Permalink
Browse files

Support for MacOSX and it now correctly dumps Fischers inception thou…

…ght at the end in OSX also. Had to generate another inception_thoughts opcode buffer specific to OSX once I figured that OSX pushes syscall arguments into the stack before int 0x80. Also remove hints with respect to Fischers inception thought dumped in the last output line as thats for users to find :-)
  • Loading branch information...
1 parent 16ee812 commit d0e148cb22588ff869f54b6ff3c41128c2325661 @karthick18 committed Jul 28, 2010
Showing with 43 additions and 69 deletions.
  1. +43 −69 inception.h
View
@@ -1,67 +1,21 @@
/*
- * x86 code morphing to perform inception. Hints in this file. Find the inception!
+ * x86 code morphing to perform inception. Find the inception!
*/
#ifndef _INCEPTION_C_
#error "This special header file has to be included only from inception.c"
#endif
/*
- * Fill the inception target Fischers dream buffer to return with x86 instruction NOP op-code
- * This is the target buffer to be filled with the actual thoughts by the guys planting the inception in
- * Fischers dream
+ * Removed inception string hints from the header. The hints were in earlier commits.
*/
+#ifdef __linux__
-#define __STR(X) #X
-#define STR(X) __STR(X) /*: Use 32 bit syscall number for the interrupt syscall*/
-#if 0
-__asm__ __volatile__("nop;nop;nop;nop;\n" /* repeated 95 times*/
- "mov $"STR(__NR_exit)", %eax\n"
- "mov $0, %ebx\n"
- "int $0x80");
-
-/*
-(gdb) x/16xb main+8 is the above NOP/exit op code
-0x400e0d <main+8>:0x90 0x90 0x90 0x90 0xb8 0x3c 0x00 0x00
-0x400e15 <main+16>:0x00 0xbb 0x00 0x00 0x00 0x00 0xcd 0x80
-*/
-
-#endif
+#ifdef __i386__
/*
- * For 32 bit using int 0x80, find the assembly equivalent of the opcode buffer.
- asm(".section .text\n"
- ".byte 0xe9\n" // fool linker to enable relative addressing
- ".long 0x1e\n" // relative JMP call to 0x1e or "call" instruction below
- "popl %ecx\n"
- "mov $"STR(__NR_write)",%eax\n"
- "movl $1, %ebx\n"\
- "movl $55, %edx\n"
- "int $0x80\n"
- "movl $"STR(__NR_exit)",%eax\n"
- "movl $0, %ebx\n"
- "int $0x80\n"
- ".byte 0xe8\n"
- ".long -0x23\n"//"call -0x23\n"
- ".string \"Reconcile with my father and have my own individuality\\n\"");
-
-
-(gdb) x/95xb main+4
-0x400f4b <main+4>:0xe90x1e0x000x000x000x590xb80x04
-0x400f53 <main+12>:0x000x000x000xbb0x010x000x000x00
-0x400f5b <main+20>:0xba0x370x000x000x000xcd0x800xb8
-0x400f63 <main+28>:0x010x000x000x000xbb0x000x000x00
-0x400f6b <main+36>:0x000xcd0x800xe80xdd0xff0xff0xff
-0x400f73 <main+44>:0x520x650x630x6f0x6e0x630x690x6c
-0x400f7b <main+52>:0x650x200x770x690x740x680x200x6d
-0x400f83 <main+60>:0x790x200x660x610x740x680x650x72
-0x400f8b <main+68>:0x200x610x6e0x640x200x680x610x76
-0x400f93 <main+76>:0x650x200x6d0x790x200x6f0x770x6e
-0x400f9b <main+84>:0x200x690x6e0x640x690x760x690x64
-0x400fa3 <main+92>:0x750x610x6c0x690x740x790x0a
-*/
-
-#ifdef __i386__
+ * Uses IA32 emulation specific int 0x80 for syscalls
+ */
