├── DSL ├── src │ ├── macros │ │ ├── __init__.py │ │ ├── StoreLabelMacro.py │ │ ├── CallAbsMacro.py │ │ └── JmpAbsMacro.py │ ├── writers │ │ ├── __init__.py │ │ ├── CWriter.py │ │ └── BatchedWriter.py │ ├── util.py │ ├── args.py │ └── objdump.py ├── test │ ├── multiple_macros.dsl │ └── multiple_macros.py └── include │ └── dsl.h ├── test ├── applications │ ├── sharedlib │ │ ├── helper.h │ │ ├── lib.h │ │ ├── TESTCONFIG │ │ ├── helper.c │ │ ├── lib.c │ │ ├── Makefile │ │ └── main.c │ ├── sharedlibPIE │ │ ├── helper.h │ │ ├── lib.h │ │ ├── TESTCONFIG │ │ ├── helper.c │ │ ├── lib.c │ │ ├── Makefile │ │ └── main.c │ ├── hw │ │ ├── TESTCONFIG │ │ ├── hw.c │ │ └── Makefile │ └── Makefile ├── security │ ├── cfi_illegal_dso_call │ │ ├── lib.h │ │ ├── TESTCONFIG │ │ ├── main.c │ │ ├── lib.c │ │ └── Makefile │ ├── cfi_illegal_dso_jmp │ │ ├── lib.h │ │ ├── TESTCONFIG │ │ ├── main.c │ │ ├── lib.c │ │ └── Makefile │ ├── sharedlib_stripped │ │ ├── helper.h │ │ ├── lib.h │ │ ├── TESTCONFIG │ │ ├── helper.c │ │ ├── lib.c │ │ ├── Makefile │ │ └── main.c │ ├── hw_stripped │ │ ├── TESTCONFIG │ │ ├── hw.c │ │ └── Makefile │ ├── cfi_no_symbol_call │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ └── main.c │ ├── cfi_dst_not_in_exec │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ └── main.c │ └── Makefile ├── secureloader │ ├── threads │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ └── main.c │ ├── exceptions │ │ ├── TESTCONFIG │ │ ├── exceptions.cpp │ │ └── Makefile │ ├── lib_resolve │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ ├── lib3.h │ │ ├── lib2.h │ │ ├── lib1.h │ │ ├── lib3.c │ │ ├── lib2.c │ │ ├── main.c │ │ └── lib1.c │ ├── libc_basic │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ └── main.c │ ├── relocations │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ ├── lib1.h │ │ ├── lib2.h │ │ ├── lib2.c │ │ ├── main.c │ │ └── lib1.c │ ├── versioning │ │ ├── TESTCONFIG │ │ ├── vers.vs │ │ ├── Makefile │ │ ├── lib1.h │ │ ├── lib1.c │ │ └── main.c │ ├── dynamic_loading │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ ├── lib_tls.h │ │ ├── lib1.h │ │ ├── lib2.h │ │ ├── lib2.c │ │ ├── main.c │ │ ├── lib_tls_dynamic.c │ │ └── lib_tls.c │ ├── irelative_reloc │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ └── main.c │ ├── tls_relocations │ │ ├── TESTCONFIG │ │ ├── Makefile │ │ ├── lib1.h │ │ ├── lib2.h │ │ ├── lib2.c │ │ ├── main.c │ │ └── lib1.c │ └── Makefile ├── Makefile └── fastbt │ ├── tailcall │ └── tailcall.c │ ├── exceptions │ └── exception.c │ ├── setlongjmp │ └── setlongjmp.c │ └── sigsuspend │ └── sigsuspend.c ├── tableGenerator ├── example.cpp ├── true.cpp ├── Makefile ├── include │ └── table_generator.h └── src │ └── instr_analyse_helpers.cpp ├── src ├── libs │ ├── Makefile │ ├── uilib.h │ └── uilib.c ├── secureloader │ ├── Makefile │ ├── sl_gscope.h │ ├── sl_reloc.h │ ├── sl_so_chain.h │ ├── sl_map.h │ ├── sl_libsearch.h │ ├── sl_libdetox.h │ ├── sl_load.h │ ├── sl_libc.h │ ├── sl_gscope.c │ ├── sl_so_chain.c │ └── sl_tls.h ├── fastbt │ ├── Makefile │ ├── fbt_mutex.h │ ├── fbt_trampoline.h │ ├── fbt_syscall.h │ ├── fbt_libc.c │ ├── fbt_mutex.c │ ├── fbt_translate.h │ ├── fbt_llio.h │ ├── libfastbt.h │ ├── fbt_restart_transaction.h │ ├── fbt_debug.h │ ├── fbt_mem_pool.h │ └── fbt_libc.h ├── Makefile ├── libtrue.c ├── true.c └── trueRTLD.c ├── CONFIGURATION ├── TODO ├── LICENSE ├── Makefile ├── INSTALL ├── AUTHORS ├── README.md ├── CHANGELOG └── HISTORY.md /DSL/src/macros/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /DSL/src/writers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/applications/sharedlib/helper.h: -------------------------------------------------------------------------------- 1 | int helperInt; 2 | void helperFunc(); 3 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_call/lib.h: -------------------------------------------------------------------------------- 1 | extern void (*normalFunc()) (); 2 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_jmp/lib.h: -------------------------------------------------------------------------------- 1 | extern void (*normalFunc()) (); 2 | -------------------------------------------------------------------------------- /test/applications/sharedlib/lib.h: -------------------------------------------------------------------------------- 1 | extern int libInt; 2 | extern void libFunc(); 3 | -------------------------------------------------------------------------------- /test/applications/sharedlibPIE/helper.h: -------------------------------------------------------------------------------- 1 | int helperInt; 2 | void helperFunc(); 3 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/helper.h: -------------------------------------------------------------------------------- 1 | int helperInt; 2 | void helperFunc(); 3 | -------------------------------------------------------------------------------- /test/applications/sharedlibPIE/lib.h: -------------------------------------------------------------------------------- 1 | extern int libInt; 2 | extern void libFunc(); 3 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/lib.h: -------------------------------------------------------------------------------- 1 | extern int libInt; 2 | extern void libFunc(); 3 | -------------------------------------------------------------------------------- /test/applications/hw/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/applications/sharedlib/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/threads/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/security/hw_stripped/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/applications/sharedlibPIE/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/exceptions/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/libc_basic/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/relocations/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/versioning/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/security/cfi_no_symbol_call/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/irelative_reloc/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/security/cfi_dst_not_in_exec/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 34 4 | RTLDRUN 1 34 5 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_call/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 0 4 | RTLDRUN 1 0 5 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_jmp/TESTCONFIG: -------------------------------------------------------------------------------- 1 | NATIVERUN 1 0 2 | LDPRELOADRUN 1 0 3 | RUNTIMERUN 1 39 4 | RTLDRUN 1 39 5 | -------------------------------------------------------------------------------- /test/applications/hw/hw.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(){ 4 | 5 | printf("hello world!\n"); 6 | return 0; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/security/hw_stripped/hw.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(){ 4 | 5 | printf("hello world!\n"); 6 | return 0; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/applications/sharedlib/helper.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "helper.h" 3 | 4 | void helperFunc() { 5 | helperInt = 3; 6 | printf("helperFunc \n", helperInt); 7 | } 8 | -------------------------------------------------------------------------------- /test/applications/sharedlibPIE/helper.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "helper.h" 3 | 4 | void helperFunc() { 5 | helperInt = 3; 6 | printf("helperFunc \n", helperInt); 7 | } 8 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/helper.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "helper.h" 3 | 4 | void helperFunc() { 5 | helperInt = 3; 6 | printf("helperFunc \n", helperInt); 7 | } 8 | -------------------------------------------------------------------------------- /test/applications/sharedlib/lib.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int libInt = 0; 4 | 5 | void libFunc() { 6 | printf("libFunc \n", libInt); 7 | libInt = 4; 8 | printf("libFunc \n", libInt); 9 | } 10 | -------------------------------------------------------------------------------- /test/applications/sharedlibPIE/lib.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int libInt = 0; 4 | 5 | void libFunc() { 6 | printf("libFunc \n", libInt); 7 | libInt = 4; 8 | printf("libFunc \n", libInt); 9 | } 10 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/lib.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int libInt = 0; 4 | 5 | void libFunc() { 6 | printf("libFunc \n", libInt); 7 | libInt = 4; 8 | printf("libFunc \n", libInt); 9 | } 10 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_call/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "lib.h" 3 | 4 | int main() 5 | { 6 | void (*func)(); 7 | func = normalFunc(); 8 | printf("funcptr = %x\n", (unsigned int)func); 9 | func(); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_jmp/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "lib.h" 3 | 4 | int main() 5 | { 6 | void (*func)(); 7 | func = normalFunc(); 8 | printf("funcptr = %x\n", (unsigned int)func); 9 | asm volatile ( "jmp *%0" : : "m"(func) ); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tableGenerator/example.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include "table_generator.h" 6 | 7 | 8 | int main () { 9 | 10 | std::ofstream outputFile ("fbt_opcode_tables.h"); 11 | 12 | if (outputFile.is_open()) { 13 | generateTables(outputFile, ""); 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_call/lib.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | static void staticFunc() { 5 | printf("staticFunc() called, not allowed!\n"); 6 | exit(0); 7 | } 8 | 9 | void (*normalFunc()) () { 10 | printf("normalFunc() called, Ok\n"); 11 | return staticFunc; 12 | } 13 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_jmp/lib.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | static void staticFunc() { 5 | printf("staticFunc() called, not allowed!\n"); 6 | exit(0); 7 | } 8 | 9 | void (*normalFunc()) () { 10 | printf("normalFunc() called, Ok\n"); 11 | return staticFunc; 12 | } 13 | -------------------------------------------------------------------------------- /src/libs/Makefile: -------------------------------------------------------------------------------- 1 | include ../../Makedefs 2 | 3 | FILES=uilib.c 4 | 5 | .PHONY: exec lib rtld 6 | 7 | exec: 8 | $(CC) $(CFLAGS) $(CFLAGSEXEC) -c -I$(INCLUDEDIR) *.c 9 | 10 | lib: 11 | $(CC) $(CFLAGS) $(CFLAGSLIB) -c -I$(INCLUDEDIR) *.c 12 | 13 | rtld: 14 | $(CC) $(CFLAGS) $(CFLAGSRTLD) -c -I$(INCLUDEDIR) *.c 15 | 16 | clean: 17 | rm -f *.o *~ 18 | 19 | -------------------------------------------------------------------------------- /test/applications/Makefile: -------------------------------------------------------------------------------- 1 | include ../../Makedefs 2 | 3 | .PHONY: all clean test build 4 | 5 | all: build 6 | 7 | build: 8 | make -C hw 9 | make -C sharedlib 10 | make -C sharedlibPIE 11 | 12 | test: build 13 | make -C hw test 14 | make -C sharedlib test 15 | make -C sharedlibPIE test 16 | 17 | clean: 18 | make -C hw clean 19 | make -C sharedlib clean 20 | make -C sharedlibPIE clean 21 | -------------------------------------------------------------------------------- /test/applications/hw/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 5 | 6 | .PHONY: all clean test main main.rtld 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: 14 | $(CC) $(CFLAGS) -o main hw.c 15 | 16 | main.rtld: 17 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld hw.c 18 | 19 | clean: 20 | rm -f main main.rtld *.o *~ 21 | -------------------------------------------------------------------------------- /test/security/cfi_no_symbol_call/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 5 | 6 | .PHONY: all clean test main 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: main.c 14 | gcc -m32 -o main main.c 15 | 16 | main.rtld: 17 | gcc -m32 -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c 18 | 19 | clean: 20 | rm -f main main.rtld *.o *~ *.so 21 | -------------------------------------------------------------------------------- /test/secureloader/versioning/vers.vs: -------------------------------------------------------------------------------- 1 | VERS_1.0 { 2 | global: method1; 3 | method2; 4 | global1; 5 | local: *; 6 | }; 7 | 8 | VERS_2.0 { 9 | global: method1; 10 | method2; 11 | global1; 12 | 13 | } VERS_1.0; 14 | 15 | 16 | VERS_3.0 { 17 | global: method1; 18 | method2; 19 | global1; 20 | } VERS_2.0; 21 | 22 | VERS_4.0 { 23 | global: method1; 24 | method2; 25 | global1; 26 | } VERS_3.0; 27 | -------------------------------------------------------------------------------- /test/secureloader/libc_basic/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 -L. -Wl,--hash-style=both 5 | 6 | .PHONY: all clean test 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: $(FILES) 14 | $(CC) $(CFLAGS) -o main main.c 15 | 16 | main.rtld: 17 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c 18 | 19 | clean: 20 | rm -f main main.rtld *.o *~ 21 | -------------------------------------------------------------------------------- /test/Makefile: -------------------------------------------------------------------------------- 1 | include ../Makedefs 2 | 3 | .PHONY: all clean build runtests 4 | 5 | all: build 6 | 7 | build: 8 | @echo "\n>>>>>>>>>> BUILD TESTS <<<<<<<<<<\n" 9 | make -C secureloader 10 | make -C applications 11 | # make -C fastbt 12 | make -C security 13 | 14 | runtests: 15 | ./runtests.rb 16 | 17 | clean: 18 | make -C secureloader clean 19 | make -C applications clean 20 | # make -C fastbt clean 21 | make -C security clean 22 | -------------------------------------------------------------------------------- /test/secureloader/irelative_reloc/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 -L. -Wl,--hash-style=both 5 | 6 | .PHONY: all clean test 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: $(FILES) 14 | $(CC) $(CFLAGS) -o main main.c 15 | 16 | main.rtld: 17 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c 18 | 19 | clean: 20 | rm -f main main.rtld *.o *~ 21 | -------------------------------------------------------------------------------- /test/security/cfi_dst_not_in_exec/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 5 | 6 | .PHONY: all clean test main 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: main.c 14 | gcc -m32 -o main main.c 15 | strip main 16 | 17 | main.rtld: 18 | gcc -m32 -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c 19 | strip main.rtld 20 | 21 | clean: 22 | rm -f main main.rtld *.o *~ *.so 23 | -------------------------------------------------------------------------------- /test/security/hw_stripped/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 5 | 6 | .PHONY: all clean test main main.rtld 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: 14 | $(CC) $(CFLAGS) -o main hw.c 15 | strip main 16 | 17 | main.rtld: 18 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld hw.c 19 | strip main.rtld 20 | 21 | clean: 22 | rm -f main main.rtld *.o *~ 23 | -------------------------------------------------------------------------------- /test/fastbt/tailcall/tailcall.