ea_t find_string(char *search_str) { char text[512]; qsnprintf(text, sizeof(text), "\"%s\"", search_str); ea_t ret = find_binary(0x06000000, 0x06100000, text, 0, SEARCH_DOWN | SEARCH_CASE); if (ret == BADADDR) return find_binary(0x00200000, 0x00300000, text, 0, SEARCH_DOWN | SEARCH_CASE); return ret; }
int main() { int arraysize = 10 * 1000; int *parray = (int*)malloc(sizeof(int) * arraysize); // 生成随机数组 //gen_randomarray(parray,arraysize); gen_unirandom_array(parray,arraysize); // 打印数组 //print_array(parray,arraysize); // sort array sort_shell(parray,arraysize); //保存需要查找的数据 srand(time(0)); int findindex = rand() % arraysize; int findval = parray[findindex]; int findedindex = -1; findedindex = find_seq(parray,arraysize,findval); printf("find_seq :finedindex:%d,realindex:%d\n",findedindex,findindex); //print_array(parray,arraysize); findedindex = find_binary(parray,arraysize,findval); printf("find_binary :finedindex:%d,realindex:%d\n",findedindex,findindex); return 0; }
static void test_exec_privatenetwork(Manager *m) { int r; r = find_binary("ip", NULL); if (r < 0) { log_error_errno(r, "Skipping test_exec_privatenetwork, could not find ip binary: %m"); return; } test(m, "exec-privatenetwork-yes.service", 0, CLD_EXITED); }
static void test_exec_capabilityboundingset(Manager *m) { int r; /* We use capsh to test if the capabilities are * properly set, so be sure that it exists */ r = find_binary("capsh", NULL); if (r < 0) { log_error_errno(r, "Skipping test_exec_capabilityboundingset, could not find capsh binary: %m"); return; } test(m, "exec-capabilityboundingset-simple.service", 0, CLD_EXITED); test(m, "exec-capabilityboundingset-reset.service", 0, CLD_EXITED); test(m, "exec-capabilityboundingset-merge.service", 0, CLD_EXITED); test(m, "exec-capabilityboundingset-invert.service", 0, CLD_EXITED); }
int expand_command(const char* command, int* argc, char ***argv, int *using_a_script, const char** env) { char **command_argv = *argv; int command_argc = *argc; int running_script = *using_a_script; const char *full_filepath; if (!strncmp(command, "#!", 2)) { // We are running a shell script command char *filename = strdup("/tmp/babysitter.XXXXXXX"); int size, fd = -1; FILE *sfp; // Note for the future cleanup, that we'll be running a script to cleanup running_script = 1; // Make a tempfile in the filename format // printf("writing a tempfile: %s\n", filename); if ((fd = mkstemp(filename)) == -1 || (sfp = fdopen(fd, "w+")) == NULL) { if (fd != -1) { unlink(filename); close(fd); } fprintf(stderr, "Could not open tempfile: %s\n", filename); return -1; } size = strlen(command); // Print the command into the file if (fwrite(command, size, 1, sfp) == -1) { fprintf(stderr, "Could not write command to tempfile: %s\n", filename); return -1; } fclose(sfp); // Close the file descriptor close(fd); // Modify the command to match call the filename // should we chown? /* if (chown(filename, m_user, m_group) != 0) { #ifdef DEBUG fprintf(stderr, "Could not change owner of '%s' to %d\n", m_script_file.c_str(), m_user); #endif } */ // Make it executable if (chmod(filename, 040700) != 0) { fprintf(stderr, "Could not change permissions to '%s' %o\n", filename, 040700); } // Run in a new process command_argv = (char **) malloc(1 * sizeof(char *)); command_argv[0] = strdup(filename); command_argv[1] = NULL; command_argc = 1; free(filename); } else { int prefix; char *cp, *cmdname, *expanded_command; char *path = NULL; // get bare command for path lookup for (cp = (char *) command; *cp && !isspace(*cp); cp++) ; prefix = cp - command; cmdname = calloc(prefix, sizeof(char)); strncpy(cmdname, command, prefix); // Extract the PATH, if given if (env) { char **tmp_env = (char**)env; while(*tmp_env != NULL) { if (!strncmp(*tmp_env, "PATH=", 5)) { // Get past the first PATH= // GROSS - pointer arithmatic path = (*tmp_env + sizeof(char)*5); break; } tmp_env++; } } // expand command name to full path full_filepath = find_binary(cmdname, path); // build invocable command with args expanded_command = calloc(strlen(full_filepath) + strlen(command + prefix) + 1, sizeof(char)); strcat(expanded_command, full_filepath); strcat(expanded_command, command + prefix); command_argv = (char **) malloc(4 * sizeof(char *)); command_argv[0] = strdup(getenv("SHELL")); command_argv[1] = "-c"; command_argv[2] = expanded_command; command_argv[3] = NULL; command_argc = 3; } *argc = command_argc; *argv = command_argv; *using_a_script = running_script; return 0; }
