void regenerate(void) { if (no_files == TRUE) /* We don't regenerate sockets */ return; /* we're about to exit. */ if (shm->spawn_no_more) return; shm->regenerating = TRUE; sleep(1); /* give children time to finish with fds. */ shm->regenerate = 0; output(0, "Regenerating random pages, fd's etc.\n"); regenerate_fds(); /* Do random setsockopts on all network sockets. */ do_sso_sockets(); destroy_maps(); setup_maps(); generate_random_page(page_rand); shm->regenerating = FALSE; }
static void regenerate() { if (!shm->regenerate) { output("[%d] Regenerating random pages, fd's etc.\n", getpid()); close_files(); open_files(); destroy_maps(); setup_maps(); shm->regenerate = REGENERATION_POINT - 1; regenerate_random_page(); } }
static void regenerate(void) { if (no_files == TRUE) /* We don't regenerate sockets */ return; shm->regenerating = TRUE; sleep(1); /* give children time to finish with fds. */ shm->regenerate = 0; output(0, "[%d] Regenerating random pages, fd's etc.\n", getpid()); regenerate_fds(); destroy_maps(); setup_maps(); generate_random_page(page_rand); shm->regenerating = FALSE; }
int main(int argc, char* argv[]) { int ret; unsigned int i; printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n"); #ifdef __x86_64__ syscalls = syscalls_x86_64; max_nr_syscalls = NR_X86_64_SYSCALLS; #elif __i386__ syscalls = syscalls_i386; max_nr_syscalls = NR_I386_SYSCALLS; #elif __powerpc__ syscalls = syscalls_ppc; #elif __ia64__ syscalls = syscalls_ia64; #elif __sparc__ syscalls = syscalls_sparc; #else syscalls = syscalls_i386; #endif progname = argv[0]; parse_args(argc, argv); if (getuid() == 0) { if (dangerous == 1) { printf("DANGER: RUNNING AS ROOT.\n"); printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n"); printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n"); printf("ctrl-c now unless you really know what you are doing.\n"); for (i = 10; i > 0; i--) { printf("Continuing in %d seconds.\r", i); (void)fflush(stdout); sleep(1); } } else { printf("Don't run as root (or pass --dangerous if you know what you are doing).\n"); exit(EXIT_FAILURE); } } if (create_shm()) exit(EXIT_FAILURE); if (logging != 0) open_logfiles(); max_nr_syscalls = NR_SYSCALLS; for (i = 0; i < max_nr_syscalls; i++) syscalls[i].entry->number = i; if (desired_group == GROUP_VM) { struct syscalltable *newsyscalls; int count = 0, j = 0; for (i = 0; i < max_nr_syscalls; i++) { if (syscalls[i].entry->group == GROUP_VM) count++; } newsyscalls = malloc(count * sizeof(struct syscalltable)); if (newsyscalls == NULL) exit(EXIT_FAILURE); for (i = 0; i < max_nr_syscalls; i++) { if (syscalls[i].entry->group == GROUP_VM) newsyscalls[j++].entry = syscalls[i].entry; } max_nr_syscalls = count; syscalls = newsyscalls; } if (!do_specific_syscall) output("Fuzzing %d syscalls.\n", max_nr_syscalls); if (do_specific_syscall == 1) find_specific_syscall(); if (do_specific_proto == 1) find_specific_proto(); if (show_syscall_list == 1) { syscall_list(); exit(EXIT_SUCCESS); } page_size = getpagesize(); if (!seed) seed_from_tod(); else output("[%d] Random seed: %u (0x%x)\n", getpid(), seed, seed); init_buffers(); mask_signals(); setup_fds(); if (check_tainted() != 0) { output("Kernel was tainted on startup. Will keep running if trinity causes an oops.\n"); do_check_tainted = 1; } /* just in case we're not using the test.sh harness. */ chmod("tmp/", 0755); ret = chdir("tmp/"); if (!ret) { /* nothing right now */ } main_loop(); printf("\nRan %ld syscalls (%ld retries). Successes: %ld Failures: %ld\n", shm->execcount - 1, shm->retries, shm->successes, shm->failures); shmdt(shm); destroy_maps(); for (i = 0; i < socks; i++) close(socket_fds[i]); if (logging != 0) close_logfiles(); exit(EXIT_SUCCESS); }
