libc cleanup
This commit is contained in:
parent
2bc387b2cf
commit
0e433c11a2
54
main.c
54
main.c
|
|
@ -11,10 +11,8 @@
|
|||
|
||||
#define SYSCT_FBSD 588
|
||||
|
||||
extern void trap(gregset_t);
|
||||
extern void cat(int fd, long sz);
|
||||
extern uint32_t trapsz;
|
||||
extern uint8_t sel;
|
||||
uint8_t sel = SYSCALL_DISPATCH_FILTER_ALLOW;
|
||||
|
||||
uint16_t scmap[SYSCT_FBSD] = {
|
||||
-1, // SYS_syscall needs args shifted
|
||||
|
|
@ -30,11 +28,31 @@ uint16_t scmap[SYSCT_FBSD] = {
|
|||
SYS_unlink,
|
||||
-1, // [obsolete] execv
|
||||
SYS_chdir,
|
||||
SYS_fchdir
|
||||
SYS_fchdir,
|
||||
-1, // [freebsd11] mknod
|
||||
SYS_chmod,
|
||||
SYS_chown,
|
||||
-1, // break (no manual)
|
||||
-1, // [freebsd4] getfsstat
|
||||
-1, // [old] lseek
|
||||
SYS_getpid,
|
||||
};
|
||||
|
||||
void ftrp(int n, siginfo_t* s, ucontext_t* c) {
|
||||
// TODO also create trampoline for freebsd native signals
|
||||
void systrap(int n, siginfo_t* s, ucontext_t* c) {
|
||||
sel = SYSCALL_DISPATCH_FILTER_ALLOW;
|
||||
if(s->si_code != /* SYS_USER_DISPATCH - value from <asm-generic/siginfo.h> */ 2) {
|
||||
// TODO chain old syscall handler
|
||||
} else if(s->si_syscall > SYSCT_FBSD-1) {
|
||||
// TODO fail - check how freebsd does this, esp. with nosys entries
|
||||
} else if(scmap[s->si_syscall] == -1) {
|
||||
switch(s->si_syscall) {
|
||||
default:
|
||||
abort();
|
||||
break;
|
||||
}
|
||||
}
|
||||
// TODO find max arg ct. and check stack if needed
|
||||
c->uc_mcontext.gregs[13] = syscall(
|
||||
scmap[s->si_syscall],
|
||||
c->uc_mcontext.gregs[8],
|
||||
|
|
@ -42,9 +60,7 @@ void ftrp(int n, siginfo_t* s, ucontext_t* c) {
|
|||
c->uc_mcontext.gregs[12]
|
||||
);
|
||||
//for(int i = 0; i < 23; i++) printf("%i: %lX\n", i, c->uc_mcontext.gregs[i]);
|
||||
//printf("%u\n", s->si_arch);
|
||||
sel = SYSCALL_DISPATCH_FILTER_BLOCK;
|
||||
//trap(c->uc_mcontext.gregs);
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
|
|
@ -134,12 +150,12 @@ int main(int argc, char** argv) {
|
|||
struct sigaction a, oa;
|
||||
sigemptyset(&a.sa_mask);
|
||||
a.sa_flags = SA_SIGINFO;
|
||||
a.sa_sigaction = ftrp;
|
||||
sigaction(SIGSYS, &a, &oa);
|
||||
sel = SYSCALL_DISPATCH_FILTER_ALLOW;
|
||||
a.sa_sigaction = (void(*)(int, siginfo_t*, void*))systrap;
|
||||
|
||||
int nm;
|
||||
char** smaps = getmaps(&nm);
|
||||
|
||||
// TODO RW to only call stomap if strstr libc - saves memory and cycles
|
||||
map maps[nm-1];
|
||||
for(int i = 0; i < nm-1; i++) {
|
||||
stomap(smaps[i], maps + i);
|
||||
|
|
@ -160,29 +176,17 @@ int main(int argc, char** argv) {
|
|||
".X"[(maps[i].rwx >> 0) & 1]
