void regenerate(void)
{
if (no_files == TRUE) /* We don't regenerate sockets */
return;
/* we're about to exit. */
if (shm->spawn_no_more)
return;
shm->regenerating = TRUE;
sleep(1); /* give children time to finish with fds. */
shm->regenerate = 0;
output(0, "Regenerating random pages, fd's etc.\n");
regenerate_fds();
/* Do random setsockopts on all network sockets. */
do_sso_sockets();
destroy_maps();
setup_maps();
generate_random_page(page_rand);
shm->regenerating = FALSE;
}
static void regenerate()
{
if (!shm->regenerate) {
output("[%d] Regenerating random pages, fd's etc.\n", getpid());
close_files();
open_files();
destroy_maps();
setup_maps();
shm->regenerate = REGENERATION_POINT - 1;
regenerate_random_page();
}
}
static void regenerate(void)
{
if (no_files == TRUE) /* We don't regenerate sockets */
return;
shm->regenerating = TRUE;
sleep(1); /* give children time to finish with fds. */
shm->regenerate = 0;
output(0, "[%d] Regenerating random pages, fd's etc.\n", getpid());
regenerate_fds();
destroy_maps();
setup_maps();
generate_random_page(page_rand);
shm->regenerating = FALSE;
}
int main(int argc, char* argv[])
{
int ret;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n");
#ifdef __x86_64__
syscalls = syscalls_x86_64;
max_nr_syscalls = NR_X86_64_SYSCALLS;
#elif __i386__
syscalls = syscalls_i386;
max_nr_syscalls = NR_I386_SYSCALLS;
#elif __powerpc__
syscalls = syscalls_ppc;
#elif __ia64__
syscalls = syscalls_ia64;
#elif __sparc__
syscalls = syscalls_sparc;
#else
syscalls = syscalls_i386;
#endif
progname = argv[0];
parse_args(argc, argv);
if (getuid() == 0) {
if (dangerous == 1) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (create_shm())
exit(EXIT_FAILURE);
if (logging != 0)
open_logfiles();
max_nr_syscalls = NR_SYSCALLS;
for (i = 0; i < max_nr_syscalls; i++)
syscalls[i].entry->number = i;
if (desired_group == GROUP_VM) {
struct syscalltable *newsyscalls;
int count = 0, j = 0;
for (i = 0; i < max_nr_syscalls; i++) {
if (syscalls[i].entry->group == GROUP_VM)
count++;
}
newsyscalls = malloc(count * sizeof(struct syscalltable));
if (newsyscalls == NULL)
exit(EXIT_FAILURE);
for (i = 0; i < max_nr_syscalls; i++) {
if (syscalls[i].entry->group == GROUP_VM)
newsyscalls[j++].entry = syscalls[i].entry;
}
max_nr_syscalls = count;
syscalls = newsyscalls;
}
if (!do_specific_syscall)
output("Fuzzing %d syscalls.\n", max_nr_syscalls);
if (do_specific_syscall == 1)
find_specific_syscall();
if (do_specific_proto == 1)
find_specific_proto();
if (show_syscall_list == 1) {
syscall_list();
exit(EXIT_SUCCESS);
}
page_size = getpagesize();
if (!seed)
seed_from_tod();
else
output("[%d] Random seed: %u (0x%x)\n", getpid(), seed, seed);
init_buffers();
mask_signals();
setup_fds();
if (check_tainted() != 0) {
output("Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
do_check_tainted = 1;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
main_loop();
printf("\nRan %ld syscalls (%ld retries). Successes: %ld Failures: %ld\n",
shm->execcount - 1, shm->retries, shm->successes, shm->failures);
shmdt(shm);
destroy_maps();
for (i = 0; i < socks; i++)
close(socket_fds[i]);
if (logging != 0)
close_logfiles();
exit(EXIT_SUCCESS);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
int childstatus;
unsigned int i;
outputstd("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**>\n");
progname = argv[0];
initpid = getpid();
page_size = getpagesize();
num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
select_syscall_tables();
if (create_shm())
exit(EXIT_FAILURE);
parse_args(argc, argv);
outputstd("Done parsing arguments.\n");
if (kernel_taint_mask != (int)0xFFFFFFFF) {
outputstd("Custom kernel taint mask has been specified: 0x%08x (%d).\n", kernel_taint_mask, kernel_taint_mask);
}
setup_shm_postargs();
if (logging == TRUE)
open_logfiles();
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
init_syscalls();