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int fac_times (int n, int acc) { 4 | if (n == 0) return acc; 5 | else return fac_times(n - 1, acc * n); 6 | } 7 | 8 | int fact(int n) 9 | { 10 | return n <= 1 ? 1 : n * fact(n-1); 11 | } 12 | 13 | int foo(int a, int b) { 14 | if (a && b) 15 | return foo(a - 1, b - 1); 16 | return a + b; 17 | } 18 | 19 | int main() { 20 | foo(5, 5); 21 | return 0; 22 | } 23 | 24 | -------------------------------------------------------------------------------- /test/secureloader/threads/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -Wall -g -pthread -m32 -L. -Wl,--hash-style=both -Wl,-rpath=./ 5 | 6 | .PHONY: all clean test 7 | 8 | all: main main.rtld 9 | 10 | test: main 11 | ./main 12 | 13 | main: 14 | $(CC) $(CFLAGS) -o main main.c 15 | 16 | main.rtld: 17 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c 18 | 19 | clean: 20 | rm -f main main.o main.rtld 21 | 22 | 23 | -------------------------------------------------------------------------------- /CONFIGURATION: -------------------------------------------------------------------------------- 1 | The configuration file Makedefs contains a bunch of documentation on the 2 | configuration of the binary translation platform and a bunch of additional 3 | security extensions. Adjust the file Makedefs to your needs. 4 | 5 | The security extensions are additional and can be disabled for a full-speed 6 | binary translator. Check the best configuration that suits your needs. 7 | 8 | 9 | Type "make clean all" to generate the library. 10 | Type "make test" to run the test suite. 11 | -------------------------------------------------------------------------------- /test/security/cfi_illegal_dso_jmp/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 5 | 6 | .PHONY: all clean test main main.rtld 7 | 8 | all: lib main main.rtld 9 | 10 | test: lib main 11 | ./main 12 | 13 | lib: lib.c 14 | gcc -m32 -shared -fPIC -o lib.so lib.c 15 | 16 | main: main.c 17 | gcc -m32 -o main main.c ./lib.so 18 | 19 | main.rtld: 20 | gcc -m32 -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c ./lib.so 21 | 22 | clean: 23 | rm -f main main.rtld *.o *~ *.so 24 | -------------------------------------------------------------------------------- /DSL/src/util.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | def find_list(target, query): 4 | query = tuple(query) 5 | for i in xrange(len(target)): 6 | if tuple(target[i:i+len(query)]) == query: 7 | yield i 8 | 9 | def address_to_bytes(a, num_bytes=4): 10 | result = [] 11 | 12 | assert type(a) == int 13 | assert a >= 0 14 | 15 | for _ in xrange(num_bytes): 16 | result += ['%0.2x' % (a % 256)] 17 | a = a / 256 18 | 19 | return result 20 | -------------------------------------------------------------------------------- /test/secureloader/exceptions/exceptions.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | using namespace std; 4 | 5 | 6 | int main(int argc, char** argv) 7 | { 8 | try { 9 | cout<<"starting exception test... (expected: graceful catching)"< 2 | #include 3 | 4 | /* This is a simple R_386_IRELATIVE test. It uses ctime which will cause the libc to use strnlen somewhre within libc. This requires one of the R_386_IRELATIVE relocations to be handled correctly. */ 5 | int main () 6 | { 7 | int i; 8 | char *ts,time_string[114]; 9 | time_t now; 10 | 11 | now=time(NULL); 12 | ts=ctime(&now); 13 | for (i=0; ts[i]>=' '; i++) time_string[i]=ts[i]; 14 | time_string[i]='\0'; 15 | printf("%s\n",time_string); 16 | 17 | return 0; 18 | 19 | } 20 | 21 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 5 | 6 | .PHONY: all clean test main main.rtld 7 | 8 | all: lib main main.rtld 9 | 10 | test: lib main 11 | ./main 12 | 13 | lib: lib.c 14 | gcc -m32 -shared -fPIC -o lib.so lib.c 15 | strip lib.so 16 | 17 | main: main.c helper.c 18 | gcc -m32 -o main main.c helper.c ./lib.so 19 | strip main 20 | 21 | main.rtld: 22 | gcc -m32 -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c helper.c ./lib.so 23 | strip main.rtld 24 | 25 | clean: 26 | rm -f main main.rtld *.o *~ *.so 27 | -------------------------------------------------------------------------------- /test/applications/sharedlib/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "lib.h" 3 | #include "helper.h" 4 | 5 | int mainInt = 1; 6 | static int mainStaticInt = 2; 7 | 8 | void mainFunc(); 9 | static void mainStaticFunc(); 10 | 11 | int main() 12 | { 13 | printf("main \n", mainInt, mainStaticInt); 14 | mainFunc(); 15 | mainStaticFunc(); 16 | helperFunc(); 17 | libInt = 5; 18 | printf("main \n", helperInt, libInt); 19 | libFunc(); 20 | printf("main \n", helperInt, libInt); 21 | return 0; 22 | } 23 | 24 | void mainFunc() { 25 | printf("mainFunc\n"); 26 | } 27 | 28 | static void mainStaticFunc() { 29 | printf("mainStaticFunc\n"); 30 | } 31 | -------------------------------------------------------------------------------- /test/applications/sharedlibPIE/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "lib.h" 3 | #include "helper.h" 4 | 5 | int mainInt = 1; 6 | static int mainStaticInt = 2; 7 | 8 | void mainFunc(); 9 | static void mainStaticFunc(); 10 | 11 | int main() 12 | { 13 | printf("main \n", mainInt, mainStaticInt); 14 | mainFunc(); 15 | mainStaticFunc(); 16 | helperFunc(); 17 | libInt = 5; 18 | printf("main \n", helperInt, libInt); 19 | libFunc(); 20 | printf("main \n", helperInt, libInt); 21 | return 0; 22 | } 23 | 24 | void mainFunc() { 25 | printf("mainFunc\n"); 26 | } 27 | 28 | static void mainStaticFunc() { 29 | printf("mainStaticFunc\n"); 30 | } 31 | -------------------------------------------------------------------------------- /test/security/sharedlib_stripped/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "lib.h" 3 | #include "helper.h" 4 | 5 | int mainInt = 1; 6 | static int mainStaticInt = 2; 7 | 8 | void mainFunc(); 9 | static void mainStaticFunc(); 10 | 11 | int main() 12 | { 13 | printf("main \n", mainInt, mainStaticInt); 14 | mainFunc(); 15 | mainStaticFunc(); 16 | helperFunc(); 17 | libInt = 5; 18 | printf("main \n", helperInt, libInt); 19 | libFunc(); 20 | printf("main \n", helperInt, libInt); 21 | return 0; 22 | } 23 | 24 | void mainFunc() { 25 | printf("mainFunc\n"); 26 | } 27 | 28 | static void mainStaticFunc() { 29 | printf("mainStaticFunc\n"); 30 | } 31 | -------------------------------------------------------------------------------- /test/secureloader/versioning/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 -Wl,--hash-style=both -Wl,-rpath=$(CURDIR) 5 | LIBCFLAGS = -Wall -m32 -fPIC -shared 6 | LD = ld 7 | LIBLDFLAGS = -m elf_i386 -shared 8 | 9 | .PHONY: all clean test 10 | 11 | all: main main.rtld 12 | 13 | test: main 14 | ./main 15 | 16 | main: lib1.so main.o 17 | $(CC) $(CFLAGS) -o main main.c -ldl lib1.so 18 | 19 | main.rtld: 20 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c -ldl lib1.so 21 | 22 | lib1.so: lib1.o 23 | $(LD) $(LIBLDFLAGS) -version-script vers.vs -soname lib1.so -o lib1.so lib1.o 24 | 25 | %.o: %.c 26 | $(CC) $(LIBCFLAGS) -c $< 27 | 28 | clean: 29 | rm -f main main.rtld *.so *.o 30 | 31 | -------------------------------------------------------------------------------- /DSL/src/args.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """Contains code for parsing the command line arguments passed to the program""" 4 | 5 | from optparse import OptionParser 6 | 7 | class ArgParser(OptionParser): 8 | def __init__(self): 9 | OptionParser.__init__(self, usage="usage: %prog [options] in_file out_file") 10 | self.add_option('-c', '--config', dest='config', 11 | help='Loads a custom configuration from a JSON file.') 12 | 13 | def parse_args(self, *args, **kwargs): 14 | (options, args) = OptionParser.parse_args(self, *args, **kwargs) 15 | 16 | if len(args) != 2: 17 | self.error('Incorrect number of positional arguments.') 18 | 19 | return (options, args[0], args[1]) 20 | -------------------------------------------------------------------------------- /test/security/Makefile: -------------------------------------------------------------------------------- 1 | include ../../Makedefs 2 | 3 | .PHONY: all clean test build 4 | 5 | all: build 6 | 7 | build: 8 | make -C cfi_illegal_dso_call 9 | make -C cfi_illegal_dso_jmp 10 | make -C cfi_no_symbol_call 11 | make -C cfi_dst_not_in_exec 12 | make -C hw_stripped 13 | make -C sharedlib_stripped 14 | 15 | test: build 16 | make -C cfi_illegal_dso_call test 17 | make -C cfi_illegal_dso_jmp test 18 | make -C cfi_no_symbol_call test 19 | make -C cfi_dst_not_in_exec test 20 | make -C hw_stripped test 21 | make -C sharedlib_stripped test 22 | 23 | clean: 24 | make -C cfi_illegal_dso_call clean 25 | make -C cfi_illegal_dso_jmp clean 26 | make -C cfi_no_symbol_call clean 27 | make -C cfi_dst_not_in_exec clean 28 | make -C hw_stripped clean 29 | make -C sharedlib_stripped clean 30 | 31 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | General todos: 2 | ############## 3 | - Add more security guards (ELF reading) 4 | - Finish support for profiles / syscall management 5 | - Check all system calls for return values 6 | 7 | Implementation issues: 8 | ###################### 9 | - Finish the signal implementation (store signal information and deliver when 10 | back in user-context) 11 | - add table generator to common source base 12 | - clean up trusted lodaer (source review, naming, and libdetox integration) 13 | 14 | Known weaknesses of the current implementation: 15 | ############################################### 16 | - /proc/self/maps (can be used to detect libdetox) 17 | - /proc/self/exe (can be used to detect loader) 18 | - ucontext (can be used to trick signals and attack sandbox) 19 | - fstenv instruction (returns EIP on user-stack) 20 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | * Copyright (c) 2011 ETH Zurich 2 | * 3 | * This program is free software; you can redistribute it and/or 4 | * modify it under the terms of the GNU General Public License 5 | * as published by the Free Software Foundation; either version 2 6 | * of the License, or (at your option) any later version. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | * 13 | * You should have received a copy of the GNU General Public License 14 | * along with this program; if not, write to the Free Software 15 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 16 | * MA 02110-1301, USA. 17 | 18 | -------------------------------------------------------------------------------- /tableGenerator/true.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include "table_generator.h" 6 | 7 | bool isLeaOp (const unsigned char* opcode, const instr& disasmInfo, std::string& action) { 8 | 9 | if(*opcode == 0x8D) { 10 | action = "action_lea"; 11 | return false; 12 | } 13 | 14 | return true; 15 | } 16 | 17 | bool isMovOp (const unsigned char* opcode, const instr& disasmInfo, std::string& action) { 18 | 19 | if(*opcode == 0xC7) { 20 | action = "action_mov_imm_to_r"; 21 | return false; 22 | } 23 | 24 | return true; 25 | } 26 | 27 | int main () { 28 | 29 | std::ofstream outputFile ("fbt_opcode_tables.h"); 30 | 31 | addAnalysFunction(isLeaOp); 32 | addAnalysFunction(isMovOp); 33 | 34 | if (outputFile.is_open()) { 35 | generateTables(outputFile, ""); 36 | } 37 | } 38 | 39 | -------------------------------------------------------------------------------- /test/security/cfi_no_symbol_call/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define SYS_exit 1 4 | 5 | void mainFunc() { 6 | 7 | __asm__ volatile("nop\n" \ 8 | "nop\n" \ 9 | "nop\n" \ 10 | "nop\n" \ 11 | "nop\n" \ 12 | "nop\n" \ 13 | "nop\n" \ 14 | "movl %0, %%eax\n" \ 15 | "movl %1, %%ebx\n" \ 16 | "int $0x80" \ 17 | : /* no return value */ \ 18 | : "i"(SYS_exit), \ 19 | "g"((long)(0)) \ 20 | : "memory"); 21 | } 22 | 23 | int main() 24 | { 25 | void (*func)(); 26 | func = (void*)((char*)mainFunc+3); 27 | printf("funcptr = %x\n", (unsigned int)func); 28 | func(); 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /DSL/test/multiple_macros.dsl: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include 6 | #include 7 | 8 | typedef void (*void_func)(void); 9 | typedef int (*int_func)(void); 10 | 11 | typedef unsigned long ulong_t; 12 | 13 | void a() { 14 | printf("a()\n"); 15 | } 16 | 17 | void b() { 18 | printf("b()\n"); 19 | } 20 | 21 | int main(int argc, char *argv) { 22 | char *target = mmap(0, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 23 | 24 | void_func f = (void_func)target; 25 | 26 | // Start a shell 27 | BEGIN_ASM(target) 28 | call_abs {&a} 29 | call_abs {&b} 30 | ret 31 | END_ASM() 32 | 33 | f(); 34 | 35 | 36 | munmap(target, 4096); 37 | 38 | return 0; 39 | } 40 | -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -g -m32 -Wl,--hash-style=both -Wl,-rpath=$(CURDIR) 5 | LIBCFLAGS = -g -Wall -m32 -fPIC -shared -fno-stack-protector 6 | LD = ld 7 | LIBLDFLAGS = -g -m elf_i386 -shared 8 | 9 | .PHONY: all clean test 10 | 11 | all: main main.rtld 12 | 13 | test: main 14 | ./main 15 | 16 | main: lib1.so lib2.so 17 | $(CC) $(CFLAGS) -o main main.c lib1.so 18 | 19 | main.rtld: 20 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c lib1.so 21 | 22 | lib1.so: lib1.o lib2.so 23 | $(LD) $(LIBLDFLAGS) -soname lib1.so -o lib1.so lib1.o lib2.so 24 | 25 | lib2.so: lib2.o 26 | $(LD) $(LIBLDFLAGS) -soname lib2.so -o lib2.so lib2.o 27 | 28 | %.o: %.c 29 | $(CC) $(LIBCFLAGS) -c $< 30 | 31 | clean: 32 | rm -f main main.rtld *.so *.o 33 | 34 | -------------------------------------------------------------------------------- /test/secureloader/relocations/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -nostartfiles -nostdlib -m32 -Wl,--hash-style=both -Wl,-rpath=$(CURDIR) 5 | LIBCFLAGS = -nostartfiles -nostdlib -Wall -m32 -fPIC -shared 6 | LD = ld 7 | LIBLDFLAGS = -m elf_i386 -shared 8 | 9 | .PHONY: all clean test 10 | 11 | all: main main.rtld 12 | 13 | test: main 14 | ./main 15 | 16 | main: lib1.so lib2.so 17 | $(CC) $(CFLAGS) -o main main.c lib1.so 18 | 19 | main.rtld: 20 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c lib1.so 21 | 22 | lib1.so: lib1.o lib2.so 23 | $(LD) $(LIBLDFLAGS) -soname lib1.so -o lib1.so lib1.o lib2.so 24 | 25 | lib2.so: lib2.o 26 | $(LD) $(LIBLDFLAGS) -soname lib2.so -o lib2.so lib2.o 27 | 28 | %.o: %.c 29 | $(CC) $(LIBCFLAGS) -c $< 30 | 31 | clean: 32 | rm -f *.so *.o main main.rtld 33 | 34 | -------------------------------------------------------------------------------- /DSL/include/dsl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software; you can redistribute it and/or 3 | * modify it under the terms of the GNU General Public License 4 | * as published by the Free Software Foundation; either version 2 5 | * of the License, or (at your option) any later version. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 15 | * MA 02110-1301, USA. 16 | */ 17 | 18 | #define BEGIN_ASM(target) 19 | #define END_ASM 20 | -------------------------------------------------------------------------------- /test/fastbt/exceptions/exception.