|
||||
);
|
||||
*/
|
||||
if( (
|
||||
strstr(maps[i].name, "libc")
|
||||
//||strstr(maps[i].name, "ld-linux") ||
|
||||
//strstr(maps[i].name, "fl") ||
|
||||
//!strcmp(maps[i].name, "[vdso]") ||
|
||||
//!strcmp(maps[i].name, "[vsyscall]")
|
||||
) && (maps[i].rwx & 1)
|
||||
) {
|
||||
prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, maps[i].start, maps[i].len, &sel);
|
||||
// printf("enable sud bypass\n");
|
||||
}
|
||||
//printf("\n");
|
||||
if(strstr(maps[i].name, "libc") && (maps[i].rwx & 1)) prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, maps[i].start, maps[i].len, &sel);
|
||||
}
|
||||
for(int i = 0; i < nm; i++) free(smaps[i]);
|
||||
free(smaps);
|
||||
// END RW
|
||||
|
||||
if(argc < 2) return printf("no file provided\n");
|
||||
int fd = open(argv[1], O_RDONLY);
|
||||
struct stat s;
|
||||
fstat(fd, &s);
|
||||
//printf("start cat() with freebsd syscalls\n");
|
||||
//prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, trap, trapsz, &sel);
|
||||
//write(1, "fghgfgfg\n", 9);
|
||||
sigaction(SIGSYS, &a, &oa);
|
||||
sel = SYSCALL_DISPATCH_FILTER_BLOCK;
|
||||
cat(fd, s.st_size);
|
||||
}
|
||||
|
|
|
|||
66
th.s
66
th.s
|
|
@ -1,79 +1,13 @@
|
|||
bits 64
|
||||
default rel
|
||||
|
||||
global trap
|
||||
global trapsz
|
||||
global cat
|
||||
global sel
|
||||
|
||||
extern scmap
|
||||
|
||||
section .data
|
||||
sel: db 1
|
||||
trapsz: dd cat-trap;
|
||||
buf: db 0
|
||||
|
||||
section .text
|
||||
|
||||
trap:
|
||||
;mov rax, 60
|
||||
;syscall
|
||||
push r8
|
||||
push r9
|
||||
push r10
|
||||
push r11
|
||||
push r12
|
||||
push r13
|
||||
push r14
|
||||
push r15
|
||||
push rsi
|
||||
push rbp
|
||||
push rbx
|
||||
push rdx
|
||||
push rcx
|
||||
|
||||
mov r8, [rdi]
|
||||
mov r9, [rdi+8]
|
||||
mov r10, [rdi+16]
|
||||
mov r11, [rdi+24]
|
||||
mov r12, [rdi+32]
|
||||
mov r13, [rdi+40]
|
||||
mov r14, [rdi+48]
|
||||
mov r15, [rdi+56]
|
||||
mov rsi, [rdi+72]
|
||||
mov rbp, [rdi+80]
|
||||
mov rbx, [rdi+88]
|
||||
mov rdx, [rdi+96]
|
||||
mov rax, [rdi+104]
|
||||
mov rcx, [rdi+112]
|
||||
|
||||
mov rdi, [rdi+64]
|
||||
syscall
|
||||
|
||||
pop rcx
|
||||
pop rdx
|
||||
pop rbx
|
||||
pop rbp
|
||||
pop rsi
|
||||
pop r15
|
||||
pop r14
|
||||
pop r13
|
||||
pop r12
|
||||
pop r11
|
||||
pop r10
|
||||
pop r9
|
||||
pop r8
|
||||
ret
|
||||
|
||||
|
||||
|
||||
push rbx
|
||||
;mov ax, word [rel scmap + 2*eax]
|
||||
lea rbx, [scmap]
|
||||
lea rax, [rbx + 2*rax]
|
||||
movzx eax, ax
|
||||
pop rbx
|
||||
ret
|
||||
cat:
|
||||
push r12
|
||||
push rbx
|
||||
|
|
|
|||
Loading…
Reference in New Issue