Ejemplo n.º 1
0
/**
 * @brief Allocate non contiguous kernel memory on Linux\n
 * Configure :\n
 * LIBKERNSH_CONFIG_NIL_SYSCALL
 * @param size Allocate size bytes
 * @param addr Address of the new allocation
 * @return 0 on success, -1 on return
 */
int		kernsh_alloc_noncontiguous_linux(size_t size, eresi_Addr *addr)
{
  int		ret;
  char		buf[sizeof(VMALLOC)];
  eresi_Addr	kaddr;
  eresi_Addr	nil_syscall;
  libkernshvma_t vmalloc;
  unsigned int	arg[1];

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

  /* Get vmalloc's addr */
  ret = kernsh_get_addr_by_name("vmalloc", &kaddr, strlen("vmalloc"));
  if (ret)
    PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
		 "Unable to find symbol vmalloc", -1);

  /* XXX: Not 64 bits compatible ? */
  vmalloc.kexec = (void *) kaddr;
  vmalloc.size  = size;
  vmalloc.mem   = 0;
  arg[0]        = (unsigned int) &vmalloc;

  /* Save the first byte */
  elfsh_readmema(libkernshworld.root, libkernshworld.kernel_start, &buf, sizeof(buf));

  /* Write vmalloc's opcodes */
  elfsh_writemem(libkernshworld.root, libkernshworld.kernel_start, VMALLOC, sizeof(VMALLOC));
  
  /* Get the nil syscall */
  elfsh_readmema(libkernshworld.root, libkernshworld.sct +
		 sizeof(eresi_Addr) * (int) config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL),
		 &nil_syscall, sizeof(eresi_Addr));

  /* Write the new addr */
  elfsh_writemem(libkernshworld.root, libkernshworld.sct + 
		 sizeof(eresi_Addr) * (int) config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL),
		 &libkernshworld.kernel_start, sizeof(eresi_Addr));
  
  /* Exec nil syscall which is now vmlloc */
  kernsh_syscall((int)config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL), 1, arg);
  *addr = vmalloc.mem;

  /* Restore nil syscall */
  elfsh_writemem(libkernshworld.root, libkernshworld.sct + 
		 sizeof(eresi_Addr) * (int) config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL),
		 &nil_syscall, sizeof(eresi_Addr));

  /* Restore save bytes */
  elfsh_writemem(libkernshworld.root, libkernshworld.kernel_start, &buf, sizeof(buf));
  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);
}
Ejemplo n.º 2
0
/**
 * @brief Free non contiguous kernel memory on Linux\n
 * Configure :\n
 * LIBKERNSH_CONFIG_NIL_SYSCALL
 * @param addr Address of the allocation
 * @return 0 on success, -1 on return
 */
int			kernsh_free_noncontiguous_linux(eresi_Addr addr)
{
  int			ret;
  char			buf[sizeof(VFREE)];
  eresi_Addr		kaddr;
  eresi_Addr		nil_syscall;
  libkernshvfr_t	vfree;
  unsigned int		arg[1];

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

  /* Get vfree's addr */
  ret = kernsh_get_addr_by_name("vfree", &kaddr, strlen("vfree"));
  if (ret)
    PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
		 "Unable to find symbol vfree", -1);

  /* XXX: not 64 bits compatible ? */
  vfree.kexec   = (void *) kaddr;
  vfree.address = (void *) addr;
  arg[0]        = (unsigned int) &vfree;
  
  /* Save the first byte */
  elfsh_readmema(libkernshworld.root, libkernshworld.kernel_start, &buf, sizeof(buf));

  /* Write vfree's opcodes */
  elfsh_writemem(libkernshworld.root, libkernshworld.kernel_start, VFREE, sizeof(VFREE));

  /* Get the nil syscall */
  elfsh_readmema(libkernshworld.root, libkernshworld.sct + 
		 sizeof(eresi_Addr) * (int) config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL),
		 &nil_syscall, sizeof(eresi_Addr));