static unsigned char inception_thoughts[] = {
0xe9, 0x1e, 0x00, 0x00, 0x00, 0x59, 0xb8, 0x04,
@@ -83,22 +37,6 @@ static unsigned char inception_thoughts[] = {
/*
* For 64 bit, find the inception buffer with the assembly equivalent using:
* syscall over int 0x80 for x86_64
- * Find the gdb: x/103xb main+8
- *
- *0x400603 <main+8>: 0xe9 0x26 0x00 0x00 0x00 0x5e 0x48 0xc7
-0x40060b <main+16>: 0xc0 0x01 0x00 0x00 0x00 0x48 0xc7 0xc7
-0x400613 <main+24>: 0x01 0x00 0x00 0x00 0x48 0xc7 0xc2 0x37
-0x40061b <main+32>: 0x00 0x00 0x00 0x0f 0x05 0x48 0xc7 0xc0
-0x400623 <main+40>: 0x3c 0x00 0x00 0x00 0xbf 0x00 0x00 0x00
-0x40062b <main+48>: 0x00 0x0f 0x05 0xe8 0xd5 0xff 0xff 0xff
-0x400633 <main+56>: 0x52 0x65 0x63 0x6f 0x6e 0x63 0x69 0x6c
-0x40063b <main+64>: 0x65 0x20 0x77 0x69 0x74 0x68 0x20 0x6d
-0x400643 <main+72>: 0x79 0x20 0x66 0x61 0x74 0x68 0x65 0x72
-0x40064b <main+80>: 0x20 0x61 0x6e 0x64 0x20 0x68 0x61 0x76
-0x400653 <main+88>: 0x65 0x20 0x6d 0x79 0x20 0x6f 0x77 0x6e
-0x40065b <main+96>: 0x20 0x69 0x6e 0x64 0x69 0x76 0x69 0x64
-0x400663 <main+104>: 0x75 0x61 0x6c 0x69 0x74 0x79 0x0a
-
asm(".section .text\n"
".byte 0xe9\n" // fool linker to enable relative addressing
".long 0x26\n" // relative JMP call to 0x1e or "call" instruction below
@@ -112,7 +50,7 @@ static unsigned char inception_thoughts[] = {
"syscall\n"
".byte 0xe8\n"
".long -0x2b\n"//"call -0x23\n"
- ".string \"Reconcile with my father and have my own individuality\\n\"");
+ ".string \n");
*/
@@ -134,8 +72,44 @@ static unsigned char inception_thoughts[] = {
#endif
+/*
+ * Fill the inception target Fischers dream buffer to return with x86 instruction NOP op-code
+ * This is the target buffer to be filled with the actual thoughts by the guys planting the inception in
+ * Fischers dream
+ */
+
static unsigned char fischers_thoughts[] = { [ 0 ... sizeof(inception_thoughts)-1] = 0x90,
0xb8, 0x1, 0x00, 0x00,
0x00, 0xbb, 0x00, 0x00, 0x00, 0x00,0xcd, 0x80,
};
+#elif defined(__APPLE__)
+
+static unsigned char inception_thoughts[] = {
+ 0xe9,0x24,0x00,0x00,0x00,0x59,0xb8,0x04
+ ,0x00,0x00,0x00,0xbb,0x01,0x00,0x00,0x00
+ ,0xba,0x37,0x00,0x00,0x00,0x52,0x51,0x53
+ ,0x50,0xcd,0x80,0xb8,0x01,0x00,0x00,0x00
+ ,0xbb,0x00,0x00,0x00,0x00,0x53,0x50,0xcd
+ ,0x80,0xe8,0xd7,0xff,0xff,0xff,0x52,0x65
+ ,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
+ ,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
+ ,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
+ ,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
+ ,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
+ ,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
+ ,0x6c,0x69,0x74,0x79,0x0a
+};
+
+static unsigned char fischers_thoughts[] = { [ 0 ... sizeof(inception_thoughts)-1] = 0x90,
+ 0xbb, 0x00, 0x00, 0x00, 0x00, 0x53, 0xb8, 0x01
+ ,0x00, 0x00, 0x00, 0x50, 0xcd, 0x80,
+};
+
+#else
+
+#error "Unsupported Arch. Force compilation errors"
+
+#endif
+
+

0 comments on commit d0e148c

Please sign in to comment.