We had a chance to talk with Daniel Araujo, creator of Proctal. His github project is the one that caught our interest and with this interview we would like to present it to you! Daniel had told us all about his amazing tool, how it works and how github community influence his project. Don't miss it!
[Hakin9 Magazine]: Hello Daniel! Thank you for agreeing to do the interview, we are honored! How have you been doing? Can you tell us something about yourself?
[Daniel Araujo]: Thank you, I’m grateful to have this opportunity as well. I’m a programmer and to me it’s a job and a hobby. I’ve learned to write programs on my own with a broad range of programming languages and on different environments; from defining pretty colors on a website to diving deep in some program’s disassembly. I have been working on a tool that allows me to tinker with programs on Linux and it has recently gotten some attention. It’s called Proctal.
[H9]: When I checked your github page, I immediately got interested in Proctal. Can you present it to our readers?
[DA]: Proctal is a command line tool with a C API that lets you hook into programs running on Linux. It lets you read and write different types of values in memory, force execution of instructions (even straight from an assembler language), watch for memory accesses, search for values conditionally, look for byte patterns and more.
The command line tool allows you to quickly come up with text commands to do those tasks. The C API makes it possible to write your own tools with code.
My favorite example is being able to force a program to print the text “Hello, world!” It’s an homage to a common introductory programming exercise that you’re probably familiar with.
[H9]: Why did you decide to create Proctal?
[DA]: I couldn’t find anything that would let me access values in the memory space of a program as easily as saying “print me the signed 32-bit integer at this address”, which makes it easy to process the output with other independent tools, naturally following the Unix philosophy.
I also wanted to be able to perform the same functionality with code so that I could build more specialized tools.
[H9]: I found a few features of Proctal that are in the “planned” section, which one is the most challenging?
[DA]: At the time I am writing this, there are actually two features that rely on the same functionality that I expect to be the most challenging to implement. It’s being able to freeze all threads of a program and watch for memory accesses on all threads by having Proctal hook into all threads of a program.
Proctal has only been hooking into the main thread—the one that C programmers associate with the main function—because that implementation was quick and simple to write and was all I needed.
I will have to make a lot of changes. I will need to make sure that I don’t make the API and the tool too complicated to use.
Without this, the watch feature will not be able to catch all memory accesses and the freeze feature will not actually freeze the whole program.
[H9]: How do you choose what to implement next?
[DA]: I work on Proctal during my free time whenever I feel like it. There’s no roadmap that must be strictly followed. When I feel that something is missing, I add it. When I find something that’s broken, I fix it. It’s sort of like an organic process. The code just keeps evolving over time.
[H9]: What about the feedback? Does it influence your software?
[DA]: I had the source code for Proctal available on GitHub but I was not expecting it to grow so much in popularity. Even getting 1 star was an accomplishment for me. I had not shared a link to it with anyone because I was changing things way too often for people to reasonably keep up with. Nevertheless, people found out about it and willingly shared. This showed me that, despite it not being complete, people already found it useful enough for what it could do. That has kept me motivated to continue working on releasing a stable version.
[H9]: Have you had any input from the community that helped you?
[DA]: I’ve had someone asking for help with some trouble they had running the example program. It was printing something about it failing to allocate memory, which I thought was odd because it doesn’t do any memory allocation. After reading the source code again, I realized it was not the program itself running out of memory but a function from the API that allocates memory in another program that was failing. It made me realize that the error message was misleading. So I fixed the message and added a note in the examples section that on Linux you will most likely need to have higher privileges (think about root) to perform those tasks.
I would have not noticed how confusing it was if this person had not taken the time to point it out. I appreciate that.
[H9]: Any plans for future? Are you planning to expand your repositories?
[DA]: Proctal is still in an experimental phase, which means that anything can change at any time. I haven’t even bothered to update the version number from 0.0.0. My goal is to release a stable version. That will involve finishing the features that are incomplete, making as many breaking changes as necessary and setting up a website to host documentation. I’m also planning on writing C bindings for other popular programming languages to be able to access the API.
I believe that a software project is as good as the quality of its documentation. The tool has a man page, every command has a help flag and the header file of the C API contains comments for every function and macro. What’s missing is a document that shows the whole picture; showing what can be achieved with Proctal and so on. It will be available online at proctal.io.
It could be interesting to see Proctal working on other operating systems and architectures. The code is structured in a way that makes this possible but I haven’t bothered with it because I only needed it to run on Linux on the x86-64 architecture.
[H9]: What do you want version 1.0 to look like?
[DA]: At that point, I want the tool to feel robust, be easy to use and perform efficiently. It won’t be about reaching a certain number of features. I want it to be a good tool that I can be proud of.
[H9]: Do you have any thoughts or experiences you would like to share with our audience? Any good advice?
[DA]: I have accepted that I won’t always get a decision right the first time. I had ideas for software projects where I ended up wasting too much time over engineering the code to the point I never got something usable out of it. Getting a prototype working quickly gives you a better idea of how you can structure the logic of your program. Proctal was built that way.
[H9]: Thank you!
Proctal provides a command line interface and a C library to manipulate the address space of a program on Linux. Currently only tested on x86-64 Linux. You can find it: https://github.com/daniel-araujo/proctal
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky