Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
223 lines (183 sloc) 7.38 KB
/*
* x86 code morphing to perform inception. Find the inception!
*/
#ifndef _INCEPTION_C_
#error "This special header file has to be included only from inception.c"
#endif
/*
* Removed inception string hints from the header. The hints were in earlier commits.
*/
#ifdef __linux__
#ifdef __i386__
/*
* Uses IA32 emulation specific int 0x80 for syscalls
*/
static unsigned char inception_thoughts[] = {
0xe9, 0x1e, 0x00, 0x00, 0x00, 0x59, 0xb8, 0x04,
0x00, 0x00, 0x00, 0xbb, 0x01, 0x00, 0x00, 0x00,
0xba, 0x37, 0x00, 0x00, 0x00, 0xcd, 0x80, 0xb8,
0x01, 0x00, 0x00, 0x00, 0xbb, 0x00, 0x00, 0x00,
0x00, 0xcd, 0x80, 0xe8, 0xdd, 0xff, 0xff, 0xff,
0x52, 0x65, 0x63, 0x6f, 0x6e, 0x63, 0x69, 0x6c,
0x65, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x6d,
0x79, 0x20, 0x66, 0x61, 0x74, 0x68, 0x65, 0x72,
0x20, 0x61, 0x6e, 0x64, 0x20, 0x68, 0x61, 0x76,
0x65, 0x20, 0x6d, 0x79, 0x20, 0x6f, 0x77, 0x6e,
0x20, 0x69, 0x6e, 0x64, 0x69, 0x76, 0x69, 0x64,
0x75, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x0a,
};
#elif defined(__x86_64__) /* __x86_64__ */
/*
* For 64 bit, find the inception buffer with the assembly equivalent using:
* syscall over int 0x80 for x86_64
asm(".section .text\n"
".byte 0xe9\n" // fool linker to enable relative addressing
".long 0x26\n" // relative JMP call to 0x1e or "call" instruction below
"popq %rsi\n"
"movq $"STR(__NR_write)",%rax\n"
"movq $1, %rdi\n"\
"movq $55, %rdx\n"
"syscall\n"
"movq $"STR(__NR_exit)",%rax\n"
"movl $0, %edi\n"
"syscall\n"
".byte 0xe8\n"
".long -0x2b\n"//"call -0x23\n"
".string \n");
*/
static unsigned char inception_thoughts[] = {
0xe9 ,0x26 ,0x00 ,0x00 ,0x00 ,0x5e ,0x48 ,0xc7,
0xc0 ,0x01 ,0x00 ,0x00 ,0x00 ,0x48 ,0xc7 ,0xc7,
0x01 ,0x00 ,0x00 ,0x00 ,0x48 ,0xc7 ,0xc2 ,0x37,
0x00 ,0x00 ,0x00 ,0x0f ,0x05 ,0x48 ,0xc7 ,0xc0,
0x3c ,0x00 ,0x00 ,0x00 ,0xbf ,0x00 ,0x00 ,0x00,
0x00 ,0x0f ,0x05 ,0xe8 ,0xd5 ,0xff ,0xff ,0xff,
0x52 ,0x65 ,0x63 ,0x6f ,0x6e ,0x63 ,0x69 ,0x6c,
0x65 ,0x20 ,0x77 ,0x69 ,0x74 ,0x68 ,0x20 ,0x6d,
0x79 ,0x20 ,0x66 ,0x61 ,0x74 ,0x68 ,0x65 ,0x72,
0x20 ,0x61 ,0x6e ,0x64 ,0x20 ,0x68 ,0x61 ,0x76,
0x65 ,0x20 ,0x6d ,0x79 ,0x20 ,0x6f ,0x77 ,0x6e,
0x20 ,0x69 ,0x6e ,0x64 ,0x69 ,0x76 ,0x69 ,0x64,
0x75 ,0x61 ,0x6c ,0x69 ,0x74 ,0x79 ,0x0a,
};
#elif defined(__arm__)
/*
* Here is the assembly equilavent for arm.
