/* Close the memory device */ int cmd_closemem() { int ret; char buff[BUFSIZ]; char logbuf[BUFSIZ]; time_t uloadt; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); /* Close memory */ ret = kernsh_closemem(); if (ret) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Cannot close memory", -1); if (libkernshworld.open_static) { /* Rip from cmd_unload */ /* Do not unload dependences of files or objects with linkmap entry */ if (hash_size(&libkernshworld.root->parent_hash)) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Unload parent object first", -1); ret = revm_unload_dep(libkernshworld.root, libkernshworld.root); if (!world.state.revm_quiet) { time(&uloadt); snprintf(logbuf, BUFSIZ - 1, "%s [*] Object %-40s unloaded on %s \n", (ret ? "" : "\n"), libkernshworld.root->name, ctime(&uloadt)); revm_output(logbuf); } /* Clean various hash tables of this binary entry and return OK */ hash_del(&file_hash, libkernshworld.root->name); if (hash_get(&world.shared_hash, libkernshworld.root->name)) hash_del(&world.shared_hash, libkernshworld.root->name); else hash_del(&world.curjob->loaded, libkernshworld.root->name); elfsh_unload_obj(libkernshworld.root); libkernshworld.open_static = 0; } memset(buff, '\0', sizeof(buff)); snprintf(buff, sizeof(buff), "%s\n\n", revm_colorfieldstr("[+] CLOSE MEMORY")); revm_output(buff); revm_endline(); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); }
/* Handle the gdt */ int cmd_gdt() { int ret; int index; int i; listent_t *actual; list_t *h; libkernshsgdt_t *sgdt; char buff[BUFSIZ]; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); XALLOC(__FILE__, __FUNCTION__, __LINE__, h, sizeof(list_t), -1); elist_init(h, "cmd_gdt_list", ASPECT_TYPE_UNKNOW); ret = kernsh_gdt(h); memset(buff, '\0', sizeof(buff)); snprintf(buff, sizeof(buff), "%s\n\n", revm_colorfieldstr("[+] GDT")); revm_output(buff); for (i = 0, index = 0, actual = h->head; index < h->elmnbr; i+=8, index++, actual = actual->next) { sgdt = (libkernshsgdt_t *) actual->data; snprintf(buff, sizeof(buff), "%s%s %s %s\n", revm_coloraddress("%.8lX", (eresi_Addr) sgdt->deb), revm_coloraddress("%.8lX", (eresi_Addr) sgdt->fin), revm_colorstr("@"), revm_coloraddress(XFMT, (eresi_Addr) sgdt->addr)); revm_output(buff); revm_endline(); } revm_output("\n"); elist_destroy(h); if (ret) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Cannot get gdt", -1); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); }
/* Handle the sys_call_table */ int cmd_sct() { int ret; int index; listent_t *actual; list_t *h; libkernshsyscall_t *sct; char buff[BUFSIZ]; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); XALLOC(__FILE__, __FUNCTION__, __LINE__, h, sizeof(list_t), -1); elist_init(h, "cmd_sct_list", ASPECT_TYPE_UNKNOW); ret = kernsh_sct(h); memset(buff, '\0', sizeof(buff)); snprintf(buff, sizeof(buff), "%s\n\n", revm_colorfieldstr("[+] SYS_CALL_TABLE")); revm_output(buff); for (index = 0, actual = h->head; index < h->elmnbr; index++, actual = actual->next) { sct = (libkernshsyscall_t *) actual->data; memset(buff, '\0', sizeof(buff)); snprintf(buff, sizeof(buff), "%s %-40s %s %s\n", revm_colornumber("id:%-10u", (unsigned int)index), revm_colortypestr_fmt("%s", sct->name), revm_colorstr("@"), revm_coloraddress(XFMT, (eresi_Addr) sct->addr)); revm_output(buff); revm_endline(); } revm_output("\n"); elist_destroy(h); if (ret) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Cannot get syscalltable", -1); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); }
