I need to intercept and trace signals from any binaries, like strace does it under linux.
I don't need a so verbose output like the real one strace.
I just want to know how it works, how can I intercept signal and how can I trace them.
Thanks in advance :)
strace uses the ptrace() system call for tracing, which also allows you to intercept (and possibly manipulate) signals sent to the process.
Here's a tiny example:
#include <sys/ptrace.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
/* simple example, child is traced, uses alarm which causes a signal to be
* set up */
pid_t child;
child = fork();
if (child == 0)
{
ptrace(PTRACE_TRACEME, 0, NULL, NULL);
alarm(3);
while(1)
{
}
exit(0);
}
/* parent */
while(1)
{
int wstatus;
int signum;
wait(&wstatus);
if (WIFEXITED(wstatus) || WIFSIGNALED(wstatus))
break;
signum = WSTOPSIG(wstatus);
printf("child stopped with signal %d\n", signum);
/* resume execution */
ptrace(PTRACE_CONT, child, NULL, signum);
}
return 0;
}
This is a simple implementation:
Put somewhere in your int main() several calls to signal(), one for each signal you want to catch. The first argument is the signal name; the second is the signal handler function (more on that below):
signal(SIGFPE, SignalHandler);
signal(SIGILL, SignalHandler);
signal(SIGINT, SignalHandler);
signal(SIGSEGV, SignalHandler);
signal(SIGTERM, SignalHandler);
#ifndef WIN32
signal(SIGHUP, SignalHandler);
signal(SIGQUIT, SignalHandler);
signal(SIGKILL, SignalHandler);
signal(SIGPIPE, SignalHandler);
signal(SIGCHLD, SignalHandler);
#endif
Now, write a signal function. It must return void and accept an int: void SignalHandler(int signal_number):
void SignalHandler(int signal_number)
{
printf("Received signal: %s\n", strsignal(signal_number);
// Do something
}
That's it! You can also test it by sending a signal to yourself with the function raise(SIGNAL_NAME); for example, try raise(SIGTERM);!
Intercepting signals to other processes is something you should not do for any reason other than debugging them. This is what strace is intended for. Processes should be capable of handling their own signals.
Needless to say, if you are writing a debugger, understand ptrace().
Related
I want to create a simple program that uses fork and creates a child process which with the use of pause is waiting. I want this child process to start after it gets a specific signal from father process. Code I've written:
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
int main() {
pid_t c = fork();
if (c == 0) {
pause();
printf("signal was given");
}
if (c > 0)
kill(c, SIGINT);
return 0;
}
I think kill gives a specific signal to a process with pid c(child) and I thought that pause just waits for a signal to unpause that process. However in this case running this program has no results. I have also tried adding a signal catching function to the child using signal(SIGINT, handler) and creating a handler function that prints the desired result but it is still not working. Any ideas?
If you send SIGINT, whose default disposition is to kill the process, to a process that neither blocks it nor handles it, the process will die.
If you want the signal to interrupt blocking calls like pause(), it needs to have a handler.
But simply installing a handler introduces race conditions:
if (c == 0 ){
//< if the signal arrives here the child dies
signal(SIGINT, handler);
//< if the signal arrives here then nothing happens except the handler is run
pause(); //< if the handler arrives here then pause gets interrupted
printf("signal was given\n");
exit(0);
}
To eliminate the race conditions, you need to
block the signal in the parent so that the child starts with the signal blocked
install the handler in the child
unblock the signal and pause() in one atomic step
To achieve 3. in one step, you need sigsuspend() instead of pause().
#include <stdio.h>
#include<sys/types.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/wait.h>
#include<signal.h>
void handler(int Sig){}
int main()
{
sigset_t sigint, oldmask; sigemptyset(&sigint); sigaddset(&sigint, SIGINT);
sigprocmask(SIG_BLOCK, &sigint, &oldmask);
pid_t c=fork();
if(0>c) return perror(0),1;
if (c==0){
signal(SIGINT, handler);
sigdelset(&oldmask,SIGINT); /*in (the unlikely) case the process started with SIGINT blocked*/
sigsuspend(&oldmask);
printf("signal was given\n");
exit(0);
}
kill(c,SIGINT);
wait(0);
return 0;
}
Alternatively, you can use sigwait() and drop the need for a handler altogether:
#include <stdio.h>
#include<sys/types.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/wait.h>
#include<signal.h>
int main()
{
sigset_t sigint, oldmask; sigemptyset(&sigint); sigaddset(&sigint, SIGINT);
sigprocmask(SIG_BLOCK, &sigint, &oldmask);
pid_t c=fork();
if(0>c) return perror(0),1;
if (c==0){
int sig; sigwait(&sigint,&sig);
printf("signal was given\n");
exit(0);
}
kill(c,SIGINT);
wait(0);
return 0;
}
You have two issues:
The child process is getting a signal before it calls pause().
