote &amp; on stage interview (carbo)
Japan Caribbean Climate Change Partnership
 
TRA infographic on Australian tourism 2014
TRA infographic on Australian tourism 2014TRA infographic on Australian tourism 2014
TRA infographic on Australian tourism 2014
TourismAustralia
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile Development
Lookout
 
13 Ways to Spook Your Audience
13 Ways to Spook Your Audience13 Ways to Spook Your Audience
13 Ways to Spook Your Audience
Natasha Arvinte-Hickey
 
Verifiable, linked open knowledge that anyone can edit
Verifiable, linked open knowledge that anyone can editVerifiable, linked open knowledge that anyone can edit
Verifiable, linked open knowledge that anyone can edit
Dario Taraborelli
 
The Public Opinion Landscape: Election 2016
The Public Opinion Landscape: Election 2016The Public Opinion Landscape: Election 2016
The Public Opinion Landscape: Election 2016
GloverParkGroup
 

Viewers also liked (15)

Neider
NeiderNeider
Neider
 
We Are Museums 2016 workshop: Introduction to usability testing
We Are Museums 2016 workshop: Introduction to usability testingWe Are Museums 2016 workshop: Introduction to usability testing
We Are Museums 2016 workshop: Introduction to usability testing
 
Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...
Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...
Branding Bootcamp: Developing an Authentic Brand That Connects With Your Cust...
 
Kewirausahaan
KewirausahaanKewirausahaan
Kewirausahaan
 
Prinsip dasar dan peran koperasai
Prinsip dasar dan peran koperasaiPrinsip dasar dan peran koperasai
Prinsip dasar dan peran koperasai
 
C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891
C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891
C7ce6e79 9653-42fb-9ee7-ac0cd1f8c1b5-150827185257-lva1-app6891
 
Presentationv1 Part1
Presentationv1 Part1Presentationv1 Part1
Presentationv1 Part1
 
Dalton Sample Sheets
Dalton Sample SheetsDalton Sample Sheets
Dalton Sample Sheets
 
Keynote &amp; on stage interview (carbo)
Keynote &amp; on stage interview (carbo)Keynote &amp; on stage interview (carbo)
Keynote &amp; on stage interview (carbo)
 
TRA infographic on Australian tourism 2014
TRA infographic on Australian tourism 2014TRA infographic on Australian tourism 2014
TRA infographic on Australian tourism 2014
 
Conférence bpi identité numérique - 24 fév 2012
Conférence bpi identité numérique - 24 fév 2012Conférence bpi identité numérique - 24 fév 2012
Conférence bpi identité numérique - 24 fév 2012
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile Development
 
13 Ways to Spook Your Audience
13 Ways to Spook Your Audience13 Ways to Spook Your Audience
13 Ways to Spook Your Audience
 
Verifiable, linked open knowledge that anyone can edit
Verifiable, linked open knowledge that anyone can editVerifiable, linked open knowledge that anyone can edit
Verifiable, linked open knowledge that anyone can edit
 
The Public Opinion Landscape: Election 2016
The Public Opinion Landscape: Election 2016The Public Opinion Landscape: Election 2016
The Public Opinion Landscape: Election 2016
 

Similar to Zone IDA Proc

Data Analysis in Python
Data Analysis in PythonData Analysis in Python
Data Analysis in Python
Richard Herrell
 
Computer Networks Lab File
Computer Networks Lab FileComputer Networks Lab File
Computer Networks Lab File
Kandarp Tiwari
 
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Data Con LA
 
'C' language notes (a.p)
'C' language notes (a.p)'C' language notes (a.p)
'C' language notes (a.p)
Ashishchinu
 
Hargun
HargunHargun
Hargun
Mukund Trivedi
 
Os lab final
Os lab finalOs lab final
Os lab final
LakshmiSarvani6
 
C
CC
C
Mukund Trivedi
 
C++ manual Report Full
C++ manual Report FullC++ manual Report Full
C++ manual Report Full
Thesis Scientist Private Limited
 
