2

I'm learning how to use ptrace and wrote some code to test it out. However, I am getting a problem when I am trying to use the PTRACE_SETOPTIONS request to set the PTRACE_O_EXITKILL option to kill the tracee process if the tracer process terminates.

For reference, I am using Windows Subsystem for Linux's Kali Linux, running kernel version 4.4.0. 

void child_code();
void parent_code(pid_t pid);

int main(const int argc, char *argv[])
{
    pid_t pid;
    switch (pid = fork())
    {
        case -1:
            perror("fork");
            break;
        case 0:
            child_code();
            break;
        default: //parent code
            parent_code(pid);
    }

    return 0;
}

void parent_code(pid_t pid)
{
    printf("Parent code\n");
    int status;
    if (wait(&status) == -1)
    {
        perror("parent wait one");
    }
    printf("Finished waiting\n");
    printf("PTRACE_O_EXITKILL is %x\n", PTRACE_O_EXITKILL); //0x100000
    printf("PTRACE_O_TRACEEXEC is %x\n", PTRACE_O_TRACEEXEC); //0x10
    printf("PTRACE_O_TRACEFORK is %x\n", PTRACE_O_TRACEFORK); //0x2
    printf("My PID is     %d\n", getpid());
    err_wrap(
        ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_EXITKILL), 
        0, "ptrace-set-options");
    //This is returning EINVAL error and prints "Invalid argument" and I don't know why.

}


void child_code() {
    printf("Child code\n");
    printf("Parent is:   %d\n", getppid());
    err_wrap(ptrace(PTRACE_TRACEME, 0,0,0), 0, "ptrace-traceme");
    err_wrap(raise(SIGSTOP), 0, "raise");

    unsigned int pleb = 0xffbbcde8;
    int x = 0;
    printf("Hello WoRld\n");

    printf("Pleb is:     %llx\n", pleb);
    printf("x is:        %d\n", x);
}

err_wrap is defined here

void err_wrap(const int ret, const int success, const char *msg)
{
    if (ret != success)
    {
        perror(msg);
    }
}

When I call PTRACE_SETOPTIONS with PTRACE_O_EXITKILL, it's saying invalid argument, but I do not know why. When I try other options like PTRACE_O_TRACEEXEC, it works fine. I haven't tried all other options though.

I can't understand why it's not working. As PTRACE_O_EXITKILL is defined, and it's not a macro/variable that I've made, I would presume that the ptrace would recognize it, but for some reason it doesn't. I printed it out and it matches the value that I see in ptrace source code (0x100000).

Any help would be much appreciated, thanks.

NotAPro
  • 136
  • 2
  • 17
  • FWIW, your code ran fine on my Linux 5.4 kernel. What kernel version are you on? – kaylum Dec 10 '19 at 23:55
  • Linux version 4.4.0-18362-Microsoft (Microsoft@Microsoft.com) (gcc version 5.4.0 (GCC) ) #476-Microsoft Fri Nov 01 16:53:00 PST 2019 – NotAPro Dec 10 '19 at 23:58
  • I'm using Kali Linux on Windows Subsystem for Linux. I did cat /proc/version and that's what it printed out. – NotAPro Dec 10 '19 at 23:59
  • 1
    Oh you are using WSL. That's important info and suggest you update the question with that. There are known issues with `ptrace` in WSL. I can't see a specific bug report for this option but it wouldn't be surprising if it either isn't supported or is buggy. Do you have to use WSL? For this kind of experimentation it may be better to use native or VM Linux. – kaylum Dec 11 '19 at 00:09
  • If you don't mind me asking, could you point me to a quick and easy way to run a Linux terminal in a VM? Preferably one where I can scroll the terminal with my mouse, and can scroll when using `less`. (I ran a Linux VM before using VirtualBox and it didn't let me do either). – NotAPro Dec 11 '19 at 00:32
  • 1
    Stackoverflow comments is not a suitable forum for helping you get Linux VM working. But I can say that I use Virtual Box with Linux Mint (Ubuntu derivative) and mouse scrolling works fine. So there isn't any inherent reason why that won't work. But I can't tell you what your specific problem is. It may be a Linux distro setting or something else. Best to try it again and if you hit the same problem then ask on [Superuser](https://superuser.com/). – kaylum Dec 11 '19 at 00:51

0 Answers0