SIGINT by default would kill a process so printf will never be executed.
Try this:
void handler(int signum)
{
//nothing here
}
int main()
{
pid_t c = fork();
if (c == 0) {
signal(SIGINT, handler);
pause();
printf("signal was given");
}
if (c > 0) {
sleep(1); // <-- give the child process some time to pause()
kill(c, SIGINT);
}
return 0;
}
How can I wake up paused thread using only signal() or pthread_kill()?
I think paused thread must recieved some kind of signals to activate, but I don't know what signal have to be sent to paused thread.
//My Terminal
USER32#myLaptop:~/list$ gcc -o ./temp ./temp.c -lpthread
USER32#myLaptop:~/list$ ./temp
Starting Thread...
//My Codes
#include <stdio.h>
#include <pthread.h>
#include <unistd.h>
#include <signal.h>
pthread_t tid;
void *thread_function(void *data){
tid = pthread_self();
write(STDOUT_FILENO, "Starting Thread...\n", sizeof("Starting Thread...\n"));
pause();
write(STDOUT_FILENO, "Success!\n", sizeof("Success!\n"));
}
int main(){
pthread_t pth;
pthread_create(&pth, NULL, &thread_function, NULL);
sleep(1);
pthread_kill(tid, SIGCONT);
pthread_join(pth, NULL);
return 0;
}
The pause() function will return on any signal that can be caught, but you have to set up a signal handler first and catch that signal.
Here is an example:
void signal_handler(int sig) {
printf("Caught signal %d\n", sig);
}
void *thread_function(void *data) {
signal(SIGUSR1, signal_handler);
//rest of your code here
}
int main() {
...
sleep(1);
pthread_kill(tid, SIGUSR1);
...
}
SIGUSR1 is one of the signals reserved for internal use by applications so it is suitable for this case.
SIGCONT can be caught, but it is not designed for this, but instead to resume processes that where stopped by SIGSTOP.
In the following code, what I am expecting is the console prints ten SIGCHLD caught. I've already queued up the SIGCHLD by setting sa_flags to SA_SIGINFO and using sa_sigaction instead of sa_handler. However, it seems some of the SIGCHLD are lost. Why?
I'm thinking fork() might be interrupted by SIGCHLD so I use SA_RESTART to restart the fork(). I run the same piece of code on different computers. On my MacBook, it says [1] 24481 illegal hardware instruction. On the other Linux computer, less than 10 SIGCHLD caught are printed.
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <signal.h>
#define CHECK(syscall, msg) do { \
if ((syscall) == -1) { \
perror(msg); \
} \
} while(0)
void catch(int signo, siginfo_t *info, void *context) {
if (signo == SIGCHLD) {
printf("SIGCHLD caught\n");
}
}
int main () {
sigset_t new_set;
sigemptyset(&new_set);
sigaddset(&new_set, SIGCHLD);
struct sigaction act;
act.sa_sigaction = catch;
act.sa_mask = new_set;
act.sa_flags = SA_SIGINFO | SA_RESTART;
CHECK(sigaction(SIGCHLD, &act, NULL), "sigaction error");
int pid, i;
for (i = 0; i < 10; i++) {
pid = fork();
if (!pid) return;
}
while (1);
}
SIGCHLD is a standard signal, which means multiple occurrences of it get collapsed into one. Linux kernel maintains a bitset for standard signals, one bit per signal and supports queuing exactly one associated siginfo_t.
Fix:
void catch(int signo, siginfo_t*, void*) {
int status;
pid_t pid;
if(signo == SIGCHLD) {
while((pid = waitpid(-1, &status, WNOHANG)) > 0)
printf("child %u terminated.\n", (unsigned)pid);
}
}
Also note, that you do not need to explicitly block the signal you handle because it is automatically blocked for you, unless SA_NODEFER flag is used.
