static int getentropy_fallback(void *buf, size_t len) { uint8_t results[SHA512_DIGEST_LENGTH]; int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; static int cnt; struct timespec ts; struct timeval tv; double loadavg[3]; struct rusage ru; sigset_t sigset; struct stat st; SHA512_CTX ctx; static pid_t lastpid; pid_t pid; size_t i, ii, m; char *p; pid = getpid(); if (lastpid == pid) { faster = 1; repeat = 2; } else { faster = 0; lastpid = pid; repeat = REPEAT; } for (i = 0; i < len; ) { int j; SHA512_Init(&ctx); for (j = 0; j < repeat; j++) { HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { cnt += (int)tv.tv_sec; cnt += (int)tv.tv_usec; } dl_iterate_phdr(getentropy_phdr, &ctx); for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); HX((pid = getpid()) == -1, pid); HX((pid = getsid(pid)) == -1, pid); HX((pid = getppid()) == -1, pid); HX((pid = getpgid(0)) == -1, pid); HX((e = getpriority(0, 0)) == -1, e); HX((getloadavg(loadavg, 3) == -1), loadavg); if (!faster) { ts.tv_sec = 0; ts.tv_nsec = 1; (void) nanosleep(&ts, NULL); } HX(sigpending(&sigset) == -1, sigset); HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; HD(p); /* an addr on stack */ p = (char *)&errno; HD(p); /* the addr of errno */ if (i == 0) { struct sockaddr_storage ss; struct statvfs stvfs; struct termios tios; socklen_t ssl; off_t off; /* * Prime-sized mappings encourage fragmentation; * thus exposing some address entropy. */ struct mm { size_t npg; void *p; } mm[] = { { 17, MAP_FAILED }, { 3, MAP_FAILED }, { 11, MAP_FAILED }, { 2, MAP_FAILED }, { 5, MAP_FAILED }, { 3, MAP_FAILED }, { 7, MAP_FAILED }, { 1, MAP_FAILED }, { 57, MAP_FAILED }, { 3, MAP_FAILED }, { 131, MAP_FAILED }, { 1, MAP_FAILED }, }; for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { HX(mm[m].p = mmap(NULL, mm[m].npg * pgs, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, (off_t)0), mm[m].p); if (mm[m].p != MAP_FAILED) { size_t mo; /* Touch some memory... */ p = mm[m].p; mo = cnt % (mm[m].npg * pgs - 1); p[mo] = 1; cnt += (int)((long)(mm[m].p) / pgs); } /* Check cnts and times... */ for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) { HX((e = clock_gettime(cl[ii], &ts)) == -1, ts); if (e != -1) cnt += (int)ts.tv_nsec; } HX((e = getrusage(RUSAGE_SELF, &ru)) == -1, ru); if (e != -1) { cnt += (int)ru.ru_utime.tv_sec; cnt += (int)ru.ru_utime.tv_usec; } } for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { if (mm[m].p != MAP_FAILED) munmap(mm[m].p, mm[m].npg * pgs); mm[m].p = MAP_FAILED; } HX(stat(".", &st) == -1, st); HX(statvfs(".", &stvfs) == -1, stvfs); HX(stat("/", &st) == -1, st); HX(statvfs("/", &stvfs) == -1, stvfs); HX((e = fstat(0, &st)) == -1, st); if (e == -1) { if (S_ISREG(st.st_mode) || S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) { HX(fstatvfs(0, &stvfs) == -1, stvfs); HX((off = lseek(0, (off_t)0, SEEK_CUR)) < 0, off); } if (S_ISCHR(st.st_mode)) { HX(tcgetattr(0, &tios) == -1, tios); } else if (S_ISSOCK(st.st_mode)) { memset(&ss, 0, sizeof ss); ssl = sizeof(ss); HX(getpeername(0, (void *)&ss, &ssl) == -1, ss); } } HX((e = getrusage(RUSAGE_CHILDREN, &ru)) == -1, ru); if (e != -1) { cnt += (int)ru.ru_utime.tv_sec; cnt += (int)ru.ru_utime.tv_usec; } } else { /* Subsequent hashes absorb previous result */ HD(results); } HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { cnt += (int)tv.tv_sec; cnt += (int)tv.tv_usec; } HD(cnt); } SHA512_Final(results, &ctx); memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } explicit_bzero(&ctx, sizeof ctx); explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ } errno = EIO; return -1; }