// Find RTTI objects by signature ea_t find_RTTI(ea_t start_ea, ea_t end_ea) { // "2E 3F 41 56" == .?AV return find_binary(start_ea, end_ea, "2E 3F 41 56", getDefaultRadix(), SEARCH_DOWN); }
int expand_command(const char* command, int* argc, char ***argv, int *using_a_script) { char **command_argv = *argv; int command_argc = *argc; int running_script = *using_a_script; const char *full_filepath; if (!strncmp(command, "#!", 2)) { // We are running a shell script command char *filename = NULL; int size, fd; // Note for the future cleanup, that we'll be running a script to cleanup running_script = 1; snprintf(filename, 40, "/tmp/babysitter.XXXXXXXXX"); // Make a tempfile in the filename format if ((fd = mkstemp(filename)) == -1) { fprintf(stderr, "Could not open tempfile: %s\n", filename); return -1; } size = strlen(command); // Print the command into the file if (write(fd, command, size) == -1) { fprintf(stderr, "Could not write command to tempfile: %s\n", filename); return -1; } // Confirm that the command is written if (fsync(fd) == -1) { fprintf(stderr, "fsync failed for tempfile: %s\n", filename); return -1; } // Close the file descriptor close(fd); // Modify the command to match call the filename // should we chown? /* if (chown(filename, m_user, m_group) != 0) { #ifdef DEBUG fprintf(stderr, "Could not change owner of '%s' to %d\n", m_script_file.c_str(), m_user); #endif } */ // Make it executable if (chmod(filename, 040700) != 0) { fprintf(stderr, "Could not change permissions to '%s' %o\n", filename, 040700); } // Run in a new process command_argv[0] = filename; command_argv[1] = NULL; command_argc = 1; } else { int prefix; char *cp, *cmdname, *expanded_command; // get bare command for path lookup for (cp = (char *) command; *cp && !isspace(*cp); cp++) ; prefix = cp - command; cmdname = calloc(prefix, sizeof(char)); strncpy(cmdname, command, prefix); // expand command name to full path full_filepath = find_binary(cmdname); // build invocable command with args expanded_command = calloc(strlen(full_filepath) + strlen(command + prefix) + 1, sizeof(char)); strcat(expanded_command, full_filepath); strcat(expanded_command, command + prefix); command_argv = (char **) malloc(4 * sizeof(char *)); command_argv[0] = strdup(getenv("SHELL")); command_argv[1] = "-c"; command_argv[2] = expanded_command; command_argv[3] = NULL; command_argc = 3; } *argc = command_argc; *argv = command_argv; *using_a_script = running_script; return 0; }
int main(int argc, char** argv) { s32 opt; u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0; u32 tcnt; char** use_argv; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQ")) > 0) switch (opt) { case 'o': if (out_file) FATAL("Multiple -o options not supported"); out_file = optarg; break; case 'm': { u8 suffix = 'M'; if (mem_limit_given) FATAL("Multiple -m options not supported"); mem_limit_given = 1; if (!strcmp(optarg, "none")) { mem_limit = 0; break; } if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 || optarg[0] == '-') FATAL("Bad syntax used for -m"); switch (suffix) { case 'T': mem_limit *= 1024 * 1024; break; case 'G': mem_limit *= 1024; break; case 'k': mem_limit /= 1024; break; case 'M': break; default: FATAL("Unsupported suffix or bad syntax for -m"); } if (mem_limit < 5) FATAL("Dangerously low value of -m"); if (sizeof(rlim_t) == 4 && mem_limit > 2000) FATAL("Value of -m out of range on 32-bit systems"); } break; case 't': if (timeout_given) FATAL("Multiple -t options not supported"); timeout_given = 1; if (strcmp(optarg, "none")) { exec_tmout = atoi(optarg); if (exec_tmout < 20 || optarg[0] == '-') FATAL("Dangerously low value of -t"); } break; case 