Add basic ptrace patcher for Anti2RE

[R3x]

Basic ptrace patcher

• [ ] Find out all the ptrace calls in a binary (with TRACE_ME)
• [ ] Write a simple test program
• [ ] Find ideal ways to patch the binary
• [ ] Write a wrapper to execute and check again
• [ ] Patch the binary (See if it's possible to permanently patch with PIN)

[adityavardhanpadala]

We will be using pin/source/tools/Replay/call_function_natively.cpp as a reference to build the tool. Most of the API Calls this tool uses are useful in building the final ptrace patch tool. I will be pushing the skeleton code for hooking the ptrace function soon.

[adityavardhanpadala]

@R3x I would like to know how we would be proceeding with the tool. Will it be used for on the fly patching during runtime(by integrating into another tool)?

[R3x]

@adityavardhanpadala I would prefer to see things patched using Intel pin itself. But if that's not possible please - dump the addresses that need to be patched and write a wrapper that does the patching.

[adityavardhanpadala]

Understood.

[masterugwee]

I will go through 'call_function_natively.cpp' . @R3x about dumping the addresses, how will we know that these addresses can't be patched, are there any exceptions that we need to handle?

[R3x]

@masterugwee All you need to make sure is that you are not trying to patch a library function since we are not sure what all library functions may be using ptrace internally. However we need to patch all calls to ptrace@plt. There might be cases where the return value of ptrace is used but we can't do anything about that.

Other targets for patching would be calls to sleep, SIGALRM and also int3 instructions in the code. These may lead to issues in the code but its a risk we have to take.

[masterugwee]

That makes sense. Thanks @R3x