static void lt_request_cli(void *arg)
{
int ret;
lthread_t *lt = NULL;
proxy_conn_t *priv_conn = proxy_conn_create(-1, 1);
proxy_conn_t *proxy_conn = (proxy_conn_t*)arg;
DEFINE_LTHREAD;
lthread_detach();
fprintf(stderr, "request new client\n");
ret = tcp_dial_ipv4(&priv_conn->conn, "192.168.6.1:80");
if(0 != ret) {
proxy_conn_free(priv_conn);
proxy_conn_free(proxy_conn);
return;
}
fprintf(stderr, "dial priv conn ok\n");
priv_conn->other = proxy_conn;
proxy_conn->other = priv_conn;
//lthread_create(<1, (void*)lt_proxy_loop, (void*)priv_conn);
lthread_create(<, (void*)lt_proxy_loop, (void*)proxy_conn);
lt_proxy_loop(priv_conn);
lthread_join(lt, NULL, LTHREAD_FOREVER);
void* data = NULL;
kstring_t *buf = NULL;
while(0 == chan_recv(priv_conn->write_ch, &data)) {
if(data != NULL) {
buf = (kstring_t*)data;
ks_free(buf);
free(buf);
} else {
//mark as end
break;
}
}
while(0 == chan_recv(proxy_conn->write_ch, &data)) {
if(data != NULL) {
buf = (kstring_t*)data;
ks_free(buf);
free(buf);
} else {
//mark as end
break;
}
}
proxy_conn_free(priv_conn);
proxy_conn_free(proxy_conn);
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ks_engine *ks;
ks_err err;
size_t count;
unsigned char *encode = NULL;
size_t size;
char * assembler;
if (outfile == NULL) {
// we compute the output
outfile = fopen("/dev/null", "w");
if (outfile == NULL) {
printf("failed opening /dev/null\n");
abort();
}
}
if (Size < 1) {
return 0;
}
err = ks_open(KS_ARCH_PPC, KS_MODE_PPC32+KS_MODE_BIG_ENDIAN, &ks);
if (err != KS_ERR_OK) {
printf("ERROR: failed on ks_open(), quit error = %u\n", err);
abort();
}
ks_option(ks, KS_OPT_SYNTAX, Data[Size-1]);
assembler = malloc(Size);
memcpy(assembler, Data, Size-1);
//null terminate string
assembler[Size-1] = 0;
if (ks_asm(ks, assembler, 0, &encode, &size, &count) != KS_ERR_OK) {
fprintf(outfile, "ERROR: ks_asm() failed & count = %lu, error = %u\n",
count, ks_errno(ks));
} else {
size_t i;
fprintf(outfile, "%s = ", assembler);
for (i = 0; i < size; i++) {
fprintf(outfile, "%02x ", encode[i]);
}
fprintf(outfile, "\n");
fprintf(outfile, "Compiled: %lu bytes, statements: %lu\n", size, count);
}
free(assembler);
// NOTE: free encode after usage to avoid leaking memory
if (encode != NULL) {
ks_free(encode);
}
// close Keystone instance when done
ks_close(ks);
return 0;
}
int main(int argc, char **argv) {
int ks_arch = KS_ARCH_X86, ks_mode = KS_MODE_64;
char *assembly = ".=x;.=x;1:";
ks_engine *ks;
ks_err err = ks_open(ks_arch, ks_mode, &ks);
if (!err) {
size_t count, size;
unsigned char *insn;
ks_asm(ks, assembly, 0, &insn, &size, &count);
ks_free(insn);
}
ks_close(ks);
}
int main(int argc, char **argv) {
int ks_arch = KS_ARCH_X86, ks_mode = KS_MODE_64;
char *assembly = "{[x*mm0";
ks_engine *ks;
ks_err err = ks_open(ks_arch, ks_mode, &ks);
if (!err) {
size_t count, size;
unsigned char *insn;
if (ks_asm(ks, assembly, 0, &insn, &size, &count))
printf("ERROR: failed on ks_asm() with error = %s, code = %u\n", ks_strerror(ks_errno(ks)), ks_errno(ks));
ks_free(insn);
}
ks_close(ks);
}
int main(int argc, char **argv) {
int ks_arch = KS_ARCH_ARM, ks_mode = KS_MODE_LITTLE_ENDIAN;
char *assembly = "LDr AH1I,=jHGQ,=2,=r,=GQ,=1111111111111112,=ey,=2,=eQ,=rQ',=r,=";
ks_engine *ks;
ks_err err = ks_open(ks_arch, ks_mode, &ks);
if (!err) {
size_t count, size;
unsigned char *insn;
if (ks_asm(ks, assembly, 0, &insn, &size, &count))