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
if (getuid() == 0) {
if (dangerous == TRUE) {
outputstd("DANGER: RUNNING AS ROOT.\n");
outputstd("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
outputstd("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
outputstd("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
outputstd("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
outputstd("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
init_buffers();
parse_devices();
pids_init();
setup_main_signals();
kernel_taint_initial = check_tainted();
if (kernel_taint_initial != 0) {
output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n");
}
change_tmp_dir();
/* check if we ctrl'c or something went wrong during init. */
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
/* Shutting down. */
waitpid(watchdog_pid, &childstatus, 0);
output(0, "\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
close_sockets();
destroy_maps();
if (logging == TRUE)
close_logfiles();
out:
exit(ret);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n");
progname = argv[0];
setup_syscall_tables();
parse_args(argc, argv);
/* If we didn't pass -c or -x, mark all syscalls active. */
if ((do_specific_syscall == FALSE) && (do_exclude_syscall == FALSE))
mark_all_syscalls_active();
if (getuid() == 0) {
if (dangerous == TRUE) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (create_shm())
exit(EXIT_FAILURE);
/* Set seed in parent thread*/
set_seed(0);
if (desired_group != GROUP_NONE) {
ret = setup_syscall_group(desired_group);
if (ret == FALSE) {
ret = EXIT_FAILURE;
goto cleanup_shm;
}
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto cleanup_shm;
}
if (validate_syscall_tables() == FALSE) {
printf("No syscalls were enabled!\n");
printf("Use 32bit:%d 64bit:%d\n", use_32bit, use_64bit);
goto cleanup_shm;
}
sanity_check_tables();
if (logging == TRUE)
open_logfiles();
if (do_specific_syscall == FALSE) {
if (biarch == TRUE)
output(0, "Fuzzing %d 32-bit syscalls & %d 64-bit syscalls.\n",
max_nr_32bit_syscalls, max_nr_64bit_syscalls);
else
output(0, "Fuzzing %d syscalls.\n", max_nr_syscalls);
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
page_size = getpagesize();
init_buffers();
mask_signals();
if (check_tainted() != 0) {
output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
do_check_tainted = TRUE;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
for (i = 0; i < nr_sockets; i++) {
struct linger ling;
ling.l_onoff = FALSE; /* linger active */
setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger));
shutdown(shm->socket_fds[i], SHUT_RDWR);
close(shm->socket_fds[i]);
}
destroy_maps();
if (logging == TRUE)
close_logfiles();
cleanup_shm:
if (shm != NULL)
munmap(shm, sizeof(struct shm_s));
exit(ret);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
int childstatus;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**>\n");
progname = argv[0];
page_size = getpagesize();
select_syscall_tables();
if (create_shm())
exit(EXIT_FAILURE);
parse_args(argc, argv);
printf("Done parsing arguments.\n");
setup_shm_postargs();
if (logging == TRUE)
open_logfiles();
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
if (getuid() == 0) {
if (dangerous == TRUE) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
init_buffers();
parse_devices();
pids_init();
setup_main_signals();
if (check_tainted() != 0) {
output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
ignore_tainted = TRUE;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
waitpid(shm->watchdog_pid, &childstatus, 0);
printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
for (i = 0; i < nr_sockets; i++) {
struct linger ling;
ling.l_onoff = FALSE; /* linger active */
setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger));
shutdown(shm->socket_fds[i], SHUT_RDWR);
close(shm->socket_fds[i]);
}
destroy_maps();
if (logging == TRUE)
close_logfiles();
out:
exit(ret);
}