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | using namespace std; 4 | 5 | class A { 6 | public: 7 | A() {} 8 | ~A() {} 9 | }; 10 | 11 | class myexception: public exception 12 | { 13 | virtual const char* what() const throw() /* means no exception will be thrown by this method, required as we override what() as defined by class exception */ 14 | { 15 | return "My exception happened"; 16 | } 17 | } myex; 18 | 19 | int method1 () { 20 | int i; 21 | A a; 22 | i = 0; 23 | throw myex; 24 | i++; 25 | return 0; 26 | } 27 | 28 | int method2 () { 29 | int j; 30 | j = 0; 31 | method1 (); 32 | j++; 33 | return 0; 34 | } 35 | 36 | int main () { 37 | int k; 38 | try 39 | { 40 | k = 0; 41 | method2(); 42 | k++; 43 | } 44 | catch (exception& e) 45 | { 46 | cout << e.what() << '\n'; 47 | } 48 | return 0; 49 | } 50 | 51 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -ldl -rdynamic -g -m32 -Wl,--hash-style=both -Wl,-rpath=$(CURDIR) 5 | LIBCFLAGS = -Wall -m32 -fPIC -shared 6 | LD = ld 7 | LIBLDFLAGS = -m elf_i386 -shared 8 | 9 | .PHONY: all clean test 10 | 11 | all: main main.rtld 12 | 13 | test: main 14 | ./main 15 | 16 | main: lib1.so lib2.so lib3.so 17 | $(CC) $(CFLAGS) -o main main.c lib1.so 18 | 19 | main.rtld: lib1.so lib2.so lib3.so 20 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld main.c lib1.so 21 | 22 | lib1.so: lib1.o 23 | $(LD) $(LIBLDFLAGS) -ldl -soname lib1.so -o lib1.so lib1.o 24 | 25 | lib2.so: lib2.o lib3.so 26 | $(LD) $(LIBLDFLAGS) lib3.so -ldl -soname lib2.so -o lib2.so lib2.o 27 | 28 | lib3.so: lib3.o 29 | $(LD) $(LIBLDFLAGS) -ldl -soname lib3.so -o lib3.so lib3.o 30 | 31 | %.o: %.c 32 | $(CC) $(LIBCFLAGS) -c $< 33 | 34 | clean: 35 | rm -f main main.rtld *.so *.o 36 | 37 | -------------------------------------------------------------------------------- /test/secureloader/Makefile: -------------------------------------------------------------------------------- 1 | include ../../Makedefs 2 | 3 | .PHONY: all clean test build 4 | 5 | all: build 6 | 7 | build: 8 | make -C relocations 9 | make -C threads 10 | make -C exceptions 11 | make -C tls_relocations 12 | make -C dynamic_loading 13 | make -C libc_basic 14 | make -C versioning 15 | make -C lib_resolve 16 | make -C irelative_reloc 17 | 18 | test: build 19 | make -C relocations test 20 | make -C threads test 21 | make -C tls_relocations test 22 | make -C dynamic_loading test 23 | make -C libc_basic test 24 | make -C versioning test 25 | make -C lib_resolve test 26 | make -C exceptions test 27 | make -C irelative_reloc test 28 | 29 | clean: 30 | make -C relocations clean 31 | make -C threads clean 32 | make -C tls_relocations clean 33 | make -C dynamic_loading clean 34 | make -C libc_basic clean 35 | make -C versioning clean 36 | make -C lib_resolve clean 37 | make -C exceptions clean 38 | make -C irelative_reloc clean 39 | -------------------------------------------------------------------------------- /test/fastbt/setlongjmp/setlongjmp.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | void someFunc(); 6 | void jmpfunction(jmp_buf); 7 | 8 | jmp_buf env_buffer; 9 | 10 | int main() 11 | { 12 | int val; 13 | 14 | /* save calling environment for longjmp */ 15 | printf("calling setjmp...\n"); 16 | val = setjmp(env_buffer); 17 | if(val != 0) 18 | { 19 | printf("returned from a longjmp() with value = %d\n", val); 20 | exit(0); 21 | } 22 | 23 | printf("calling someFunc()...\n"); 24 | someFunc(); 25 | 26 | return(0); 27 | } 28 | 29 | void someFunc() { 30 | 31 | int j = 0; 32 | 33 | printf("someFunc() called\n"); 34 | 35 | jmpfunction(env_buffer); 36 | 37 | j++; 38 | printf("returning from someFunc() (should not happen)\n"); 39 | 40 | return; 41 | } 42 | 43 | void jmpfunction(jmp_buf env_buf) 44 | { 45 | int i = 0; 46 | printf("calling longjmp with value %d...\n", 1); 47 | longjmp(env_buf, 1); 48 | i++; 49 | return; 50 | } 51 | 52 | -------------------------------------------------------------------------------- /tableGenerator/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR = . 2 | 3 | SRC_DIR = $(ROOT_DIR)/src 4 | LIB_DIR = $(ROOT_DIR)/lib 5 | INCLUDE_DIR = $(ROOT_DIR)/include 6 | 7 | 8 | # The compiler 9 | CXX = g++ 10 | 11 | # warning options 12 | WARNOPT = -Wall -Wno-unused-function 13 | 14 | # include path 15 | IPATH = -I$(SRC_DIR) -I$(INCLUDE_DIR) 16 | 17 | # lib path 18 | LDPATH = 19 | 20 | # compiler flags 21 | CXXFLAGS = ${WARNOPT} ${IPATH} -O0 -g 22 | 23 | # Libraries 24 | LIBS = ${LDPATH} 25 | 26 | TARGETS = example libstm_table_gen true 27 | 28 | all: $(TARGETS) 29 | 30 | clean: 31 | rm -f $(TARGETS) *.o $(SRC_DIR)/*.o 32 | 33 | 34 | 35 | %.o: %.cpp 36 | $(CXX) $(CXXFLAGS) -c -o $@ $< 37 | 38 | 39 | 40 | example: $(SRC_DIR)/table_gen.o $(SRC_DIR)/instr_analyse_helpers.o example.o 41 | $(CXX) $(CXXFLAGS) -o $@ $^ 42 | 43 | libstm_table_gen: $(SRC_DIR)/table_gen.o $(SRC_DIR)/instr_analyse_helpers.o libstm_table_gen.o 44 | $(CXX) $(CXXFLAGS) -o $@ $^ 45 | 46 | true: $(SRC_DIR)/table_gen.o $(SRC_DIR)/instr_analyse_helpers.o true.o 47 | $(CXX) $(CXXFLAGS) -o $@ $^ 48 | -------------------------------------------------------------------------------- /DSL/src/macros/StoreLabelMacro.py: -------------------------------------------------------------------------------- 1 | from writers.CWriter import CWriter 2 | 3 | class StoreLabelMacro(object): 4 | """This macro is used to store the run-time address of a label into a 5 | variable in the generation language""" 6 | 7 | def __init__(self, args, label): 8 | self.args = args 9 | print self.args 10 | assert len(self.args) == 1 11 | 12 | self.var_name, _, self.label_name = self.args[0].partition('=') 13 | print self.var_name, self.label_name 14 | self.label = label 15 | 16 | def expand(self): 17 | return '\n # StoreLabelMacro' 18 | 19 | def generate(self, writer, target, obj): 20 | if type(writer) != CWriter and type(getattr(writer, 'inner', None)) != CWriter: 21 | raise Exception('CallAbsMacro currently only supports C as target language') 22 | 23 | print obj.labels[self.label_name] 24 | 25 | writer.write_raw("""%s = _dsl_original_target + %d;\n""" % (self.var_name, obj.labels[self.label_name])) 26 | raw_input 27 | return 0 28 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # have a look at the different Makedefs variables to configure Lockdown/TRuE 2 | include ./Makedefs 3 | 4 | .PHONY: all clean build test documentation 5 | 6 | all: build 7 | 8 | build: 9 | @echo "\n>>>>>>>>>> BUILD TRuE <<<<<<<<<<\n" 10 | mkdir -p bin/ 11 | mkdir -p lib/ 12 | make -C src all 13 | cp lib/$(RTLDNAME).so /tmp/ 14 | 15 | documentation: 16 | doxygen doxygen.config 17 | 18 | test: 19 | make -C test 20 | 21 | clean: 22 | make -C src clean 23 | rm -rf documentation 24 | rm -f bin/$(EXECNAME) lib/$(LIBNAME).so.$(LIBVERS).$(LIBMIN) lib/$(RTLDNAME).so 25 | rm -rf bin/ 26 | rm -rf lib/ 27 | make -C test clean 28 | rm -f cppcheck-result.xml 29 | rm -f debug.txt 30 | rm -f code_dump.txt 31 | rm -f jmpTable_dump.txt 32 | rm -f test/*/*/debug.txt 33 | rm -f test/*/*/code_dump.txt 34 | rm -f test/*/*/jmpTable_dump.txt 35 | rm -f test/*/*/secmetrics_and_stats.txt 36 | rm -f secmetrics_and_stats.txt 37 | 38 | cppcheck: 39 | @echo "\n>>>>>>>>>> CPPCHECK <<<<<<<<<<\n" 40 | cppcheck -f --quiet --xml-version=2 ./ 2> cppcheck-result.xml 41 | 42 | it: clean build test 43 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | This file describes how to install and work with fastBT/libdetox. 2 | 3 | To compile your own translation table download the old fastBT distrubtion. 4 | Change the directory to tableGenerator and use "make" (have a look at 5 | example.cpp to generate a plain translation table) The resulting translation 6 | table must then be copied into the src directory of fastBT. 7 | 8 | To compile the binary translator you must choose your optimizations in the 9 | top level Makefile and all the Makedef.* files according to CONFIGURATION. 10 | Additionally you need to select if you would like a debug build or a 11 | production build. To select a debug build use "ln -s Makedefs.debug Makedefs". 12 | To select a production build use "ln -s Makedefs.production Makedefs". 13 | After the correct settings are selected use "make" to generate the library. 14 | 15 | For a test run you might use: 16 | LD_PRELOAD=./src/libfastbt.so.0.3.0 /usr/lib/openoffice/program/soffice.bin 17 | 18 | For 64bit systems, you need the 32bit libc: "aptitude install libc6-dev-i386. 19 | The default installation location is /usr/lib 20 | 21 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/Makefile: -------------------------------------------------------------------------------- 1 | include ../../../Makedefs 2 | 3 | CC = gcc 4 | CFLAGS = -ldl -rdynamic -g -m32 -Wl,--hash-style=both -Wl,-rpath=$(CURDIR) 5 | FILES = main.c 6 | LIBCFLAGS = -Wall -m32 -fPIC -shared -fno-stack-protector 7 | LD = ld 8 | LIBLDFLAGS = -m elf_i386 -shared -z relro 9 | 10 | .PHONY: all clean test 11 | 12 | all: main main.rtld 13 | 14 | test: main 15 | ./main 16 | 17 | main: $(FILES) lib1.so lib2.so lib_tls.so lib_tls_dynamic.so 18 | $(CC) $(CFLAGS) -o main $(FILES) ./lib1.so 19 | 20 | main.rtld: 21 | $(CC) $(CFLAGS) -Wl,-dynamic-linker,$(RTLDPATH) -o main.rtld $(FILES) ./lib1.so 22 | 23 | lib1.so: lib1.o 24 | $(LD) $(LIBLDFLAGS) -ldl -soname lib1.so -o lib1.so lib1.o 25 | 26 | lib2.so: lib2.o 27 | $(LD) $(LIBLDFLAGS) -ldl -soname lib2.so -o lib2.so lib2.o 28 | 29 | lib_tls.so: lib_tls.o 30 | $(LD) $(LIBLDFLAGS) -soname lib_tls.so -o lib_tls.so lib_tls.o 31 | 32 | lib_tls_dynamic.so: lib_tls_dynamic.o 33 | $(LD) $(LIBLDFLAGS) -soname lib_tls_dynamic.so -o lib_tls_dynamic.so lib_tls_dynamic.o 34 | 35 | %.o: %.c 36 | $(CC) $(LIBCFLAGS) -c $< 37 | 38 | clean: 39 | rm -f main main.rtld *.o *~ *.so 40 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/lib3.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib3.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | int lib3_go(); 30 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/lib2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | void lib2_go(); 30 | -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/lib1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | int get_data(); 30 | -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/lib2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | void increment(); 30 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/lib_tls.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib_tls.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | int get_data(); 30 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/lib1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | char* test(char *lib_path); 30 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/lib1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | char* get_string(char *lib_path); 29 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/lib2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | char *printTest (int param1, int param2); 30 | -------------------------------------------------------------------------------- /test/secureloader/relocations/lib1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include "lib2.h" 29 | 30 | int global; 31 | const char *get_string(int param); 32 | -------------------------------------------------------------------------------- /test/secureloader/relocations/lib2.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | int global2, global3; 30 | void fun(); 31 | const char* method(int a); 32 | -------------------------------------------------------------------------------- /DSL/test/multiple_macros.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import unittest 4 | import os 5 | import subprocess 6 | 7 | DSL_PATH = '../src/parse.py' 8 | 9 | def execute(command): 10 | p = subprocess.Popen( 11 | command, 12 | stdout=subprocess.PIPE, 13 | stderr=subprocess.PIPE) 14 | 15 | p.wait() 16 | stdout, stderr = p.communicate() 17 | return (p.returncode, stdout, stderr) 18 | 19 | class TestMultipleMacros(unittest.TestCase): 20 | """Tests that we can use multiple instances of the same macro while they still 21 | generate different code""" 22 | 23 | def test_compilation(self): 24 | os.environ['DSL_PATH'] = DSL_PATH 25 | 26 | dsl_result = os.system('$DSL_PATH "%s" "%s"' % ('multiple_macros.dsl', 'multiple_macros.c')) 27 | self.assertEqual(dsl_result, 0) 28 | 29 | compilation_result = os.system('gcc -m32 multiple_macros.c -o multiple_macros') 30 | self.assertEqual(compilation_result, 0) 31 | 32 | execution_result, stdout, stderr = execute(['./multiple_macros']) 33 | 34 | self.assertEqual(execution_result, 0) 35 | self.assertEqual(stdout.splitlines(), ['a()', 'b()']) 36 | 37 | if __name__ == '__main__': 38 | unittest.main() 39 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/lib3.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib3.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | 31 | 32 | int lib3_go () { 33 | return 42; 34 | } 35 | -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/lib2.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include "lib2.h" 29 | 30 | extern __thread int i; 31 | __thread int i2; 32 | 33 | void increment () { 34 | if (i2 == 12) 35 | i++; 36 | } 37 | -------------------------------------------------------------------------------- /src/libs/uilib.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file uilib.c 3 | * Interface to user interface. 4 | * 5 | * Copyright (c) 2014-2015 ETH Zurich 6 | * @author Antonio Barresi 7 | * 8 | * This program is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU General Public License 10 | * as published by the Free Software Foundation; either version 2 11 | * of the License, or (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 21 | * MA 02110-1301, USA. 22 | */ 23 | 24 | #ifdef ENABLE_UI_MESSAGES 25 | 26 | #define UI_MSG 1 27 | #define UI_NEW_PROCESS 2 28 | #define UI_CLEANUP_PROCESS 3 29 | #define UI_RET_VIOLATION 4 30 | #define UI_JMP_VIOLATION 5 31 | #define UI_CALL_VIOLATION 6 32 | 33 | extern int uifd; 34 | 35 | void init_ui(); 36 | 37 | void new_lwp(int pid); 38 | 39 | void notify_ui(int type, char* message); 40 | 41 | void cleanup_ui(); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /test/secureloader/versioning/lib1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.h 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | int method1_1(int param); 30 | int method1_2(int param, int flag); 31 | int method1_3(int param, int flag); 32 | int method1_4(int param, int flag); 33 | 34 | int method2(); 35 | 36 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/lib2.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | 31 | void method() { 32 | 33 | } 34 | 35 | extern int global; 36 | 37 | void lib2_go() { 38 | if (global != 33) { 39 | printf("Error lib2: global != 33\n"); 40 | exit(1); 41 | } 42 | method(); 43 | } 44 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include "lib1.h" 35 | 36 | 37 | int main(int argc, char **argv, char **envp) { 38 | char *string = test(argv[0]); 39 | printf("%s\n", string); 40 | 41 | return 0; 42 | } 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/lib2.