Пример #1
0
static struct mpconf *
mpconf(struct mp **mptab)
{
    struct mp     *mp = mpsearch();
    struct mpconf *conf;

    if ((mp) && (mp->conftab)) {
        conf = mp->conftab;
        if (!kmemcmp(conf, "PCMP", 4)) {
            if ((conf->ver == 1 || conf->ver == 4)
                && !mpchksum((uint8_t *)conf, conf->len)) {
                *mptab = mp;

                return conf;
            } else {

                return NULL;
            }
        } else {

            return NULL;
        }
    }

    return NULL;
}
Пример #2
0
Файл: smp.c Проект: q3k/Cucumber 
u64 smp_find_pointer(u64 Start, u64 End)
{
    for (u64 i = Start & ~((u64)0x10); i < End; i += 16)
    {
        u8 Pointer[16];
        physmem_read(i, 16, Pointer);
        
        if (kmemcmp(Pointer, (u8 *)"_MP_", 4) < 0)
        {
            // Found something! Let's calculate the checksum, just to be sure.
            u8 Sum = 0;
            for (u8 j = 0; j < 16; j++)
                Sum += Pointer[j];
            
            if (Sum)
            {
                kprintf("[w] Found SMP pointer, but its checksum was invalid.");
                continue;
            }
            else
            {
                kprintf("[i] Found SMP pointer @0x%x\n", i);
                return i;
            }
        }
    }
    
    return 0;
}
Пример #3
0
Файл: mp.c Проект: aryx/fork-xv6 
// Look for an MP structure in the len bytes at addr.
static struct mp*
mp_search1(uchar *addr, int len)
{
  uchar *e, *p;

  e = addr+len;
  for(p = addr; p < e; p += sizeof(struct mp))
    if(kmemcmp(p, "_MP_", 4) == 0 && sum(p, sizeof(struct mp)) == 0)
      return (struct mp*)p;
  return 0;
}
Пример #4
0
Файл: mp.c Проект: aryx/fork-xv6 
// Search for an MP configuration table.  For now,
// don't accept the default configurations (physaddr == 0).
// Check for correct signature, calculate the checksum and,
// if correct, check the version.
// To do: check extended table checksum.
static struct mpconf*
mp_config(struct mp **pmp)
{
  struct mpconf *conf;
  struct mp *mp;

  if((mp = mp_search()) == 0 || mp->physaddr == 0)
    return 0;
  conf = (struct mpconf*)mp->physaddr;
  if(kmemcmp(conf, "PCMP", 4) != 0)
    return 0;
  if(conf->version != 1 && conf->version != 4)
    return 0;
  if(sum((uchar*)conf, conf->length) != 0)
    return 0;
  *pmp = mp;
  return conf;
}
Пример #5
0
static void assert_memcmp (uword iter)
{
  u8 * s, * d;
  void * s_orig, * d_orig;
  uword i;
  uword size, change;
  word res1, res2;

  for (i = 0; i < iter; i++)
    {
      size = bounded_random_u32 (&g_seed, 1, g_bytes);
      d = alloc_aligned (size, g_align, &d_orig);
      s = alloc_aligned (size, g_align, &s_orig);
      memset (d, 0xba, size);
      memset (s, 0xba, size);
      
      if (size && i % 2 == 0)
	{
	  change = bounded_random_u32 (&g_seed, 0, size - 1);
	  d[change] = 0;
	}
      
      res1 = memcmp8 (d, s, size);
      res2 = kmemcmp (d, s, size);

      if (res1 < 0)
	ASSERT (res2 < 0);
      else if (res1 > 0)
	ASSERT (res2 > 0);
      else
	ASSERT (res2 == 0);

      clib_mem_free_safe (d_orig);
      clib_mem_free_safe (s_orig);
    }

  fformat (stdout, "memcmp() validation successful!\n");
}
Пример #6
0
int MyCommitCred(int ruid, int rgid, signed int a3, int isSelinux)
{

        int v38; // [sp+0h] [bp-60h]@1
        int addrBase;
        char szName[16] = "ihoo.darkytools";
        int offset;
        mycred *my_cred;
        mycred *my_real_cred;
        struct task_security_struct * tsec;
        int ret = -1;

