void pr_signals_block(void) {
if (sigs_nblocked == 0) {
mask_signals(TRUE);
pr_trace_msg("signal", 5, "signals blocked");
} else {
pr_trace_msg("signal", 9, "signals already blocked (block count = %u)",
sigs_nblocked);
}
sigs_nblocked++;
}
void pr_signals_unblock(void) {
if (sigs_nblocked == 0) {
pr_trace_msg("signal", 5, "signals already unblocked");
return;
}
if (sigs_nblocked == 1) {
mask_signals(FALSE);
pr_trace_msg("signal", 5, "signals unblocked");
} else {
pr_trace_msg("signal", 9, "signals already unblocked (block count = %u)",
sigs_nblocked);
}
sigs_nblocked--;
}
int main(int argc, char* argv[])
{
int ret;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n");
#ifdef __x86_64__
syscalls = syscalls_x86_64;
max_nr_syscalls = NR_X86_64_SYSCALLS;
#elif __i386__
syscalls = syscalls_i386;
max_nr_syscalls = NR_I386_SYSCALLS;
#elif __powerpc__
syscalls = syscalls_ppc;
#elif __ia64__
syscalls = syscalls_ia64;
#elif __sparc__
syscalls = syscalls_sparc;
#else
syscalls = syscalls_i386;
#endif
progname = argv[0];
parse_args(argc, argv);
if (getuid() == 0) {
if (dangerous == 1) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (create_shm())
exit(EXIT_FAILURE);
if (logging != 0)
open_logfiles();
max_nr_syscalls = NR_SYSCALLS;
for (i = 0; i < max_nr_syscalls; i++)
syscalls[i].entry->number = i;
if (desired_group == GROUP_VM) {
struct syscalltable *newsyscalls;
int count = 0, j = 0;
for (i = 0; i < max_nr_syscalls; i++) {
if (syscalls[i].entry->group == GROUP_VM)
count++;
}
newsyscalls = malloc(count * sizeof(struct syscalltable));
if (newsyscalls == NULL)
exit(EXIT_FAILURE);
for (i = 0; i < max_nr_syscalls; i++) {
if (syscalls[i].entry->group == GROUP_VM)
newsyscalls[j++].entry = syscalls[i].entry;
}
max_nr_syscalls = count;
syscalls = newsyscalls;
}
if (!do_specific_syscall)
output("Fuzzing %d syscalls.\n", max_nr_syscalls);
if (do_specific_syscall == 1)
find_specific_syscall();
if (do_specific_proto == 1)
find_specific_proto();
if (show_syscall_list == 1) {
syscall_list();
exit(EXIT_SUCCESS);
}
page_size = getpagesize();
if (!seed)
seed_from_tod();
else
output("[%d] Random seed: %u (0x%x)\n", getpid(), seed, seed);
init_buffers();
mask_signals();
setup_fds();
if (check_tainted() != 0) {
output("Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
do_check_tainted = 1;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
main_loop();
printf("\nRan %ld syscalls (%ld retries). Successes: %ld Failures: %ld\n",
shm->execcount - 1, shm->retries, shm->successes, shm->failures);
shmdt(shm);
destroy_maps();
for (i = 0; i < socks; i++)
close(socket_fds[i]);
if (logging != 0)
close_logfiles();
exit(EXIT_SUCCESS);
}
/// Constructor that sets up signal masking.
signals::interrupts_inhibiter::interrupts_inhibiter(void)
{
PRE(!interrupts_inhibiter_active);
mask_signals();
interrupts_inhibiter_active = true;
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
unsigned int i;
printf("Trinity v" __stringify(VERSION) " Dave Jones <*****@*****.**> 2012\n");
progname = argv[0];
setup_syscall_tables();
parse_args(argc, argv);
/* If we didn't pass -c or -x, mark all syscalls active. */
if ((do_specific_syscall == FALSE) && (do_exclude_syscall == FALSE))
mark_all_syscalls_active();
if (getuid() == 0) {
if (dangerous == TRUE) {
printf("DANGER: RUNNING AS ROOT.\n");
printf("Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS\n");
printf("or similar which could potentially make this machine unbootable without a firmware reset.\n\n");
printf("ctrl-c now unless you really know what you are doing.\n");
for (i = 10; i > 0; i--) {
printf("Continuing in %d seconds.\r", i);
(void)fflush(stdout);
sleep(1);
}
} else {
printf("Don't run as root (or pass --dangerous if you know what you are doing).\n");
exit(EXIT_FAILURE);
}
}
if (create_shm())
exit(EXIT_FAILURE);
/* Set seed in parent thread*/
set_seed(0);
if (desired_group != GROUP_NONE) {
ret = setup_syscall_group(desired_group);
if (ret == FALSE) {
ret = EXIT_FAILURE;