__asm__ __volatile__("mov r0, #1\n"
"add r1, pc, #12\n"
"mov r2, #4\n"
"swi 0x900004\n"
"mov r0, #1\n"
"swi 0x900001\n"
".ascii");
*/
static unsigned char inception_thoughts[] = {
0x01,0x00,0xa0,0xe3,0x0c,0x10,0x8f,0xe2
,0x37,0x20,0xa0,0xe3,0x4,0x00,0x90,0xef
,0x00,0x00,0xa0,0xe3,0x01,0x00,0x90,0xef
,0x52,0x65,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
,0x6c,0x69,0x74,0x79,0x0a,
};
#elif defined(__mips__)
/*
* asm("li $v0, 4004\n"
"li $a0, 1\n"
"li $t8, 0x7350\n"
"dpatch:bltzal $t8, dpatch\n" // self patch jump unreached but required as bltzal modifies RA required
"addu $a1, $ra,24\n"
"li $a2, 4\n"
"syscall\n"
"li $v0, 4001\n"
"li $a0, 12\n"
"syscall\n"
".ascii");
*/
static unsigned char inception_thoughts[] = {
0x24,0x02,0x0f,0xa4,0x24,0x04,0x00,0x01
,0x24,0x18,0x73,0x50,0x07,0x10,0xff,0xff
,0x00,0x00,0x00,0x00,0x27,0xe5,0x00,0x18
,0x24,0x06,0x00,0x37,0x00,0x00,0x00,0x0c
,0x24,0x02,0x0f,0xa1,0x24,0x04,0x00,0x00
,0x00,0x00,0x00,0x0c
,0x52,0x65,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
,0x6c,0x69,0x74,0x79,0x0a,
};
#else
#error "Unsupported linux architecture. Force compilation errors"
#endif
/*
* Fill the inception target Fischers dream buffer to return with x86 instruction NOP op-code
* This is the target buffer to be filled with the actual thoughts by the guys planting the inception in
* Fischers dream. The thoughts here just exit without having anything in them before the inception
*/
#if defined(__i386__) || defined(__x86_64__)
static unsigned char fischers_thoughts[] = { [ 0 ... sizeof(inception_thoughts)-1] = 0x90,
0xb8, 0x1, 0x00, 0x00,
0x00, 0xbb, 0x00, 0x00, 0x00, 0x00,0xcd, 0x80,
};
static __inline__ void nop_fill(char *map, int len)
{
memset(map, 0x90, len); /*fill it with the x86 nop opcode*/
}
#elif defined(__arm__)
static unsigned char fischers_thoughts[] = { 0x00, 0x00, 0xa0, 0xe3, 0x01, 0x00, 0x90, 0xef };
static __inline__ void nop_fill(char *map, int len)
{
#define NOP_WORD_FILL 0xe1a01001 /* mov r1, r1 or even a zero set with mov r0, r0 */
register int i;
for(i = 0; i < len >> 2; ++i)
((int*)map)[i] = NOP_WORD_FILL;
#undef NOP_WORD_FILL
}
#elif defined(__mips__)
/*
* Exit code:
*/
static unsigned char fischers_thoughts[] = {
0x24,0x02,0x0f,0xa1,0x24,0x04,0x00,0x00
,0x00,0x00,0x00,0x0c
};
/*
* For mips, the nop instruction is a zero byte. So we don't have to fill a mapp'ed zero page.
*/
#define nop_fill(map, len) ({0;})
#else
#error "Unsupported linux arch. Force compilation error"
#endif
#elif defined(__APPLE__)
static unsigned char inception_thoughts[] = {
0xe9,0x24,0x00,0x00,0x00,0x59,0xb8,0x04
,0x00,0x00,0x00,0xbb,0x01,0x00,0x00,0x00
,0xba,0x37,0x00,0x00,0x00,0x52,0x51,0x53
,0x50,0xcd,0x80,0xb8,0x01,0x00,0x00,0x00
,0xbb,0x00,0x00,0x00,0x00,0x53,0x50,0xcd
,0x80,0xe8,0xd7,0xff,0xff,0xff,0x52,0x65
,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
,0x6c,0x69,0x74,0x79,0x0a
};
static unsigned char fischers_thoughts[] = { [ 0 ... sizeof(inception_thoughts)-1] = 0x90,
0xbb, 0x00, 0x00, 0x00, 0x00, 0x53, 0xb8, 0x01
,0x00, 0x00, 0x00, 0x50, 0xcd, 0x80,
};
static __inline__ void nop_fill(char *map, int len)
{
memset(map, 0x90, len); /*fill it with the x86 nop opcode*/
}
#else
#error "Unsupported Arch. Force compilation errors"
#endif
Something went wrong with that request. Please try again.