Reliably Kill Target Application from External Process (Windows)

[eric.he...@trailofbits.com]

Hi all,

I've got a long-running target application that I'd like to instrument in DynamoRIO. I'd like to be able to kill this target application if it's taking too long to finish. Currently, I'm running drrun from a Python script using subprocess.run with the timeout parameter set, but when the timeout fires, Python kills drrun.exe, leaving the target application still running.

So far I've come up with three ways of solving this problem - 

1) Make the client print the PID of the target application as soon as it starts, then ingest that in Python and use os.kill to terminate it. 

2) Register a nudge handler that calls dr_exit_process, then nudge the target application via drconfig when it's time to exit. This isn't ideal because I might have multiple instances of the target application running at the same time, although I could probably figure out some sort of a PID-based filter in the nudge handler.

3) Register the target application with drconfig, then invoke it from Python directly so that when the timeout fires in Python, it kills the target application instead of drrun. This is also not ideal because I have multiple client libraries that I want to run the target application against, and I think I can only register one of them at a time.

Note that I can't use signals because I'm running on Windows. 

Is there a better way of making the target application exit when drrun.exe is killed? Any hidden gotchas to approach #1 that I'm missing? 

Thanks, 

Eric Hennenfent

[Derek Bruening]

drrun has a -pidfile option where it will print the child's pid to a specified path.

I'm not sure how python kills after the timeout on Windows: if it is a "soft kill" where the target can run some code (like SIGTERM on UNIX) perhaps a patch could be added to drrun.  There are complexities there: is drrun supposed to kill grandchildren via job control (which brings up transparency issues vs the app using job control); it won't work for a hard kill; etc.

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-users+unsubscribe@googlegroups.com.
To post to this group, send email to dynamorio-users@googlegroups.com.
Visit this group at https://groups.google.com/group/dynamorio-users.
For more options, visit https://groups.google.com/d/optout.

[Eric Hennenfent]

Python on Windows sends a hard kill by default, so hooking it isn't really an option. It's possible to write a custom timeout implementation that sends the CTRL+C or CTRL+BREAK events, but I ended up manually killing the target application via the PID rather than trying to build a solution into DynamoRIO. The pidfile option was very helpful!

Thanks,
Eric

On Mon, Jun 18, 2018 at 2:20 PM, 'Derek Bruening' via DynamoRIO Users <dynamor...@googlegroups.com> wrote:

drrun has a -pidfile option where it will print the child's pid to a specified path.

I'm not sure how python kills after the timeout on Windows: if it is a "soft kill" where the target can run some code (like SIGTERM on UNIX) perhaps a patch could be added to drrun.  There are complexities there: is drrun supposed to kill grandchildren via job control (which brings up transparency issues vs the app using job control); it won't work for a hard kill; etc.

On Mon, Jun 18, 2018 at 12:32 PM, <eric.hennenfent@trailofbits.com> wrote:

Hi all,

I've got a long-running target application that I'd like to instrument in DynamoRIO. I'd like to be able to kill this target application if it's taking too long to finish. Currently, I'm running drrun from a Python script using subprocess.run with the timeout parameter set, but when the timeout fires, Python kills drrun.exe, leaving the target application still running.

So far I've come up with three ways of solving this problem - 

1) Make the client print the PID of the target application as soon as it starts, then ingest that in Python and use os.kill to terminate it. 

2) Register a nudge handler that calls dr_exit_process, then nudge the target application via drconfig when it's time to exit. This isn't ideal because I might have multiple instances of the target application running at the same time, although I could probably figure out some sort of a PID-based filter in the nudge handler.

3) Register the target application with drconfig, then invoke it from Python directly so that when the timeout fires in Python, it kills the target application instead of drrun. This is also not ideal because I have multiple client libraries that I want to run the target application against, and I think I can only register one of them at a time.

Note that I can't use signals because I'm running on Windows. 

Is there a better way of making the target application exit when drrun.exe is killed? Any hidden gotchas to approach #1 that I'm missing? 

Thanks, 

Eric Hennenfent

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-users+unsubscribe@googlegroups.com.
To post to this group, send email to dynamorio-users@googlegroups.com.
Visit this group at https://groups.google.com/group/dynamorio-users.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "DynamoRIO Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dynamorio-users/hASYvzCDZ-w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dynamorio-users+unsubscribe@googlegroups.com.