  /* Write the new addr */
  elfsh_writemem(libkernshworld.root, libkernshworld.sct + 
		 sizeof(eresi_Addr) * (int) config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL),
		 &libkernshworld.kernel_start,
		 sizeof(eresi_Addr));
  
  /* Exec nil syscall which is now vfree */
  kernsh_syscall((int)config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL), 1, arg);

  /* Restore nil syscall */
  elfsh_writemem(libkernshworld.root, libkernshworld.sct + 
		 sizeof(eresi_Addr) * (int) config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL),
		 &nil_syscall, sizeof(eresi_Addr));

  /* Restore save bytes */
  elfsh_writemem(libkernshworld.root, libkernshworld.kernel_start, &buf, sizeof(buf));
  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);  
}
Ejemplo n.º 3
0
/**
 * @brief OUTPUT handler for stdout
 * @ingroup io
 */
int		revm_output(char *str)
{
    char		*tmp;
    char		c;
    int		ret;

    PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

    revm_log(str);

    /* No -- more -- output breaks in non-interactive, non embedded, remote modes */
    if ((world.state.revm_mode != REVM_STATE_INTERACTIVE &&
            world.state.revm_mode != REVM_STATE_EMBEDDED)
            || world.curjob->ws.io.type == REVM_IO_DUMP
            || !world.curjob->ws.io.outcache.lines
            || world.curjob->curscope
            || !(int)config_get_data(REVM_CONFIG_USEMORE))
        PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__,
                      (world.curjob->ws.io.output(str)));

    /* Discard outputs */
    if (world.curjob->ws.io.outcache.ignore)
        PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, -1);

    /* Counts lines */
    tmp = strchr(str, '\n');
    while (tmp)
    {
        world.curjob->ws.io.outcache.nblines--;
        if (*tmp == '\0')
            break;
        tmp ++;
        tmp = strchr(tmp, '\n');
    }

    /* Do the output */
    ret = world.curjob->ws.io.output(str);

    /* Is there any lines remaining ? */
    if (world.curjob->ws.io.outcache.nblines < 0)
    {
        revm_flush();
        tmp = "-- press enter for more ('q/n' to quit / next) --\n";
        world.curjob->ws.io.output(tmp);

        /* We decided to discard further output (until next revm_flush) */
        if ((read(world.curjob->ws.io.input_fd, &c, 1) == 1) && (c == 'q' || c == 'n'))
        {
            if (c == 'q')
                world.curjob->ws.io.outcache.ignore = 1;
            world.curjob->ws.io.output("\n");
            revm_log("\n");
            PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__,
                          (c == 'q' ? -1 : -2));
        }
    }

    PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__,  ret);
}
Ejemplo n.º 4
0
/**
 * @brief Free contiguous/non contiguous kernel memory\n
 * Configure :\n
 * LIBKERNSH_CONFIG_ALLOC
 * @param addr Address of the allocation
 * @return 0 on success, -1 on return
 */
int		kernsh_free(eresi_Addr addr)
{
  int		mode, ret;

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
  mode = (int) config_get_data(LIBKERNSH_CONFIG_ALLOC);
  if (mode == 0)
    ret = kernsh_free_contiguous(addr);
  else
    ret = kernsh_free_noncontiguous(addr);
  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, ret);
}
Ejemplo n.º 5
0
int	asm_read_instr(asm_instr *instr, u_char *buf, 
		       u_int len, asm_processor *proc) 
{
  int	to_ret;
  
  LIBASM_PROFILE_FIN();
  memset(instr, 0, sizeof (asm_instr));
  instr->proc = proc;
  to_ret = proc->fetch(instr, buf, len, proc);
  instr->name = instr->proc->instr_table[instr->instr];
  
  /* Print debug information if requested */
  if ((int) config_get_data(CONFIG_USE_ASMDEBUG))
    asm_instruction_debug(instr, stdout);
  