Db2 For I Parallel Data Load
Db2 For I Parallel Data LoadDb2 For I Parallel Data Load
Db2 For I Parallel Data Load
Thomas Wolfe
 
All I know about rsc.io/c2go
All I know about rsc.io/c2goAll I know about rsc.io/c2go
All I know about rsc.io/c2go
Moriyoshi Koizumi
 
Runtime Code Generation and Data Management for Heterogeneous Computing in Java
Runtime Code Generation and Data Management for Heterogeneous Computing in JavaRuntime Code Generation and Data Management for Heterogeneous Computing in Java
Runtime Code Generation and Data Management for Heterogeneous Computing in Java
Juan Fumero
 
Self scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloadsSelf scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloads
Bram Vogelaar
 
Predictive Analytics with Airflow and PySpark
Predictive Analytics with Airflow and PySparkPredictive Analytics with Airflow and PySpark
Predictive Analytics with Airflow and PySpark
Russell Jurney
 
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
ConFoo
 
Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...
Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...
Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...
InfluxData
 
Sydney Oracle Meetup - execution plans
Sydney Oracle Meetup - execution plansSydney Oracle Meetup - execution plans
Sydney Oracle Meetup - execution plans
paulguerin
 
RDataMining slides-r-programming
RDataMining slides-r-programmingRDataMining slides-r-programming
RDataMining slides-r-programming
Yanchang Zhao
 
The ProblemUsing C programming language write a program that simul.pdf
The ProblemUsing C programming language write a program that simul.pdfThe ProblemUsing C programming language write a program that simul.pdf
The ProblemUsing C programming language write a program that simul.pdf
federaleyecare
 
C Programming
C ProgrammingC Programming
C Programming
Sumant Diwakar
 
Assignment no39
Assignment no39Assignment no39
Assignment no39
Jay Patel
 

Similar to Zone IDA Proc (20)

Data Analysis in Python
Data Analysis in PythonData Analysis in Python
Data Analysis in Python
 
Computer Networks Lab File
Computer Networks Lab FileComputer Networks Lab File
Computer Networks Lab File
 
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
 
'C' language notes (a.p)
'C' language notes (a.p)'C' language notes (a.p)
'C' language notes (a.p)
 
Hargun
HargunHargun
Hargun
 
Os lab final
Os lab finalOs lab final
Os lab final
 
C
CC
C
 
C++ manual Report Full
C++ manual Report FullC++ manual Report Full
C++ manual Report Full
 
Db2 For I Parallel Data Load
Db2 For I Parallel Data LoadDb2 For I Parallel Data Load
Db2 For I Parallel Data Load
 
All I know about rsc.io/c2go
All I know about rsc.io/c2goAll I know about rsc.io/c2go
All I know about rsc.io/c2go
 
Runtime Code Generation and Data Management for Heterogeneous Computing in Java
Runtime Code Generation and Data Management for Heterogeneous Computing in JavaRuntime Code Generation and Data Management for Heterogeneous Computing in Java
Runtime Code Generation and Data Management for Heterogeneous Computing in Java
 
Self scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloadsSelf scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloads
 
Predictive Analytics with Airflow and PySpark
Predictive Analytics with Airflow and PySparkPredictive Analytics with Airflow and PySpark
Predictive Analytics with Airflow and PySpark
 
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
 
Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...
Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...
Extending Flux to Support Other Databases and Data Stores | Adam Anthony | In...
 
