From b5045b3cecd8989c9ac80e2591d23bef31136e3d Mon Sep 17 00:00:00 2001
From: jD91mZM2 <me@krake.one>
Date: Thu, 15 Aug 2019 14:27:34 +0200
Subject: [PATCH] Add ptrace exit breakpoint

This will let you stop at process exit and inspect it right before the
process dies.
---
 src/main.rs | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index eb19619..a8a6c1d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -426,13 +426,26 @@ pub fn ptrace() -> Result<(), String> {
     let mut tracer = e(tracer.blocking())?;
 
     println!("Checking exit syscall...");
-    e(next(&mut tracer, Flags::STOP_PRE_SYSCALL | Flags::FLAG_IGNORE))?;
+    e(next(&mut tracer, Flags::STOP_PRE_SYSCALL | Flags::STOP_EXIT | Flags::FLAG_IGNORE))?;
     let regs = e(tracer.regs.get_int())?;
     assert_eq!(regs.rax, syscall::SYS_EXIT);
     assert_eq!(regs.rdi, 123);
-    assert_eq!(next(&mut tracer, Flags::STOP_POST_SYSCALL).unwrap_err().raw_os_error(), Some(syscall::ESRCH));
+
+    println!("Checking exit breakpoint...");
+    let event = e(tracer.next(Flags::STOP_POST_SYSCALL | Flags::STOP_EXIT))?;
+
+    assert_eq!(event.cause, Flags::STOP_EXIT);
+    match event.data {
+        EventData::StopExit(status) => {
+            assert!(syscall::wifexited(status));
+            assert_eq!(syscall::wexitstatus(status), 123);
+        },
+        ref e => return Err(format!("Wrong event type: {:?}", e))
+    }
 
     println!("Checking exit status (waitpid nohang)...");
+    assert_eq!(next(&mut tracer, Flags::STOP_POST_SYSCALL | Flags::STOP_EXIT).unwrap_err().raw_os_error(), Some(syscall::ESRCH));
+
     let mut status = 0;
     e(syscall::waitpid(pid, &mut status, syscall::WNOHANG))?;
     assert!(syscall::wifexited(status));