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | 31 | int init_called = 0; 32 | /* This is in lib1 */ 33 | extern int fini_called; 34 | 35 | void _init() { 36 | init_called = 1; 37 | } 38 | 39 | void _fini() { 40 | fini_called = 1; 41 | } 42 | 43 | char *printTest (int param1, int param2) { 44 | if (param1 == 1 && param2 == 2) 45 | return "ok"; 46 | else 47 | return "error"; 48 | } 49 | -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include "lib1.h" 31 | 32 | int var_init = 12; 33 | 34 | int main() 35 | { 36 | var_init++; 37 | 38 | if (get_data() == 43 && var_init == 13) { 39 | printf("\nTest \"tls_relocations\" successful.\n\n"); 40 | return 0; 41 | } else { 42 | printf("\nError: test \"tls_relocations\" !\n\n"); 43 | return 1; 44 | } 45 | } 46 | 47 | 48 | -------------------------------------------------------------------------------- /src/fastbt/Makefile: -------------------------------------------------------------------------------- 1 | include ../../Makedefs 2 | 3 | FILES=libfastbt.c fbt_mem_mgmt.c fbt_translate.c fbt_code_cache.c fbt_actions.c \ 4 | fbt_llio.c fbt_libc.c fbt_debug.c fbt_trampoline.c fbt_syscall.c \ 5 | fbt_dso.c fbt_mutex.c fbt_restart_transaction.c \ 6 | fbt_algorithms.c fbt_mem_pool.c 7 | 8 | .PHONY: generate_exec generate_lib generate_rtld exec lib rtld clean 9 | 10 | generate_exec: *.h $(FILES) 11 | mkdir -p $(GEN_DIR) 12 | 13 | for file in $(FILES); do \ 14 | gcc $(CFLAGS) $(CFLAGSEXEC) -E $$file > $(GEN_DIR)$$file; \ 15 | done 16 | 17 | for file in $(FILES); do \ 18 | $(DSL_PATH) $(GEN_DIR)$$file $(GEN_DIR)$$file ; \ 19 | done 20 | 21 | cp *.h $(GEN_DIR) 22 | 23 | generate_lib: *.h $(FILES) 24 | mkdir -p $(GEN_DIR) 25 | 26 | for file in $(FILES); do \ 27 | gcc $(CFLAGS) $(CFLAGSLIB) -E $$file > $(GEN_DIR)$$file; \ 28 | done 29 | 30 | for file in $(FILES); do \ 31 | $(DSL_PATH) $(GEN_DIR)$$file $(GEN_DIR)$$file ; \ 32 | done 33 | 34 | cp *.h $(GEN_DIR) 35 | 36 | generate_rtld: *.h $(FILES) 37 | mkdir -p $(GEN_DIR) 38 | 39 | for file in $(FILES); do \ 40 | gcc $(CFLAGS) $(CFLAGSRTLD) -E $$file > $(GEN_DIR)$$file; \ 41 | done 42 | 43 | for file in $(FILES); do \ 44 | $(DSL_PATH) $(GEN_DIR)$$file $(GEN_DIR)$$file ; \ 45 | done 46 | 47 | cp *.h $(GEN_DIR) 48 | 49 | exec: generate_exec 50 | $(CC) $(CFLAGS) $(CFLAGSEXEC) -c -I$(INCLUDEDIR) generated/*.c 51 | 52 | lib: generate_lib 53 | $(CC) $(CFLAGS) $(CFLAGSLIB) -c -I$(INCLUDEDIR) generated/*.c 54 | 55 | rtld: generate_rtld 56 | $(CC) $(CFLAGS) $(CFLAGSRTLD) -c -I$(INCLUDEDIR) generated/*.c 57 | 58 | clean: 59 | rm -f *.o *~ 60 | rm -rf $(GEN_DIR) 61 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include "lib1.h" 35 | 36 | int called = 0; 37 | 38 | int global_func() { 39 | called = 1; 40 | } 41 | 42 | int main(int argc, char **argv, char **envp) { 43 | char *string = get_string(argv[0]); 44 | if (called) 45 | printf("%s\n", string); 46 | else 47 | printf("Failed\n"); 48 | return 0; 49 | } 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /DSL/src/writers/CWriter.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Contains a writer that generates ANSI C code that produces assembly code at run time 5 | """ 6 | 7 | class CWriter(object): 8 | def __init__(self, target): 9 | self.target = target 10 | self.source = '{\n' 11 | 12 | def set_line_number(self, file_name, line_number): 13 | self.file_name = file_name 14 | self.line_number = line_number 15 | 16 | def write_line_number(self): 17 | self.source += '# %d "%s"\n' % (self.line_number, self.file_name) 18 | 19 | def write_comment(self, text): 20 | self.write_line_number() 21 | self.source += '// %s\n' % text 22 | 23 | def write_byte(self, byte): 24 | self.write_line_number() 25 | self.source += '*((%s)++) = 0x%s;\n' % (self.target, byte) 26 | 27 | def write_int32(self, value): 28 | self.write_line_number() 29 | self.source += '*((long*)(%s)) = 0x%s;\n' % (self.target, value) 30 | self.source += '(%s) += 4;\n' % self.target 31 | 32 | def write_expression(self, expression): 33 | self.write_line_number() 34 | self.source += '*((int*)(%s)) = (int)(%s);\n' % (self.target, expression) 35 | self.source += '(%s) += 4;\n' % self.target 36 | 37 | def write_raw(self, source): 38 | self.write_line_number() 39 | self.source += source 40 | 41 | def end_line(self): 42 | self.source += '\n' 43 | 44 | def flush(self): 45 | pass 46 | 47 | def end(self): 48 | self.flush() 49 | self.source += '}\n' 50 | -------------------------------------------------------------------------------- /test/secureloader/relocations/lib2.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib2.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include "lib2.h" 29 | 30 | int global2; 31 | int global3 = 41; 32 | 33 | void func() { 34 | if (global2 == 42) 35 | global2 = 42; 36 | } 37 | 38 | const char *method(int a) { 39 | /* This adds a relocation entry of type R_386_RELATIVE and therefore 40 | test the loaders ability to handle this */ 41 | static const char *msg = "\nTest \"relocations\" successful.\n\n"; 42 | 43 | if (global2 == 42) 44 | return msg; 45 | else 46 | return "Error\n"; 47 | } 48 | -------------------------------------------------------------------------------- /src/fastbt/fbt_mutex.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_mutex.h 3 | * 4 | * Futex-based mutex data structure 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | 30 | #ifndef FBT_MUTEX_H 31 | #define FBT_MUTEX_H 32 | 33 | #ifdef __cplusplus 34 | extern "C" { 35 | #endif 36 | 37 | typedef int fbt_mutex_t; 38 | 39 | #define FBT_MUTEX_INITIALIZER 0 40 | 41 | int fbt_mutex_init(fbt_mutex_t *mutex); 42 | int fbt_mutex_lock(fbt_mutex_t *mutex); 43 | int fbt_mutex_trylock(fbt_mutex_t *mutex); 44 | int fbt_mutex_unlock(fbt_mutex_t *mutex); 45 | int fbt_mutex_cleanup(fbt_mutex_t *mutex); 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | #endif /* FBT_MUTEX_H */ 52 | -------------------------------------------------------------------------------- /DSL/src/macros/CallAbsMacro.py: -------------------------------------------------------------------------------- 1 | from writers.CWriter import CWriter 2 | 3 | class CallAbsMacro(object): 4 | def __init__(self, args, label): 5 | self.args = args 6 | assert len(self.args) == 1 7 | 8 | call_target = self.args[0] 9 | call_target = call_target.strip() 10 | assert call_target.startswith('{') 11 | assert call_target.endswith('}') 12 | self.call_target = call_target[1:-1] 13 | 14 | self.label = label 15 | 16 | def expand(self): 17 | """Expands the macro into what should be passed to the GNU assembler""" 18 | return '\n'.join(['nop'] * 5) 19 | 20 | def generate(self, writer, target, obj): 21 | """Returns the assembly generation code, i.e. the C code that generates the assembly at run time""" 22 | if type(writer) != CWriter and type(getattr(writer, 'inner', None)) != CWriter: 23 | raise Exception('CallAbsMacro currently only supports C as target language') 24 | 25 | # TODO: This is as ugly as it is because the DSL is applied *after* 26 | # C macros are expanded, which means that we cannot use them in DSL 27 | # macros. 28 | 29 | writer.write_raw(""" 30 | *((%(target)s)++)=0xe8;\n\n 31 | if ((((ulong_t)(%(call_target)s) - (ulong_t)(%(target)s) - 4) & (uint32_t)0x0) != 0) {\n\n 32 | fllwrite(1, "Relative jump target is too far away!\\n");\n 33 | __asm__ volatile("hlt" : : : "memory");\n 34 | }\n\n 35 | *((uint32_t*)(%(target)s)) = (uint32_t)((ulong_t)(%(call_target)s) - (ulong_t)(%(target)s) - 4);\n\n 36 | (%(target)s)+=4;\n\n 37 | """ % {'target': target, 'call_target': self.call_target}) 38 | return 5 39 | -------------------------------------------------------------------------------- /DSL/src/macros/JmpAbsMacro.py: -------------------------------------------------------------------------------- 1 | from writers.CWriter import CWriter 2 | 3 | class JmpAbsMacro(object): 4 | def __init__(self, args, label): 5 | self.args = args 6 | assert len(self.args) == 1 7 | 8 | call_target = self.args[0] 9 | call_target = call_target.strip() 10 | assert call_target.startswith('{') 11 | assert call_target.endswith('}') 12 | self.call_target = call_target[1:-1] 13 | 14 | self.label = label 15 | 16 | def expand(self): 17 | """Expands the macro into what should be passed to the GNU assembler""" 18 | return '\n'.join(['nop'] * 5) 19 | 20 | def generate(self, writer, target, obj): 21 | """Returns the assembly generation code, i.e. the C code that generates the assembly at run time""" 22 | if type(writer) != CWriter and type(getattr(writer, 'inner', None)) != CWriter: 23 | raise Exception('CallAbsMacro currently only supports C as target language') 24 | 25 | # TODO: This is as ugly as it is because the DSL is applied *after* 26 | # C macros are expanded, which means that we cannot use them in DSL 27 | # macros. 28 | 29 | writer.write_raw(""" 30 | *((%(target)s)++)=0xe9;\n\n 31 | if ((((ulong_t)(%(call_target)s) - (ulong_t)(%(target)s) - 4) & (uint32_t)0x0) != 0) {\n\n 32 | fllwrite(1, "Relative jump target is too far away!\\n");\n 33 | __asm__ volatile("hlt" : : : "memory");\n 34 | }\n\n 35 | *((uint32_t*)(%(target)s)) = (uint32_t)((ulong_t)(%(call_target)s) - (ulong_t)(%(target)s) - 4);\n\n 36 | (%(target)s)+=4;\n\n 37 | """ % {'target': target, 'call_target': self.call_target}) 38 | return 5 39 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | include ../Makedefs 2 | 3 | .PHONY: all clean 4 | 5 | all: $(EXECNAME) $(LIBNAME).so.$(LIBVERS).$(LIBMIN) $(RTLDNAME) 6 | 7 | $(EXECNAME): 8 | @echo "\n>>>>>>>>>> COMPILE <<<<<<<<<<\n" 9 | make -C fastbt exec 10 | make -C secureloader exec 11 | make -C libs exec 12 | @echo "\n>>>>>>>>>> BUILD & LINK EXEC <<<<<<<<<<\n" 13 | $(CC) $(CFLAGS) $(CFLAGSEXEC) -c true.c 14 | $(LD) $(LDFLAGSEXEC) -o $(EXECNAME) true.o secureloader/*.o fastbt/*.o libs/*.o $(LDLIBSEXEC) 15 | cp $(EXECNAME) $(BINDIR) 16 | 17 | $(LIBNAME).so.$(LIBVERS).$(LIBMIN): 18 | @echo "\n>>>>>>>>>> CLEANUP <<<<<<<<<<\n" 19 | make cleanobjs 20 | @echo "\n>>>>>>>>>> COMPILE <<<<<<<<<<\n" 21 | make -C fastbt lib 22 | make -C secureloader lib 23 | make -C libs lib 24 | @echo "\n>>>>>>>>>> BUILD & LINK LIBRARY <<<<<<<<<<\n" 25 | $(CC) $(CFLAGS) $(CFLAGSLIB) -c libtrue.c 26 | $(LD) -shared -soname=$(LIBNAME).so.$(LIBVERS) $(LDFLAGSLIB) -o $(LIBNAME).so.$(LIBVERS).$(LIBMIN) libtrue.o fastbt/*.o libs/*.o $(LDLIBSLIB) 27 | cp $(LIBNAME).so.$(LIBVERS).$(LIBMIN) $(LIBDIR) 28 | 29 | $(RTLDNAME): 30 | @echo "\n>>>>>>>>>> CLEANUP <<<<<<<<<<\n" 31 | make cleanobjs 32 | @echo "\n>>>>>>>>>> COMPILE <<<<<<<<<<\n" 33 | make -C fastbt rtld 34 | make -C secureloader rtld 35 | make -C libs rtld 36 | @echo "\n>>>>>>>>>> BUILD & LINK RTLD <<<<<<<<<<\n" 37 | $(CC) $(CFLAGS) $(CFLAGSRTLD) -c trueRTLD.c 38 | $(LD) -shared $(LDFLAGSRTLD) -o $(RTLDNAME).so trueRTLD.o secureloader/*.o fastbt/*.o libs/*.o $(LDLIBSRTLD) 39 | cp $(RTLDNAME).so $(LIBDIR) 40 | 41 | cleanobjs: 42 | make -C fastbt clean 43 | make -C secureloader clean 44 | rm -f *.o *~ 45 | 46 | clean: 47 | make -C fastbt clean 48 | make -C secureloader clean 49 | rm -f *.o *~ 50 | rm -f $(EXECNAME) 51 | rm -f $(LIBNAME).so.$(LIBVERS).$(LIBMIN) 52 | rm -f $(RTLDNAME).so 53 | -------------------------------------------------------------------------------- /DSL/src/writers/BatchedWriter.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | A writer that buffers output and tries to 'batch' multiple chars into a single integer write to reduce instructions. 5 | """ 6 | 7 | class BatchedWriter(object): 8 | def __init__(self, inner): 9 | self.inner = inner 10 | self.batch = [] 11 | 12 | def write_comment(self, text): 13 | self.inner.write_comment(text) 14 | 15 | def write_byte(self, byte): 16 | self.batch += [byte] 17 | if len(self.batch) >= 4: 18 | self.flush() 19 | 20 | def write_expression(self, expression): 21 | self.flush() 22 | self.inner.write_expression(expression) 23 | 24 | def write_raw(self, source): 25 | self.flush() 26 | self.inner.write_raw(source) 27 | 28 | def flush(self): 29 | assert len(self.batch) <= 4 30 | 31 | if len(self.batch) < 4: 32 | for byte in self.batch: 33 | self.inner.write_byte(byte) 34 | else: 35 | compact = '' 36 | for byte in self.batch: 37 | compact = byte + compact 38 | self.inner.write_int32(compact) 39 | 40 | self.batch = [] 41 | self.end_line() 42 | 43 | def end_line(self): 44 | self.inner.end_line() 45 | 46 | def write_int32(self, value): 47 | self.inner.write_int32(self, value) 48 | 49 | def _get_source(self): 50 | return self.inner.source 51 | 52 | def set_line_number(self, file_name, line_number): 53 | return self.inner.set_line_number(file_name, line_number) 54 | 55 | def end(self): 56 | self.flush() 57 | self.inner.end() 58 | 59 | source = property(_get_source) 60 | -------------------------------------------------------------------------------- /src/secureloader/sl_gscope.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_gscope.h 3 | * Implements the global search scope. All shared objects in this scope are 4 | * searched when resolving symbols. 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * @author Tobias Hartmann 8 | * @author Mathias Payer 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | 32 | #ifndef SL_GSCOPE_H 33 | #define SL_GSCOPE_H 34 | 35 | #include "sl_datatypes.h" 36 | 37 | /** 38 | * Adds the given shared object and all its dependencies recursively to the 39 | * global search scope. This must be done in a breadth-first order. 40 | * @param so The shared object to add 41 | */ 42 | void gscope_add_recursive(dso *so); 43 | 44 | /** 45 | * Removes the given shared object from the global search scope. 46 | * @param so The shared object to remove 47 | */ 48 | void gscope_remove(dso *so); 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /test/secureloader/relocations/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include "lib1.h" 29 | 30 | int initCalled = 1; 31 | 32 | void _init() { 33 | initCalled = 1; 34 | } 35 | 36 | void _start() { 37 | 38 | /* This adds a R_386_COPY entry to the relocation section. 39 | We increment it to check if the inital value from lib1 is 40 | copied successfully by our loader. */ 41 | global++; 42 | 43 | const char *str = get_string(3); 44 | 45 | if (!initCalled) { 46 | str = "Error\n"; 47 | } 48 | 49 | asm("int $0x80" 50 | : 51 | : "a" (4), "b" (1), "c" (str), "d" (34) 52 | ); 53 | 54 | asm("int $0x80" 55 | : // no output registers 56 | : "a" (1), "b" (0) 57 | ); 58 | 59 | } 60 | -------------------------------------------------------------------------------- /src/secureloader/sl_reloc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_reloc.h 3 | * Implements the relocating of ELF files. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | #ifndef SL_RELOC_H 32 | #define SL_RELOC_H 33 | 34 | #include "sl_datatypes.h" 35 | #include "fbt_libc.h" 36 | 37 | /** 38 | * Relocates all loaded dynamic shared objects. 39 | */ 40 | void do_relocations(); 41 | 42 | /** 43 | * Relocates the given shared object. 