Sydney Oracle Meetup - execution plans
Sydney Oracle Meetup - execution plansSydney Oracle Meetup - execution plans
Sydney Oracle Meetup - execution plans
 
RDataMining slides-r-programming
RDataMining slides-r-programmingRDataMining slides-r-programming
RDataMining slides-r-programming
 
The ProblemUsing C programming language write a program that simul.pdf
The ProblemUsing C programming language write a program that simul.pdfThe ProblemUsing C programming language write a program that simul.pdf
The ProblemUsing C programming language write a program that simul.pdf
 
C Programming
C ProgrammingC Programming
C Programming
 
Assignment no39
Assignment no39Assignment no39
Assignment no39
 

Recently uploaded

socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Envertis Software Solutions
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 

Recently uploaded (20)

socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 

Zone IDA Proc

  • 1. PyCon APAC 2015 ZoneIDAProc Tzung-Bi Shih <penvirus@gmail.com>
  • 2. PyCon APAC 2015 Motivation Course assignment of Operating System everything is a file (descriptor) QA engineer often checks process internal states via checking debug logs the log.. trustworthy? 2
  • 3. PyCon APAC 2015 Related Works Debugger (process trace-able utility) variable monitoring / tampering code instrumentation 3 => debug symbols are required => accessing interface is domain-specific
  • 4. PyCon APAC 2015 Problem Statement 4 We wish to deliver defect-less software to customers. To verify behavior of our program is correct, QA engineer often triggers state transition inside the process and checks new state is as expected. However, most internal states are available only in debug logs which may not trustworthy enough. We will use Instrumentation-based Dynamic Accessing Proc to export an interface for accessing the internal states easily.
  • 5. PyCon APAC 2015 Design exporting interface Aggregation for relevant states structured addressing Manipulation on specified state fine-grained access 5 => something like Linux proc[1] => directory, read-only file, read-write file Example: - endpoint - ip - port - name
  • 6. PyCon APAC 2015 Design accessing internal state Unawareness of aimed process process trace Freshness of internal states on-demand access dedicated (spy) thread 6
  • 7. PyCon APAC 2015 Implementation Linux proc-like interface Virtual File System[2] Filesystem in Userspace[3] 7
  • 8. PyCon APAC 2015 Implementation code instrumentation[4] Easy version gdb Difficult version “ptrace(2)”[5][6] 8 - LSM Yama[7] - CAP_SYS_PTRACE - PTRACE_TRACEME - … $ sudo setcap cap_sys_ptrace+eip ./gdb
  • 9. PyCon APAC 2015 Example[8] basic read/write 1 import time 2 from ida_proc import IDAProc 3 4 app = IDAProc() 5 6 @app.route('/time') 7 def ctime(): 8 return time.ctime() 9 10 def register_for_data(): 11 data = dict() 12 data['data'] = 'default' 13 14 @app.route('/test/data') 15 def getter(): 16 return data['data'] 17 18 @app.route('/test/data', method='SET') 19 def setter(d): 20 data['data'] = d 21 return data['data'] 22 23 if __name__ == '__main__': 24 register_for_data() 25 app.run() 9 exported path writable
  • 10. PyCon APAC 2015 Example spy thread 8 data = dict() 9 data['data'] = 'default' 10 11 def main(): 12 while True: 13 print "[%s] data['data'] = %s" % (time.ctime(), data['data']) 14 sleep(1) 15 16 def proc(): 17 app = IDAProc() 18 19 @app.route('data') 20 def getter(): 21 return data['data'] 22 23 @app.route('data', method='SET') 24 def setter(d): 25 data['data'] = d 26 return data['data'] 27 28 def fusermount(): 29 p = subprocess.Popen(['/bin/fusermount', '-u', app.get_mount_point()], close_fds=True, shell=False) 30 p.communicate() 31 atexit.register(fusermount) 32 33 app.run() 34 35 if __name__ == '__main__': 36 t = threading.Thread(target=proc) 37 t.daemon = True 38 t.start() 39 spawn(main).join() the spy thread has no idea about when will the main thread be terminated main thread