  LIBASM_PROFILE_FOUT(to_ret);
}
Ejemplo n.º 6
0
/**
 * @brief Allocate contiguous/non contiguous kernel memory\n
 * Configure :\n
 * LIBKERNSH_CONFIG_ALLOC
 * @param size Allocate size bytes
 * @param addr Address of the new allocation
 * @return 0 on success, -1 on return
 */
eresi_Addr	kernsh_alloc(elfshobj_t *file, size_t size, int prot)
{
  int		mode;
  int		ret;
  eresi_Addr	raddr;

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

  mode = (int) config_get_data(LIBKERNSH_CONFIG_ALLOC);
  if (mode == 0)
    ret = kernsh_alloc_contiguous(size, &raddr);
  else
    ret = kernsh_alloc_noncontiguous(size, &raddr);
  
  if (ret < 0)
    PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
		 "Failed to allocate kernel memory", ELFSH_INVALID_ADDR);  

  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, raddr);
}
Ejemplo n.º 7
0
/**
 * @brief Indicate safemode state
 * @return Current safemode state
 */
int	config_safemode()
{
  return (int) config_get_data(CONFIG_NAME_SAFEMODE);
}
Ejemplo n.º 8
0
/* Check a hash */
int		cmd_kmem_chash()
{
  int	i, ret, mode, stype, type, nsize, size, off, origmode, val;
  char  buff[BUFSIZ], buff2[256];
  char	*param, *str;
  unsigned long addr;
  revmexpr_t *expr;
  revmobj_t *obj;

  unsigned char origbuffer[BUFSIZ];
  char	buffhash[BUFSIZ];
  unsigned char *hashbuffer;
  char *tmp;

  FILE *fd;

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
  
  val = 0;
  memset(buff, '\0', sizeof(buff));
  memset(buff2, '\0', sizeof(buff2));

  param = world.curjob->curcmd->param[0];

  stype = (int)config_get_data(LIBKERNSH_CONFIG_HASH);

  if (param != NULL)
    {
      expr = revm_lookup_param(param, 1);
      obj = expr->value;

      if (obj->otype->type == ASPECT_TYPE_STR)
	{
	  str = (obj->immed ? obj->immed_val.str : 
		 obj->get_name(obj->root, obj->parent));
	  
	  memcpy(buff2, str, sizeof(buff2));
	  param = buff2;
	}

      /* We must get hash in a file ? */
      if (!strstr(param, ":"))
	{
	  fd = fopen(param, "r");
	  if (fd == NULL)
	    {
	      PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
			   "Unable to open file",
			   -1);
	    }

	  while(fgets(buff, sizeof(buff), fd) != NULL)
	    {
	      buff[strlen(buff) - 1] = '\0';
	      
	      if (buff[0] == '#')
		continue;

	      if (extract_info(buff, 
			       &addr, 
			       &mode,
			       &type,
			       &size, 
			       &off, 
			       origbuffer, 
			       sizeof(origbuffer)))
		{
		  
		  PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
			       "Bad format", -1);
		}
	      /* Switch to the mode where the hash has been done */
	      origmode = elfsh_get_mode();
	      elfsh_set_mode(mode);

	      config_update_key(LIBKERNSH_CONFIG_HASH, (void *)type);
	      hashbuffer = kernsh_hash(addr+off, size, &nsize);	      
	      	      
	      elfsh_set_mode(origmode);

	      i = 0;
	      tmp = buffhash;
	      while((i < sizeof(buffhash)) && (hashbuffer[i] != '\0'))
		{
		  sprintf(tmp, "%02x", hashbuffer[i]);
		  i++;
		  tmp += 2;
		}

	      memset(buff, '\0', sizeof(buff));
	      
