Skip to content

Latest commit

 

History

History
126 lines (85 loc) · 2.41 KB

README.md

File metadata and controls

126 lines (85 loc) · 2.41 KB

ptrwatch

OUT:

Ptrwatch is a Linux CLI tool for observing pointer chains in real time.

Generate pointer chains


DEPENDENES:

Ptrwatch dynamically links libpwu. Release +0.1.4 is required. Visit the page and follow installation instructions.

Ptrwatch also links libncurses. To build ptrwatch, you'll additionally need the ncurses development library. Consult your distro's wiki for details.


INSTALLAON:

Fetch the repo:

$ git clone https://github.com/vykt/ptrwatch

Generate build files:

$ cd ptrscan && ./buildgen.sh

Build the release:

$ cd build && make watch

Check the install script & install:

$ cd .. && sudo ./install.sh

CONFIGURATION FILE:

To provide ptrwatch with pointer chains you must specify them in a config file. An example config ptrwatch.cfg is included in the root of the repo.

The config file can contain 3 types of lines.lank lines are allowed:

Comments

Comments begin with a '#' and span the entire line.

config:

# this is a comment

output:

<none>

Titles

Titles begin with a '>' and span the entire line. Titles have a red colour and should be used to provide structure to the output of ptrwatch.

config:

>this is a title

output:

this is a title

Entries

Entries display the value at the end of a pointer chain. An entry takes the following format:

<description>:<type>:<start_backing_file> <offsets>

description is a string displayed besides the value read from the pointer chain.

type can be any of:

  • uint8
  • int8
  • uint16
  • int16
  • uint32
  • int32
  • uint64
  • int64
  • float
  • double
  • string:[len]

Note that the string type takes an additional length parameter [len].

start_backing_file can either be the string representation of the backing file (e.g. 'libc.so.6') or a starting address in written in hexadecimal with a '0x' prefix.

offsets are a space delimited list of offsets. The final offset is dereferenced as type and displayed.

See the provided ptrwatch.cfg for examples.


EXAMPLES

Watch pointer chains of process example_proc using the default ptrwatch.cfg config:

ptrwatch example_proc

Watch pointer chains of process with PID 1234, using new_config.cfg as the config file:

ptrwatch -c new_config.cfg 1234