printf("ERROR: failed on ks_asm() with error = %s, code = %u\n", ks_strerror(ks_errno(ks)), ks_errno(ks));
ks_free(insn);
}
ks_close(ks);
return 0;
}
int main(int argc, char **argv) {
int ks_arch = KS_ARCH_SYSTEMZ, ks_mode = KS_MODE_LITTLE_ENDIAN;
unsigned char assembly[] = {
'J', '-', '9', 'e', 'e', 0x00,
};
ks_engine *ks;
ks_err err = ks_open(ks_arch, ks_mode, &ks);
if (!err) {
size_t count, size;
unsigned char *insn;
if (ks_asm(ks, (char *)assembly, 0, &insn, &size, &count))
printf("ERROR: failed on ks_asm() with error = %s, code = %u\n", ks_strerror(ks_errno(ks)), ks_errno(ks));
ks_free(insn);
}
ks_close(ks);
return 0;
}
int main(int argc, char **argv) {
int ks_arch = KS_ARCH_X86, ks_mode = KS_MODE_64;
unsigned char assembly[] = {
0x12, ';', 0x12, 'i', ';', '.', 'i', 'R', 'p', ' ',
'e', 'm', 'i', 'R', 'p', ',', 0xca, 0xe9, ',', 'I',
'=', 0x00,
};
ks_engine *ks;
ks_err err = ks_open(ks_arch, ks_mode, &ks);
if (!err) {
size_t count, size;
unsigned char *insn;
if (ks_asm(ks, (char *)assembly, 0, &insn, &size, &count))
printf("ERROR: failed on ks_asm() with error = %s, code = %u\n", ks_strerror(ks_errno(ks)), ks_errno(ks));
ks_free(insn);
}
ks_close(ks);
return 0;
}
uint8 ks_device_close(KS_DEVICE_HANDLE device_handle)
{
uint8 err;
if(device_handle == (KS_DEVICE_HANDLE)NULL){
return KS_DEVICE_CLOSE_ERR;
}
if(device_handle->can_shared == NOT_CAN_SHARED){
ks_sem_waitfor(device_handle->device_sem,0,&err);
}
if(device_handle->open_count>0){
device_handle->open_count --;
}
device_handle->state = "close";
device_handle->deivce_op.device_close();
ks_free(device_handle);
if(device_handle->can_shared == NOT_CAN_SHARED){
ks_sem_sendmsg(device_handle->device_sem);
ks_sem_delete(device_handle->device_sem,KS_DEL_ALWAYS,&err);
}
return KS_DEVICE_CLOSE_NO_ERR;
}
static int test_ks(ks_arch arch, int mode, const char *assembly, int syntax)
{
ks_engine *ks;
ks_err err = KS_ERR_ARCH;
size_t count;
unsigned char *encode;
size_t size;
err = ks_open(arch, mode, &ks);
if (err != KS_ERR_OK) {
printf("ERROR: failed on ks_open(), quit\n");
return -1;
}
if (syntax)
ks_option(ks, KS_OPT_SYNTAX, syntax);
if (ks_asm(ks, assembly, 0, &encode, &size, &count)) {
printf("ERROR: failed on ks_asm() with count = %lu, error code = %u\n", count, ks_errno(ks));
} else {
size_t i;
printf("%s = ", assembly);
for (i = 0; i < size; i++) {
printf("%02x ", encode[i]);
}
printf("\n");
printf("Assembled: %lu bytes, %lu statements\n\n", size, count);
}
// NOTE: free encode after usage to avoid leaking memory
ks_free(encode);
// close Keystone instance when done
ks_close(ks);
return 0;
}
static void lt_proxy_loop_write(void* arg)
{
proxy_conn_t *proxy = (proxy_conn_t*)arg;
//proxy_conn_t *other = proxy->other;
proxy_server *srv = &g_srv;
int ret;
lthread_chan_t* chans[3];
void* msgs[3];
kstring_t *buf = NULL;
lthread_sel_t* sel = lthread_sel_create();
chans[0] = proxy->write_ch;
chans[1] = proxy->die_ch;
chans[2] = srv->die_ch;
fprintf(stderr, "%s#%d started\n", __FUNCTION__, __LINE__);
while(!proxy->is_die) {
ret = chan_select(sel, chans, msgs, 0, 3, LTHREAD_FOREVER);
switch(ret) {
case 0:
//recv channel ok
buf = msgs[0];
if(NULL == buf && chan_is_closed(chans[0])) {
//channel closed
ret = -10;
fprintf(stderr, "%s#%d chan closed priv=%d\n", __FUNCTION__, __LINE__, proxy->is_priv);
break;
}
assert(NULL != buf);
//fprintf(stderr, "recv new writer\n");
ret = net_conn_write(&proxy->conn.base, (uint8_t*)buf->s, buf->l, LTHREAD_FOREVER);
if(ret <= 0) {
fprintf(stderr, "write failed ret=%d priv=%d\n", ret, proxy->is_priv);
ret = -11;
}
ks_free(buf);
free(buf);
buf = NULL;
break;
case 1:
//proxy already die
ret = -12;
break;
case 2:
//server already die
ret = -13;
break;
default:
break;
}
//after switch
if(ret < 0) {
fprintf(stderr, "%s#%d error is_priv=%d ret=%d\n", __FUNCTION__, __LINE__, proxy->is_priv, ret);
break;
}
}
if(NULL != buf) {
ks_free(buf);
free(buf);
}
assert(0 == chan_size(chans[0]));
if(!proxy->is_die) {
proxy->is_die = 1;
chan_close(proxy->die_ch);
}
net_conn_shutdown(&proxy->conn.base);
lthread_sel_dispose(sel);
}
static void lt_proxy_loop_read(void* arg)
{
proxy_conn_t *proxy = (proxy_conn_t*)arg;
proxy_conn_t *other = proxy->other;
proxy_server *srv = &g_srv;
kstring_t *buf = NULL;
int ret, n;
lthread_chan_t* chans[3];
void* msgs[3];
lthread_sel_t* sel = lthread_sel_create();
chans[0] = other->write_ch;
chans[1] = proxy->die_ch;
chans[2] = srv->die_ch;
fprintf(stderr, "%s#%d started\n", __FUNCTION__, __LINE__);
while(!proxy->is_die) {
buf = (kstring_t*)calloc(1, sizeof(kstring_t));
ks_resize(buf, 4096);
n = net_conn_read(&proxy->conn.base, (uint8_t*)buf->s, (int)buf->m, (uint64_t)10000);
if(n <= 0) {
fprintf(stderr, "recv error n=%d priv=%d\n", n, proxy->is_priv);
break;
} else {
buf->l = n;
msgs[0] = buf;
ret = chan_select(sel, chans, msgs, 1, 2, (uint64_t)10000);
switch(ret) {
case 0:
//send ok
buf = NULL;
//fprintf(stderr, "send new writer\n");
break;
case 1:
//proxy die
ret = -10;
break;
case 2:
//server die
ret = -11;
break;
default:
break;
}
if(ret < 0) {
fprintf(stderr, "%s#%d error ret=%d is_priv=%d\n", __FUNCTION__, __LINE__, ret, proxy->is_priv);
break;
}
}
}
if(NULL != buf) {
ks_free(buf);
free(buf);
buf = NULL;
}
chan_close(other->write_ch);
if(!proxy->is_die) {
proxy->is_die = 1;
chan_close(proxy->die_ch);
}
lthread_sel_dispose(sel);
}
ks_event * ks_mutex_delete(ks_event*pevent,uint8 opt,uint8 *error)
{
#if KS_CRITICAL_METHOD == 3
KS_CPU_SR cpu_sr;
#endif
uint8 thread_waiting;
if(int_nesting > 0) /*确保中断服务程子程序无法调用*/
{
*error = KS_MUTEX_WAIT_ISR;
return ((ks_event*)0);
}
#if KS_CHECK_EN > 0 /*是否支持条件检验 */
if(pevent == (ks_event*)0) /*事件控制块指针为空 */
{
*error = KS_EVENT_TYPE_NULL;
return ((ks_event*)0);
}
#endif
if(pevent->event_type != KS_EVENT_TYPE_MUTEX) /*确保事件控制块的类型是队列 */
{
*error = KS_MUTEX_TYPE_ERROR;
return ((ks_event*)0);
}
KS_ENTER_CRITICAL();
if(pevent->event_wait_num != 0) /*检查消息队列中是否有线程在等待消息*/
{
thread_waiting = KS_TRUE; /*有线程在等待消息 */
}
else
{
thread_waiting = KS_FALSE; /*没有线程在等待消息 */
}
switch(opt)
{
case KS_DEL_NO_WAIT:/*仅在没有线程等待消息时才删除消息队列 */
if(thread_waiting == KS_FALSE)
{
KS_EXIT_CRITICAL();
ks_free(pevent->event_wait_list); /*释放事件等待链表的空间 */
ks_free(pevent); /*释放事件控制块的空间 */
*error = KS_NO_ERROR;
return ((ks_event*)0);
}
else
{
KS_EXIT_CRITICAL();
*error = KS_DEL_THREAD_WAITING; /*返回错误消息*/
return (pevent);
}
case KS_DEL_ALWAYS:
while(pevent->event_wait_num != 0) /*将所有等待消息的线程都置于就绪*/
{
ks_event_ready(pevent,(void*)0,KS_STATE_WAIT_MUTEX);
}
KS_EXIT_CRITICAL();
ks_free(pevent->event_wait_list); /*释放事件等待链表的空间*/
ks_free(pevent); /*释放事件控制块的空间*/
if(thread_waiting == KS_TRUE)
{
ks_schedule(); /*若有任务在等待消息,就调度一次*/
}
*error = KS_NO_ERROR;
return ((ks_event*)0);
default: /*其它情况*/
KS_EXIT_CRITICAL();
*error = KS_ERROR_INVALID_OPT;
return (pevent);
}
}
static int keystone_assemble(RAsm *a, RAsmOp *ao, const char *str, ks_arch arch, ks_mode mode) {
ks_err err = KS_ERR_ARCH;
