1602, 1/81 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   °£´ÜÇÑ ½Ã½ºÅÛ ÄÝ ÃßÀû ÇÁ·Î±×·¥ ¸¸µé±â

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8596 [º¹»ç]


#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/user.h>
#include <unistd.h>
#include <stdio.h>

int main() {
    pid_t child;
    long orig_rax;
    struct user_regs_struct regs;
    int status;

    child = fork();
    if (child == 0) {
        // ÀÚ½Ä ÇÁ·Î¼¼½º: ptrace °¨½Ã Çã¿ë
        ptrace(PTRACE_TRACEME, 0, NULL, NULL);
        execl("/bin/ls", "ls", NULL);  // ls ¸í·É¾î ½ÇÇà
    } else {
        // ºÎ¸ð ÇÁ·Î¼¼½º: ÀÚ½Ä ÇÁ·Î¼¼½º °¨½Ã
        wait(&status);
        while (!WIFEXITED(status)) {
            // ½Ã½ºÅÛ ÄÝ Á÷Àü ÀÎÅͼÁÆ®
            ptrace(PTRACE_SYSCALL, child, NULL, NULL);
            wait(&status);

            // ·¹Áö½ºÅÍ »óÅ Àбâ
            ptrace(PTRACE_GETREGS, child, NULL, ®s);
            printf("½Ã½ºÅÛ ÄÝ ¹øÈ£: %ld\n", regs.orig_rax);

            // ½Ã½ºÅÛ ÄÝ Á÷ÈÄ ÀÎÅͼÁÆ®
            ptrace(PTRACE_SYSCALL, child, NULL, NULL);
            wait(&status);
        }
    }
    return 0;
}




ka0r1@mark:~$ ls
show_process  show_process.c  snap  syscall  syscall.c  test  test.c  venom.exe
ka0r1@mark:~$ ./syscall
½Ã½ºÅÛ ÄÝ ¹øÈ£: 12
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 21
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 17
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 17
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 158
½Ã½ºÅÛ ÄÝ ¹øÈ£: 218
½Ã½ºÅÛ ÄÝ ¹øÈ£: 273
½Ã½ºÅÛ ÄÝ ¹øÈ£: 334
½Ã½ºÅÛ ÄÝ ¹øÈ£: 10
½Ã½ºÅÛ ÄÝ ¹øÈ£: 10
½Ã½ºÅÛ ÄÝ ¹øÈ£: 10
½Ã½ºÅÛ ÄÝ ¹øÈ£: 10
½Ã½ºÅÛ ÄÝ ¹øÈ£: 10
½Ã½ºÅÛ ÄÝ ¹øÈ£: 302
½Ã½ºÅÛ ÄÝ ¹øÈ£: 11
½Ã½ºÅÛ ÄÝ ¹øÈ£: 137
½Ã½ºÅÛ ÄÝ ¹øÈ£: 137
½Ã½ºÅÛ ÄÝ ¹øÈ£: 318
½Ã½ºÅÛ ÄÝ ¹øÈ£: 12
½Ã½ºÅÛ ÄÝ ¹øÈ£: 12
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 21
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 0
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 202
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 9
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 16
½Ã½ºÅÛ ÄÝ ¹øÈ£: 16
½Ã½ºÅÛ ÄÝ ¹øÈ£: 257
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 217
½Ã½ºÅÛ ÄÝ ¹øÈ£: 217
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 5
½Ã½ºÅÛ ÄÝ ¹øÈ£: 1
show_process  show_process.c  snap  syscall  syscall.c  test  test.c  venom.exe
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 3
½Ã½ºÅÛ ÄÝ ¹øÈ£: 231
ka0r1@mark:~$







ptrace(2)                                        System Calls Manual                                        ptrace(2)

NAME
       ptrace - process trace

LIBRARY
       Standard C library (libc, -lc)

SYNOPSIS
       #include <sys/ptrace.h>

       long ptrace(enum __ptrace_request op, pid_t pid,
                   void *addr, void *data);

DESCRIPTION
       The ptrace() system call provides a means by which one process (the "tracer") may observe and control the exe‐
       cution  of  another  process  (the "tracee"), and examine and change the tracee's memory and registers.  It is
       primarily used to implement breakpoint debugging and system call tracing.
.
.
.
ÀÚ¼¼ÇÑ ¼³¸íÀº »ý·«ÇÑ´Ù...
.
.
.