/** * * @ingroup evarista */ void eva_create_prompt(char *buf, u_int size) { snprintf(buf, size - 1, "%s%s%s%s%s%s%s%s%s%s%s ", revm_colorget("%s", "pspecial", "("), revm_colorget("%s", "psname" , EVARISTA_SNAME), revm_colorget("%s", "pspecial", "-"), revm_colorget("%s", "pversion", REVM_VERSION), revm_colorget("%s", "pspecial", "-"), revm_colorget("%s", "prelease", REVM_RELEASE), revm_colorget("%s", "pspecial", "-"), revm_colorget("%s", "pedition", REVM_EDITION), revm_colorget("%s", "pspecial", "@"), revm_colorget("%s", "psname", world.curjob->ws.name), revm_colorget("%s", "pspecial", ")")); revm_endline(); }
/** * Print a specific type * * @param type * @param mode * @return */ int revm_type_print(char *type, char mode) { aspectype_t *cur; aspectype_t *child; char buf[BUFSIZ]; char prefix[128]; int len; char *size; char offset[128]; int idx; int sz; char *pad; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); cur = hash_get(&types_hash, type); if (!cur) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Unknown type", 0); /* Set up things */ revm_endline(); /* Setup first part of the line */ snprintf(prefix, sizeof(prefix), "%s%s%s", revm_colorfieldstr("{"), revm_colornumber("%u", cur->size), revm_colorfieldstr("}")); len = snprintf(buf, sizeof(buf), " %s %s %-20s %s %-10s", revm_colornumber("id:%-10u", cur->type), revm_colorfieldstr("Type"), revm_colortypestr_fmt("%-20s", type), revm_colorfieldstr("size"), prefix); size = alloca(20); /* If the type is a structure */ if (cur->childs) { len += snprintf(buf + len, sizeof(buf) - len, "%s", revm_colorfieldstr(" = {")); /* Prepare the padding after each field name */ sz = len - revm_color_size(buf) - 16; /* -16 is dirty: some bug in colors */ pad = alloca(sz + 1); memset(pad, ' ', sz); pad[sz] = 0x00; /* For each child field type */ for (child = cur->childs; child; child = child->next) { /* Compute the size field */ if (child->type == ASPECT_TYPE_RAW) snprintf(size, sizeof(size), "%s%s%s", revm_colorfieldstr("["), revm_colornumber("%u", child->size), revm_colorfieldstr("]")); else if (child->dimnbr && child->elemnbr) { for (sz = idx = 0; idx < child->dimnbr; idx++) sz += 20; size = alloca(sz); for (sz = idx = 0; idx < child->dimnbr; idx++) sz += snprintf(size + sz, sz, "%s%s%s", revm_colorfieldstr("["), revm_colornumber("%u", child->elemnbr[idx]), revm_colorfieldstr("]")); } else *size = 0x00; /* Format the whole thing */ if (mode) *offset = 0x00; else snprintf(offset, sizeof(offset), "%s%s", revm_colornumber("%u", child->off), revm_colorfieldstr(":")); len += snprintf(buf + len, sizeof(buf) - len, "%s%s%s%s%s%s%s", offset, revm_colorstr(child->fieldname), revm_colorfieldstr(":"), revm_colortypestr((child->isptr ? "*" : "")), revm_colortypestr(child->name), size, revm_colorfieldstr((child->next ? ",\n" : "}\n\n"))); /* Print field and next padding */ revm_output(buf); revm_endline(); if (child->next) revm_output(pad); *buf = 0x00; len = 0; } } /* Print non-structures types */ else { revm_output(buf); revm_output("\n"); } /* Return success */ PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 1); }