bool must_init = false;
size_t count, size;
ut8 *insn = NULL;
if (!ks_arch_supported (arch)) {
return -1;
}
must_init = true; //!oldcur || (a->cur != oldcur || oldbit != a->bits);
oldcur = a->cur;
oldbit = a->bits;
if (must_init) {
if (ks) {
ks_close (ks);
ks = NULL;
}
err = ks_open (arch, mode, &ks);
if (err || !ks) {
eprintf ("Cannot initialize keystone\n");
ks_free (insn);
if (ks) {
ks_close (ks);
ks = NULL;
}
return -1;
}
}
if (!ks) {
ks_free (insn);
if (ks) {
ks_close (ks);
ks = NULL;
}
return -1;
}
if (a->syntax == R_ASM_SYNTAX_ATT) {
ks_option (ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_ATT);
} else {
ks_option (ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_NASM);
}
int rc = ks_asm (ks, str, a->pc, &insn, &size, &count);
if (rc) {
eprintf ("ks_asm: %s\n", ks_strerror ((ks_err)ks_errno (ks)));
ks_free (insn);
if (ks) {
ks_close (ks);
ks = NULL;
}
return -1;
}
memcpy (ao->buf, insn, R_MIN (size, sizeof (ao->buf) -1));
ks_free (insn);
if (ks) {
ks_close (ks);
ks = NULL;
}
return size;
}
/*----------------------------------------------------------------------*
_rtp_free
*----------------------------------------------------------------------*/
void _rtp_free (void * ptr)
{
ks_free((PFBYTE)ptr, 0, 0);
}
int main(int argc, char **argv)
{
ks_engine *ks;
ks_err err = KS_ERR_ARCH;
char *mode, *assembly = NULL;
uint64_t start_addr = 0;
char *input = NULL;
size_t count;
unsigned char *insn = NULL;
size_t size;
if (argc == 2) {
// handle code from stdin
#if !defined(WIN32) && !defined(WIN64) && !defined(_WIN32) && !defined(_WIN64)
int flags;
size_t index = 0;
char buf[1024];
mode = argv[1];
if ((flags = fcntl(STDIN_FILENO, F_GETFL, 0)) == -1)
flags = 0;
fcntl(STDIN_FILENO, F_SETFL, flags | O_NONBLOCK);
while(fgets(buf, sizeof(buf), stdin)) {
input = (char*)realloc(input, index + strlen(buf));
if (!input) {
printf("Failed to allocate memory.");
return 1;
}
memcpy(&input[index], buf, strlen(buf));
index += strlen(buf);
}
fcntl(STDIN_FILENO, F_SETFL, flags);
assembly = input;
if (!assembly) {
usage(argv[0]);
return -1;
}
#else // Windows does not handle code from stdin
usage(argv[0]);
return -1;
#endif
} else if (argc == 3) {
// kstool <arch> <assembly>
mode = argv[1];
assembly = argv[2];
} else if (argc == 4) {
// kstool <arch> <assembly> <address>
char *temp;
mode = argv[1];
assembly = argv[2];
start_addr = strtoull(argv[3], &temp, 16);
if (temp == argv[3] || *temp != '\0' || errno == ERANGE) {
printf("ERROR: invalid address argument, quit!\n");
return -2;
}
} else {
usage(argv[0]);
return -1;
}
if (!strcmp(mode, "x16")) {
err = ks_open(KS_ARCH_X86, KS_MODE_16, &ks);
}
if (!strcmp(mode, "x32")) {
err = ks_open(KS_ARCH_X86, KS_MODE_32, &ks);
}
if (!strcmp(mode, "x64")) {
err = ks_open(KS_ARCH_X86, KS_MODE_64, &ks);
}
if (!strcmp(mode, "x16att")) {
err = ks_open(KS_ARCH_X86, KS_MODE_16, &ks);
if (!err) {
ks_option(ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_ATT);
}
}
if (!strcmp(mode, "x32att")) {
err = ks_open(KS_ARCH_X86, KS_MODE_32, &ks);
if (!err) {
ks_option(ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_ATT);
}
}
if (!strcmp(mode, "x64att")) {
err = ks_open(KS_ARCH_X86, KS_MODE_64, &ks);
if (!err) {
ks_option(ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_ATT);
}
}
if (!strcmp(mode, "x16nasm")) {
err = ks_open(KS_ARCH_X86, KS_MODE_16, &ks);
if (!err) {
ks_option(ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_NASM);
}
}