'e': if (edges_only) FATAL("Multiple -e options not supported"); edges_only = 1; break; case 'q': if (quiet_mode) FATAL("Multiple -q options not supported"); quiet_mode = 1; break; case 'Z': /* This is an undocumented option to write data in the syntax expected by afl-cmin. Nobody else should have any use for this. */ cmin_mode = 1; quiet_mode = 1; break; case 'A': /* Another afl-cmin specific feature. */ at_file = optarg; break; case 'Q': if (qemu_mode) FATAL("Multiple -Q options not supported"); if (!mem_limit_given) mem_limit = MEM_LIMIT_QEMU; qemu_mode = 1; break; default: usage(argv[0]); } if (optind == argc || !out_file) usage(argv[0]); setup_shm(); setup_signal_handlers(); set_up_environment(); find_binary(argv[optind]); if (!quiet_mode) { show_banner(); ACTF("Executing '%s'...\n", target_path); } detect_file_args(argv + optind); if (qemu_mode) use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind); else use_argv = argv + optind; run_target(use_argv); tcnt = write_results(); if (!quiet_mode) { if (!tcnt) FATAL("No instrumentation detected" cRST); OKF("Captured %u tuples in '%s'." cRST, tcnt, out_file); } exit(child_crashed * 2 + child_timed_out); }
/** Build the chroot at the path **/ bool WorkerBee::build_chroot(const std::string &path, uid_t user, gid_t group, string_set &executables, string_set &extra_dirs) { // Make the root path make_path(strdup(path.c_str())); string_set already_copied; std::string full_path; // The base directories string_set base_dirs; base_dirs.insert("bin"); base_dirs.insert("usr"); base_dirs.insert("var"); base_dirs.insert("lib"); base_dirs.insert("home"); base_dirs.insert("etc"); // Add the extra directories requested for (string_set::iterator dir = extra_dirs.begin(); dir != extra_dirs.end(); ++dir) base_dirs.insert(dir->c_str()); for (string_set::iterator dir = base_dirs.begin(); dir != base_dirs.end(); ++dir) { if ((*dir->c_str()) == '/') full_path = path + *dir; else full_path = path + '/' + *dir; // Make the paths make_path(full_path.c_str()); } // Build the root libraries for (string_set::iterator executable = executables.begin(); executable != executables.end(); ++executable) { // If we are pointed at an absolute path to a binary // then find the linked libraries of the executable // If it's not found, then find it, then look up the libraries std::string res_bin; if (abs_path(*executable)) res_bin = *executable; else { res_bin = find_binary(*executable); } // The libraries for the resolved binary bee_files_set *s_libs = libs_for(res_bin); // collect the libraries and copy them to the full path of the chroot for (bee_files_set::iterator bf = s_libs->begin(); bf != s_libs->end(); ++bf) { BeeFile bee = *bf; std::string s (bee.file_path()); // Don't copy if the file is already copied if (already_copied.count(s)) { } else { // If it is a symlink, then make a symlink, otherwise copy the file // If the library starts with a '/' then don't add one, otherwise, do // i.e. if libs/hi.so.1 turns into full_path/libs/hi.so.1 otherwise libs.so.1 turns into full_path/libs.so.1 if (s.c_str()[0] == '/') full_path = path + s.c_str(); else full_path = path + '/' + s.c_str(); if (bee.is_link()) { // make symlink make_path(dirname(strdup(full_path.c_str()))); if (symlink(bee.sym_origin().c_str(), full_path.c_str())) { fprintf(stderr, "Could not make a symlink: %s to %s because %s\n", bee.sym_origin().c_str(), full_path.c_str(), strerror(errno)); } } else { // Copy the file (recursively) cp_r(s, full_path); } // Change the permissions to match the original file struct stat file_stats = bee.file_stats(); mode_t mode = file_stats.st_mode; if (chown(full_path.c_str(), user, group) != 0) { fprintf(stderr, "Could not change owner of '%s' to %i\n", full_path.c_str(), user); } if (chmod(full_path.c_str(), mode) != 0) { fprintf(stderr, "Could not change permissions to '%s' %o\n", full_path.c_str(), mode); } // Add it to the already_copied set and move on already_copied.insert(s); } } // Copy the executables and make them executable std::string bin_path = path + '/' + res_bin; cp_r(res_bin.c_str(), bin_path.c_str()); if (chown(bin_path.c_str(), user, group) != 0) { fprintf(stderr, "Could not change owner of '%s' to %i\n", bin_path.c_str(), user); } if (chmod(bin_path.c_str(), S_IREAD|S_IEXEC|S_IXGRP|S_IRGRP|S_IWRITE)) { fprintf(stderr, "Could not change permissions to '%s' make it executable\n", bin_path.c_str()); } } return true; }