int main(void) { int choice; char buf[15] = { 0 }; struct sigaction sa; struct addr_info info = { 0 }; memset(&sa, 0, sizeof(sa)); sa.sa_handler = timer_handler; sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; if (sigaction(SIGALRM, &sa, NULL) == -1) { perror("sigaction()"); exit(EXIT_FAILURE); } alarm(60); setbuf(stdin, NULL); setbuf(stdout, NULL); setbuf(stderr, NULL); dl_iterate_phdr(callback, &info); for (;;) { printf("ROP helper 13.37\n"); printf("1. print libc address\n"); printf("2. print function address\n"); printf("3. insert ROP chain\n"); printf("4. search for string\n"); printf("5. quit\n"); printf("Choice: "); if (!fgets(buf, sizeof(buf), stdin)) break; choice = atoi(buf); switch (choice) { case 1: printf("[+] libc start address: %p\n", info.base); break; case 2: print_func_addr(); break; case 3: insert_rop(); break; case 4: search_string(info.base, info.size); break; case 5: printf("Bye!\n"); goto out; default: printf("Invalid option!\n"); } printf("\n"); } out: return 0; }
void addOSComponentsToSoMap(BSONObjBuilder* soMap) { BSONArrayBuilder soList(soMap->subarrayStart("somap")); dl_iterate_phdr(outputSOInfo, &soList); soList.done(); }
char * lookup_symbol (char *buf, int buflen, const void *ptr) { struct file_match match; #if HAVE_BFD struct symtab symtab; struct symbol symbol; #endif struct symbol_cache_entry *cache; int bucket; int len; bucket = (unsigned long) ptr % (sizeof (symbol_cache_hash) / sizeof (symbol_cache_hash[0])); pthread_mutex_lock (&symbol_cache_mutex); for (cache = symbol_cache_hash[bucket]; cache != NULL; cache = cache->hash_next) { if (cache->ptr == ptr) { if (cache->hash_prev != NULL) { cache->hash_prev->hash_next = cache->hash_next; if (cache->hash_next != NULL) cache->hash_next->hash_prev = cache->hash_prev; cache->hash_prev = NULL; cache->hash_next = symbol_cache_hash[bucket]; symbol_cache_hash[bucket]->hash_prev = cache; symbol_cache_hash[bucket] = cache; } pthread_mutex_unlock (&symbol_cache_mutex); return cache->name; } } pthread_mutex_unlock (&symbol_cache_mutex); match.file = NULL; match.address = (ElfW(Addr)) ptr; dl_iterate_phdr (find_matching_file, &match); snprintf (buf, buflen, "0x%llx", (long long unsigned int) match.address); if (match.file == NULL || *match.file == '\0') match.file = "/proc/self/exe"; #if HAVE_BFD if (_symtab_init (&symtab, match.file)) { _symbol_init (&symbol, &symtab, match.address - match.base); bfd_map_over_sections (symtab.bfd, find_address_in_section, &symbol); if (symbol.found) _symbol_print (&symbol, buf, buflen, match.file); _symbol_fini (&symbol); _symtab_fini (&symtab); } #endif len = strlen (buf); cache = malloc (sizeof (struct symbol_cache_entry) + len + 1); if (cache != NULL) { cache->ptr = ptr; memcpy (cache->name, buf, len + 1); pthread_mutex_lock (&symbol_cache_mutex); cache->hash_prev = NULL; cache->hash_next = symbol_cache_hash[bucket]; if (symbol_cache_hash[bucket] != NULL) symbol_cache_hash[bucket]->hash_prev = cache; symbol_cache_hash[bucket] = cache; pthread_mutex_unlock (&symbol_cache_mutex); } return buf; }
void _env_dump_libs_init() { /* Show what we are currently linking against */ dl_iterate_phdr(ldd_callback, NULL); }
HIDDEN int tdep_find_proc_info (unw_addr_space_t as, unw_word_t ip, unw_proc_info_t *pi, int need_unwind_info, void *arg) { # if defined(HAVE_DL_ITERATE_PHDR) unw_dyn_info_t di, *dip = &di; intrmask_t saved_mask; int ret; di.u.ti.segbase = ip; /* this is cheap... */ SIGPROCMASK (SIG_SETMASK, &unwi_full_mask, &saved_mask); ret = dl_iterate_phdr (callback, &di); SIGPROCMASK (SIG_SETMASK, &saved_mask, NULL); if (ret <= 0) { if (!kernel_table.u.ti.table_data) { if ((ret = get_kernel_table (&kernel_table)) < 0) return ret; } if (ip < kernel_table.start_ip || ip >= kernel_table.end_ip) return -UNW_ENOINFO; dip = &kernel_table; } # elif defined(HAVE_DLMODINFO) # define UNWIND_TBL_32BIT 0x8000000000000000 struct