https://github.com/davidbuchanan314/tardis

Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace.
https://github.com/davidbuchanan314/tardis

hooking ptrace syscalls time

Last synced: 8 months ago
JSON representation

Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace.

• Host: GitHub
• URL: https://github.com/davidbuchanan314/tardis
• Owner: DavidBuchanan314
• License: mit
• Created: 2017-04-25T22:43:11.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2024-04-20T13:09:08.000Z (about 2 years ago)
• Last Synced: 2024-12-09T17:07:33.827Z (over 1 year ago)
• Topics: hooking, ptrace, syscalls, time
• Language: C
• Homepage:
• Size: 13.7 KB
• Stars: 158
• Watchers: 10
• Forks: 14
• Open Issues: 9
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# TARDIS

Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time.

This code is rather buggy, mainly due to my lack of understanding of the ptrace API.

You probably shouldn't use it for anything serious, although it could be useful for

testing/debugging certain applications.

## Things to try:

```

$ ./tardis 10000 10000 xclock

$ ./tardis 1 3 glxgears

$ ./tardis 1 -1 glxgears

$ ./tardis 10 10 firefox

$ ./tardis 10 10 /bin/sh

```

![xclock demo](https://i.imgur.com/UnFYuLs.gif)

## Notes:

- Currently only x86_64 Linux is supported. It should be possible to port to i386 with fairly minimal effort.

- I used `PTRACE_SEIZE`, which only exists since kernel version 3.4.

- `novdso.so` is preloaded to prevent libc from using vDSO - otherwise `ptrace(PTRACE_SYSCALL, ...)`

wouldn't work for those syscalls (Take a look at `man vdso` for more information). You might need to

modify the `LD_PRELOAD` value to be an absolute path for some programs/environments, I only made it

relative for simplicity.

- Certain simple programs, like `glxgears`, don't mind being run with time flowing in reverse! Most programs don't however, and of course there's no way to have a negative delay.

- There are many more syscalls that I still need to handle.

Currently handled syscalls:

- `nanosleep`

- `clock_nanosleep`

- `select`

- `poll`

- `gettimeofday`

- `clock_gettime`

- `time`