Get thread activity from the OS

Rather than use a heuristic to figure out if a thread is active, query the OS to see if the thread is running. This should provide a more accurate view on what's actually happening. The tricky part here is matching the OS thread id to the python thread id, which we were already doing for the native code unwinding. This refactors to allow getting the native thread id even when not getting the native stack. #92
benfred · Jun 30, 2019 · 4c53c95 · 4c53c95
1 parent 288189d
commit 4c53c95
Show file tree

Hide file tree

Showing 9 changed files with 390 additions and 251 deletions.
diff --git a/remoteprocess/src/dylib.rs b/remoteprocess/src/dylib.rs
@@ -43,7 +43,7 @@ macro_rules! dlsym {
         static $name: self::dylib::Symbol<unsafe extern fn($($t),*) -> $ret> =
             self::dylib::Symbol {
                 name: concat!(stringify!($name), "\0"),
-                addr: ::std::sync::atomic::ATOMIC_USIZE_INIT,
+                addr: ::std::sync::atomic::AtomicUsize::new(0),
                 _marker: ::std::marker::PhantomData,
             };
     )*)

diff --git a/remoteprocess/src/linux/mod.rs b/remoteprocess/src/linux/mod.rs
@@ -4,7 +4,9 @@ pub mod libunwind;
 mod gimli_unwinder;
 #[cfg(unwind)]
 mod symbolication;
-use libc::{c_void, pid_t};
+use libc::pid_t;
+#[cfg(unwind)]
+use libc::c_void;
 
 use nix::{self, sys::wait, sys::ptrace, {sched::{setns, CloneFlags}}};
 use std::io::Read;
@@ -25,6 +27,7 @@ pub use self::libunwind::{LibUnwind};
 use read_process_memory::{CopyAddress};
 
 pub type Pid = pid_t;
+pub type Tid = pid_t;
 
 pub struct Process {
     pub pid: Pid,
@@ -106,7 +109,7 @@ impl super::ProcessMemory for Process {
 }
 
 impl Thread {
-    pub fn new(threadid: i32) -> Thread{
+    pub fn new(threadid: i32) -> Thread {
         Thread{tid: nix::unistd::Pid::from_raw(threadid)}
     }
 
@@ -128,8 +131,8 @@ impl Thread {
         }
     }
 
-    pub fn id(&self) -> Result<u64, Error> {
-        Ok(self.tid.as_raw() as u64)
+    pub fn id(&self) -> Result<Tid, Error> {
+        Ok(self.tid.as_raw())
     }
 
     pub fn active(&self) -> Result<bool, Error> {

diff --git a/remoteprocess/src/osx/mod.rs b/remoteprocess/src/osx/mod.rs
@@ -27,6 +27,7 @@ pub use self::unwinder::Unwinder;
 use libproc::libproc::proc_pid::{pidpath, pidinfo, PIDInfo, PidInfoFlavor};
 
 pub type Pid = pid_t;
+pub type Tid = u32;
 
 pub struct Process {
     pub pid: Pid,
@@ -35,7 +36,7 @@ pub struct Process {
 
 #[derive(Eq, PartialEq, Hash, Copy, Clone)]
 pub struct Thread {
-    pub tid: u32
+    pub tid: Tid
 }
 
 impl Process {
@@ -95,7 +96,15 @@ use self::mach_thread_bindings::{thread_info, thread_basic_info, thread_identifi
 
 
 impl Thread {
-    pub fn id(&self) -> Result<u64, Error> {
+    pub fn new(tid: Tid) -> Thread {
+        Thread{tid}
+    }
+
+    pub fn id(&self) -> Result<Tid, Error> {
+        Ok(self.tid)
+    }
+
+    pub fn thread_handle(&self) -> Result<u64, Error> {
         let thread_id = self.get_thread_identifier_info()?;
         Ok(thread_id.thread_handle)
     }

diff --git a/remoteprocess/src/windows/mod.rs b/remoteprocess/src/windows/mod.rs
@@ -1,4 +1,4 @@
-use winapi::um::processthreadsapi::{OpenProcess, GetThreadId, SuspendThread, ResumeThread};
+use winapi::um::processthreadsapi::{OpenProcess, OpenThread, GetThreadId, SuspendThread, ResumeThread};
 use winapi::um::winnt::{ACCESS_MASK, MAXIMUM_ALLOWED, PROCESS_QUERY_INFORMATION,
                         PROCESS_VM_READ, PROCESS_SUSPEND_RESUME, THREAD_QUERY_INFORMATION, THREAD_GET_CONTEXT,
                         WCHAR, HANDLE};
@@ -11,6 +11,8 @@ use winapi::shared::ntdef::{PVOID, NTSTATUS, USHORT, VOID, NULL};
 
 pub use read_process_memory::{Pid, ProcessHandle, CopyAddress};
 
+pub type Tid = Pid;
+
 use super::Error;
 
 mod unwinder;
@@ -119,6 +121,17 @@ pub struct Thread {
 }
 
 impl Thread {
+    pub fn new(tid: Tid) -> Result<Process, Error> {
+        // we can't just use try_into_prcess_handle here because we need some additional permissions
+        unsafe {
+            let thread = OpenThread(PROCESS_VM_READ | PROCESS_SUSPEND_RESUME | PROCESS_QUERY_INFORMATION
+                                     | THREAD_QUERY_INFORMATION | THREAD_GET_CONTEXT, FALSE, tid);
+            if thread == (0 as std::os::windows::io::RawHandle) {
+                return Err(Error::from(std::io::Error::last_os_error()));
+            }
+            Ok(Thread{thread})
+        }
+    }
     pub fn lock(&self) -> Result<ThreadLock, Error> {
         ThreadLock::new(self.thread)
     }

diff --git a/src/main.rs b/src/main.rs
@@ -63,7 +63,7 @@ fn print_traces(traces: &[StackTrace], show_idle: bool) {
         }
 
         if let Some(os_thread_id) = trace.os_thread_id {
-            println!("Thread {:#X}/{:#X} ({})", trace.thread_id,  os_thread_id, trace.status_str());
+            println!("Thread {:#X}/{} ({})", trace.thread_id,  os_thread_id, trace.status_str());
         } else {
             println!("Thread {:#X} ({})", trace.thread_id, trace.status_str());
         }
@@ -283,6 +283,8 @@ fn pyspy_main() -> Result<(), Error> {
 }
 
 fn main() {
+    env_logger::init();
+
     if let Err(err) = pyspy_main() {
         #[cfg(unix)]
         {