require 'metasm'
include Metasm

abort "need a pid" unless pr = OS.current.find_process(ARGV.shift)

dbg = pr.debugger

dbg.syscall ; dbg.wait_target

sockets = {}

100.times do
	if dbg.info =~ /syscall/
		case PTrace32::SYSCALLNR.index(dbg[:orig_eax])
		when /select/i
			rd = dbg[:ecx]
			wr = dbg[:edx]
			mask = 0
			mask |= dbg.resolve_expr(Indirection[rd, 4]) if rd != 0
			mask |= dbg.resolve_expr(Indirection[wr, 4]) if wr != 0
			32.times { |i|
				if mask & (1 << i) > 0 and not sockets[i]
					puts "   *** found new socket #{i} *** "
					sockets[i] = true
				end
			}
		when 'read'
			puts "read(#{dbg[:ebx]}, .., ..)"
		when 'write'
			puts "write(#{dbg[:ebx]}, #{dbg[dbg[:ecx], [dbg[:edx], 16].min].inspect}..., #{dbg[:edx]})"
		end
	end
	dbg.syscall ; dbg.wait_target 	# resume syscall
	dbg.syscall ; dbg.wait_target	# wait next
end