From 66c02b503ac283506eabfcb943b4247ee6efc7b5 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Fri, 29 Sep 2023 21:39:33 -0400
Subject: Handle PTRACE_EVENT_EXEC

Signed-off-by: Malfurious <m@lfurio.us>
---
 debugger.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/debugger.c b/debugger.c
index d016076..878ce21 100644
--- a/debugger.c
+++ b/debugger.c
@@ -343,6 +343,7 @@ int dbg_wait(struct thread *th, int recursion) {
 
     int stopped;
     struct thread *newth;
+    struct list *threads;
 
     unsigned long eventmsg;
     ptrace(PTRACE_GETEVENTMSG, th->id, NULL, &eventmsg);
@@ -369,6 +370,34 @@ int dbg_wait(struct thread *th, int recursion) {
 
                 return 1;
 
+            case SIGTRAP | (PTRACE_EVENT_EXEC << 8):
+                /* eventmsg contains the tid that actually did the execve */
+                threads = &th->proc->threads;
+                for (struct thread *t = threads->head; t != threads->end; t = t->next) {
+                    if (t->id == (pid_t)eventmsg && (pid_t)eventmsg != th->id) {
+                        t->id = -1;
+                        t->stopped = 1;
+                        t->signal = 0;
+                        t->cont = 0;
+                        t->status = "EXITED";
+                        break;
+                    }
+                }
+
+                th->stopped = 1;
+                th->signal = 0;
+                th->cont = 0;
+                th->status = "EXEC EVENT";
+                th->state = NULL;
+
+                if (!recursion) {
+                    stopped = interrupt_all_threads(th->proc);
+                    uninstall_breakpoints(th);
+                    capture_state(th, stopped);
+                }
+
+                return 1;
+
             case SIGTRAP | (PTRACE_EVENT_EXIT << 8):
                 th->stopped = 1;
                 th->signal = 0; /* eventmsg has exit code, but would inject sig */
-- 
cgit v1.2.3