	      if (!strncmp((const char *)origbuffer, 
			   (const char *)buffhash, 
			   sizeof(origbuffer)))
		{
		  snprintf(buff, sizeof(buff),
			   "%s @ %s with size = %s and offset = %s\n",
			   revm_colorstr("HASH MATCH @ !"),
			   revm_coloraddress(XFMT, (eresi_Addr) addr),
			   revm_colornumber("%u", size),
			   revm_colornumber("%u", off));
		  revm_output(buff);
		  revm_endline();
		}
	      else
		{
		  snprintf(buff, sizeof(buff),
			   "%s @ %s with size = %s and offset = %s\n %s != %s\n",
			   revm_colorstr("HASH MISMATCH @ !"),
			   revm_coloraddress(XFMT, (eresi_Addr) addr),
			   revm_colornumber("%u", size),
			   revm_colornumber("%u", off),
			   revm_colorstr((char *)origbuffer),
			   revm_colorstr((char *)buffhash));
		  revm_output(buff);
		  revm_endline();
		  val++;
		}
	    }

	  fclose(fd);
	}
      else
	{
	  if (extract_info(param, 
			   &addr, 
			   &mode,
			   &type,
			   &size, 
			   &off, 
			   origbuffer, 
			   sizeof(origbuffer)))
	  {
	    
	    PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
			 "Bad format", -1);
	  }

	  origmode = elfsh_get_mode();
	  elfsh_set_mode(mode);
	  config_update_key(LIBKERNSH_CONFIG_HASH, (void *)type);
	  hashbuffer = kernsh_hash(addr+off, size, &nsize);

	  elfsh_set_mode(origmode);
	  i = 0;
	  tmp = buffhash;
	  while((i < sizeof(buffhash)) && (hashbuffer[i] != '\0'))
	    {
	      sprintf(tmp, "%02x", hashbuffer[i]);
	      i++;
	      tmp += 2;
	    }

	  if (hashbuffer == NULL)
	    {
	      PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
			   "Unable to make hash", -1);
	    }

	  memset(buff, '\0', sizeof(buff));

	  if (!strncmp((const char *)origbuffer, 
		       (const char *)buffhash, 
		       sizeof(origbuffer)))
	    {
	      snprintf(buff, sizeof(buff),
		       "%s @ %s with size = %s and offset = %s\n\n",
		       revm_colorstr("HASH MATCH @ !"),
		       revm_coloraddress(XFMT, (eresi_Addr) addr),
		       revm_colornumber("%u", size),
		       revm_colornumber("%u", off));
	      revm_output(buff);
	    }
	  else
	    {
	      snprintf(buff, sizeof(buff),
		       "%s @ %s with size = %s and offset = %s\n %s != %s\n\n",
		       revm_colorstr("HASH MISMATCH @ !"),
		       revm_coloraddress(XFMT, (eresi_Addr) addr),
		       revm_colornumber("%u", size),
		       revm_colornumber("%u", off),
		       revm_colorstr((char *)origbuffer),
		       revm_colorstr((char *)buffhash));
	      revm_output(buff);
	      val++;
	    }
	}
    }

  config_update_key(LIBKERNSH_CONFIG_HASH, (void *)stype);

  revm_setvar_int(REVM_VAR_RESULT, val);  

  revm_endline();
  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, ret);
}
Ejemplo n.º 9
0
/* Make hash ! */
int		cmd_kmem_hash()
{
  int		i, fd, len, new_size;
  revmlist_t    *actual, *second;
  char          buff[BUFSIZ];
  char		buffhash[BUFSIZ];
  eresi_Addr    vaddr;
  unsigned char *hashbuffer;
  char		*tmp;

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

  memset(buff, '\0', sizeof(buff));
  memset(buffhash, '\0', sizeof(buffhash));

  vaddr = -1;  
  actual = world.curjob->curcmd->disasm + 0;
  second = world.curjob->curcmd->disasm + 1;

  if (actual->rname)
    {
      kernsh_addrlen(actual, &vaddr, &len);

      hashbuffer = kernsh_hash(vaddr+actual->off, len, &new_size);

      if (hashbuffer == NULL)
	{
	  PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, 
		       "Unable to make hash", -1);
	}

      i = 0;
      tmp = buffhash;
      while(hashbuffer[i] != '\0')
	{
	  sprintf(tmp, "%02x", hashbuffer[i]);
	  i++;
	  tmp += 2;
	}