And, pedantically, only a limited number of async-signal safe functions (see man signal-safety) can be used in a signal handler, printf is not one of those.
I have read the manual of kill, and I know that it is a system call for sending a signal. I write a simple multi process code, each child process will do the handler function if it catch a specified signal, which is SIGUSR1 in my code.
In my code, I have made 3 processes, each process will print out "yo" if they catch SIGUSR1 signal, but the output only print out one time or two time..? That really confuse me, thanks for your help!
Here is my code:
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <time.h>
#include <signal.h>
#include <sys/time.h>
#include <string.h>
#define N 3
int pid_id[N];
void handler (int signum)
{
printf("yo\n");
}
void child(int process_index)
{
struct sigaction sa;
/* Register */
memset(&sa, 0, sizeof(sa));
sa.sa_handler = handler;
sigaction(SIGUSR1, &sa, NULL);
printf("I am %d.\n", getpid());
pid_id[process_index] = getpid();
sleep(5);
exit(0);
}
int main()
{
int i, status;
pid_t pid[N];
pid_t pid_wait;
for (i=0;i<N;i++)
{
pid[i] = fork();
if (pid[i]==0)
{
child(i);
}
}
for (i=0;i<N;i++)
kill(pid_id[i], SIGUSR1);
for (i=0;i<N;i++)
{
do
{
pid_wait = waitpid(pid[i], &status, WNOHANG);
}while(pid_wait != pid[i]);
}
printf("all done\n");
return 0;
}
Remember that you're dealing with multiple processes now. Just because in the code it looks like you ran child before kill doesn't mean that it happened in that order. The order of execution is entirely dependent on how the OS schedules CPU time for these processes.
What's happening is that some of the child processes are killed before they can install their signal handler. This is an example of a race condition, much like the sort you get when starting new threads.
This can be solved by synchronising the parent with its children, so that it doesn't continue until all children have notified back that they have completed their necessary initialisation steps.
I need to send a signal to a process and when the process receives this signal it does some things, how is this best achieved in C?
The way to send a signal to a process is kill(pid, signal); However, you should be aware that signals are not a robust means of inter-process communication except for parent-to-direct-child messages due to inherent race conditions. Pipes, files, directories, named semaphores, sockets, shared memory, etc. all provide greatly superior approaches to inter-process communication.
If you happen to be on one of the Unix variants, the following man pages will help:
man 2 kill
man 2 signal
man 2 sigvec
kill + fork runnable POSIX example
Time for some fun:
#define _XOPEN_SOURCE 700
#include <assert.h>
#include <signal.h>
#include <stdbool.h> /* false */
#include <stdio.h> /* perror */
#include <stdlib.h> /* EXIT_SUCCESS, EXIT_FAILURE */
#include <sys/wait.h> /* wait, sleep */
#include <unistd.h> /* fork, write */
void signal_handler(int sig) {
char s1[] = "SIGUSR1\n";
char s2[] = "SIGUSR2\n";
if (sig == SIGUSR1) {
write(STDOUT_FILENO, s1, sizeof(s1));
} else if (sig == SIGUSR2) {
write(STDOUT_FILENO, s2, sizeof(s2));
}
signal(sig, signal_handler);
}
int main() {
pid_t pid;
signal(SIGUSR1, signal_handler);
signal(SIGUSR2, signal_handler);
pid = fork();
if (pid == -1) {
perror("fork");
assert(false);
} else {
if (pid == 0) {
while (1);
exit(EXIT_SUCCESS);
}
while (1) {
kill(pid, SIGUSR1);
sleep(1);
kill(pid, SIGUSR2);
sleep(1);
}
}
return EXIT_SUCCESS;
}
Compile and run:
gcc -std=c99 signal_fork.c
./a.out
Outcome:
SIGUSR1
SIGUSR2
SIGUSR1
SIGUSR2
....
But beware that there are many complexities when dealing with signals:
only certain functions can be called from signal handlers: Why only async-signal-safe functions can be called from signal handlers safely?
different functions have different behaviors when interrupted by signals: man 7 signal, SA_RESTART
global variables can only be accessed from the signal handler if they have type sig_atomic_t: How does sig_atomic_t actually work?
Tested in Ubuntu 17.10, GitHub upstream.