Skip to content

Get/modify variable's value in another Linux running process

License

Notifications You must be signed in to change notification settings

handy-sun/rcheat

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

rcheat

build-test latest_release Crates.io Linux

Get/modify simple variable's value in another Linux running process


Table of Contents

1. Installation

1.1. Via cargo

Some ways to install cargo
  • can be obtained using rustup(Recommond)
  • use Linux package management(e.g. apt, yum, dnf, pacman)
  • download a offline tarball from forge.rust-lang.org

In order to install, just run the following command

cargo install --force rcheat

This will install cargo-make in your ~/.cargo/bin. Make sure to add ~/.cargo/bin directory to your PATH variable. You will have a executable available: rcheat

1.2. Build src

1.2.1. Dependencies

Suggest using the latest version

1.2.2. Building

git clone https://github.com/handy-sun/rcheat.git
cd rcheat
cargo build

You will have a executable available: ./target/debug/rcheat

Tips: If download speed from crates.io is too slow. use a mirror to speed up(e.g. use rsproxy).

2. Simple Example

for example, a C source file onlyc.c with some global variables:

#include <unistd.h>

const char sc_sig_arr[][6] = { " ", "HUP", "INT", "QUIT", "ILL", "TRAP", "IOT", "BUS", "FPE", "KILL" };
const char techs[] = "\x02str.wa : ? !\ndaw\r21";
struct DemoStru {
    int int32;
    short uint16;
};
struct DemoStru structure;

int main() {
    structure.int32 = 0x7ffe8092;
    structure.uint16 = 0x321b;
    while (1) {
        sleep(30);
    }
    return 0;
}

Then compile and run it:

gcc onlyc.c -o onlyc && ./onlyc

Get pid of onlyc(e.g. use command: pidof) and use rcheat with -p option: NOTE: This program must be run with root privileges!

pidof onlyc
# output: 13725
sudo rcheat -p 13725

Then will get the output about all global variables about this program

...
Matched count: 3
Index: var_name                                 | var_size(B)
    0: sc_sig_arr                               |      60
    1: structure                                |       8
    2: techs                                    |      21
Please input index to choose the var(default is 0):

Input 2 and Enter, you will see the byte value and ascii content of this variable (control char that unvisible show as .)

0x0000: 0273 7472 2e77 6120 3a20 3f20 210a 6461 ┃ .str.wa : ? !.da
0x0010: 770d 3231 00                            ┃ w.21.

You also can specify the total name or partly keyword of the variable with option -k

sudo rcheat -p 13725 -k sig_arr
...

0x0000: 2000 0000 0000 4855 5000 0000 494e 5400 ┃  .....HUP...INT.
0x0010: 0000 5155 4954 0000 494c 4c00 0000 5452 ┃ ..QUIT..ILL...TR
0x0020: 4150 0000 494f 5400 0000 4255 5300 0000 ┃ AP..IOT...BUS...
0x0030: 4650 4500 0000 4b49 4c4c 0000           ┃ FPE...KILL..

After version 0.1.3, option -n/--name can query pid by process name

sudo rcheat -n onlyc -k sig_arr

3. Todo

The development plan of the project and the functions to be implemented

  • parse .debug* section
  • use lib like table to format matrix table data
  • use log crate such as log/env_logger etc.
  • write data to tracee process' memory
  • use config.toml to reduce some inputs
  • use lua to customized output
  • search pid by process name (like linux command: pidof/pgrep)
  • regex replace String.contain
  • if match more than 1 entry name, ask for which one to select
  • demangle symbols