/** * @brief Display relocation entries */ int cmd_rel() { elfshsect_t *sect; elfsh_Rel *rel; regex_t *tmp; char *type; char *typeshort; char *name; u_int index; u_int index2; u_int typenum; char buff[256]; u_int size; revmconst_t *types; char addstr[32]; char logbuf[BUFSIZ]; void *data; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); /* Sanity checks */ sect = elfsh_get_reloc(world.curjob->curfile, 0, &size); if (sect == NULL) RET(-1); /* Choose between global or local regx */ FIRSTREGX(tmp); snprintf(logbuf, BUFSIZ - 1, " [RELOCATION TABLES]\n [Object %s]\n\n", world.curjob->curfile->name); revm_output(logbuf); /* We need to iterate as much as there is .rel* sections */ for (index2 = 0; sect; index2++) { snprintf(logbuf, BUFSIZ - 1, " {Section %s} \n", elfsh_get_section_name(world.curjob->curfile, sect)); revm_output(logbuf); /* Iterate on the .rel entries array for each .rel section */ data = elfsh_readmem(sect); for (index = 0; index < size; index++) { /* Get the current relocation entry */ if (sect->shdr->sh_type == SHT_RELA) { rel = (void *) ((elfsh_Rela *) data + index); snprintf(addstr, sizeof(addstr), "add[%s]", revm_colornumber("%08u", (unsigned int) ((elfsh_Rela *) rel)->r_addend)); } else { rel = (elfsh_Rel *) data + index; addstr[0] = 0x00; } /* Get linked symbol name */ name = elfsh_get_symname_from_reloc(world.curjob->curfile, rel); typenum = elfsh_get_reltype(rel); types = revm_getrelascii(world.curjob->curfile); type = (char *) (typenum > ELFSH_RELOC_MAX(world.curjob->curfile) ? NULL : types[typenum].desc); typeshort = (char *) (typenum > ELFSH_RELOC_MAX(world.curjob->curfile) ? NULL : types[typenum].name); /* Output is different depending on the quiet flag */ if (!world.state.revm_quiet) snprintf(buff, sizeof(buff), " [%s] %s %s %s%s%s : %s %s => %s\n", revm_colornumber("%03u", index), revm_colortypestr_fmt("%-15s", typeshort), revm_coloraddress(XFMT, elfsh_get_reloffset(rel)), revm_colorfieldstr("sym["), revm_colornumber("%03u", elfsh_get_relsym(rel)), revm_colorfieldstr("]"), (name != NULL ? revm_colorstr_fmt("%-30s", name) : revm_colorwarn_fmt("%-30s", "<?>")), addstr, revm_colortypestr(type)); else snprintf(buff, sizeof(buff), " [%s] %s %s %s%s%s : %s %s\n", revm_colornumber("%03u", index), revm_colortypestr_fmt("%-15s", typeshort), revm_coloraddress(XFMT, elfsh_get_reloffset(rel)), revm_colorfieldstr("sym["), revm_colornumber("%03u", elfsh_get_relsym(rel)), revm_colorfieldstr("]"), (name != NULL ? revm_colorstr_fmt("%-22s", name) : revm_colorwarn_fmt("%-22s", "<?>")), addstr); /* Print it if it matchs the regex */ if (NULL == tmp || (tmp != NULL && name != NULL && 0 == regexec(tmp, buff, 0, 0, 0))) switch (revm_output(buff)) { case -1: revm_endline(); revm_output("\n"); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); case -2: revm_endline(); goto next; } revm_endline(); } next: sect = elfsh_get_reloc(world.curjob->curfile, index2 + 1, &size); revm_output("\n"); } revm_output("\n"); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); }
