ptraces of death
A process can end its life by either explicitly calling the exit() system call or having it called for them.
ptraces of death attempts to trace the termination of common processes, such as the firefox web browser, using the ptrace system call. A piece of software is traced exquisitely; we can peek into certain registers within the core processor, or even look at the exact operational code which is being executed.An audio file of around four hours duration (at 44100 samples per second) is generated for the termination (using wmctrl) of firefox.
ptraces of death is part of the data sedimentation project.
ptraces of death is available as a limited edition (1 of 10) USB stick with all data logs and audio rendering of a firefox shutdown.
audio:
code:
#include <stdio.h> #include <sys/ptrace.h> #include <errno.h> #include <sys/types.h> #include <sys/resource.h> #include <sys/wait.h> #include <signal.h> #include <stdlib.h> #include <lo/lo.h> #include <sys/user.h> int main (int argc, char *argv[]) { long long counter = 1; // machine instruction counter int wait_val; // child's return value int pid; // child's process id struct user_regs_struct red; unsigned int x,y,xy,ya,yb,yc,yd,ye,yf,yg,yh,yi,err,signo; unsigned char buffer[8]; int exitf=0; pid=strtoul(argv[1], NULL, 10); fprintf(stderr,"pid: %d\n",pid); ptrace(PTRACE_ATTACH,pid,0,0); wait(&wait_val); if (ptrace(PTRACE_SINGLESTEP,pid,NULL,NULL) != 0) perror("ptracex:"); while(!exitf){ ptrace(PTRACE_SINGLESTEP,pid,NULL,signo); x=ptrace(PTRACE_GETREGS,pid,NULL,&red); wait(&wait_val); ya=red.eip; if (ya>0) { yb=ptrace(PTRACE_PEEKDATA,pid,ya,NULL); printf("%c",yb%255); // STDERR } if ((signo = WSTOPSIG(wait_val)) == SIGTRAP) { signo = 0; } if ((signo == SIGHUP) || (signo == SIGINT)) { ptrace(PTRACE_CONT, pid, 0, signo); printf("Child took a SIGHUP or SIGINT. Ptraces of death.\n"); exitf=0; break; } } }
Date: 2012-03-03 22:28:38 GMT
HTML generated by org-mode 6.31trans in emacs 23