44 | * @param so The shared object 45 | * @param rt_load 1 if file is loaded at runtime, 0 otherwise 46 | */ 47 | void relocate(dso *so, unsigned char rt_load); 48 | 49 | /** 50 | * Perform all relocations associated with the plt. 51 | * @param so The shared object 52 | */ 53 | void relocate_plt(dso *so); 54 | 55 | 56 | #endif 57 | 58 | -------------------------------------------------------------------------------- /test/security/cfi_dst_not_in_exec/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define SYS_exit 1 5 | 6 | unsigned char buf[] = 7 | "\x55\x89\xe5\x90\x90\x90\x90\x90\x90\x90\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\x5d\xc3"; 8 | 9 | /* 10 | * 080483e4 : 11 | 80483e4: 55 push %ebp 12 | 80483e5: 89 e5 mov %esp,%ebp 13 | 80483e7: 90 nop 14 | 80483e8: 90 nop 15 | 80483e9: 90 nop 16 | 80483ea: 90 nop 17 | 80483eb: 90 nop 18 | 80483ec: 90 nop 19 | 80483ed: 90 nop 20 | 80483ee: b8 01 00 00 00 mov $0x1,%eax 21 | 80483f3: bb 00 00 00 00 mov $0x0,%ebx 22 | 80483f8: cd 80 int $0x80 23 | 80483fa: 5d pop %ebp 24 | 80483fb: c3 ret 25 | */ 26 | 27 | //void mainFunc() { 28 | //__asm__ volatile("nop\n" \ 29 | //"nop\n" \ 30 | //"nop\n" \ 31 | //"nop\n" \ 32 | //"nop\n" \ 33 | //"nop\n" \ 34 | //"nop\n" \ 35 | //"movl %0, %%eax\n" \ 36 | //"movl %1, %%ebx\n" \ 37 | //"int $0x80" \ 38 | //: /* no return value */ \ 39 | //: "i"(SYS_exit), \ 40 | //"g"((long)(0)) \ 41 | //: "memory"); 42 | //} 43 | 44 | int main() 45 | { 46 | void (*func)(); 47 | char* addr = (char*) ((unsigned int)buf & 0xFFFFF000); 48 | 49 | printf("addr = %x\n", (unsigned int)addr); 50 | 51 | if(mprotect(addr, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) != 0) { 52 | printf("mprotect call failed\n"); 53 | return 0; 54 | } 55 | 56 | func = (void*)((char*)buf+3); 57 | printf("funcptr = %x\n", (unsigned int)func); 58 | func(); 59 | return 0; 60 | } 61 | -------------------------------------------------------------------------------- /src/libtrue.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file libtrue.c 3 | * Entry point to the share library library. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Mathias Payer 7 | * @author Antonio Barresi 8 | * 9 | * This program is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU General Public License 11 | * as published by the Free Software Foundation; either version 2 12 | * of the License, or (at your option) any later version. 13 | * 14 | * This program is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | * GNU General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU General Public License 20 | * along with this program; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 22 | * MA 02110-1301, USA. 23 | */ 24 | 25 | /* TODO: clean up definitions of include directories in Makedefs */ 26 | #include "fastbt/libfastbt.h" 27 | #include "fastbt/fbt_code_cache.h" 28 | #include "fastbt/fbt_llio.h" 29 | 30 | /* Implement _init and _fini. */ 31 | 32 | static struct thread_local_data *tld; 33 | 34 | void _init() { 35 | #if defined(DEBUG) && !defined(SILENT_STARTUP) 36 | llprintf("Starting BT\n"); 37 | llprintf("This is a debug build, so do not expect stellar performance!\n"); 38 | #endif 39 | 40 | tld = fbt_init(0); 41 | 42 | /* if thread fails to exit from the BT then we force-exit it */ 43 | fbt_ccache_add_entry(tld, (void*)fbt_exit, (void*)fbt_exit); 44 | 45 | fbt_start_transaction(tld, fbt_commit_transaction); 46 | } 47 | 48 | void _fini() { 49 | #if defined(DEBUG) && !defined(SILENT_STARTUP) 50 | llprintf("Stopping BT\n"); 51 | #endif /* DEBUG */ 52 | fbt_commit_transaction(); 53 | fbt_exit(tld); 54 | } 55 | -------------------------------------------------------------------------------- /test/secureloader/versioning/lib1.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include "lib1.h" 30 | 31 | int global1_1 = 1; 32 | int global1_2 = 2; 33 | int global1_3 = 3; 34 | asm(".symver global1_1, global1@VERS_1.0"); 35 | asm(".symver global1_2, global1@VERS_2.0"); 36 | asm(".symver global1_3, global1@@VERS_3.0"); 37 | 38 | 39 | int method1_1(int param) { 40 | return 1; 41 | } 42 | asm(".symver method1_1, method1@VERS_1.0"); 43 | 44 | int method1_2(int param, int flag) { 45 | return 2; 46 | } 47 | asm(".symver method1_2, method1@VERS_2.0"); 48 | 49 | /* Default version */ 50 | int method1_3(int param, int flag) { 51 | return 3; 52 | } 53 | asm(".symver method1_3, method1@@VERS_3.0"); 54 | 55 | int method1_4(int param, int flag) { 56 | return 4; 57 | } 58 | asm(".symver method1_4, method1@VERS_4.0"); 59 | 60 | int method2() { 61 | return 5; 62 | } 63 | -------------------------------------------------------------------------------- /test/secureloader/libc_basic/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | int main(int argc, char **argv, char **envp) { 34 | 35 | /* This tests the support for symbols of type STT_GNU_IFUNC */ 36 | char string[]="abc"; 37 | size_t len = strlen(string); 38 | 39 | /* 40 | char *path = getenv("_"); 41 | printf("path: %s \n", path); 42 | 43 | char *buf = malloc(256); 44 | readlink("/proc/self/exe", buf, 256); 45 | printf("path: %s \n", buf); 46 | 47 | char *buf2 = malloc(256); 48 | getcwd(buf2, 256); 49 | printf("cwd: %s \n", buf2); 50 | 51 | printf("argv: %s\n", argv[0]); 52 | */ 53 | 54 | if (len == 3) { 55 | printf("\nTest \"libc_basic\" successful.\n\n"); 56 | return 0; 57 | } else { 58 | printf("\nError: test \"libc_basic\" failed %d.\n\n", len); 59 | return 1; 60 | } 61 | } 62 | 63 | 64 | -------------------------------------------------------------------------------- /src/true.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file true.c 3 | * Entry point to the executable. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 23 | * MA 02110-1301, USA. 24 | */ 25 | 26 | #include "secureloader/sl_loader.h" 27 | #include "secureloader/sl_libc.h" 28 | 29 | /*asm ("_start: " 30 | "sub $4, %esp; " 31 | "jmp start");*/ 32 | 33 | /** 34 | * Entry point to the ELF executable. Prepare arguments and call sl_main. 35 | * @param argp Argument pointer 36 | */ 37 | void _start(/*long argc,*/ char *argp) { 38 | /* Get number of command line arguments */ 39 | long argc; 40 | asm volatile (/*"push %%ebp ;" 41 | "mov %%esp, %%ebp ;" 42 | "push %%ebx ;"*/ 43 | "movl 4(%%ebp), %%eax" 44 | : "=a" (argc)); 45 | 46 | /* Get pointer to arguments and environment variables (environment variables 47 | lie after arguments on the stack) and call main */ 48 | char **argv = &argp; 49 | char **envp = &argv[argc + 1]; 50 | char **aux = &argv[argc + 1]; 51 | Elf32_auxv_t *auxv; 52 | 53 | while(*aux++ != NULL); 54 | auxv = (Elf32_auxv_t *)aux; 55 | 56 | long ret = sl_main (argc, argv, envp, auxv); 57 | 58 | sl_exit(ret); 59 | } 60 | -------------------------------------------------------------------------------- /src/fastbt/fbt_trampoline.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_trampoline.h 3 | * Handles the generation of thread local trampolines for secure 4 | * code transitions and control flow transfers 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * 8 | * @author Mathias Payer 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | #ifndef FBT_TRAMPOLINE_H 32 | #define FBT_TRAMPOLINE_H 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | /* forward declare structs */ 39 | struct thread_local_data; 40 | 41 | /** 42 | * Initializes all thread local trampolines that are used for control flow 43 | * transfers and transfers to secure code. Pointers inside tld are updated and 44 | * will point to newly generated code. 45 | * @param tld pointer to thread local data 46 | */ 47 | void fbt_initialize_trampolines(struct thread_local_data *tld); 48 | 49 | #if defined(SHADOWSTACK_DEBUG) 50 | void fbt_shadowstack_debug_call(struct thread_local_data *tld, void *from, void *to); 51 | void fbt_shadowstack_debug_ret(struct thread_local_data *tld, void *from, void *to); 52 | #endif 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | #endif /* FBT_TRAMPOLINE_H */ 59 | -------------------------------------------------------------------------------- /src/secureloader/sl_so_chain.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_so_chain.h 3 | * Implements the global chain of loaded DSOs. 4 | * 5 | * Copyright (c) 2011 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | 30 | #ifndef SL_SO_CHAIN_H 31 | #define SL_SO_CHAIN_H 32 | 33 | 34 | /** 35 | * Searches in global chain for an shared object with the given name. 36 | * @param name name of shared object 37 | * @return dso 38 | */ 39 | dso *chain_search(const char *name); 40 | 41 | /** 42 | * Adds the given shared object to the chain. 43 | * @param so shared object to be added 44 | */ 45 | void chain_add(dso *so); 46 | 47 | /** 48 | * Removes the given shared object from the chain. 49 | * @param so shared object to be removed 50 | */ 51 | void chain_delete(dso *so); 52 | 53 | /** 54 | * Returns the DSO to which the given address belongs. 55 | * @param addr the address 56 | * @return dso on success, NULL otherwise 57 | */ 58 | dso *get_object_at(char *addr); 59 | 60 | /** 61 | * Helper function which prints all loaded shared objects. 62 | */ 63 | void print_loaded_objects(); 64 | 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /test/fastbt/sigsuspend/sigsuspend.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | void childDieHandler(int sig, siginfo_t *child_info, void *context); 8 | 9 | int 10 | main() 11 | { 12 | sigset_t blockMask, emptyMask; 13 | struct sigaction sa; 14 | 15 | bzero(&sa, sizeof(sa)); 16 | sa.sa_sigaction = childDieHandler; 17 | sigemptyset(&sa.sa_mask); 18 | sa.sa_flags = SA_SIGINFO; 19 | sigaction(SIGCHLD, &sa, NULL); 20 | 21 | setbuf(stdout, NULL); /* Disable buffering of stdout */ 22 | 23 | sigemptyset(&blockMask); 24 | sigaddset(&blockMask, SIGCHLD); 25 | if (sigprocmask(SIG_SETMASK, &blockMask, NULL) == -1) return 0; 26 | 27 | if(fork() == 0) { 28 | 29 | printf("child: forked.\n"); 30 | sleep(5); 31 | exit(0); 32 | 33 | } else { 34 | 35 | printf("parent waiting...\n"); 36 | sigemptyset(&emptyMask); 37 | sigsuspend(&emptyMask); 38 | printf("parent suspend over."); 39 | 40 | } 41 | 42 | printf("parent done\n"); 43 | return 0; 44 | } 45 | 46 | void childDieHandler(int sig, siginfo_t *child_info, void *context){ 47 | int status; 48 | pid_t childPid; 49 | /* 50 | while((childPid = waitpid(-1,&status, WNOHANG)) > 0) { 51 | int pid = (int) childPid; 52 | fprintf(logFile,"GP:*** PROCESS KILLED [pid %d]\n",pid); 53 | 54 | sigset_t set; 55 | sigpending(&set); 56 | if(sigismember(&set, SIGCHLD)){ 57 | fprintf(logFile, "GP: SIGCHLD is pending or blocked!!!!\n"); 58 | fflush(logFile); 59 | } 60 | 61 | fflush(logFile); 62 | 63 | // identify exited process and then restart it 64 | if(currentChildPid == childPid){ 65 | // kill any child 66 | system("killall child"); 67 | fprintf(logFile,"GP: Restarting parent process...\n"); 68 | fflush(logFile); 69 | startProcess("parent"); 70 | } 71 | 72 | } 73 | 74 | fprintf(logFile,"GP:End of childDieHandler()... [%d]\n\n",(int)childPid); 75 | fflush(logFile); 76 | */ 77 | 78 | printf("childDieHandler: SIGCHLD caught!\n"); 79 | 80 | } 81 | 82 | -------------------------------------------------------------------------------- /test/secureloader/relocations/lib1.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include "lib1.h" 29 | 30 | extern void func(); 31 | 32 | /* This adds an R_386_GLOB_DAT entry in the relocation section. 33 | This checks if the loader updates the GOT entry to point to 34 | the object in the application memory. */ 35 | int global = 42; 36 | 37 | /* This is only referenced in this library */ 38 | int local = 10; 39 | 40 | /* This adds an DT_INIT entry to the dynamic section, should 41 | be called after loading of shared library. */ 42 | void _init (void) { 43 | local = 9; 44 | } 45 | 46 | void _fini (void) { 47 | // TODO 48 | } 49 | 50 | const char *get_string (int param) { 51 | 52 | /* This adds an R_386_32 entry in the relocation section. Global2 53 | is defined in lib2. This checks if the loader updates the 54 | memory address. */ 55 | static int *p = &global2; 56 | *p = 42; 57 | 58 | func(); 59 | 60 | global3 = 42; 61 | 62 | if (global3 == 42 && global == 43 && local == 9) { 63 | const char *ret = method(global); 64 | 65 | return ret; 66 | } else { 67 | return "Error\n"; 68 | } 69 | } 70 | 71 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/lib_tls_dynamic.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib_tls_dynamic.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | /** 29 | * Tests the Initial Executable (IE) and General Dynamic (GD) access models. 30 | * 31 | * We do not need to test Local Dynamic (LD) because this produces just a 32 | * R_386_TLS_DTPMOD32 relocation which is tested with the GD model. Also we 33 | * do not need to test the Local Executable (LE) model, because this is 34 | * resolved by static linking. 35 | */ 36 | 37 | #include 38 | #include 39 | 40 | __thread int i_init=23; 41 | __thread int i; 42 | static __thread int static_1 = 123; 43 | static __thread int *pointer; 44 | 45 | 46 | void _init() { 47 | int p = 42; 48 | pointer = &p; 49 | 50 | if (*pointer != 42) 51 | return; 52 | 53 | /* This adds a R_386_TLS_DTPMOD32 without symbol information */ 54 | if (static_1 != 123) 55 | return; 56 | 57 | /* General Dynamic (GD) */ 58 | /* This adds R_386_TLS_DTPMOD32 and R_386_TLS_DTPOFF32 relocations */ 59 | if (i_init==23) 60 | i = 42; 61 | } 62 | 63 | int get_data () { 64 | if (i == 42) { 65 | return 123; 66 | } else { 67 | return 0; 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Hall of fame: 2 | ============= 3 | 4 | Mathias Payer 5 | * Project lead and coordinator 6 | * Worked on fastBT and trustBT since 2007 7 | * Implemented and authored most of the optimizations 8 | * Fast indirect jump and prediction 9 | * Fast indirect call and prediction 10 | * Adaptive combination of prediction and fast optimization 11 | * Return cache and fast return 12 | * Implemented the new disassembler component 13 | * Primary human debugger 14 | 15 | Antonio Barresi 16 | * Implemented the Lockdown CFI checks 17 | * Reorganization of the source code 18 | * Evaluation of the mechanism 19 | * Security measurements of the Lockdown mechanism 20 | 21 | 22 | Former developers: 23 | ------------------ 24 | Developers that worked on either fastBT, secuBT, or trustBT: 25 | fastBT and secuBT were merged into trustBT. libdetox is a reimplementation of 26 | the successful optimization concepts and security concepts of trustBT. The 27 | authors below helped with the implementation of the optimizations and security 28 | concepts of the proof of concept implementation. 29 | 30 | Antonio Barresi 31 | - Worked hard on the security extensions during his master thesis in 2009 32 | - Implemented trust component on top of BT and patched some security extensions 33 | - Implemented the first version of the shadow jumptable optimization 34 | 35 | Marcel Wirth 36 | - Worked hard on the BT during his semester thesis in 2007 and his master 37 | thesis in 2009 38 | - Worked on the first version of the BT without optimization during his 39 | semester thesis 40 | - Continued his work and added security extensions during his master thesis 41 | - Fixed lots and lots of bugs 42 | - Worked on some former optimizations 43 | 44 | Peter Suter 45 | - Used the BT for the GCC STM extension during his master thesis in 2008 46 | - Worked on the integration of the STM component and the BT into a modern 47 | optimizing compiler 48 | 49 | Stephan Classen 50 | - Worked on the BT during his master thesis in 2007 51 | - Used fastBT to implement a STM library 52 | - Tested early versions of fastBT and fixed lots of bugs 53 | - Authored the tableGenerator to generate STM tables that redirect all 54 | memory accessing instructions to an STM. 55 | -------------------------------------------------------------------------------- /src/fastbt/fbt_syscall.