if (!strcmp(mode, "x32nasm")) {
err = ks_open(KS_ARCH_X86, KS_MODE_32, &ks);
if (!err) {
ks_option(ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_NASM);
}
}
if (!strcmp(mode, "x64nasm")) {
err = ks_open(KS_ARCH_X86, KS_MODE_64, &ks);
if (!err) {
ks_option(ks, KS_OPT_SYNTAX, KS_OPT_SYNTAX_NASM);
}
}
if (!strcmp(mode, "arm")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_ARM+KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "armbe")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_ARM+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "thumb")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_THUMB+KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "thumbbe")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_THUMB+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "armv8")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_ARM+KS_MODE_LITTLE_ENDIAN+KS_MODE_V8, &ks);
}
if (!strcmp(mode, "armv8be")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_ARM+KS_MODE_BIG_ENDIAN+KS_MODE_V8, &ks);
}
if (!strcmp(mode, "thumbv8")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_THUMB+KS_MODE_LITTLE_ENDIAN+KS_MODE_V8, &ks);
}
if (!strcmp(mode, "thumbv8be")) {
err = ks_open(KS_ARCH_ARM, KS_MODE_THUMB+KS_MODE_BIG_ENDIAN+KS_MODE_V8, &ks);
}
if (!strcmp(mode, "arm64")) {
err = ks_open(KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "hex") || !strcmp(mode, "hexagon")) {
err = ks_open(KS_ARCH_HEXAGON, KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "mips")) {
err = ks_open(KS_ARCH_MIPS, KS_MODE_MIPS32+KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "mipsbe")) {
err = ks_open(KS_ARCH_MIPS, KS_MODE_MIPS32+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "mips64")) {
err = ks_open(KS_ARCH_MIPS, KS_MODE_MIPS64+KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "mips64be")) {
err = ks_open(KS_ARCH_MIPS, KS_MODE_MIPS64+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "ppc32be")) {
err = ks_open(KS_ARCH_PPC, KS_MODE_PPC32+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "ppc64")) {
err = ks_open(KS_ARCH_PPC, KS_MODE_PPC64+KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "ppc64be")) {
err = ks_open(KS_ARCH_PPC, KS_MODE_PPC64+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "sparc")) {
err = ks_open(KS_ARCH_SPARC, KS_MODE_SPARC32+KS_MODE_LITTLE_ENDIAN, &ks);
}
if (!strcmp(mode, "sparcbe")) {
err = ks_open(KS_ARCH_SPARC, KS_MODE_SPARC32+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "sparc64be")) {
err = ks_open(KS_ARCH_SPARC, KS_MODE_SPARC64+KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "systemz") || !strcmp(mode, "sysz") || !strcmp(mode, "s390x")) {
err = ks_open(KS_ARCH_SYSTEMZ, KS_MODE_BIG_ENDIAN, &ks);
}
if (!strcmp(mode, "evm")) {
err = ks_open(KS_ARCH_EVM, 0, &ks);
}
if (err) {
printf("ERROR: failed on ks_open()\n");
usage(argv[0]);
return -1;
}
if (ks_asm(ks, assembly, start_addr, &insn, &size, &count)) {
printf("ERROR: failed on ks_asm() with count = %zu, error = '%s' (code = %u)\n", count, ks_strerror(ks_errno(ks)), ks_errno(ks));
} else {
size_t i;
printf("%s = [ ", assembly);
for (i = 0; i < size; i++) {
printf("%02x ", insn[i]);
}
printf("]\n");
//printf("Assembled: %lu bytes, %lu statement(s)\n", size, count);
}
// NOTE: free insn after usage to avoid leaking memory
if (insn != NULL) {
ks_free(insn);
}
// close Keystone instance when done
ks_close(ks);
free(input);
return 0;
}
