ea_t find_string(char *search_str)
{
char text[512];
qsnprintf(text, sizeof(text), "\"%s\"", search_str);
ea_t ret = find_binary(0x06000000, 0x06100000, text, 0, SEARCH_DOWN | SEARCH_CASE);
if (ret == BADADDR)
return find_binary(0x00200000, 0x00300000, text, 0, SEARCH_DOWN | SEARCH_CASE);
return ret;
}
int main()
{
int arraysize = 10 * 1000;
int *parray = (int*)malloc(sizeof(int) * arraysize);
// 生成随机数组
//gen_randomarray(parray,arraysize);
gen_unirandom_array(parray,arraysize);
// 打印数组
//print_array(parray,arraysize);
// sort array
sort_shell(parray,arraysize);
//保存需要查找的数据
srand(time(0));
int findindex = rand() % arraysize;
int findval = parray[findindex];
int findedindex = -1;
findedindex = find_seq(parray,arraysize,findval);
printf("find_seq :finedindex:%d,realindex:%d\n",findedindex,findindex);
//print_array(parray,arraysize);
findedindex = find_binary(parray,arraysize,findval);
printf("find_binary :finedindex:%d,realindex:%d\n",findedindex,findindex);
return 0;
}
static void test_exec_privatenetwork(Manager *m) {
int r;
r = find_binary("ip", NULL);
if (r < 0) {
log_error_errno(r, "Skipping test_exec_privatenetwork, could not find ip binary: %m");
return;
}
test(m, "exec-privatenetwork-yes.service", 0, CLD_EXITED);
}
static void test_exec_capabilityboundingset(Manager *m) {
int r;
/* We use capsh to test if the capabilities are
* properly set, so be sure that it exists */
r = find_binary("capsh", NULL);
if (r < 0) {
log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m");
return;
}
test(m, "exec-capabilityboundingset-simple.service", 0, CLD_EXITED);
test(m, "exec-capabilityboundingset-reset.service", 0, CLD_EXITED);
test(m, "exec-capabilityboundingset-merge.service", 0, CLD_EXITED);
test(m, "exec-capabilityboundingset-invert.service", 0, CLD_EXITED);
}
int expand_command(const char* command, int* argc, char ***argv, int *using_a_script, const char** env)
{
char **command_argv = *argv;
int command_argc = *argc;
int running_script = *using_a_script;
const char *full_filepath;
if (!strncmp(command, "#!", 2)) {
// We are running a shell script command
char *filename = strdup("/tmp/babysitter.XXXXXXX");
int size, fd = -1;
FILE *sfp;
// Note for the future cleanup, that we'll be running a script to cleanup
running_script = 1;
// Make a tempfile in the filename format
// printf("writing a tempfile: %s\n", filename);
if ((fd = mkstemp(filename)) == -1 || (sfp = fdopen(fd, "w+")) == NULL) {
if (fd != -1) {
unlink(filename);
close(fd);
}
fprintf(stderr, "Could not open tempfile: %s\n", filename);
return -1;
}
size = strlen(command);
// Print the command into the file
if (fwrite(command, size, 1, sfp) == -1) {
fprintf(stderr, "Could not write command to tempfile: %s\n", filename);
return -1;
}
fclose(sfp);
// Close the file descriptor
close(fd);
// Modify the command to match call the filename
// should we chown?