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_syscall.h 3 | * Handles the authorization of system calls. 4 | * 5 | * Copyright (c) 2011 ETH Zurich 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | 29 | #ifndef FBT_SYSCALL_H 30 | #define FBT_SYSCALL_H 31 | 32 | #if defined(AUTHORIZE_SYSCALLS) 33 | /* forward declare this struct */ 34 | struct thread_local_data; 35 | 36 | /** maximum amount of system calls that are supported. if the syscall number is 37 | higher then we abort the program */ 38 | #define MAX_SYSCALLS_TABLE 512 39 | 40 | /** 41 | * Initialize the system call tables used to authorize system calls. 42 | * Every system call passes through the thread local authorization table. 43 | * @param tld pointer to thread local data. 44 | */ 45 | void fbt_init_syscalls(struct thread_local_data *tld); 46 | #endif /* AUTHORIZE_SYSCALLS */ 47 | 48 | #if defined(HANDLE_SIGNALS) 49 | 50 | // TODO: move exports into other file 51 | #ifdef __cplusplus 52 | extern "C" { 53 | #endif 54 | 55 | // TODO: 56 | struct fbt_siginfo; 57 | void internal_sighandler(int signal, struct fbt_siginfo *siginfo, void *ucontext); 58 | void sighandler(int signal, struct fbt_siginfo *siginfo, void *ucontext); 59 | void fbt_bootstrap_thread(struct thread_local_data *tld); 60 | 61 | struct dl_phdr_info; 62 | 63 | #ifdef __cplusplus 64 | } 65 | #endif 66 | 67 | #endif /* HANDLE_SIGNALS */ 68 | 69 | #endif /* FBT_SYSCALL_H */ 70 | -------------------------------------------------------------------------------- /src/trueRTLD.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file trueRTLD.c 3 | * Entry point to the shared library. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 23 | * MA 02110-1301, USA. 24 | */ 25 | 26 | #include "secureloader/sl_loader.h" 27 | #include "secureloader/sl_libc.h" 28 | #include "fastbt/fbt_llio.h" 29 | #include 30 | 31 | /* TODO: correctly pass information to loader -> executable already loaded so no need to load! */ 32 | 33 | /** 34 | * Entry point to the ELF RTLD. Prepare arguments and call sl_mainRTLD. 35 | * @param argp Argument pointer 36 | */ 37 | void _entry(/*long argc,*/ char *argp) { 38 | /* Get number of command line arguments */ 39 | long argc; 40 | 41 | asm volatile (/*"push %%ebp ;" 42 | "mov %%esp, %%ebp ;" 43 | "push %%ebx ;"*/ 44 | "movl 4(%%ebp), %%eax" 45 | : "=a" (argc)); 46 | 47 | /* Get pointer to arguments and environment variables (environment variables 48 | lie after arguments on the stack) and call main */ 49 | char **argv = &argp; 50 | char **envp = &argv[argc + 1]; 51 | char **aux = &argv[argc + 1]; 52 | Elf32_auxv_t *auxv; 53 | //Elf32_auxv_t *auxv2; 54 | 55 | while(*aux++ != NULL); 56 | auxv = (Elf32_auxv_t *)aux; 57 | 58 | /* Note: this is how to print the auxiliary vector. */ 59 | /*auxv2 = auxv; 60 | for(; auxv2->a_type != AT_NULL; auxv2++) { 61 | sl_printf("a_type a_val = %d %x\n", auxv2->a_type, (unsigned int)auxv2->a_un.a_val); 62 | }*/ 63 | 64 | long ret = sl_mainRTLD(argc, argv, envp, auxv); 65 | 66 | sl_exit(ret); 67 | } 68 | -------------------------------------------------------------------------------- /src/secureloader/sl_map.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_map.h 3 | * Implements the loading of elf segments into memory. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | #ifndef SL_MAP_H 32 | #define SL_MAP_H 33 | 34 | #include "sl_datatypes.h" 35 | 36 | void set_page_protection (dso *so); 37 | 38 | /** 39 | * Maps the two LOAD segments into memory with the necessary alignment. 40 | * @param fd File descriptor of file to load 41 | * @param segs Program headers of the two segments 42 | * @param type Type of object (executable or shared object) 43 | * @param so The DSO the segment 44 | */ 45 | void map_segments (long fd, Elf32_Phdr *segs[2], Elf32_Half type, dso *so); 46 | 47 | /** 48 | * Check if the two LOAD segments were already mapped by the kernel. Do not map again. 49 | * @param fd File descriptor of file to load 50 | * @param segs Program headers of the two segments 51 | * @param type Type of object (executable or shared object) 52 | * @param so The DSO the segment 53 | * @param segs_auxv The program headers provided by the kernel 54 | */ 55 | void map_segments_RTLD (long fd, Elf32_Phdr *segs[2], Elf32_Half type, dso *so, Elf32_Phdr *segs_auxv[2]); 56 | 57 | /** 58 | * Unmaps all segments of the given DSO. 59 | * @param so The DSO to unmap 60 | */ 61 | void unmap_segments(dso *so); 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /src/secureloader/sl_libsearch.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_libsearch.h 3 | * Implements functions to search for needed shared libraries. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | 32 | #ifndef SL_LIBSEARCH_H 33 | #define SL_LIBSEARCH_H 34 | 35 | #include "sl_datatypes.h" 36 | 37 | long try_open_path(const char *name, long name_len, 38 | struct r_search_path_elem *search_paths, 39 | char **found_path); 40 | 41 | /** 42 | * Decomposes a path string of the form "/path1/:/path2/" and stores the 43 | * result in a r_search_path_elem struct. 44 | * @param path String containing the paths 45 | * @param where Object which contains the string 46 | * @param what Type of the search paths 47 | * @return struct r_search_path_elem 48 | */ 49 | struct r_search_path_elem *decompose_path(const char *path, const char *where, 50 | const char *what); 51 | 52 | /** 53 | * Searches for the library called name. 54 | * Returns a file descriptor and sets path if found. 55 | * @param loader Shared object which needs the library 56 | * @param name The name of the library 57 | * @param path Is set to the path where the library is found 58 | * @return file descriptor 59 | */ 60 | long search_lib(dso *loader, const char *name, char **path); 61 | 62 | #endif 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Lockdown README 2 | 3 | This is the first research prototype release of Lockdown. Lockdown is 4 | a run-time environment for x86 32bit ELF binaries that transparently 5 | hardens binary applications at run-time against the exploitation of 6 | memory corruption vulnerabilities. Lockdown implements a fine-grained 7 | CFI policy for jumps and calls. Return instructions are secured over 8 | a practical shadow stack. Furthermore Lockdown has its own ELF dynamic 9 | loader that loads ELF binaries (executables and shared libraries). 10 | 11 | Lockdown is a flavor of TRuE (Trusted Run-TimE) which itself is based 12 | on fastBT, secureLoader and libdetox. This release contains a snapshot 13 | of all these components including the configuration for Lockdown. 14 | 15 | 16 | ## Compatibility 17 | 18 | As a research prototype run-time for binaries, binary compatibility is 19 | not always guaranteed. Lockdown has its own ELF loader implementation 20 | that strongly depends on the libc in use. There are datastructures that 21 | are shared between the loader and libc. A productive implementation 22 | should make it easy to export this libc specific information such 23 | that all libc versions can easily be supported. 24 | This research prototype implementation further uses a small whitelist 25 | of control tranfers for some low-level run-time libraries. The whitelist 26 | is small and could easily be generated automatically. A productive 27 | implementation should do more static and dynamic analysis to also catch 28 | these transfers. 29 | This Lockdown version therefore will only work with the specific system 30 | it was tested with namely Ubuntu 12.04 for 32bit x86. 31 | 32 | Tested with Ubuntu 12.04.5 LTS (codename: precise) and gcc/g++ 4.6.3-1ubuntu5 33 | 34 | 35 | ## Build 36 | 37 | make all 38 | 39 | 40 | ## Run 41 | 42 | bin/trustedRT 43 | Example: "bin/trustedRT /bin/ls" or "bin/trustedRT /bin/nano" 44 | 45 | 46 | ## Build and run tests 47 | 48 | make test 49 | test/runtests.rb -runtime 50 | 51 | Note: you have to run the runtests.rb script from the top level 52 | directory (not within the test/ directory). 53 | 54 | 55 | ## References 56 | 57 | Fine-Grained Control-Flow Integrity through Binary Hardening 58 | Mathias Payer, Antonio Barresi, and Thomas R. Gross. 59 | In DIMVA'15: 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, 2015. 60 | https://nebelwelt.net/publications/files/15DIMVA.pdf 61 | See the [HexHive group homepage](http://nebelwelt.net/group) for publications and vidoes. 62 | -------------------------------------------------------------------------------- /src/libs/uilib.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file uilib.c 3 | * Interface to user interface. 4 | * 5 | * Copyright (c) 2014-2015 ETH Zurich 6 | * @author Antonio Barresi 7 | * 8 | * This program is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU General Public License 10 | * as published by the Free Software Foundation; either version 2 11 | * of the License, or (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 21 | * MA 02110-1301, USA. 22 | */ 23 | 24 | #ifdef ENABLE_UI_MESSAGES 25 | 26 | #include "uilib.h" 27 | #include "../fastbt/fbt_syscalls_impl.h" 28 | #include "../fastbt/fbt_llio.h" 29 | #include "../fastbt/fbt_libc.h" 30 | 31 | #define O_WRONLY 0x1 32 | #define FIFO "/tmp/trustedRT.fifo" 33 | 34 | int uifd = -1; 35 | 36 | void init_ui() { 37 | uifd = -1; 38 | fbt_open(FIFO, O_WRONLY, 0, uifd, "Could not open named pipe (init_ui: uilib.c)\n"); 39 | notify_ui(UI_NEW_PROCESS, "New process started."); 40 | } 41 | 42 | void new_lwp(int pid) { 43 | if(uifd > 0 && pid) { 44 | fllprintf(uifd, "NEW|%d|New process started.\n", pid); 45 | } 46 | } 47 | 48 | void notify_ui(int type, char* message) { 49 | int pid; 50 | fbt_getpid(pid, "Could not get process ID (notify_ui: uilib.c)\n"); 51 | 52 | if(uifd > 0 && pid) { 53 | switch(type) { 54 | case UI_MSG: 55 | fllprintf(uifd, "MSG|%d|%s\n", pid, message); 56 | break; 57 | case UI_NEW_PROCESS: 58 | fllprintf(uifd, "NEW|%d|%s\n", pid, message); 59 | break; 60 | case UI_CLEANUP_PROCESS: 61 | fllprintf(uifd, "CLEANUP|%d|%s\n", pid, message); 62 | break; 63 | case UI_RET_VIOLATION: 64 | fllprintf(uifd, "RETV|%d|%s\n", pid, message); 65 | break; 66 | case UI_JMP_VIOLATION: 67 | fllprintf(uifd, "JMPV|%d|%s\n", pid, message); 68 | break; 69 | case UI_CALL_VIOLATION: 70 | fllprintf(uifd, "CALLV|%d|%s\n", pid, message); 71 | break; 72 | } 73 | } 74 | } 75 | 76 | void cleanup_ui() { 77 | notify_ui(UI_CLEANUP_PROCESS, "Process cleanup."); 78 | int res; 79 | fbt_close(uifd, res, "Could not close named pipe (cleanup_ui: uilib.c)\n"); 80 | } 81 | 82 | #endif 83 | -------------------------------------------------------------------------------- /CHANGELOG: -------------------------------------------------------------------------------- 1 | libdetox 0.3 - 2010-12-10 2 | - Reimplementation of fastBT (removal of legacy code, reducing dependencies) 3 | - Clear memory management, no libC dependencies, no redundant includes, 4 | code is formatted and consistent, no more ugly 1k lines of ASM code 5 | - All indirect control flow transfers now use specific trampolines 6 | - Implemented separate stack for libdetox functions (stack of user program 7 | remains clean) 8 | - Easier verification, only effective and used optimizations are implemented. 9 | - Started implementation of x86_64 code 10 | - Added (many) test cases and uses gtest unit testing 11 | 12 | fastBT 0.2.1 - 2010-03-25 13 | - Fixed a bug in the opcode tables (added correct src operands for movs* and cmps*) 14 | - Fixup of includes (removed lots of <> includes and some "" includes) 15 | - Bugfixing of disassembler and low level output 16 | - Removed dependencies on libc printf, added buffering for faster output 17 | - Extended debugging information and output available (for binary analysis) 18 | - Reimplementation of lots of system calls and library functions in libc.c and libc.h 19 | * System calls are possible via int 80 and sysenter 20 | - Removed dependencies from the libC (str functions, sysconf, memcpy) 21 | - Reimplementation of some system calls to reduce libC dependencies (mmap, munmap) 22 | 23 | fastBT 0.2.0 - 2010-03-10 24 | - Removal of the bastard disassembler 25 | - Change of the layout of the translation table (added more auxiliary information) 26 | - Debugging mode includes dynamic code dumping and automatic disassembly using 27 | the same tables that are used for the translation process 28 | - Better documentation of the security features in the Makefile 29 | - Clearer structure and removal of dead code 30 | 31 | fastBT 0.1.0 - 2009-11-19 32 | - Lots of bug fixing and strengthening of the security features 33 | - Public release at 26c3 (26th chaos communication congress in Berlin) 34 | - Lots of new optimizations 35 | - Return cache and fast return 36 | - Optimizations for indirect calls and indirect jumps 37 | - Adaptive optimizations that first cache then redirect to fast lookup 38 | - Table optimizations 39 | 40 | fastBT 0.1.0pre2 - 2009-10-22 41 | - Lots of bug fixing 42 | - Some security extensions (NX enforcement, secuBT stuff) 43 | - Lots of new optimizations 44 | - Jumptable optimization 45 | - Fast return optimization 46 | - Special optimization for low-level functions to be independent from libC 47 | memory management 48 | - Special IO functions to be independent from libC (not reentrant) 49 | 50 | fastBT 0.1.0pre - 2009-05-31 51 | - Initial public release 52 | - Used bastard disassembler 53 | - Complete support for ia32 tables 54 | - Handle pthreads 55 | -------------------------------------------------------------------------------- /src/secureloader/sl_libdetox.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_libdetox.h 3 | * Communication with the libdetox framework. 4 | * Implements functions to load the libdetox library and supplies all 5 | * needed information for the control transfer checks. 6 | * 7 | * Copyright (c) 2011-2015 ETH Zurich 8 | * @author Tobias Hartmann 9 | * @author Mathias Payer 10 | * @author Antonio Barresi 11 | * 12 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 13 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 14 | * $LastChangedBy: payerm $ 15 | * $Revision: 1134 $ 16 | * 17 | * This program is free software; you can redistribute it and/or 18 | * modify it under the terms of the GNU General Public License 19 | * as published by the Free Software Foundation; either version 2 20 | * of the License, or (at your option) any later version. 21 | * 22 | * This program is distributed in the hope that it will be useful, 23 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 24 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 25 | * GNU General Public License for more details. 