bee_files_set *WorkerBee::libs_for(const std::string &executable) { std::pair<string_set *, string_set *> *dyn_libs; // If we are pointed at an absolute path to a binary // then find the linked libraries of the executable // If it's not found, then find it, then look up the libraries if (abs_path(executable)) dyn_libs = linked_libraries(executable); else { std::string bin = find_binary(executable); dyn_libs = linked_libraries(bin); } //string_set *libs = new string_set(); bee_files_set *libs = new bee_files_set(); // iterate through string_set obj = *dyn_libs->first; struct stat lib_stat; char link_buf[1024]; // Go through the libs for (string_set::iterator ld = obj.begin(); ld != obj.end(); ++ld) { string_set paths = *dyn_libs->second; // Go through each of the paths for (string_set::iterator pth = paths.begin(); pth != paths.end(); ++pth) { std::string path (*pth); std::string full_path = *pth+'/'+*ld; if (fopen(full_path.c_str(), "rb") != NULL) { // Create a bee_file object BeeFile bf; bf.set_file_path(full_path.c_str()); // Make sure the file can be "stat'd" if (stat(full_path.c_str(), &lib_stat) < 0) { fprintf(stderr, "[lstat] Error: %s: %s\n", full_path.c_str(), strerror(errno)); } bf.set_file_stats(lib_stat); // Are we looking at a symlink // if ((lib_stat.st_mode & S_IFMT) == S_IFLNK) { if (S_ISLNK(lib_stat.st_mode)) { memset(link_buf, 0, 1024); if (!readlink(full_path.c_str(), link_buf, 1024)) { fprintf(stderr, "[readlink] Error: %s: %s\n", full_path.c_str(), strerror(errno)); } /** If we are looking at a symlink, then create a new BeeFile object and * insert it into the library path, noting that the other is a symlink **/ std::string link_dir (dirname(strdup(full_path.c_str()))); // std::string link_path (link_buf); std::string link_path; if (path == "") link_path = link_dir + "/" + link_buf; else link_path = (path+"/"+link_buf); BeeFile lbf; // Set the data on the BeeFile object lbf.set_file_path(link_path.c_str()); // full_path.c_str() bf.set_file_path(full_path.c_str()); // This is redundant, but just for clarity bf.set_sym_origin(link_buf); bf.set_is_link(true); libs->insert(lbf); } else { bf.set_is_link(false); } libs->insert(bf); break; // We found it! Move on, yo } } } return libs; }
int main(int argc, char* argv[]) { _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; _cleanup_free_ char *description = NULL, *command = NULL; int r, retval = EXIT_SUCCESS; log_parse_environment(); log_open(); r = parse_argv(argc, argv); if (r <= 0) goto finish; if (argc > optind && arg_transport == BUS_TRANSPORT_LOCAL) { /* Patch in an absolute path */ r = find_binary(argv[optind], &command); if (r < 0) { log_error_errno(r, "Failed to find executable %s: %m", argv[optind]); goto finish; } argv[optind] = command; } if (!arg_description) { description = strv_join(argv + optind, " "); if (!description) { r = log_oom(); goto finish; } if (arg_unit && isempty(description)) { r = free_and_strdup(&description, arg_unit); if (r < 0) goto finish; } arg_description = description; } /* If --wait is used connect via the bus, unconditionally, as ref/unref is not supported via the limited direct * connection */ if (arg_wait) r = bus_connect_transport(arg_transport, arg_host, arg_user, &bus); else r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus); if (r < 0) { log_error_errno(r, "Failed to create bus connection: %m"); goto finish; } if (arg_scope) r = start_transient_scope(bus, argv + optind); else if (with_timer()) r = start_transient_timer(bus, argv + optind); else r = start_transient_service(bus, argv + optind, &retval); finish: strv_free(arg_environment); strv_free(arg_property); strv_free(arg_timer_property); return r < 0 ? EXIT_FAILURE : retval; }