        int searchLenth;

        isSelinux = 1;
        //return 0;
        addrBase = *(int*)(((int)(&v38) & 0xFFFFE000) + 0xC);
        //return addrBase;
        if ( addrBase > 0xBFFFFFFF )
        {

          offset = 0;
          while ( 1 )
          {
            addrBase += 4;
            if ( !kmemcmp(addrBase, szName, 16) )
              break;
            ++offset;
            if ( offset == 0x600 )
            {
              return 18;
            }
          }
        }
        else
                return 17;

        my_cred = *(int*)(addrBase -8);
        my_real_cred = *(int*)(addrBase -8 - 4);


        searchLenth = 0;
        while(searchLenth<0x20){


                        if(!my_cred || !my_real_cred
                                        || my_cred<0xBFFFFFFF || my_real_cred<0xBFFFFFFF
                                       ){
                                        //2.6?

                                        addrBase-=4;


                                        my_cred = *(int*)(addrBase-8 );
                                        my_real_cred = *(int*)(addrBase -8-4);

                        }
                        else
                                break;

                        searchLenth++;
        }

        if(searchLenth == 0x20)
                return 0X20;
                // f**k!! where is my cred???


        my_cred->uid = 0;
        my_cred->gid = 0;
        my_cred->suid = 0;
        my_cred->sgid = 0;
        my_cred->egid = 0;
        my_cred->euid = 0;
        my_cred->fsgid = 0;
        my_cred->fsuid = 0;
        my_cred->securebits=0;
        my_cred->cap_bset.cap[0] = -1;
        my_cred->cap_bset.cap[1] = -1;
        my_cred->cap_inheritable.cap[0] = -1;
        my_cred->cap_inheritable.cap[1] = -1;
        my_cred->cap_permitted.cap[0] = -1;
        my_cred->cap_permitted.cap[1] = -1;
        my_cred->cap_effective.cap[0] = -1;
        my_cred->cap_effective.cap[1] = -1;

        my_real_cred->uid = 0;
        my_real_cred->gid = 0;
        my_real_cred->suid = 0;
        my_real_cred->sgid = 0;
        my_real_cred->egid = 0;
        my_real_cred->euid = 0;
        my_real_cred->fsgid = 0;
        my_real_cred->fsuid = 0;
        my_real_cred->securebits=0;
        my_real_cred->cap_bset.cap[0] = -1;
        my_real_cred->cap_bset.cap[1] = -1;
        my_real_cred->cap_inheritable.cap[0] = -1;
        my_real_cred->cap_inheritable.cap[1] = -1;
        my_real_cred->cap_permitted.cap[0] = -1;
        my_real_cred->cap_permitted.cap[1] = -1;
        my_real_cred->cap_effective.cap[0] = -1;
        my_real_cred->cap_effective.cap[1] = -1;


        if(isSelinux){

                        tsec = my_cred->security;

                        if(tsec && tsec > 0xBFFFFFFF){
                                        tsec->sid = 1;
                                        tsec->exec_sid = 1;

                                        ret = 15;
                        }
                        else {
                                        tsec = (struct task_security_struct*)(*(int*)(0x10 +  (int)&my_cred->security));

                                        if(tsec && tsec > 0xBFFFFFFF){
                                                                            tsec->sid = 1;
                                                                            tsec->exec_sid = 1;

                                                                            ret = 15;
                                                            }
                        }


                        tsec = my_real_cred->security;

                        if(tsec && tsec > 0xBFFFFFFF){
                                        tsec->sid = 1;
                                        tsec->exec_sid = 1;

                                        ret = 15;
                        }else {
                                        tsec = (struct task_security_struct*)(*(int*)(0x10 +  (int)&my_real_cred->security));

                                        if(tsec && tsec > 0xBFFFFFFF){
                                                                            tsec->sid = 1;
                                                                            tsec->exec_sid = 1;

                                                                            ret = 15;
                                                            }
                        }



        }
        else{
                        ret = 16;
        }
        printk("return %d",ret);
        return ret;
}