/*
if (chown(filename, m_user, m_group) != 0) {
#ifdef DEBUG
fprintf(stderr, "Could not change owner of '%s' to %d\n", m_script_file.c_str(), m_user);
#endif
}
*/
// Make it executable
if (chmod(filename, 040700) != 0) {
fprintf(stderr, "Could not change permissions to '%s' %o\n", filename, 040700);
}
// Run in a new process
command_argv = (char **) malloc(1 * sizeof(char *));
command_argv[0] = strdup(filename);
command_argv[1] = NULL;
command_argc = 1;
free(filename);
} else {
int prefix;
char *cp, *cmdname, *expanded_command;
char *path = NULL;
// get bare command for path lookup
for (cp = (char *) command; *cp && !isspace(*cp); cp++) ;
prefix = cp - command;
cmdname = calloc(prefix, sizeof(char));
strncpy(cmdname, command, prefix);
// Extract the PATH, if given
if (env) {
char **tmp_env = (char**)env;
while(*tmp_env != NULL) {
if (!strncmp(*tmp_env, "PATH=", 5)) {
// Get past the first PATH=
// GROSS - pointer arithmatic
path = (*tmp_env + sizeof(char)*5);
break;
}
tmp_env++;
}
}
// expand command name to full path
full_filepath = find_binary(cmdname, path);
// build invocable command with args
expanded_command = calloc(strlen(full_filepath) + strlen(command + prefix) + 1, sizeof(char));
strcat(expanded_command, full_filepath);
strcat(expanded_command, command + prefix);
command_argv = (char **) malloc(4 * sizeof(char *));
command_argv[0] = strdup(getenv("SHELL"));
command_argv[1] = "-c";
command_argv[2] = expanded_command;
command_argv[3] = NULL;
command_argc = 3;
}
*argc = command_argc;
*argv = command_argv;
*using_a_script = running_script;
return 0;
}
// Find RTTI objects by signature
ea_t find_RTTI(ea_t start_ea, ea_t end_ea)
{
// "2E 3F 41 56" == .?AV
return find_binary(start_ea, end_ea, "2E 3F 41 56", getDefaultRadix(), SEARCH_DOWN);
}
int expand_command(const char* command, int* argc, char ***argv, int *using_a_script)
{
char **command_argv = *argv;
int command_argc = *argc;
int running_script = *using_a_script;
const char *full_filepath;
if (!strncmp(command, "#!", 2)) {
// We are running a shell script command
char *filename = NULL;
int size, fd;
// Note for the future cleanup, that we'll be running a script to cleanup
running_script = 1;
snprintf(filename, 40, "/tmp/babysitter.XXXXXXXXX");
// Make a tempfile in the filename format
if ((fd = mkstemp(filename)) == -1) {
fprintf(stderr, "Could not open tempfile: %s\n", filename);
return -1;
}
size = strlen(command);
// Print the command into the file
if (write(fd, command, size) == -1) {
fprintf(stderr, "Could not write command to tempfile: %s\n", filename);
return -1;
}
// Confirm that the command is written
if (fsync(fd) == -1) {
fprintf(stderr, "fsync failed for tempfile: %s\n", filename);
return -1;
}
// Close the file descriptor
close(fd);
// Modify the command to match call the filename
// should we chown?
/*
if (chown(filename, m_user, m_group) != 0) {
#ifdef DEBUG
fprintf(stderr, "Could not change owner of '%s' to %d\n", m_script_file.c_str(), m_user);
#endif
}
*/
// Make it executable
if (chmod(filename, 040700) != 0) {
fprintf(stderr, "Could not change permissions to '%s' %o\n", filename, 040700);
}
// Run in a new process
command_argv[0] = filename;
command_argv[1] = NULL;
command_argc = 1;
} else {
int prefix;
char *cp, *cmdname, *expanded_command;
// get bare command for path lookup
for (cp = (char *) command; *cp && !isspace(*cp); cp++) ;
prefix = cp - command;
cmdname = calloc(prefix, sizeof(char));
strncpy(cmdname, command, prefix);
// expand command name to full path
full_filepath = find_binary(cmdname);
// build invocable command with args
expanded_command = calloc(strlen(full_filepath) + strlen(command + prefix) + 1, sizeof(char));
strcat(expanded_command, full_filepath);
strcat(expanded_command, command + prefix);
command_argv = (char **) malloc(4 * sizeof(char *));
command_argv[0] = strdup(getenv("SHELL"));
command_argv[1] = "-c";
command_argv[2] = expanded_command;
command_argv[3] = NULL;
command_argc = 3;
}
*argc = command_argc;
*argv = command_argv;
*using_a_script = running_script;
return 0;
}
int main(int argc, char** argv) {
s32 opt;
u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0;
u32 tcnt;
char** use_argv;
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQ")) > 0)
switch (opt) {
case 'o':
if (out_file) FATAL("Multiple -o options not supported");
out_file = optarg;
break;
case 'm': {
u8 suffix = 'M';
if (mem_limit_given) FATAL("Multiple -m options not supported");
mem_limit_given = 1;