int main(int argc, char* argv[]) { int ret = EXIT_SUCCESS; int childstatus; unsigned int i; outputstd("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**>\n"); progname = argv[0]; initpid = getpid(); page_size = getpagesize(); num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN); select_syscall_tables(); if (create_shm()) exit(EXIT_FAILURE); parse_args(argc, argv); outputstd("Done parsing arguments.\n"); if (kernel_taint_mask != (int)0xFFFFFFFF) { outputstd("Custom kernel taint mask has been specified: 0x%08x (%d).\n", kernel_taint_mask, kernel_taint_mask); } setup_shm_postargs(); if (logging == TRUE) open_logfiles(); if (munge_tables() == FALSE) { ret = EXIT_FAILURE; goto out; } if (show_syscall_list == TRUE) { dump_syscall_tables(); goto out; } init_syscalls(); if (show_ioctl_list == TRUE) { dump_ioctls(); goto out; } if (getuid() == 0) { if (dangerous == TRUE) { outputstd("DANGER: RUNNING AS ROOT.\n"); outputstd("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n"); outputstd("or similar which could potentially make this machine unbootable without a firmware reset.\n\n"); outputstd("ctrl-c now unless you really know what you are doing.\n"); for (i = 10; i > 0; i--) { outputstd("Continuing in %d seconds.\r", i); (void)fflush(stdout); sleep(1); } } else { outputstd("Don't run as root (or pass --dangerous if you know what you are doing).\n"); exit(EXIT_FAILURE); } } if (do_specific_proto == TRUE) find_specific_proto(specific_proto_optarg); init_buffers(); parse_devices(); pids_init(); setup_main_signals(); kernel_taint_initial = check_tainted(); if (kernel_taint_initial != 0) { output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n"); } change_tmp_dir(); /* check if we ctrl'c or something went wrong during init. */ if (shm->exit_reason != STILL_RUNNING) goto cleanup_fds; init_watchdog(); do_main_loop(); /* Shutting down. */ waitpid(watchdog_pid, &childstatus, 0); output(0, "\nRan %ld syscalls. Successes: %ld Failures: %ld\n", shm->total_syscalls_done - 1, shm->successes, shm->failures); ret = EXIT_SUCCESS; cleanup_fds: close_sockets(); destroy_maps(); if (logging == TRUE) close_logfiles(); out: exit(ret); }
int main(int argc, char* argv[]) { int ret = EXIT_SUCCESS; unsigned int i; printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n"); progname = argv[0]; setup_syscall_tables(); parse_args(argc, argv); /* If we didn't pass -c or -x, mark all syscalls active. */ if ((do_specific_syscall == FALSE) && (do_exclude_syscall == FALSE)) mark_all_syscalls_active(); if (getuid() == 0) { if (dangerous == TRUE) { printf("DANGER: RUNNING AS ROOT.\n"); printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n"); printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n"); printf("ctrl-c now unless you really know what you are doing.\n"); for (i = 10; i > 0; i--) { printf("Continuing in %d seconds.\r", i); (void)fflush(stdout); sleep(1); } } else { printf("Don't run as root (or pass --dangerous if you know what you are doing).\n"); exit(EXIT_FAILURE); } } if (create_shm()) exit(EXIT_FAILURE); /* Set seed in parent thread*/ set_seed(0); if (desired_group != GROUP_NONE) { ret = setup_syscall_group(desired_group); if (ret == FALSE) { ret = EXIT_FAILURE; goto cleanup_shm; } } if (show_syscall_list == TRUE) { dump_syscall_tables(); goto cleanup_shm; } if (validate_syscall_tables() == FALSE) { printf("No syscalls were enabled!