load_module_desc lmd; unw_dyn_info_t di, *dip = &di; struct unwind_header { uint64_t header_version; uint64_t start_offset; uint64_t end_offset; } *uhdr; if (!dlmodinfo (ip, &lmd, sizeof (lmd), NULL, 0, 0)) return -UNW_ENOINFO; di.format = UNW_INFO_FORMAT_TABLE; di.start_ip = lmd.text_base; di.end_ip = lmd.text_base + lmd.text_size; di.gp = lmd.linkage_ptr; di.u.ti.name_ptr = 0; /* no obvious table-name available */ di.u.ti.segbase = lmd.text_base; uhdr = (struct unwind_header *) lmd.unwind_base; if ((uhdr->header_version & ~UNWIND_TBL_32BIT) != 1 && (uhdr->header_version & ~UNWIND_TBL_32BIT) != 2) { Debug (1, "encountered unknown unwind header version %ld\n", (long) (uhdr->header_version & ~UNWIND_TBL_32BIT)); return -UNW_EBADVERSION; } if (uhdr->header_version & UNWIND_TBL_32BIT) { Debug (1, "32-bit unwind tables are not supported yet\n"); return -UNW_EINVAL; } di.u.ti.table_data = (unw_word_t *) (di.u.ti.segbase + uhdr->start_offset); di.u.ti.table_len = ((uhdr->end_offset - uhdr->start_offset) / sizeof (unw_word_t)); Debug (16, "found table `%s': segbase=%lx, len=%lu, gp=%lx, " "table_data=%p\n", (char *) di.u.ti.name_ptr, di.u.ti.segbase, di.u.ti.table_len, di.gp, di.u.ti.table_data); # endif /* now search the table: */ return tdep_search_unwind_table (as, ip, dip, pi, need_unwind_info, arg); }
void trap_init(const char *ver) { int r; uint8_t digest[20]; struct sigaction sa, old; char path[256]; SHA_CTX binsum; int fd; r = readlink("/proc/self/exe", self, sizeof(self) - 1); if(r == -1) self[0] = 0; else self[r] = 0; memset(digest, 0, sizeof(digest)); if((fd = open("/proc/self/exe", O_RDONLY)) != -1) { struct stat st; if(!fstat(fd, &st)) { char *m = malloc(st.st_size); if(m != NULL) { if(read(fd, m, st.st_size) == st.st_size) { SHA1_Init(&binsum); SHA1_Update(&binsum, (void *)m, st.st_size); SHA1_Final(digest, &binsum); } free(m); } } close(fd); } snprintf(line1, sizeof(line1), "PRG: %s (%s) " "[%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x] " "CWD: %s ", ver, tvheadend_version, digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15], digest[16], digest[17], digest[18], digest[19], getcwd(path, sizeof(path))); memcpy(tvh_binshasum, digest, 20); dl_iterate_phdr(callback, NULL); memset(&sa, 0, sizeof(sa)); sigset_t m; sigemptyset(&m); sigaddset(&m, SIGSEGV); sigaddset(&m, SIGBUS); sigaddset(&m, SIGILL); sigaddset(&m, SIGABRT); sigaddset(&m, SIGFPE); sa.sa_sigaction = traphandler; sa.sa_flags = SA_SIGINFO | SA_RESETHAND; sigaction(SIGSEGV, &sa, &old); sigaction(SIGBUS, &sa, &old); sigaction(SIGILL, &sa, &old); sigaction(SIGABRT, &sa, &old); sigaction(SIGFPE, &sa, &old); sigprocmask(SIG_UNBLOCK, &m, NULL); }
void trap_init(void) { uint8_t digest[20]; struct sigaction sa, old; char path[256]; int r; memset(digest, 0, sizeof(digest)); r = readlink("/proc/self/exe", self, sizeof(self) - 1); if(r == -1) self[0] = 0; else self[r] = 0; snprintf(line1, sizeof(line1), "PRG: Showtime (%s) " "[%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x] " "EXE: %s, CWD: %s ", htsversion_full, digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15], digest[16], digest[17], digest[18], digest[19], self, getcwd(path, sizeof(path))); dl_iterate_phdr(callback, NULL); memset(&sa, 0, sizeof(sa)); sigset_t m; sigemptyset(&m); sigaddset(&m, SIGSEGV); sigaddset(&m, SIGBUS); sigaddset(&m, SIGILL); sigaddset(&m, SIGABRT); sigaddset(&m, SIGFPE); sa.sa_sigaction = traphandler; sa.sa_flags = SA_SIGINFO | SA_RESETHAND; sigaction(SIGSEGV, &sa, &old); sigaction(SIGBUS, &sa, &old); sigaction(SIGILL, &sa, &old); sigaction(SIGABRT, &sa, &old); sigaction(SIGFPE, &sa, &old); sigprocmask(SIG_UNBLOCK, &m, NULL); }
VirtualMemoryData::VirtualMemoryData() { array_size = 0; dl_iterate_phdr(callback, this); }