/** * @brief Display a PHT * @param phdr * @param num * @param base */ void revm_pht_print(elfsh_Phdr *phdr, uint16_t num, eresi_Addr base) { elfsh_Shdr *shdr; int shtnum; int index; int index2; char *type; u_int typenum; elfshsect_t *list; regex_t *tmp; char buff[512]; char warnmsg[256]; char logbuf[BUFSIZ]; int check; eresi_Addr addr; eresi_Addr addr_end; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); FIRSTREGX(tmp); /* Primary view (2 modes, depending on the quiet flag) */ for (index = 0; index < num; index++) { typenum = elfsh_get_segment_type(phdr + index); type = (char *) (typenum >= ELFSH_SEGTYPE_MAX ? revm_display_pdesc(typenum) : elfsh_seg_type[typenum].desc); addr = phdr[index].p_vaddr; addr_end = phdr[index].p_vaddr + phdr[index].p_memsz; if (elfsh_is_runtime_mode()) { addr_end += base; addr += base; } /* We check if we have a correct alignment */ check = (addr - phdr[index].p_offset) & (phdr[index].p_align - 1); if (check != 0) snprintf(warnmsg, 255, "Wrong alignment (%d)", check); if (!world.state.revm_quiet) snprintf(buff, sizeof(buff), " %s %s -> %s %c%c%c %s%s%s " "%s%s%s %s%s%s %s%s%s => %s %s\n", revm_colornumber("[%02u]", index), revm_coloraddress(XFMT, addr), revm_coloraddress(XFMT, addr_end), (elfsh_segment_is_readable(&phdr[index]) ? 'r' : '-'), (elfsh_segment_is_writable(&phdr[index]) ? 'w' : '-'), (elfsh_segment_is_executable(&phdr[index]) ? 'x' : '-'), revm_colorfieldstr("memsz("), revm_colornumber(UFMT, phdr[index].p_memsz), revm_colorfieldstr(")"), revm_colorfieldstr("foffset("), revm_colornumber(UFMT, phdr[index].p_offset), revm_colorfieldstr(")"), revm_colorfieldstr("filesz("), revm_colornumber(UFMT, phdr[index].p_filesz), revm_colorfieldstr(")"), revm_colorfieldstr("align("), revm_colornumber(UFMT, phdr[index].p_align), revm_colorfieldstr(")"), revm_colortypestr(type), check != 0 ? revm_colorwarn(warnmsg) : "" ); else snprintf(buff, sizeof(buff), " %s %s -> %s %c%c%c %s%s%s " "%s%s%s %s%s%s\n", revm_colornumber("[%02u]", index), revm_coloraddress(XFMT, addr), revm_coloraddress(XFMT, addr_end), (elfsh_segment_is_readable(&phdr[index]) ? 'r' : '-'), (elfsh_segment_is_writable(&phdr[index]) ? 'w' : '-'), (elfsh_segment_is_executable(&phdr[index]) ? 'x' : '-'), revm_colorfieldstr("memsz("), revm_colornumber(UFMT, phdr[index].p_memsz), revm_colorfieldstr(")"), revm_colorfieldstr("foffset("), revm_colornumber(UFMT, phdr[index].p_offset), revm_colorfieldstr(")"), revm_colorfieldstr("filesz("), revm_colornumber(UFMT, phdr[index].p_filesz), revm_colorfieldstr(")")); if (!tmp || (tmp && !regexec(tmp, buff, 0, 0, 0))) revm_output(buff); revm_endline(); } snprintf(logbuf, BUFSIZ - 1, "\n [SHT correlation]" "\n [Object %s]\n\n", world.curjob->curfile->name); revm_output(logbuf); /* Retreive the sht */ if ((shdr = elfsh_get_sht(world.curjob->curfile, &shtnum)) == 0) PROFILER_OUT(__FILE__, __FUNCTION__, __LINE__); snprintf(logbuf, BUFSIZ - 1, " [*] SHT %s \n", (world.curjob->curfile->shtrb ? "has been rebuilt \n" : "is not stripped \n")); revm_output(logbuf); /* Alternate View */ for (index = 0; index < num; index++, index2 = 0) { typenum = elfsh_get_segment_type(phdr + index); type = (char *) (typenum >= ELFSH_SEGTYPE_MAX ? revm_display_pname(typenum) : elfsh_seg_type[typenum].name); snprintf(logbuf, BUFSIZ - 1, " %s %s \t", revm_colornumber("[%02u]", index), revm_colortypestr_fmt("%-10s", type)); revm_output(logbuf); revm_endline(); /* In SHT */ for (index2 = 0, list = world.curjob->curfile->sectlist; list; list = list->next) if (elfsh_segment_is_parent(list, phdr + index)) { index2++; snprintf(logbuf, BUFSIZ - 1, "%s%s ", (list->shdr->sh_offset + list->shdr->sh_size > phdr[index].p_offset + phdr[index].p_filesz ? "|" : ""), revm_colorstr(elfsh_get_section_name(world.curjob->curfile, list))); revm_output(logbuf); revm_endline(); } /* In RSHT */ for (index2 = 0, list = world.curjob->curfile->rsectlist; list; list = list->next) if (elfsh_segment_is_parent(list, phdr + index)) { index2++; snprintf(logbuf, BUFSIZ - 1, "%s%s ", (list->shdr->sh_addr + list->shdr->sh_size > phdr[index].p_vaddr + phdr[index].p_memsz ? "|" : ""), revm_colorstr(elfsh_get_section_name(world.curjob->curfile, list))); revm_output(logbuf); revm_endline(); } revm_output("\n"); } PROFILER_OUT(__FILE__, __FUNCTION__, __LINE__); }
/** * Print the chosen symbol table * @param file * @param sect * @param tab * @param num * @param regx * @param get_symname * @return */ int ds(elfshobj_t *file, elfshsect_t *sect, u_int num, regex_t *regx, char *(*get_symname)(elfshobj_t *f, elfsh_Sym *s)) { elfsh_Sym *table; char *name; char *type; char *bind; u_int typenum; u_int bindnum; u_int foff; u_int index; char *sect_name; char buff[512]; char off[50]; char type_unk[ERESI_MEANING + 1]; char bind_unk[ERESI_MEANING + 1]; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); /* Sort the table if necessary */ if (world.state.sort != NULL) switch (*world.state.sort) { case ELFSH_SORT_BY_ADDR: table = sect->altdata; break; case ELFSH_SORT_BY_SIZE: table = sect->terdata; break; default: PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Unknown sort mode", -1); } /* Avoid reading inexistant memory in the process for .symtab */ else table = (elfsh_Sym *) (sect->shdr->sh_addr ? elfsh_readmem(sect) : sect->data); /* Browse symtab */ for (index = 0; index < num; index++) { /* Retreive names */ typenum = elfsh_get_symbol_type(table + index); bindnum = elfsh_get_symbol_bind(table + index); type = (char *) (typenum > ELFSH_SYMTYPE_MAX ? revm_build_unknown(type_unk, "type", typenum) : elfsh_sym_type[typenum].desc); bind = (char *) (bindnum >= ELFSH_SYMBIND_MAX ? revm_build_unknown(bind_unk, "type", bindnum) : elfsh_sym_bind[bindnum].desc); name = get_symname(world.curjob->curfile, table + index); sect_name = NULL; sect = elfsh_get_parent_section(world.curjob->curfile, table[index].st_value, NULL); if (sect == NULL && table[index].st_shndx) sect = elfsh_get_section_by_index(world.curjob->curfile, table[index].st_shndx, NULL, NULL); if (sect != NULL) sect_name = elfsh_get_section_name(world.curjob->curfile, sect); /* Fixup names */ if (name == NULL || *name == 0) name = ELFSH_NULL_STRING; if (type == NULL || *type == 0) type = ELFSH_NULL_STRING; if (bind == NULL || *bind == 0) bind = ELFSH_NULL_STRING; if (sect_name == NULL) sect_name = ELFSH_NULL_STRING; foff = (!table[index].st_value ? 