      snprintf(buff, sizeof(buff), 
	       "MD5 @ %s : \n\t%s\n\n",
	       revm_coloraddress(XFMT, (eresi_Addr) vaddr),
	       revm_colorstr((char *)buffhash));
      revm_output(buff);
      
      snprintf(buff, sizeof(buff),
	       "%s:%s:%s:%s:%s:%s\n\n",
	       revm_coloraddress(XFMT, (eresi_Addr) vaddr),
	       revm_colornumber("%u", libkernshworld.mem),
	       revm_colornumber("%u", (int)config_get_data(LIBKERNSH_CONFIG_HASH)),
	       revm_colornumber("%u", new_size),
	       revm_colornumber("%u", actual->off),
	       revm_colorstr((char *)buffhash));
      revm_output(buff);

      snprintf(buff, sizeof(buff),
		   "0x%lx:%d:%d:%d:%d:%s\n",
		   (unsigned long) vaddr,
		   libkernshworld.mem,
	       (int)config_get_data(LIBKERNSH_CONFIG_HASH),
		   new_size,
		   actual->off,
		   buffhash);


      revm_setvar_str(REVM_VAR_RESULT, (char *)buffhash);

      export_var((char *)buffhash, 0, 0, buff, 2);

      if (second != NULL && second->rname != NULL)
	{
	  XOPEN(fd, second->rname, O_CREAT|O_APPEND|O_RDWR, 0777, -1);
	  
	  memset(buff, '\0', sizeof(buff));
	  snprintf(buff, sizeof(buff),
		   "0x%lx:%d:%d:%d:%d:%s\n",
		   (unsigned long) vaddr,
		   libkernshworld.mem,
		   (int)config_get_data(LIBKERNSH_CONFIG_HASH),
		   new_size,
		   actual->off,
		   buffhash);
	  XWRITE(fd, buff, strlen(buff), -1);
	  XCLOSE(fd, -1);
	}
    }

  XFREE(__FILE__, __FUNCTION__, __LINE__, hashbuffer);

  revm_endline();
  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);
}
Ejemplo n.º 10
0
/**
 * get the synthetic instruction enabled flag
 */
int asm_config_get_synthinstr()
{
  return (int) config_get_data(CONFIG_ASM_SYNTHINSTRS);
}
Ejemplo n.º 11
0
/**
 * get the endian flag
 */
int asm_config_get_endian()
{
  return (int) config_get_data(CONFIG_ASM_ENDIAN_FLAG);
}
Ejemplo n.º 12
0
int		cmd_kmem_info()
{
  char		buff[BUFSIZ];
  char		*data;
  int		val;

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

  data = (char *)config_get_data(LIBKERNSH_CONFIG_DEVICE);
  snprintf(buff, sizeof(buff), 
	   "DEVICE : %s\n",
	   data);
  revm_output(buff);

  data = (char *)config_get_data(LIBKERNSH_CONFIG_MODE);
  snprintf(buff, sizeof(buff), 
	   "FLAGS : %s\n",
	   data);
  revm_output(buff);

  switch(libkernshworld.mem)
    {
    case LIBKERNSH_MEM_MODE :
      snprintf(buff, sizeof(buff), 
	       "MODE : DYNAMIC\n");
      break;
    case LIBKERNSH_STATIC_MODE :
      snprintf(buff, sizeof(buff), 
	       "MODE : STATIC\n");
      break;
    }
  revm_output(buff);

  data = (char *)config_get_data(LIBKERNSH_CONFIG_SYSTEMMAP);
  snprintf(buff, sizeof(buff), 
	   "SYSTEMMAP : %s\n",
	   data);
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_MMAP);
  switch (val)
    {
    case 0 :
      snprintf(buff, sizeof(buff), 
	       "MMAP : OFF\n");
      break;
    case 1 :
      snprintf(buff, sizeof(buff), 
	       "MMAP : ON\n");
      break;
    }
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_MMAP_SIZE);
  snprintf(buff, sizeof(buff), 
	   "MMAP_SIZE : 0x%lx\n",
	   (unsigned long)val);
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_KERNEL_START);
  snprintf(buff, sizeof(buff), 
	   "KERNEL_START : 0x%lx\n",
	   (unsigned long)val);
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_KERNEL_END);
  snprintf(buff, sizeof(buff), 
	   "KERNEL_END : 0x%lx\n",
	   (unsigned long)val);
  revm_output(buff);