if (!strcmp(optarg, "none")) {
mem_limit = 0;
break;
}
if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
optarg[0] == '-') FATAL("Bad syntax used for -m");
switch (suffix) {
case 'T': mem_limit *= 1024 * 1024; break;
case 'G': mem_limit *= 1024; break;
case 'k': mem_limit /= 1024; break;
case 'M': break;
default: FATAL("Unsupported suffix or bad syntax for -m");
}
if (mem_limit < 5) FATAL("Dangerously low value of -m");
if (sizeof(rlim_t) == 4 && mem_limit > 2000)
FATAL("Value of -m out of range on 32-bit systems");
}
break;
case 't':
if (timeout_given) FATAL("Multiple -t options not supported");
timeout_given = 1;
if (strcmp(optarg, "none")) {
exec_tmout = atoi(optarg);
if (exec_tmout < 20 || optarg[0] == '-')
FATAL("Dangerously low value of -t");
}
break;
case 'e':
if (edges_only) FATAL("Multiple -e options not supported");
edges_only = 1;
break;
case 'q':
if (quiet_mode) FATAL("Multiple -q options not supported");
quiet_mode = 1;
break;
case 'Z':
/* This is an undocumented option to write data in the syntax expected
by afl-cmin. Nobody else should have any use for this. */
cmin_mode = 1;
quiet_mode = 1;
break;
case 'A':
/* Another afl-cmin specific feature. */
at_file = optarg;
break;
case 'Q':
if (qemu_mode) FATAL("Multiple -Q options not supported");
if (!mem_limit_given) mem_limit = MEM_LIMIT_QEMU;
qemu_mode = 1;
break;
default:
usage(argv[0]);
}
if (optind == argc || !out_file) usage(argv[0]);
setup_shm();
setup_signal_handlers();
set_up_environment();
find_binary(argv[optind]);
if (!quiet_mode) {
show_banner();
ACTF("Executing '%s'...\n", target_path);
}
detect_file_args(argv + optind);
if (qemu_mode)
use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind);
else
use_argv = argv + optind;
run_target(use_argv);
tcnt = write_results();
if (!quiet_mode) {
if (!tcnt) FATAL("No instrumentation detected" cRST);
OKF("Captured %u tuples in '%s'." cRST, tcnt, out_file);
}
exit(child_crashed * 2 + child_timed_out);
}
/** Build the chroot at the path **/
bool WorkerBee::build_chroot(const std::string &path, uid_t user, gid_t group, string_set &executables, string_set &extra_dirs) {
// Make the root path
make_path(strdup(path.c_str()));
string_set already_copied;
std::string full_path;
// The base directories
string_set base_dirs;
base_dirs.insert("bin");
base_dirs.insert("usr");
base_dirs.insert("var");
base_dirs.insert("lib");
base_dirs.insert("home");
base_dirs.insert("etc");
// Add the extra directories requested
for (string_set::iterator dir = extra_dirs.begin(); dir != extra_dirs.end(); ++dir) base_dirs.insert(dir->c_str());
for (string_set::iterator dir = base_dirs.begin(); dir != base_dirs.end(); ++dir) {
if ((*dir->c_str()) == '/') full_path = path + *dir; else full_path = path + '/' + *dir;
// Make the paths
make_path(full_path.c_str());
}
// Build the root libraries
for (string_set::iterator executable = executables.begin(); executable != executables.end(); ++executable) {
// If we are pointed at an absolute path to a binary
// then find the linked libraries of the executable
// If it's not found, then find it, then look up the libraries
std::string res_bin;
if (abs_path(*executable))
res_bin = *executable;
else {
res_bin = find_binary(*executable);
}
// The libraries for the resolved binary
bee_files_set *s_libs = libs_for(res_bin);
// collect the libraries and copy them to the full path of the chroot
for (bee_files_set::iterator bf = s_libs->begin(); bf != s_libs->end(); ++bf) {
BeeFile bee = *bf;
std::string s (bee.file_path());
// Don't copy if the file is already copied
if (already_copied.count(s)) {
} else {
// If it is a symlink, then make a symlink, otherwise copy the file
// If the library starts with a '/' then don't add one, otherwise, do
// i.e. if libs/hi.so.1 turns into full_path/libs/hi.so.1 otherwise libs.so.1 turns into full_path/libs.so.1
if (s.c_str()[0] == '/') full_path = path + s.c_str(); else full_path = path + '/' + s.c_str();
if (bee.is_link()) {
// make symlink
make_path(dirname(strdup(full_path.c_str())));
if (symlink(bee.sym_origin().c_str(), full_path.c_str())) {
fprintf(stderr, "Could not make a symlink: %s to %s because %s\n", bee.sym_origin().c_str(), full_path.c_str(), strerror(errno));
}
} else {
// Copy the file (recursively)
cp_r(s, full_path);
}
// Change the permissions to match the original file
struct stat file_stats = bee.file_stats();
mode_t mode = file_stats.st_mode;
if (chown(full_path.c_str(), user, group) != 0) {
