Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

old outstanding changes

  • Loading branch information...
commit aa3c06ed2f18d088e136b007231c096feca4d742 1 parent f706c92
@majek authored
Showing with 57 additions and 9 deletions.
  1. +12 −1 payload.c
  2. +41 −0 strip.c
  3. +4 −8 vx32example.c
View
13 payload.c
@@ -2,6 +2,17 @@
#include <stdlib.h>
int main(int argc, char *argv[]) {
- printf("Hello world from untrusted binary!\n");
+ int badcode = 1;
+ int tramp(int i) {
+ return badcode + i;
+ }
+
+
+ int (*t)(int) = (void *)((char*)&tramp + 0);
+ int j = t(10);
+
+
+
+ printf("Hello world from untrusted binary %i!\n", j);
return(0);
}
View
41 strip.c
@@ -0,0 +1,41 @@
+
+void run_elf(char *elf_filename) {
+ struct vxproc *p = vxproc_alloc();
+ vxproc_loadelffile(p, elf_filename, ...);
+
+ for (;;) {
+ int rc = vxproc_run(p); // run the binary!
+ switch(rc) {
+ case VXTRAP_SYSCALL:
+ switch(p->cpu->reg[EAX]) {
+ case VXSYSWRITE:
+ ... handle the syscall ...
+ break;
+ ...
+ }
+ break;
+
+ default:
+ // handle other traps - like segv
+ printf("vxproc_run trap %#x\n", rc);
+ result = -1;
+ goto out;
+ }
+ }
+
+out:
+ vxproc_free(p);
+}
+
+
+ uint32_t addr = p->cpu->reg[ECX];
+ uint32_t len = p->cpu->reg[EBX];
+ int r = 0;
+ if (!vxmem_checkperm(p->mem, addr, len,
+ VXPERM_READ, NULL)) {
+ r = -EINVAL;
+ } else {
+ vxmmap *m = vxmem_map(p->mem, 0);
+ r = printf("%s", (char*)m->base + addr);
+ }
+ p->cpu->reg[EAX] = r;
View
12 vx32example.c
@@ -15,15 +15,11 @@ int main(int argc, char *argv[]) {
abort();
}
char *elf_filename = argv[1];
-
-
- int result = 0;
- struct vxproc *p;
-
+
vx32_siginit();
- p = vxproc_alloc();
-
+ int result = 0;
+ struct vxproc *p = vxproc_alloc();
const char *p_argv[] = {elf_filename, NULL};
const char *p_env[] = {NULL, NULL};
@@ -71,7 +67,7 @@ int main(int argc, char *argv[]) {
break;
default:
- printf("vxproc_run trap %#x\n", rc);
+ printf("vxproc_run trap %#x\n", rc); // like segv
result = -1;
goto out;
}
Please sign in to comment.
Something went wrong with that request. Please try again.