  data = (char *)config_get_data(LIBKERNSH_CONFIG_KERNEL);
  snprintf(buff, sizeof(buff), 
	   "KERNEL : %s\n",
	   data);
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_USE_KERNEL);
  switch (val)
    {
    case 0 :
      snprintf(buff, sizeof(buff), 
	       "USE_KERNEL : OFF\n");
      break;
    case 1 :
      snprintf(buff, sizeof(buff), 
	       "USE_KERNEL : ON\n");
      break;
    }
  revm_output(buff);

  
  val = (int)config_get_data(LIBKERNSH_CONFIG_ALLOC);
  switch (val)
    {
    case 0 :
      snprintf(buff, sizeof(buff), 
	       "ALLOC : CONTIGUOUS\n");
      break;
    case 1 :
      snprintf(buff, sizeof(buff), 
	       "ALLOC : NO CONTIGUOUS\n");
      break;
    }
  revm_output(buff);
  
  val = (int)config_get_data(LIBKERNSH_CONFIG_NB_SYSCALLS);
  snprintf(buff, sizeof(buff), 
	   "NB_SYSCALLS : %d\n",
	   val);
  revm_output(buff);
  
  val = (int)config_get_data(LIBKERNSH_CONFIG_NIL_SYSCALL);
  snprintf(buff, sizeof(buff), 
	   "NIL_SYSCALL : %d\n",
	   val);
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_USEVM);
  switch (val)
    {
    case 0 :
      snprintf(buff, sizeof(buff), 
	       "USE_VM : OFF\n");
      break;
    case 1 :
      snprintf(buff, sizeof(buff), 
	       "USE_VM : ON\n");
      break;
    }
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_VIRTM);
  switch (val)
    {
    case LIBKERNSH_KERNEL_MODE:
      snprintf(buff, sizeof(buff), 
	       "VIRTM : PROC\n");
      break;
    case LIBKERNSH_USER_MODE :
      snprintf(buff, sizeof(buff), 
	       "VIRTM : SYSCALL\n");
      break;
    }
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_VIRTM_NIL_SYSCALL);
  snprintf(buff, sizeof(buff), 
	   "VIRTM_NIL_SYSCALL : %d\n",
	   val);
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_HASH);
  switch (val)
    {
    case LIBKERNSH_HASH_MD5:
      snprintf(buff, sizeof(buff), 
	       "HASH : MD5\n");
      break;
    case LIBKERNSH_HASH_SHA1 :
      snprintf(buff, sizeof(buff), 
	       "HASH : SHA1\n");
      break;
    }
  revm_output(buff);

  val = (int)config_get_data(LIBKERNSH_CONFIG_VMA);
  switch (val)
    {
    case LIBKERNSH_VMA_USERLAND:
      snprintf(buff, sizeof(buff), 
	       "VMA : USERLAND\n");
      break;
    case LIBKERNSH_VMA_KERNELLAND :
      snprintf(buff, sizeof(buff), 
	       "VMA : KERNELLAND\n");
      break;
    }
  revm_output(buff);

  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);
}
Ejemplo n.º 13
0
/**
 * @brief Extract and gunzip the linux kernel\n
 * Configure :\n
 * LIBKERNSH_CONFIG_KERNEL, LIBKERNSH_CONFIG_STORAGE_PATH, LIBKERNSH_CONFIG_KERNELGZ, LIBKERNSH_CONFIG_KERNELELF, LIBKERNSH_CONFIG_OBJCOPY, LIBKERNSH_CONFIG_GZIP
 * @return 0 on success, -1 on error 
 */
int kernsh_decompkernel_linux()
{
  char magic[] = { 0x1f, 0x8b, 0x08 };
  char buf[256];
  char bufgz[256];
  char bufelf[256];
  char decomp[256];
  struct stat st;
  int fd, fz;
  int size;
  char *begin, *zone;

  PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);

#if __DEBUG_KERNSH__
  printf("DECOMP KERNEL LINUX\n");
#endif

        
  XOPEN(fd, 
	(char *) config_get_data(LIBKERNSH_CONFIG_KERNEL), 
	O_RDONLY, 
	0, 
	-1);

#if __DEBUG_KERNSH__
  printf("OPEN KERNEL @ %s\n", (char *) config_get_data(LIBKERNSH_CONFIG_KERNEL));
#endif

  if(fstat(fd, &st) == -1)
    {
      PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "fd error", -1);
    }
  
#if defined(__linux__)  
  XMMAP(zone, NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0, -1);
#endif

#if __DEBUG_KERNSH__
  printf("MMAP size %d @ 0x%lx\n", (int)st.st_size, (unsigned long) zone);
#endif

  begin = kernsh_find_pattern(zone, st.st_size, magic, 3);

#if __DEBUG_KERNSH__
  printf("FIND MAGIC GZIP PATTERN @ 0x%lx\n", (unsigned long) begin);
#endif

  size = st.st_size - ((int)begin - (int)zone);   

  memset(buf, '\0', sizeof(buf));
  snprintf(buf, sizeof(buf), "%s%s", 
	   (char *) config_get_data(LIBKERNSH_CONFIG_STORAGE_PATH),
	   (char *) config_get_data(LIBKERNSH_CONFIG_KERNELGZ));

  XOPEN(fz, buf, O_CREAT|O_RDWR, 0777, -1);

#if __DEBUG_KERNSH__
  printf("OPEN GZ KERNEL @ %s\n", buf);
#endif

  XWRITE(fz, begin, size, -1);
  XCLOSE(fz, -1);

#if defined(__linux__)  
  XMUNMAP(zone, st.st_size, -1);
#endif

  XCLOSE(fd, -1);
  
  memset(decomp, '\0', sizeof(decomp));
  snprintf(decomp, sizeof(decomp), "%s -d -f %s%s", 
	   (char *) config_get_data(LIBKERNSH_CONFIG_GZIP), 
	   (char *) config_get_data(LIBKERNSH_CONFIG_STORAGE_PATH),
	   (char *) config_get_data(LIBKERNSH_CONFIG_KERNELGZ));

#if __DEBUG_KERNSH__
  printf("DECOMP %s\n", decomp);
#endif

  system(decomp);

  memset(bufgz, '\0', sizeof(bufgz));
  snprintf(bufgz, sizeof(bufgz), "%s%s", 
	   (char *) config_get_data(LIBKERNSH_CONFIG_STORAGE_PATH),
	   (char *) config_get_data(LIBKERNSH_CONFIG_KERNELGZ));

  bufgz[strlen(bufgz) - 3] = '\0';


  memset(bufelf, '\0', sizeof(bufelf));
  snprintf(bufelf, sizeof(bufelf), "%s%s",
	   (char *) config_get_data(LIBKERNSH_CONFIG_STORAGE_PATH),
	   (char *) config_get_data(LIBKERNSH_CONFIG_KERNELELF));

  memset(buf, '\0', sizeof(buf));
  snprintf(buf, sizeof(buf) , "%s -B i386 -I binary -O elf32-i386 %s %s",
	 (char *) config_get_data(LIBKERNSH_CONFIG_OBJCOPY),
	 bufgz,
	 bufelf);

#if __DEBUG_KERNSH__
  printf("EXTRACT ELF FROM DATA @ %s%s\n", (char *) config_get_data(LIBKERNSH_CONFIG_STORAGE_PATH), (char *) config_get_data(LIBKERNSH_CONFIG_KERNELELF));
#endif

  system(buf);

  PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);
}