fprintf(stderr, "Could not change owner of '%s' to %i\n", full_path.c_str(), user);
}
if (chmod(full_path.c_str(), mode) != 0) {
fprintf(stderr, "Could not change permissions to '%s' %o\n", full_path.c_str(), mode);
}
// Add it to the already_copied set and move on
already_copied.insert(s);
}
}
// Copy the executables and make them executable
std::string bin_path = path + '/' + res_bin;
cp_r(res_bin.c_str(), bin_path.c_str());
if (chown(bin_path.c_str(), user, group) != 0) {
fprintf(stderr, "Could not change owner of '%s' to %i\n", bin_path.c_str(), user);
}
if (chmod(bin_path.c_str(), S_IREAD|S_IEXEC|S_IXGRP|S_IRGRP|S_IWRITE)) {
fprintf(stderr, "Could not change permissions to '%s' make it executable\n", bin_path.c_str());
}
}
return true;
}
bee_files_set *WorkerBee::libs_for(const std::string &executable) {
std::pair<string_set *, string_set *> *dyn_libs;
// If we are pointed at an absolute path to a binary
// then find the linked libraries of the executable
// If it's not found, then find it, then look up the libraries
if (abs_path(executable))
dyn_libs = linked_libraries(executable);
else {
std::string bin = find_binary(executable);
dyn_libs = linked_libraries(bin);
}
//string_set *libs = new string_set();
bee_files_set *libs = new bee_files_set();
// iterate through
string_set obj = *dyn_libs->first;
struct stat lib_stat;
char link_buf[1024];
// Go through the libs
for (string_set::iterator ld = obj.begin(); ld != obj.end(); ++ld) {
string_set paths = *dyn_libs->second;
// Go through each of the paths
for (string_set::iterator pth = paths.begin(); pth != paths.end(); ++pth) {
std::string path (*pth);
std::string full_path = *pth+'/'+*ld;
if (fopen(full_path.c_str(), "rb") != NULL) {
// Create a bee_file object
BeeFile bf;
bf.set_file_path(full_path.c_str());
// Make sure the file can be "stat'd"
if (stat(full_path.c_str(), &lib_stat) < 0) {
fprintf(stderr, "[lstat] Error: %s: %s\n", full_path.c_str(), strerror(errno));
}
bf.set_file_stats(lib_stat);
// Are we looking at a symlink
// if ((lib_stat.st_mode & S_IFMT) == S_IFLNK) {
if (S_ISLNK(lib_stat.st_mode)) {
memset(link_buf, 0, 1024);
if (!readlink(full_path.c_str(), link_buf, 1024)) {
fprintf(stderr, "[readlink] Error: %s: %s\n", full_path.c_str(), strerror(errno));
}
/** If we are looking at a symlink, then create a new BeeFile object and
* insert it into the library path, noting that the other is a symlink
**/
std::string link_dir (dirname(strdup(full_path.c_str())));
// std::string link_path (link_buf);
std::string link_path;
if (path == "")
link_path = link_dir + "/" + link_buf;
else
link_path = (path+"/"+link_buf);
BeeFile lbf;
// Set the data on the BeeFile object
lbf.set_file_path(link_path.c_str());
// full_path.c_str()
bf.set_file_path(full_path.c_str()); // This is redundant, but just for clarity
bf.set_sym_origin(link_buf);
bf.set_is_link(true);
libs->insert(lbf);
} else {
bf.set_is_link(false);
}
libs->insert(bf);
break; // We found it! Move on, yo
}
}
}
return libs;
}
int main(int argc, char* argv[]) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_free_ char *description = NULL, *command = NULL;
int r, retval = EXIT_SUCCESS;
log_parse_environment();
log_open();
r = parse_argv(argc, argv);
if (r <= 0)
goto finish;
if (argc > optind && arg_transport == BUS_TRANSPORT_LOCAL) {
/* Patch in an absolute path */
r = find_binary(argv[optind], &command);
if (r < 0) {
log_error_errno(r, "Failed to find executable %s: %m", argv[optind]);
goto finish;
}
argv[optind] = command;
}
if (!arg_description) {
description = strv_join(argv + optind, " ");
if (!description) {
r = log_oom();
goto finish;
}
if (arg_unit && isempty(description)) {
r = free_and_strdup(&description, arg_unit);
if (r < 0)
goto finish;
}
arg_description = description;
}
/* If --wait is used connect via the bus, unconditionally, as ref/unref is not supported via the limited direct
* connection */
if (arg_wait)
r = bus_connect_transport(arg_transport, arg_host, arg_user, &bus);
else
r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);
if (r < 0) {
log_error_errno(r, "Failed to create bus connection: %m");
goto finish;
}
if (arg_scope)
r = start_transient_scope(bus, argv + optind);
else if (with_timer())
r = start_transient_timer(bus, argv + optind);
else
r = start_transient_service(bus, argv + optind, &retval);
finish:
strv_free(arg_environment);
strv_free(arg_property);
strv_free(arg_timer_property);
return r < 0 ? EXIT_FAILURE : retval;
}