LIBRARY
       Standard C library (libc, -lc)

SYNOPSIS
       #include <unistd.h>

       extern char **environ;

       int execl(const char *pathname, const char *arg, ...
                       /*, (char *) NULL */);
       int execlp(const char *file, const char *arg, ...
                       /*, (char *) NULL */);
       int execle(const char *pathname, const char *arg, ...
                       /*, (char *) NULL, char *const envp[] */);
       int execv(const char *pathname, char *const argv[]);
       int execvp(const char *file, char *const argv[]);
       int execvpe(const char *file, char *const argv[], char *const envp[]);

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       execvpe():
           _GNU_SOURCE

DESCRIPTION
       The exec() family of functions replaces the current process image with a new process image.  The functions de‐
       scribed  in  this manual page are layered on top of execve(2).  (See the manual page for execve(2) for further
       details about the replacement of the current process image.)
.
.
.
ÀÚ¼¼ÇÑ ¼³¸íÀº »ý·«ÇÑ´Ù...
.
.
.







SYNOPSIS
       #include <sys/wait.h>

       pid_t wait(int *_Nullable wstatus);
       pid_t waitpid(pid_t pid, int *_Nullable wstatus, int options);

       int waitid(idtype_t idtype, id_t id, siginfo_t *infop, int options);
                       /* This is the glibc and POSIX interface; see
                          NOTES for information on the raw system call. */

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       waitid():
           Since glibc 2.26:
               _XOPEN_SOURCE >= 500 || _POSIX_C_SOURCE >= 200809L
           glibc 2.25 and earlier:
               _XOPEN_SOURCE
                   || /* Since glibc 2.12: */ _POSIX_C_SOURCE >= 200809L
                   || /* glibc <= 2.19: */ _BSD_SOURCE

DESCRIPTION
       All of these system calls are used to wait for state changes in a child of the calling process, and obtain in‐
       formation  about the child whose state has changed.  A state change is considered to be: the child terminated;
       the child was stopped by a signal; or the child was resumed by a signal.  In the case of a  terminated  child,
       performing  a wait allows the system to release the resources associated with the child; if a wait is not per‐
       formed, then the terminated child remains in a "zombie" state (see NOTES below).

.
.
.
ÀÚ¼¼ÇÑ ¼³¸íÀº »ý·«ÇÑ´Ù...
.
.
.






p.s. ¸ð¸¦ ¶© manÀ» ÀÌ¿ëÇÏ¸é µÊ.

  Hit : 117     Date : 2025/01/18 09:05



    
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 19610
1601   ½Ã½ºÅÛ ÄÝ ÃßÀû È®ÀåÆÇ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/19 126
  °£´ÜÇÑ ½Ã½ºÅÛ ÄÝ ÃßÀû ÇÁ·Î±×·¥ ¸¸µé±â     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/18 116
1599   [overthewire.org] - leviathan1     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 146
1598   [overthewire.org] - leviathan0     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 138
1597   [Write Up] Crypto Cat's CTF 2024 - BabyFlow     ÇØÅ·ÀßÇÏ°í½Í´Ù
12/29 206
1596   [pwnable.kr] bof     ÇØÅ·ÀßÇÏ°í½Í´Ù
12/25 193
1595   [pwnable.kr] Shellshock[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 338
1594   ShellshockÀÇ ±âº» ¿ä¾à     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 312
1593   [pwnable.kr] fd     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 306
1592   VPNÀÌ ¿¬°áµÇ¾ú´Ù°¡ µµÁß¿¡ ²¨µµ À¥ ºê¶ó¿ìÀú»ó¿¡¼­ À¯ÁöµÇ´Â ÀÌÀ¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 287
1591   ÇØÄ¿µéÀÌ ÇØÅ·½Ã »ç¿ëÇÏ´Â µð·ºÅ丮 °ø°£[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 359
1590   Keyboard Hooking -part2 - (Python3 ver)     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 337
1589   [Windows API] Keyboard Hooking     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 294
1588   [pwnable.kr] cmd1 °ø·«     ÇØÅ·ÀßÇÏ°í½Í´Ù
10/23 458
1587   netdiscover ÆÄÀ̽ãÀ¸·Î ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 714
1586   ÆÄÀ̽ãÀ» ÀÌ¿ëÇÑ ½ÉÇà À¥ Å©·Ñ·¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 583
1585   ÆÄÀ̽ã random¸ðµâÀ» ÀÌ¿ëÇÑ ¼ýÀÚ¸ÂÃ߱⠰ÔÀÓ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/30 1140
1584   ÆÄÀ̽ã äÆà ÇÁ·Î±×·¥ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/28 1061
1583   ÆÄÀ̽㠼ÒÄÏ ÇÁ·Î±×·¡¹ÖÀÇ ±âÃÊ     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/26 1239
1 [2][3][4][5][6][7][8][9][10]..[81]

Copyright 1999-2025 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org