Keep list of threads inside Linux Target

[fabiim]

From #47 discussion it is my understanding that we need to keep a list of threads inside target that is continuously updated as threads come and go

To do this we need to:

• Update all ptrace calls to use PTRACE_O_TRACECLONE
• Listen on all waitpids calls inside the target code so that we register new/dead threads.

[fabiim]

Does that plan looks right @bjorn3 ?

[bjorn3]

Yes

[Stupremee]

I threw together a little sketch to play around with PTRACE_O_TRACECLONE.
I think this is almost exactly what we want in headcrab.

The important part in the snippet is the waitpid call

waitpid(None, None)?;

It uses None as the pid, which means that it actually uses -1 in the libc call, and the manpage says:

If pid is less than (pid_t)−1, status is requested for any child process whose process group ID is equal to the absolute value of pid.

Thus, it also gets the status for all child processes (threads) and can be used to track threads.

[bjorn3]

That will likely cause interference between multiple headcrab sessions. Does the parent thread itself get suspended too?

[Stupremee]

Does the parent thread itself get suspended too?

I don't think so unless waitpid returns a status for the parent.

[bjorn3]

PTRACE_O_TRACECLONE (since Linux 2.5.46)
    Stop the tracee at the next clone(2) and automatically start tracing the newly cloned process [...]
    [...]
    The PID of the new process can be retrieved with PTRACE_GETEVENTMSG.

I think it actually does get suspended.

[Stupremee]

Ah yes, you right. 😅