how to print PR_execve args 2 ?

[w296488320]

    case PR_execve:{
        status = 0;

        //status = translate_execve_enter(tracee);

        word_t arg1 = peek_reg(tracee, CURRENT, SYSARG_1);
        char temp1[PATH_MAX];
        read_path(tracee, temp1, arg1);

        word_t arg2 = peek_reg(tracee, CURRENT,SYSARG_2);

        void * harg2 = alloca(sizeof (char *));

        read_data(tracee, harg2, arg2,sizeof (char *));

        LOGE("svc execve -> %s %s ",temp1,harg2)

        break;
    }

I want to try to print the parameters of the syscall execve for 2 。 The prototype of this function is the

int execve(const char *pathname, char *const argv[], char *const envp[]);

I seem to have a little problem now, the print is always messy Do you have any good advice?

[michalbednarski]

Second argument of execve is char **, (pointer/array terminated with NULL to pointers to strings (\0 terminated array of chars)

Your *harg contains now address (in tracee memory) of argv[0], if you use that address on read_path() you'll copy that string into proot.

Currently you're doing printf %s on bytes of (tracee) pointer

[w296488320]

I found a very interesting question. Here is the code that I executed

    char buffer[PATH_MAX];
    FILE* fp2 = popen("cat /sys/devices/soc0/serial_number", "r");
    if(fgets(buffer, sizeof(buffer), fp2) != nullptr){
        LOGI(">>>>>>>>>>  popen serial_number: %s",buffer);
    } else{
        LOGI(">>>>>>>>>>  popen serial_number file == null ");
    }
    pclose(fp2);

The popen () will fork () comes out a process to execute the execve() I tried to print the parameters of syscall execve and found that 32 bits appear bug.But the 64 bits won't be there. The error reason is the Bad system call.I guess it should be the 32-bit program that executed the 64-bit syscall num.Causing of this problem.Is there any good way to avoid it?