X-Git-Url: http://git.thejh.net/?p=tools.git;a=blobdiff_plain;f=tools%2Fstrscan.c;h=dff214dc7a8598e02f4793d815a7f23258886c0d;hp=606096939759b6919074c47b3c2105d38188e781;hb=refs%2Fheads%2Fmaster;hpb=60706164dfb67737ccd4b761818eabce887d4214

diff --git a/tools/strscan.c b/tools/strscan.c
index 6060969..dff214d 100644
--- a/tools/strscan.c
+++ b/tools/strscan.c
@@ -6,14 +6,24 @@
 #include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/wait.h>
 #include <fcntl.h>
 #include <jh.h>
 #include <stdbool.h>
 #include <string.h>
+#include <sys/uio.h>
+
+ssize_t getmem(pid_t pid, void *dst, void *src, size_t len) {
+  assert(len > 0);
+  struct iovec local = {.iov_base = dst, .iov_len = len};
+  struct iovec remote = {.iov_base = src, .iov_len = len};
+  return process_vm_readv(pid, &local, 1, &remote, 1, 0);
+}
 
 struct range {
   void *a, *b;
   char *line;
+  char readable;
 };
 
 struct range *mappings;
@@ -31,26 +41,41 @@ int main(int argc, char **argv) {
   if (argc != 3) xperror("invocation: anondump <pid> <searchstr>", 0);
   TPRINTF(maps_path, "/proc/%s/maps", argv[1])
   char *maps = CHK_PTR(slurp_file(maps_path, NULL, JH_SLURP_NO_STAT), "unable to read /proc/$pid/maps", 1);
-  TPRINTF(mem_path, "/proc/%s/mem", argv[1])
-  int memfd = fail_on_neg(open(mem_path, O_RDONLY), "unable to open /proc/$pid/mem", 1);
+
+  pid_t target = atoi(argv[1]);
 
   size_t n_mappings = count_char_occurences(maps, '\n');
-  mappings = CHK_PTR(calloc(n_mappings, sizeof(struct range)), "memory allocation failed", 1);
+  mappings = CHK_PTR(calloc(n_mappings+1, sizeof(struct range)), "memory allocation failed", 1);
 
   // do magic
   for (char *line = strtok(maps, "\n"); line != NULL; line = strtok(NULL, "\n")) {
     struct range *mapping = &mappings[mappings_used++];
     mapping->line = CHK_PTR(strdup(line), "memory allocation failed", 1);
-    if (sscanf(line, "%p-%p", &mapping->a, &mapping->b) != 2) xperror("sscanf failed", 0);
+    if (sscanf(line, "%p-%p %c", &mapping->a, &mapping->b, &mapping->readable) != 3) xperror("sscanf failed", 0);
+    assert(mapping->readable == 'r' || mapping->readable == '-');
   }
 
   FOR_EACH_MAPPING {
+    //fprintf(stderr, "%s\n", mapping->line);
+    if (mapping->readable == '-') continue; /* guard page */
+    if (strchr(mapping->line, '/') == NULL && strstr(mapping->line, "[vvar]") != NULL) continue; /* vvar mapping is weird */
     size_t len = mapping->b - mapping->a;
+    //printf("a=0x%llx b=0x%llx len=0x%llx\n", (unsigned long long)mapping->a, (unsigned long long)mapping->b, (unsigned long long)len);
     char *copy = CHK_PTR(malloc(len), "malloc failed", 1);
-    if (pread(memfd, copy, len, (off_t)mapping->a) != (ssize_t)len) xperror("pread failed", 0);
+    ssize_t read_res;
+    if ((read_res=getmem(target, copy, mapping->a, len)) != len) {
+      if (read_res == 0) {
+        fputs("warning: some read failed\n", stderr);
+        continue;
+      }
+      if (read_res == -1) {
+        perror("warning: some read failed");
+        continue;
+      }
+    }
     size_t pos = 0;
     while (1) {
-      char *ptr = memmem(copy + pos, len, argv[2], strlen(argv[2]));
+      char *ptr = memmem(copy + pos, len - pos, argv[2], strlen(argv[2]));
       if (ptr == NULL) break;
       pos = ptr - copy;
       printf("at %p in %s\n", mapping->a + pos, mapping->line);