26 | * 27 | * You should have received a copy of the GNU General Public License 28 | * along with this program; if not, write to the Free Software 29 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 30 | * MA 02110-1301, USA. 31 | */ 32 | 33 | 34 | #ifndef SL_LIBDETOX_H 35 | #define SL_LIBDETOX_H 36 | 37 | #include "sl_datatypes.h" 38 | #include "fbt_datatypes.h" 39 | #include "fbt_dso.h" 40 | 41 | extern struct dso_chain *dso_chain; 42 | 43 | /** 44 | * Reads all necessary information and adds the given dynamic shared object to the 45 | * libdetox internal list of loaded DSOs. This is needed for the control flow 46 | * transfer checks. 47 | * If so = NULL, filebase points to the secuLoader itself. 48 | * @param so the dynamic shared object 49 | * @param filebase start address of file in memory 50 | */ 51 | void add_dso (dso *so, char *filebase); 52 | void add_vdso(Elf32_Ehdr *sysinfo_ehdr); 53 | 54 | /** 55 | * Removes the given DSO from the libdetox internal list of loaded DSOs. 56 | * @param so the DSO to remove 57 | */ 58 | void remove_dso (dso *so); 59 | 60 | /** 61 | * Checks if a call to the given addr is a plt call and if so resolves the address 62 | * in the destination DSO and returns it. If not the call addr is returned. 63 | * @param addr call destination 64 | * @return resolved addr if plt call, call addr otherwise 65 | */ 66 | unsigned long sl_resolve_plt_call(unsigned long addr, struct dso_chain *dso_objects); 67 | 68 | void init_loader_dso(Elf32_Ehdr * sysinfo_ehdr); 69 | 70 | #endif /* SL_LIBDETOX_H */ 71 | -------------------------------------------------------------------------------- /test/secureloader/versioning/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | 35 | #include "lib1.h" 36 | 37 | /* This checks if relocation resolving of right symbol version works*/ 38 | extern int global_old; 39 | extern int global; 40 | extern int global1; 41 | 42 | extern int method_old(int); 43 | extern int method(int, int); 44 | extern int method1(int, int); 45 | 46 | asm(".symver global_old, global1@VERS_1.0"); 47 | asm(".symver global, global1@VERS_2.0"); 48 | 49 | /* This checks if runtime resolving of right symbol version works */ 50 | asm(".symver method_old, method1@VERS_1.0"); 51 | asm(".symver method, method1@VERS_2.0"); 52 | 53 | int main(int argc, char **argv, char **envp) { 54 | 55 | void *handle; 56 | char *(*fh)(int, int); 57 | char *error; 58 | 59 | handle = dlopen ("", RTLD_LAZY); 60 | if (!handle) { 61 | fprintf (stderr, "%s\n", dlerror()); 62 | exit(1); 63 | } 64 | dlerror(); 65 | 66 | /* Lookup undefined symbol */ 67 | fh = dlsym(handle, "method1"); 68 | if ((error = dlerror()) != NULL) { 69 | fprintf (stderr, "%s\n", error); 70 | exit(1); 71 | } 72 | 73 | if (global_old == 1 74 | && global == 2 75 | && global1 == 3 76 | && method_old(1) == 1 77 | && method(1,2) == 2 78 | /* Default versions */ 79 | && method1(1,2) == 3 80 | && (long)fh(0,0) == 3) { 81 | printf("\nTest \"versioning\" successful.\n\n"); 82 | } else { 83 | printf("\nTest \"versioning\" failed.\n\n"); 84 | } 85 | 86 | return 0; 87 | } 88 | 89 | 90 | 91 | 92 | -------------------------------------------------------------------------------- /tableGenerator/include/table_generator.h: -------------------------------------------------------------------------------- 1 | #ifndef TABLE_GENERATOR_H 2 | #define TABLE_GENERATOR_H 3 | 4 | #include 5 | 6 | #include "i386_opcode.h" 7 | 8 | 9 | #define BUF_SIZE 20 10 | 11 | 12 | /** 13 | * Call back function type: 14 | * @param opcode is a byte buffer holding the opcode for which the action should be defined 15 | * @param disasmInfo is a struct with the informations of the disasm library 16 | * @param action is the current action which is inserted into the jump table. modify to change the action which is inserted 17 | * @return false if no more analysis functions should be called for this opcode 18 | */ 19 | typedef bool(*analysFunction)(const unsigned char* opcode, const instr& disasmInfo, std::string& action); 20 | 21 | 22 | /** 23 | * Adds an analysis function. The functions are called in the order they were added. 24 | * @param f is a function pointer to an analysis function 25 | */ 26 | void addAnalysFunction(analysFunction f); 27 | 28 | /** 29 | * Generates the opcode jump table 30 | * @param out is the stream where the generated file is outputted to 31 | * @param prefix is a string which is prepended to any variable in the generated output to preven name colisions 32 | */ 33 | void generateTables(std::ofstream& out, std::string prefix); 34 | 35 | 36 | /*****\ 37 | | *** | The following functions are ment to aied you in 38 | | *** | analyzing the disasm information for an opcode 39 | \*****/ 40 | 41 | /** 42 | * returns the size of the operand 43 | */ 44 | unsigned int operandSize(unsigned int operandFlags); 45 | 46 | /** 47 | * may this operand access memory 48 | */ 49 | bool mayOperandAccessMemory(unsigned int operandFlags); 50 | 51 | /** 52 | * may this operand access a register 53 | */ 54 | bool mayOperandAccessRegister(unsigned int operandFlags); 55 | 56 | /** 57 | * is this operand an immediate value 58 | */ 59 | bool isImmediateOperand(unsigned int operandFlags); 60 | 61 | /** 62 | * is this operand in the modRM byte 63 | */ 64 | bool isModRMOperand(unsigned int operandFlags); 65 | 66 | /** 67 | * is this operand implizitly given 68 | */ 69 | bool isImplizitOperand(unsigned int operandFlags); 70 | 71 | /** 72 | * is this operand read 73 | */ 74 | bool isReadOperand(unsigned int operandFlags); 75 | 76 | /** 77 | * is this operand written 78 | */ 79 | bool isWriteOperand(unsigned int operandFlags); 80 | 81 | /** 82 | * is this a push operand 83 | */ 84 | bool isPushOpcode(unsigned int opcodeFlags); 85 | 86 | /** 87 | * is this a pop operand 88 | */ 89 | bool isPopOpcode(unsigned int opcodeFlags); 90 | 91 | /** 92 | * is this an immediate memory address 93 | */ 94 | bool isImmediateMemAddr(unsigned int operandFlags); 95 | 96 | /** 97 | * is this a memory address which is given by a modRM field 98 | */ 99 | bool isMemAddrInModRM(unsigned int operandFlags); 100 | 101 | 102 | #endif 103 | -------------------------------------------------------------------------------- /src/secureloader/sl_load.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_load.h 3 | * Implements the loading of elf files. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | #ifndef SL_LOAD_H 32 | #define SL_LOAD_H 33 | 34 | #include 35 | #include "sl_datatypes.h" 36 | #include "fbt_libc.h" 37 | 38 | /** 39 | * Reads all necessary information from an elf file, loads it into 40 | * memory, does all the relocations and resolves all the dependencies to other 41 | * shared objects. 42 | * @param loader The loader of this file 43 | * @param name Name of the elf file 44 | * @param path Path to the elf file 45 | * @param fd File descriptor of file 46 | * @param rt_load 1 if file is loaded at runtime, 0 otherwise 47 | * @param rtld_mode 1 if PT_LOAD segments were already mapped by the kernel, 0 otherwise 48 | * @param auxv auxiliary vector provided by the kernel 49 | * @return struct shared_object 50 | */ 51 | dso *load_elf(dso *loader, const char *name, const char *path, long fd, 52 | unsigned char rt_load, unsigned int rtld_mode, Elf32_auxv_t *auxv); 53 | 54 | /** 55 | * Calls the fini functions of the given shared object, removes it from all 56 | * search scopes, unmaps the text and data segments and frees all memory. 57 | * @param so Shared object 58 | */ 59 | void unload_elf(dso *so); 60 | 61 | /** 62 | * Calls init functions of the shared object with the given parameters. 63 | * @param so The shared object 64 | * @param argc Number of arguments 65 | * @param argv Pointer to arguments 66 | * @param envp Pointer to environment variables 67 | */ 68 | void so_init(dso *so, long argc, char **argv, char **envp); 69 | 70 | /** 71 | * Calls fini functions of the given shared object. 72 | * @param so The shared object 73 | */ 74 | void so_fini(dso *so); 75 | 76 | uint32_t get_aux_value(Elf32_auxv_t *auxv_orig, uint32_t type); 77 | 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /test/secureloader/dynamic_loading/lib_tls.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib_tls.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | /** 29 | * Tests the Initial Executable (IE) and General Dynamic (GD) access models. 30 | * 31 | * We do not need to test Local Dynamic (LD) because this produces just a 32 | * R_386_TLS_DTPMOD32 relocation which is tested with the GD model. Also we 33 | * do not need to test the Local Executable (LE) model, because this is 34 | * resolved by static linking. 35 | */ 36 | 37 | #include 38 | #include 39 | 40 | __thread int i_init=66; 41 | __thread int i_init2=23; 42 | __thread int i; 43 | static __thread int static_1 = 123; 44 | static __thread int *pointer; 45 | 46 | void _init() { 47 | int *ip1, *ip2; 48 | int p = 42; 49 | pointer = &p; 50 | 51 | if (*pointer != 42) 52 | return; 53 | 54 | /* This adds a R_386_TLS_DTPMOD32 without symbol information */ 55 | if (static_1 != 123) 56 | return; 57 | 58 | /* This adds a R_386_TLS_TPOFF without symbol information */ 59 | asm ("movl %%gs:0,%0;" 60 | "addl static_2@gotntpoff(%%ebx),%0;" 61 | : "=r" (ip1)); 62 | /* This adds a R_386_TLS_TPOFF32 without symbol information */ 63 | asm ("movl %%gs:0,%0;" 64 | "subl static_3@gottpoff(%%ebx),%0;" 65 | : "=r" (ip2)); 66 | if (*ip1 != 456 || *ip2 != 789) 67 | return; 68 | 69 | 70 | /* General Dynamic (GD) */ 71 | /* This adds R_386_TLS_DTPMOD32 and R_386_TLS_DTPOFF32 relocations */ 72 | if (i_init2==23) 73 | i = 42; 74 | } 75 | 76 | 77 | int get_data () { 78 | int *ip1, *ip2; 79 | 80 | /* Initial Executable (LE) */ 81 | /* This adds a R_386_TLS_TPOFF32 relocation */ 82 | asm ("movl %%gs:0,%0;" 83 | "subl i_init@gottpoff(%%ebx),%0;" 84 | : "=r" (ip1)); 85 | /* This adds a R_386_TLS_TPOFF relocation */ 86 | asm ("movl %%gs:0,%0;" 87 | "addl i_init@gotntpoff(%%ebx),%0;" 88 | : "=r" (ip2)); 89 | 90 | if (*ip1 == 66 && *ip2 == 66) 91 | return i; 92 | else 93 | return 0; 94 | } 95 | -------------------------------------------------------------------------------- /src/fastbt/fbt_libc.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_libc.c 3 | * This file contains reimplementations of some library functions 4 | * to remove dependencies on these libs. 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | 30 | #include "fbt_libc.h" 31 | 32 | #include "fbt_llio.h" 33 | 34 | /* functions from string.h */ 35 | void *fbt_memcpy(void *dest, const void *src, int n) { 36 | int i; 37 | char *target = (char*)dest; 38 | char *source = (char*)src; 39 | for (i=0; i 0) { 101 | *ptr++ = val; 102 | } 103 | return dest; 104 | } 105 | -------------------------------------------------------------------------------- /src/fastbt/fbt_mutex.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_mutex.c 3 | * 4 | * Implementation of a futex-based mutex data structure 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | 30 | #include "fbt_datatypes.h" 31 | #include "fbt_mutex.h" 32 | #include "fbt_syscalls_impl.h" 33 | #include "fbt_libc.h" 34 | 35 | #include 36 | #include 37 | 38 | #define FUTEX_INVALID -1 39 | #define FUTEX_UNLOCKED 0 40 | #define FUTEX_LOCKED 1 41 | #define FUTEX_CONTENDED 2 42 | 43 | static long sys_futex(void *addr1, int op, int val1, void *timeout, void *addr2, int val3) 44 | { 45 | long res; 46 | _syscall6(futex, addr1, op, val1, timeout, addr2, val3, res); 47 | return res; 48 | } 49 | 50 | int fbt_mutex_init(fbt_mutex_t *futex) { 51 | *futex = FUTEX_UNLOCKED; 52 | return 0; 53 | } 54 | 55 | int fbt_mutex_lock(fbt_mutex_t *futex) { 56 | /* Try to lock */ 57 | fbt_mutex_t current = __sync_val_compare_and_swap(futex, FUTEX_UNLOCKED, FUTEX_LOCKED); 58 | if (current == FUTEX_UNLOCKED) { 59 | return 0; 60 | } 61 | 62 | if (current == FUTEX_LOCKED) { 63 | current = __sync_lock_test_and_set(futex, FUTEX_CONTENDED); 64 | } 65 | 66 | while (current != FUTEX_UNLOCKED) { 67 | sys_futex(futex, FUTEX_WAIT, FUTEX_CONTENDED, NULL, NULL, 0); 68 | current = __sync_lock_test_and_set(futex, FUTEX_CONTENDED); 69 | } 70 | 71 | return 0; 72 | } 73 | 74 | int fbt_mutex_trylock(fbt_mutex_t *futex) { 75 | int current = __sync_val_compare_and_swap(futex, FUTEX_UNLOCKED, FUTEX_LOCKED); 76 | if (current == FUTEX_UNLOCKED) { 77 | return 0; 78 | } 79 | return -1; 80 | } 81 | 82 | int fbt_mutex_unlock(fbt_mutex_t *futex) { 83 | if (*futex == FUTEX_CONTENDED) { 84 | *futex = FUTEX_UNLOCKED; 85 | } else if(__sync_lock_test_and_set(futex, FUTEX_UNLOCKED) == FUTEX_LOCKED) { 86 | return 0; 87 | } 88 | 89 | // Wake up a waiting thread 90 | sys_futex(futex, FUTEX_WAKE, FUTEX_LOCKED, NULL, NULL, 0); 91 | 92 | return 0; 93 | } 94 | 95 | int fbt_mutex_cleanup(fbt_mutex_t *futex) { 96 | *futex = FUTEX_INVALID; 97 | return 0; 98 | } 99 | 100 | -------------------------------------------------------------------------------- /DSL/src/objdump.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import re 4 | import subprocess 5 | 6 | from util import find_list, address_to_bytes 7 | 8 | class ObjdumpResult(object): 9 | def __init__(self, bytes, labels): 10 | self.bytes = bytes 11 | self.labels = labels 12 | self.code = {} 13 | self.variable_occurrences = None 14 | 15 | def system(s): 16 | p = subprocess.Popen(s, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 17 | 18 | result = p.wait() 19 | stdout, stderr = p.communicate() 20 | 21 | return (stdout, stderr, p.returncode) 22 | 23 | def objdump(path, variables): 24 | result = ObjdumpResult([], {}) 25 | 26 | # Handle labels 27 | stdout, stderr, resultcode = system('objdump -t "%s"' % path) 28 | if resultcode != 0: 29 | raise Exception("Error when running objdump: '%s'" % stderr) 30 | 31 | for line in stdout.splitlines(): 32 | cols = line.split('\t') 33 | if len(cols) != 2: 34 | continue 35 | 36 | l = cols[0].split() 37 | r = cols[1].split() 38 | 39 | section = l[-1] 40 | label_name = r[-1] 41 | offset = l[0] 42 | 43 | if section != '.text': 44 | continue 45 | 46 | result.labels[label_name] = int(offset, 16) 47 | 48 | # Handle machine code 49 | stdout, stderr, resultcode = system('objdump -d "%s"' % path) 50 | if resultcode != 0: 51 | raise Exception("Error when running objdump: '%s'" % stderr) 52 | 53 | section_marker = 'Disassembly of section (.*?):' 54 | 55 | section = None 56 | offset = None 57 | 58 | variable_occurrences = {} 59 | 60 | for line in stdout.split('\n'): 61 | line = line.strip() 62 | if len(line) == 0: 63 | continue 64 | 65 | m = re.match(section_marker, line) 66 | if m: 67 | section = m.groups()[0] 68 | elif section == '.text': 69 | m = re.match('([0-9a-f]+) <(.*?)>:', line) 70 | if m: 71 | #offset, label = m.groups() 72 | #offset = int(offset, 16) 73 | #assert label not in result.labels 74 | #result.labels[label] = offset 75 | continue 76 | 77 | columns = line.split('\t') 78 | if not (2 <= len(columns) <= 3) : 79 | raise Exception('Invalid line: %s' % columns) 80 | 81 | offset, instructions = columns[:2] 82 | if len(columns) == 3: 83 | result.code[int(offset.strip(':'), 16)] = columns[2] 84 | 85 | machine_code_bytes = instructions.strip().split(' ') 86 | 87 | result.bytes += machine_code_bytes 88 | else: 89 | pass 90 | 91 | result.variable_occurrences = variable_occurrences 92 | 93 | # TODO: do this only with the variables actually occurring in each instruction, to reduce chance for error 94 | # Find occurrences of variables in machine code 95 | for variable, magic in variables.iteritems(): 96 | for pos in find_list(result.bytes, address_to_bytes(magic)): 97 | variable_occurrences[variable] = variable_occurrences.get(variable, []) + [pos] 98 | 99 | return result 100 | -------------------------------------------------------------------------------- /src/fastbt/fbt_translate.