0 : elfsh_get_foffset_from_vaddr(world.curjob->curfile, table[index].st_value)); if (sect && sect->shdr->sh_addr != table[index].st_value) snprintf(off, sizeof(off), " + %s", revm_colornumber("%u", (u_int) (table[index].st_value - sect->shdr->sh_addr))); else *off = '\0'; /* Different output depending on the quiet flag */ if (!world.state.revm_quiet) { snprintf(buff, sizeof(buff), " %s %s %s %s %s%s " "%s%s %s%s %s%s => %s%s\n", revm_colornumber("[%03u]", index), revm_coloraddress(XFMT, (eresi_Addr) elfsh_get_symbol_value(table + index) + file->rhdr.base), revm_colortypestr_fmt("%-8s", type), revm_colorstr_fmt("%-40s", name), revm_colorfieldstr("size:"), revm_colornumber("%010u", elfsh_get_symbol_size(table + index)), revm_colorfieldstr("foffset:"), revm_colornumber("%06u", foff), revm_colorfieldstr("scope:"), revm_colortypestr_fmt("%-6s", bind), revm_colorfieldstr("sctndx:"), revm_colornumber("%02u", elfsh_get_symbol_link(table + index)), revm_colorstr(sect_name), off); } else { snprintf(buff, sizeof(buff), " %s %s %s %s %s%s %s%s %s%-6s\n", revm_colornumber("[%03u]", index), revm_coloraddress(XFMT, (eresi_Addr) elfsh_get_symbol_value(table + index) + file->rhdr.base), revm_colortypestr_fmt("%-8s", type), revm_colorstr_fmt("%-15s", name), revm_colorfieldstr("sz:"), revm_colornumber("%06u", elfsh_get_symbol_size(table + index)), revm_colorfieldstr("foff:"), revm_colornumber("%06u", foff), revm_colorfieldstr("scop:"), revm_colortypestr_fmt("%-6s", bind)); } if (regx == NULL || (regx != NULL && regexec(regx, buff, 0, 0, 0) == 0)) { /* If the user ask quit, we just break */ if (revm_output(buff) == -1) break; } revm_endline(); } revm_endline(); revm_output("\n"); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); }
/* Check a hash */ int cmd_kmem_chash() { int i, ret, mode, stype, type, nsize, size, off, origmode, val; char buff[BUFSIZ], buff2[256]; char *param, *str; unsigned long addr; revmexpr_t *expr; revmobj_t *obj; unsigned char origbuffer[BUFSIZ]; char buffhash[BUFSIZ]; unsigned char *hashbuffer; char *tmp; FILE *fd; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); val = 0; memset(buff, '\0', sizeof(buff)); memset(buff2, '\0', sizeof(buff2)); param = world.curjob->curcmd->param[0]; stype = (int)config_get_data(LIBKERNSH_CONFIG_HASH); if (param != NULL) { expr = revm_lookup_param(param, 1); obj = expr->value; if (obj->otype->type == ASPECT_TYPE_STR) { str = (obj->immed ? obj->immed_val.str : obj->get_name(obj->root, obj->parent)); memcpy(buff2, str, sizeof(buff2)); param = buff2; } /* We must get hash in a file ? */ if (!strstr(param, ":")) { fd = fopen(param, "r"); if (fd == NULL) { PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Unable to open file", -1); } while(fgets(buff, sizeof(buff), fd) != NULL) { buff[strlen(buff) - 1] = '\0'; if (buff[0] == '#') continue; if (extract_info(buff, &addr, &mode, &type, &size, &off, origbuffer, sizeof(origbuffer))) { PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Bad format", -1); } /* Switch to the mode where the hash has been done */ origmode = elfsh_get_mode(); elfsh_set_mode(mode); config_update_key(LIBKERNSH_CONFIG_HASH, (void *)type); hashbuffer = kernsh_hash(addr+off, size, &nsize); elfsh_set_mode(origmode); i = 0; tmp = buffhash; while((i < sizeof(buffhash)) && (hashbuffer[i] != '\0')) { sprintf(tmp, "%02x", hashbuffer[i]); i++; tmp += 2; } memset(buff, '\0', sizeof(buff)); if (!strncmp((const char *)origbuffer, (const char *)buffhash, sizeof(origbuffer))) { snprintf(buff, sizeof(buff), "%s @ %s with size = %s and offset = %s\n", revm_colorstr("HASH MATCH @ !"), revm_coloraddress(XFMT, (eresi_Addr) addr), revm_colornumber("%u", size), revm_colornumber("%u", off)); revm_output(buff); revm_endline(); } else { snprintf(buff, sizeof(buff), "%s @ %s with size = %s and offset = %s\n %s != %s\n", revm_colorstr("HASH MISMATCH @ !"), revm_coloraddress(XFMT, (eresi_Addr) addr), revm_colornumber("%u", size), revm_colornumber("%u", off), revm_colorstr((char *)origbuffer), revm_colorstr((char *)buffhash)); revm_output(buff); revm_endline(); val++; } } fclose(fd); } else { if (extract_info(param, &addr, &mode, &type, &size, &off, origbuffer, sizeof(origbuffer))) { PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Bad format", -1); } origmode = elfsh_get_mode(); elfsh_set_mode(mode); config_update_key(LIBKERNSH_CONFIG_HASH, (void *)type); hashbuffer = kernsh_hash(addr+off, size, &nsize); elfsh_set_mode(origmode); i = 0; tmp = buffhash; while((i < sizeof(buffhash)) && (hashbuffer[i] != '\0')) { sprintf(tmp, "%02x", hashbuffer[i]); i++; tmp += 2; } if (hashbuffer == NULL) { PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Unable to make hash", -1); } memset(buff, '\0', sizeof(buff)); if (!strncmp((const char *)origbuffer, (const char *)buffhash, sizeof(origbuffer))) { snprintf(buff, sizeof(buff), "%s @ %s with size = %s and offset = %s\n\n", revm_colorstr("HASH MATCH @ !"), revm_coloraddress(XFMT, (eresi_Addr) addr), revm_colornumber("%u", size), revm_colornumber("%u", off)); revm_output(buff); } else { snprintf(buff, sizeof(buff), "%s @ %s with size = %s and offset = %s\n %s != %s\n\n", revm_colorstr("HASH MISMATCH @ !"), revm_coloraddress(XFMT, (eresi_Addr) addr), revm_colornumber("%u", size), revm_colornumber("%u", off), revm_colorstr((char *)origbuffer), revm_colorstr((char *)buffhash)); revm_output(buff); val++; } } } config_update_key(LIBKERNSH_CONFIG_HASH, (void *)stype); revm_setvar_int(REVM_VAR_RESULT, val); revm_endline(); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, ret); }
/* Make hash ! */ int cmd_kmem_hash() { int i, fd, len, new_size; revmlist_t *actual, *second; char buff[BUFSIZ]; char buffhash[BUFSIZ]; eresi_Addr vaddr; unsigned char *hashbuffer; char *tmp; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); memset(buff, '\0', sizeof(buff)); memset(buffhash, '\0', sizeof(buffhash)); vaddr = -1; actual = world.curjob->curcmd->disasm + 0; second = world.curjob->curcmd->disasm + 1; if (actual->rname) { kernsh_addrlen(actual, &vaddr, &len); hashbuffer = kernsh_hash(vaddr+actual->off, len, &new_size); if (hashbuffer == NULL) { PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Unable to make hash", -1); } i = 0; tmp = buffhash; while(hashbuffer[i] != '\0') { sprintf(tmp, "%02x", hashbuffer[i]); i++; tmp += 2; } snprintf(buff, sizeof(buff), "MD5 @ %s : \n\t%s\n\n", revm_coloraddress(XFMT, (eresi_Addr) vaddr), revm_colorstr((char *)buffhash)); revm_output(buff); snprintf(buff, sizeof(buff), "%s:%s:%s:%s:%s:%s\n\n", revm_coloraddress(XFMT, (eresi_Addr) vaddr), revm_colornumber("%u", libkernshworld.mem), revm_colornumber("%u", (int)config_get_data(LIBKERNSH_CONFIG_HASH)), revm_colornumber("%u", new_size), revm_colornumber("%u", actual->off), revm_colorstr((char *)buffhash)); revm_output(buff); snprintf(buff, sizeof(buff), "0x%lx:%d:%d:%d:%d:%s\n", (unsigned long) vaddr, libkernshworld.mem, (int)config_get_data(LIBKERNSH_CONFIG_HASH), new_size, actual->off, buffhash); revm_setvar_str(REVM_VAR_RESULT, (char *)buffhash); export_var((char *)buffhash, 0, 0, buff, 2); if (second != NULL && second->rname != NULL) { XOPEN(fd, second->rname, O_CREAT|O_APPEND|O_RDWR, 0777, -1); memset(buff, '\0', sizeof(buff)); snprintf(buff, sizeof(buff), "0x%lx:%d:%d:%d:%d:%s\n", (unsigned long) vaddr, libkernshworld.mem, (int)config_get_data(LIBKERNSH_CONFIG_HASH), new_size, actual->off, buffhash); XWRITE(fd, buff, strlen(buff), -1); XCLOSE(fd, -1); } } XFREE(__FILE__, __FUNCTION__, __LINE__, hashbuffer); revm_endline(); PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0); }
/** * Display An instruction. * Runtime compatible * @param fd * @param index * @param vaddr * @param foffset * @param size * @param name * @param nindex * @param buff */ int revm_instr_display(int fd, eresi_Addr vaddr, u_int foffset, u_int size, char *name, u_int symoff, char *buff) { char *s; char buf[256]; u_int idx_bytes; int ret; asm_instr ptr; char base[16] = "0123456789ABCDEF"; char logbuf[BUFSIZ]; char c1[2]; char c2[2]; u_int strsz; int err; PROFILER_IN(__FILE__, __FUNCTION__, __LINE__); if (!buff) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Invalid argument", (-1)); revm_proc_init(); err = 0; /* Print the instr. itself : vaddr and relative symbol resolution */ ret = asm_read_instr(&ptr, (u_char *) buff, size, world.curjob->proc); if (ret == -1) PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__, "Failed to read instruction", ESTD_DISASM_FAILED); s = (!ret ? "(bad)" : asm_display_instr_att(&ptr, vaddr)); /* Libasm test */ if (fd == -1) { /* Are we in quiet mode ? */ if (world.state.revm_quiet) { snprintf(buf, sizeof(buf), " %s %s + %s", revm_coloraddress(XFMT, vaddr), revm_colorstr(name), revm_colornumber("%u", symoff)); size = snprintf(logbuf, BUFSIZ, "%-40s %-30s ", buf, revm_colorinstr(s)); } else { size = snprintf(buf, sizeof(buf), " %s [%s %s] %s + %s", revm_coloraddress(XFMT, vaddr), revm_colorfieldstr("foff:"), revm_colornumber("%u", foffset), revm_colorstr(name), revm_colornumber("%u", symoff)); strsz = strlen(s); size = snprintf(logbuf, BUFSIZ, "%-*s %-*s ", (size > 95 ? 125 : size > 87 ? 100 : size > 75 ? 108 : size > 50 ? 88 : 55), buf, (strsz > 95 ? 125 : strsz > 87 ? 100 : strsz > 75 ? 108 : strsz > 50 ? 88 : 55), revm_colorinstr(s)); } /* Print bytes in hexa for this instruction */ ret = asm_instr_len(&ptr); if (!ret) ret++; if (!world.state.revm_quiet) for (idx_bytes = 0; idx_bytes < (u_int) ret; idx_bytes++) { c1[0] = base[(buff[idx_bytes] >> 4) & 0x0F]; c2[0] = base[buff[idx_bytes] & 0x0F]; c1[1] = c2[1] = 0x00; size += snprintf(logbuf + size, sizeof(logbuf) - size, "%s%s ", revm_colorfieldstr(c1), revm_colorfieldstr(c2)); } if (!world.curjob->curcmd || !world.curjob->curcmd->use_regx[1] || !regexec(&second->name, logbuf, 0, 0, 0)) { snprintf(logbuf + size, sizeof(logbuf) - size, "\n"); err = revm_output(logbuf); } revm_endline(); if (err < 0) PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, err); } else