goto cleanup_shm;
}
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto cleanup_shm;
}
if (validate_syscall_tables() == FALSE) {
printf("No syscalls were enabled!\n");
printf("Use 32bit:%d 64bit:%d\n", use_32bit, use_64bit);
goto cleanup_shm;
}
sanity_check_tables();
if (logging == TRUE)
open_logfiles();
if (do_specific_syscall == FALSE) {
if (biarch == TRUE)
output(0, "Fuzzing %d 32-bit syscalls & %d 64-bit syscalls.\n",
max_nr_32bit_syscalls, max_nr_64bit_syscalls);
else
output(0, "Fuzzing %d syscalls.\n", max_nr_syscalls);
}
if (do_specific_proto == TRUE)
find_specific_proto(specific_proto_optarg);
page_size = getpagesize();
init_buffers();
mask_signals();
if (check_tainted() != 0) {
output(0, "Kernel was tainted on startup. Will keep running if trinity causes an oops.\n");
do_check_tainted = TRUE;
}
/* just in case we're not using the test.sh harness. */
chmod("tmp/", 0755);
ret = chdir("tmp/");
if (!ret) {
/* nothing right now */
}
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
do_main_loop();
printf("\nRan %ld syscalls. Successes: %ld Failures: %ld\n",
shm->total_syscalls_done - 1, shm->successes, shm->failures);
ret = EXIT_SUCCESS;
cleanup_fds:
for (i = 0; i < nr_sockets; i++) {
struct linger ling;
ling.l_onoff = FALSE; /* linger active */
setsockopt(shm->socket_fds[i], SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger));
shutdown(shm->socket_fds[i], SHUT_RDWR);
close(shm->socket_fds[i]);
}
destroy_maps();
if (logging == TRUE)
close_logfiles();
cleanup_shm:
if (shm != NULL)
munmap(shm, sizeof(struct shm_s));
exit(ret);
}
int Interpret(const char *cmd, int redirect,char *target,int bg)
{
//解析执行一条命令
//cmd中包含两部分,一是命令执行文件本省,第二是argv[]
if(strlen(cmd)==0) return 1;
int argc;
char **argv=ResolveCmd(cmd,&argc);
if(!strcmp(argv[0],"cd"))
{
if(argc>1) ChangeDir(argv[1]);
else //开启文件导航系统
{
char finalpath[path_max];
Navigation(finalpath);
ChangeDir(finalpath);
}
}
else if(!strcmp(argv[0],"jobs"))
{
ShowJobs();
}
else if(!strcmp(argv[0],"fg"))
{ //前台运行
ForeGround(argv[1]);
}
else if(!strcmp(argv[0],"stop"))
StopPid(argv[1]);
else if(!strcmp(argv[0],"continue"))
ContinuePid(argv[1]);
else if(!strcmp(argv[0],"bg")) //后台继续运行
ContinuePid(argv[1]);
else if(!strcmp(argv[0],"history"))
catHistory();
else if(!strcmp(argv[0],"echopath"))
EchoPath();
else if(!strcmp(argv[0],"addpath"))
AddPath(argv[1]);
else if(!strcmp(argv[0],"exit"))
return Exit();
else
{
int i=0,find=0;
char filepath[PATH_MAX+1]={'\0'};
find=isEXE(argv[0]); //输入的命令是否带'/',可能指向EXEfile
if(find)
strcpy(filepath,argv[0]);
else //从环境变量的目录中搜索
{
while(!find && i<envpath_num)
{
//依次从各个环境变量的路径中寻找
find=SearchFile(envpath[i++],argv[0],filepath);
}
}
if(find && bg==0) //找到命令,前台运行
{
int pid=fork(); run_pid=pid; strcpy(run_cmd,cmd);
if(pid>0) {
waitpid(pid,NULL,WUNTRACED); run_pid=0; run_cmd[0]='\0';
}
else
{
if(redirect==1) OutputRedirect(target);
else if(redirect==0) InputRedirect(target);
mask_signals(); //子进程屏蔽信号
if(execv(filepath,argv)==-1)
printf("不能打开指定文件\n");
exit(0);
}
}
else if(find && bg==1) //找到命令,后台运行
{
//后台运行
int pid=fork();
if(pid>0)
{
//父进程把后台进程添加到job管理系统中
int pos=0; //找空位置,优先填满前面被删掉的位置
while(pos<jobmanager.jobnum && jobmanager.jobs[pos].status>0)
pos++;
//结果是pos占到了jobnum之前的被删位置,或者是pos==jobnum
jobmanager.jobs[pos].pid=pid;
int i=0;
for(;i<strlen(cmd);i++)
jobmanager.jobs[pos].cmd[i]=cmd[i]; //保存cmd信息
jobmanager.jobs[pos].cmd[i++]='&'; //保存cmd信息
jobmanager.jobs[pos].cmd[i]='\0'; //结尾
jobmanager.jobs[pos].status=1; //正常运行
if(pos==jobmanager.jobnum) {
jobmanager.jobnum++; //只有pos开辟了新的坑位时,才占位
if(jobmanager.jobnum>jobnum_max)
printf("jobs中的后台程序即将达到上限\n");
}
printf("[%d] %d\n",pos+1,pid);
}
else
{
//子进程负责后台执行
if(redirect==1) OutputRedirect(target);
else if(redirect==0) InputRedirect(target);
mask_signals(); //信号屏蔽
if(execv(filepath,argv)==-1)
printf("不能打开指定文件\n");
exit(0);
//有个问题:子进程退了之后,父进程怎么查询?会出现相同pid的情况吗?貌似不会
}
}
else printf("Unknwon cmd.\n");
}
//程序结束后要清理argv
int i=0;
for(;i<argc;i++)
{
free(argv[i]);
}
free(argv);
return 1;
}