\n"); printf("Use 32bit:%d 64bit:%d\n", use_32bit, use_64bit); goto cleanup_shm; } sanity_check_tables(); if (logging == TRUE) open_logfiles(); if (do_specific_syscall == FALSE) { if (biarch == TRUE) output(0, "Fuzzing %d 32-bit syscalls & %d 64-bit syscalls.\n", max_nr_32bit_syscalls, max_nr_64bit_syscalls); else output(0, "Fuzzing %d syscalls.\n", max_nr_syscalls); } if (do_specific_proto == TRUE) find_specific_proto(specific_proto_optarg); page_size = getpagesize(); init_buffers(); mask_signals(); if (check_tainted() != 0) { output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n"); do_check_tainted = TRUE; } /* just in case we're not using the test.sh harness. */ chmod("tmp/", 0755); ret = chdir("tmp/"); if (!ret) { /* nothing right now */ } if (shm->exit_reason != STILL_RUNNING) goto cleanup_fds; init_watchdog(); do_main_loop(); printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n", shm->total_syscalls_done - 1, shm->successes, shm->failures); ret = EXIT_SUCCESS; cleanup_fds: for (i = 0; i < nr_sockets; i++) { struct linger ling; ling.l_onoff = FALSE; /* linger active */ setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger)); shutdown(shm->socket_fds[i], SHUT_RDWR); close(shm->socket_fds[i]); } destroy_maps(); if (logging == TRUE) close_logfiles(); cleanup_shm: if (shm != NULL) munmap(shm, sizeof(struct shm_s)); exit(ret); }
int main(int argc, char* argv[]) { int ret = EXIT_SUCCESS; int childstatus; unsigned int i; printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**>\n"); progname = argv[0]; page_size = getpagesize(); select_syscall_tables(); if (create_shm()) exit(EXIT_FAILURE); parse_args(argc, argv); printf("Done parsing arguments.\n"); setup_shm_postargs(); if (logging == TRUE) open_logfiles(); if (munge_tables() == FALSE) { ret = EXIT_FAILURE; goto out; } if (show_syscall_list == TRUE) { dump_syscall_tables(); goto out; } if (show_ioctl_list == TRUE) { dump_ioctls(); goto out; } if (getuid() == 0) { if (dangerous == TRUE) { printf("DANGER: RUNNING AS ROOT.\n"); printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n"); printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n"); printf("ctrl-c now unless you really know what you are doing.\n"); for (i = 10; i > 0; i--) { printf("Continuing in %d seconds.\r", i); (void)fflush(stdout); sleep(1); } } else { printf("Don't run as root (or pass --dangerous if you know what you are doing).\n"); exit(EXIT_FAILURE); } } if (do_specific_proto == TRUE) find_specific_proto(specific_proto_optarg); init_buffers(); parse_devices(); pids_init(); setup_main_signals(); if (check_tainted() != 0) { output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n"); ignore_tainted = TRUE; } /* just in case we're not using the test.sh harness. */ chmod("tmp/", 0755); ret = chdir("tmp/"); if (!ret) { /* nothing right now */ } if (shm->exit_reason != STILL_RUNNING) goto cleanup_fds; init_watchdog(); do_main_loop(); waitpid(shm->watchdog_pid, &childstatus, 0); printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n", shm->total_syscalls_done - 1, shm->successes, shm->failures); ret = EXIT_SUCCESS; cleanup_fds: for (i = 0; i < nr_sockets; i++) { struct linger ling; ling.l_onoff = FALSE; /* linger active */ setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger)); shutdown(shm->socket_fds[i], SHUT_RDWR); close(shm->socket_fds[i]); } destroy_maps(); if (logging == TRUE) close_logfiles(); out: exit(ret); }