from ctypes import *
import time
import os
cdll.LoadLibrary('libc.so.6')
libc = CDLL('libc.so.6')

PTRACE_TRACEME = 0
PTRACE_GETREGS = 12
PTRACE_SETREGS = 13
PTRACE_SYSCALL = 24

SYS_WRITE =  4
SYS_IOCTL = 54

class user_regs_struct(Structure):
    _fields_ = [
        ('ebx',c_ulong),
        ('ecx',c_ulong),
        ('edx',c_ulong),
        ('esi',c_ulong),
        ('edi',c_ulong),
        ('ebp',c_ulong),
        ('eax',c_ulong),
        ('xds',c_ulong),
        ('xes',c_ulong),
        ('xfs',c_ulong),
        ('xgs',c_ulong),
        ('orig_eax',c_ulong),
        ('eip',c_ulong),
        ('xcs',c_ulong),
        ('eflags',c_ulong),
        ('esp',c_ulong),
        ('xss',c_ulong),
        ]

child = os.fork()
if child == 0:
    libc.ptrace(PTRACE_TRACEME,0,None,None)
    os.execl('/bin/ls','ls')
else:
    while True:
        pid,status = os.wait()
        if status != 0:
            reg = pointer(user_regs_struct())
            libc.ptrace(PTRACE_GETREGS,pid,None,reg)
            if reg.contents.orig_eax == SYS_IOCTL:
                print 'IOCTL ebx,ecx = 0x%0x,0x%0x' % (reg.contents.ebx,reg.contents.ecx)
                # replace IOCTL with SYS_WRITE
                reg.contents.orig_eax = SYS_WRITE 
                libc.ptrace(PTRACE_SETREGS,pid,None,reg)
            libc.ptrace(PTRACE_SYSCALL,pid,None,None)
        else:
            os._exit(0)