  • 11. PyCon APAC 2015 Example symbol explorer 9 app = IDAProc() 10 11 Endpoint = namedtuple('Endpoint', ['host', 'port']) 12 end_1 = Endpoint('1.1.1.1', 1111) 13 14 end_2 = Endpoint(host='2.2.2.2', port=2222) 15 end_3 = Endpoint(port=3333, host='3.3.3.3') 16 Pair = namedtuple('Pair', ['src', 'dst']) 17 pair = Pair(src=end_2, dst=end_3) 18 19 def make_kv(path, m, k): 20 @app.route(path) 21 def getter(): 22 return m[k] 23 24 __expand_type__ = (Endpoint, Pair) 25 def expand_object(prefix, obj): 26 for k,v in obj.__dict__.items(): 27 if k.startswith('__'): 28 continue 29 if (inspect.ismodule(v) or inspect.isroutine(v) or inspect.isclass(v)): 30 continue 31 32 path = '%s/%s' % (prefix, k) 33 if type(v) in __expand_type__: 34 expand_object(path, v) 35 else: 36 make_kv(path, obj.__dict__, k) 37 38 if __name__ == '__main__': 39 expand_object('/', __main__) 40 app.run() 11 some test data skip uninterested
  • 12. PyCon APAC 2015 Example all-in-one: target program 1 import time 2 from collections import namedtuple 3 4 Endpoint = namedtuple('Endpoint', ['host', 'port']) 5 end_1 = Endpoint('1.1.1.1', 1111) 6 7 end_2 = Endpoint(host='2.2.2.2', port=2222) 8 end_3 = Endpoint(port=3333, host='3.3.3.3') 9 Pair = namedtuple('Pair', ['src', 'dst']) 10 pair = Pair(src=end_2, dst=end_3) 11 12 data = 'default' 13 14 while True: 15 current = time.ctime() 16 print '[%s] data = %s' % (current, data) 17 time.sleep(1) 12
  • 13. PyCon APAC 2015 Example all-in-one: intruder 7 def instrument_code(pid, filename): 9 cmd = list() 10 cmd.append('./gdb') ...ignored... 15 cmd.append('--pid') 16 cmd.append('%s' % pid) 17 cmd.append(''--eval-command=call dlopen("/tmp/pycode_instrumentation.so", 2)'') 18 cmd.append(''--eval-command=call instrument_file("%s")'' % filename) ...ignored... 22 23 if __name__ == '__main__': ...ignored... 28 pid = int(sys.argv[1]) 30 filename = '/tmp/zone_ida_instrumentation.py' 32 code = ''' ...ignored... 72 ''' 73 74 with open(filename, 'w') as f: 75 f.write(code) 76 instrument_code(pid, filename) 77 78 os.remove(filename) 13 execute code within the target process’ memory
  • 14. PyCon APAC 2015 Example all-in-one: pycode_instrumentation 1 int instrument_file(const char *filename) 2 { ...ignored... 10 if(!_Py_IsInitialized()){ 11 printf("Py_IsInitialized returned false.n"); 12 goto error; 13 } 14 15 PyInterpreterState *head = _PyInterpreterState_Head(); 16 if(head == NULL) { 17 printf("Interpreter is not initializedn"); 18 goto error; 19 } 20 21 PyGILState_STATE pyGILState = _PyGILState_Ensure(); 22 fp = fopen(filename, "r"); 23 if(fp == NULL) { 24 printf("file %s doesn't exist", filename); 25 goto error; 26 } 27 _PyRun_SimpleFile(fp, "Instrumentation"); 28 _PyGILState_Release(pyGILState); 29 30 if(fp) 31 fclose(fp); 32 return 1; ...ignored... 37 } 14 key point
  • 15. PyCon APAC 2015 Conclusion Proc could be an alternative configuration interface persistent configuration file is still needed Share states between main thread and spy thread beware of race condition 15
  • 16. PyCon APAC 2015 References [1]: http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html [2]: http://en.wikipedia.org/wiki/Virtual_file_system [3]: http://fuse.sourceforge.net/ [4]: http://stackoverflow.com/questions/8755211/what-is-meant-by-the-term-instrumentation [5]: http://www.linuxjournal.com/article/6100 [6]: http://www.linuxjournal.com/node/6210 [7]: https://www.kernel.org/doc/Documentation/security/Yama.txt [8]: https://github.com/penvirus/ZoneIDAProc 16