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_translate.h 3 | * This module translates one code region and puts the result into the code 4 | * cache. 5 | * 6 | * Copyright (c) 2010 ETH Zurich 7 | * 8 | * @author Mathias Payer 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | #ifndef FBT_TRANSLATE_H 31 | #define FBT_TRANSLATE_H 32 | 33 | /* forward declare struct */ 34 | struct trampoline; 35 | struct translate; 36 | struct thread_local_data; 37 | 38 | /** Maximum size for a translated code block */ 39 | #define MAX_BLOCK_SIZE 512 40 | 41 | /** the translation can be in these states. */ 42 | enum translation_state { 43 | /** translation must not stop after this instruction but must continue */ 44 | OPEN, 45 | /** translation may stop after this instruction */ 46 | NEUTRAL, 47 | /** translation must stop after this instruction */ 48 | CLOSE, 49 | /** translation must stop after this instruction and fixup code must be 50 | inserted as if the instruction limit is reached */ 51 | CLOSE_GLUE 52 | }; 53 | 54 | /** Function definition for action functions. */ 55 | typedef enum translation_state (*actionFunP_t)(struct translate *ts); 56 | 57 | /** 58 | * Translate a given code region located at orig_address and put the 59 | * translated code fragment into the code cache. 60 | * Translates a translation unit without jumping to the translated code. 61 | * If the translation unit (TU) has already been translated and is in the 62 | * code cache, the function returns immediately. Otherwise, the TU is 63 | * translated first and stored in the code cache. 64 | * @param tld pointer to thread local data. 65 | * @param orig_address the address where the TU begins 66 | * @return pointer to the translated code that corresponds to this TU 67 | */ 68 | void *fbt_translate_noexecute(struct thread_local_data *tld, 69 | void *orig_address); 70 | 71 | /** 72 | * Disassembles one instruction and fills in all information into the 73 | * struct translate. 74 | * This function disassembles the current instruction at ts->next_instr and 75 | * retrieves the length of the instruction in bytes (including prefixes, opcode, 76 | * ptr, modR/M, SIB, and immediates) and the pointer to the function that shall 77 | * be used to handle this instruction. 78 | * @param ts pointer to translate struct. ts is changed to correspond to the 79 | * current instruction. 80 | */ 81 | void fbt_disasm_instr(struct translate *ts); 82 | 83 | #endif /* FBT_TRANSLATE_H */ 84 | -------------------------------------------------------------------------------- /src/secureloader/sl_libc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_libc.h 3 | * Reimplementations of some useful libc functions. 4 | * 5 | * Copyright (c) 2011 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | 30 | #ifndef SL_LIBC_H 31 | #define SL_LIBC_H 32 | 33 | #include 34 | #include "sl_datatypes.h" 35 | 36 | #define sl_printf(...) (sl_printf_ext(1, __VA_ARGS__)) 37 | 38 | 39 | void sl_exit(long mode); 40 | 41 | unsigned long sl_read(long fd, void *buf, unsigned long count); 42 | 43 | unsigned long sl_write(long fd, const void *buf, unsigned long count); 44 | 45 | long sl_creat(const char *filename, long mode); 46 | 47 | long sl_open(const char *filename, long flags); 48 | 49 | long sl_close(long fd); 50 | 51 | void *sl_mmap(void *addr, unsigned long len, long prot, long flags, long fd, 52 | unsigned long offset); 53 | 54 | long sl_munmap(void *start, unsigned long length); 55 | 56 | void *sl_malloc(unsigned long size); 57 | 58 | long sl_set_thread_area(struct user_desc *u_info); 59 | 60 | void sl_free(void *ptr, unsigned long size); 61 | 62 | void *sl_calloc(unsigned long nmemb, unsigned long size); 63 | 64 | long sl_mprotect(const void *addr, unsigned long len, long prot); 65 | 66 | long sl_fstat(long fd, struct kernel_stat *buf); 67 | 68 | long sl_readlink(const char *path, char *buf, long bufsize); 69 | 70 | long sl_setjmp(struct jump_buffer *buf); 71 | 72 | void sl_longjmp(struct jump_buffer *buf, long val); 73 | 74 | 75 | 76 | /* 77 | * ########################################### 78 | * THE FOLLOWING FUNCTIONS ARE FROM LIBDETOX 79 | * ########################################### 80 | */ 81 | 82 | void *sl_memcpy(void *dest, const void *src, long n); 83 | 84 | void *sl_memset(void *dest, long value, unsigned long num); 85 | 86 | char *sl_strncpy(char *dest, const char *src, long n); 87 | 88 | char *sl_strncat(char *dest, const char *src, unsigned long num); 89 | 90 | long sl_strnlen(const char *s, long maxlen); 91 | 92 | long sl_strncmp(const char *s1, const char *s2, long n); 93 | 94 | char *sl_strchr(const char *s, long character); 95 | 96 | char *sl_strrchr(const char *s, long character); 97 | 98 | long sl_printf_ext(long fd, const char *format, ...); 99 | 100 | long sl_printfva(long fd, const char *format, va_list app); 101 | 102 | 103 | #endif 104 | -------------------------------------------------------------------------------- /src/fastbt/fbt_llio.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_llio.h 3 | * Interface for low level IO (without any dependencies to libc). 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | #ifndef FBT_LLIO_H 31 | #define FBT_LLIO_H 32 | 33 | #if defined(DEBUG) 34 | #include 35 | #endif 36 | 37 | #ifdef ENABLE_UI_MESSAGES 38 | #include "../libs/uilib.h" 39 | #endif 40 | 41 | #define STDOUT_FILENO 1 42 | #define STDERR_FILENO 2 43 | 44 | /** 45 | * Print a string str to file descriptor fd. 46 | * This function is a replacement for (f)printf with verbatim printing of the 47 | * format string, i. e. no conversion specifications. 48 | * In effect, this is just a wrapper around the write(2) system call which 49 | * handles interrupted writes. 50 | * @param fd the target file descriptor 51 | * @param str the string to write 52 | * @return the number of characters written 53 | */ 54 | int fllwrite(int fd, const char* str); 55 | 56 | /** 57 | * Write a formatted string to the file descriptor fd (might use a buffer). 58 | * @param fd File descriptor that is written to. 59 | * @param format format string that is interpreted (including all varargs). 60 | * @return Number of bytes written. 61 | */ 62 | int fllprintf(int fd, const char *format, ...); 63 | 64 | #if defined(DEBUG) 65 | /** 66 | * Write a formatted string to the file descriptor fd (might use a buffer). Used 67 | * only during debugging. 68 | * @param fd File descriptor that is written to. 69 | * @param format format string that is interpreted (including all varargs). 70 | * @param ap List of var args. 71 | * @return Number of bytes written. 72 | */ 73 | int fllprintfva(int fd, const char* format, va_list ap); 74 | #endif 75 | 76 | #ifdef ENABLE_UI_MESSAGES 77 | 78 | /** macro to use fllprintf with stdout as file descriptor */ 79 | #define llprintf(...) fllprintf(uifd, __VA_ARGS__) 80 | /** macro to use fllprintf with stderr as file descriptor */ 81 | #define llprinterr(...) fllprintf(uifd, __VA_ARGS__) 82 | 83 | #else /* else ENABLE_UI_MESSAGES */ 84 | 85 | /** macro to use fllprintf with stdout as file descriptor */ 86 | #define llprintf(...) fllprintf(STDOUT_FILENO, __VA_ARGS__) 87 | /** macro to use fllprintf with stderr as file descriptor */ 88 | #define llprinterr(...) fllprintf(STDERR_FILENO, __VA_ARGS__) 89 | 90 | #endif /* ENABLE_UI_MESSAGES */ 91 | 92 | #endif /* FBT_LLIO_H */ 93 | -------------------------------------------------------------------------------- /src/fastbt/libfastbt.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file libfastbt.h 3 | * Interface to the binary translator which can be used from the outside. 4 | * 5 | * Copyright (c) 2011-2015 ETH Zurich 6 | * 7 | * @author Mathias Payer 8 | * @author Antonio Barresi 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | #ifndef LIBFASTBT_H 31 | #define LIBFASTBT_H 32 | 33 | #include "fbt_datatypes.h" 34 | 35 | #ifdef __cplusplus 36 | extern "C" { 37 | #endif 38 | 39 | #define LIBNAME "./lib/libfastbt.so.0.3.1" 40 | #define LIBLEN 26 /* length of LIBLEN+1 */ 41 | 42 | /** 43 | * Initialzes the binary translator. 44 | * Must be called once, before any other call to the binary translator 45 | * @param opcode_table user defined opcode table to be used instead of the 46 | * default table. If NULL is passed the default table is used. 47 | */ 48 | __attribute__((visibility("default"))) struct thread_local_data* 49 | fbt_init(struct ia32_opcode *opcode_table); 50 | 51 | /** 52 | * Shuts the BT down. 53 | * Must be called once for each thread. 54 | * @param tld pointer to thread local data 55 | */ 56 | __attribute__((visibility("default"))) void 57 | fbt_exit(struct thread_local_data *tld); 58 | 59 | /** 60 | * Initialize the transaction 61 | * @param tld pointer to thread local data 62 | * @param commit_function a function pointer to the function which indicates 63 | * end of transaction 64 | */ 65 | void fbt_transaction_init(struct thread_local_data *tld, 66 | void (*commit_function)()); 67 | 68 | /** 69 | * Start a transaction. 70 | * The tansaction stops when a call 'commit function' is reached 71 | * @param tld pointer to thread local data 72 | * @param commit_function a function pointer to the function which indicates the 73 | * end of the transaction 74 | */ 75 | __attribute__((visibility("default"))) void 76 | fbt_start_transaction(struct thread_local_data *tld, void (*commit_function)()); 77 | 78 | /** 79 | * Dummy function which can be used to pass to fbt_start_transaction 80 | */ 81 | __attribute__((visibility("default"))) void fbt_commit_transaction(); 82 | 83 | /** 84 | * Last function called in a transaction (right after finishing the 85 | * transaction). 86 | * The contents of this function are still executed in transactional mode but as 87 | * soon as this function returns we return to untranslated/unsandboxed code. 88 | */ 89 | __attribute__((visibility("default"))) void fbt_end_transaction(); 90 | 91 | #ifdef __cplusplus 92 | } 93 | #endif 94 | 95 | #endif /* LIBFASTBT_H */ 96 | -------------------------------------------------------------------------------- /src/fastbt/fbt_restart_transaction.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_restart_transaction.h 3 | * 4 | * Code dealing with restarting a transaction, which resets the 5 | * thread state such that translation starts anew. 6 | * 7 | * Copyright (c) 2011 ETH Zurich 8 | * @author Mathias Payer 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | 32 | #ifndef FBT_RESTART_TRANSACTION_H 33 | #define FBT_RESTART_TRANSACTION_H 34 | 35 | #include "fbt_datatypes.h" 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | #if defined(TRACK_CFTX) 42 | /** Restarts the transaction of the target tld. This ensures that the thread is halted 43 | so the code cache can be flushed */ 44 | int fbt_restart_transaction(struct thread_local_data *tld, struct thread_local_data *target); 45 | 46 | /** 47 | * Stores a control flow transfers using a relative jump (e.g. JMP, JE, ...) for 48 | * later reference. 49 | * 50 | * @param tld Thread local data 51 | * @param cft The control flow transfer to store. 52 | * 53 | * @see control_flow_transfer 54 | */ 55 | void fbt_store_cftx(struct thread_local_data *tld, struct control_flow_transfer *cft); 56 | 57 | 58 | /** 59 | * Interrupts all future control flow transfers by transfering to the trampoline 60 | * located at interruption_target instead. 61 | * 62 | * Control flow transfers captured include everything registered using 63 | * fbt_store_cftx and all jumps out of trampolines. The trampoline 64 | * will be able to access tld->interrupted_cft to retrieve the address 65 | * of the interrupted control flow transfer instruction. If the variale is set to 66 | * NULL, the interrupted instruction was a jump out of a trampoline and 67 | * tld->ind_target should be used instead. 68 | * 69 | * Note that this function will destroy the code cache as well as the trampolines 70 | * (reversible using fbt_fix_trampolines_after_interrupt_cftx). 71 | * 72 | * @param tld Thread local data 73 | * @param interruption_target Trampoline to get control after interrupting 74 | * a control flow transfer 75 | * @see fbt_store_cftx 76 | */ 77 | void fbt_interrupt_cftx(struct thread_local_data *tld, void *interruption_target); 78 | 79 | /** 80 | * Fixes destroyed trampolines after using fbt_interrupt_cftx 81 | * 82 | * @param tld Thread local data 83 | */ 84 | void fbt_fix_trampolines_after_interrupt_cftx(struct thread_local_data *tld); 85 | 86 | #endif /* TRACK_CFTX */ 87 | 88 | #ifdef __cplusplus 89 | } 90 | #endif 91 | 92 | 93 | #endif -------------------------------------------------------------------------------- /test/secureloader/tls_relocations/lib1.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | /** 29 | * Tests the Initial Executable (IE) and General Dynamic (GD) access models. 30 | * 31 | * We do not need to test Local Dynamic (LD) because this produces just a 32 | * R_386_TLS_DTPMOD32 relocation which is tested with the GD model. Also we 33 | * do not need to test the Local Executable (LE) model, because this is 34 | * resolved by static linking. 35 | */ 36 | 37 | #include 38 | #include 39 | 40 | #include "lib2.h" 41 | 42 | __thread int tmp = 1; 43 | __thread int i_init=66; 44 | __thread int i_init2=23; 45 | __thread int i; 46 | extern __thread int i2; 47 | static __thread int static_1 = 123; 48 | static __thread int static_2 = 456; 49 | static __thread int static_3 = 789; 50 | static __thread int *pointer; 51 | 52 | void _init() { 53 | /* This stops gcc from deleting it */ 54 | tmp++; 55 | static_2 = 456; 56 | static_3 = 789; 57 | 58 | int *ip1, *ip2; 59 | int p = 42; 60 | pointer = &p; 61 | 62 | if (*pointer != 42) 63 | return; 64 | 65 | /* This adds a R_386_TLS_DTPMOD32 without symbol information */ 66 | if (static_1 != 123) 67 | return; 68 | 69 | /* This adds a R_386_TLS_TPOFF without symbol information */ 70 | asm ("movl %%gs:0,%0;" 71 | "addl static_2@gotntpoff(%%ebx),%0;" 72 | : "=r" (ip1)); 73 | /* This adds a R_386_TLS_TPOFF32 without symbol information */ 74 | asm ("movl %%gs:0,%0;" 75 | "subl static_3@gottpoff(%%ebx),%0;" 76 | : "=r" (ip2)); 77 | if (*ip1 != 456 || *ip2 != 789) 78 | return; 79 | 80 | 81 | /* General Dynamic (GD) */ 82 | /* This adds R_386_TLS_DTPMOD32 and R_386_TLS_DTPOFF32 relocations */ 83 | if (i_init2==23) 84 | i = 42; 85 | 86 | i2 = 12; 87 | } 88 | 89 | 90 | int get_data () { 91 | int *ip1, *ip2; 92 | 93 | /* Initial Executable (LE) */ 94 | /* This adds a R_386_TLS_TPOFF32 relocation */ 95 | asm ("movl %%gs:0,%0;" 96 | "subl i_init@gottpoff(%%ebx),%0;" 97 | : "=r" (ip1)); 98 | /* This adds a R_386_TLS_TPOFF relocation */ 99 | asm ("movl %%gs:0,%0;" 100 | "addl i_init@gotntpoff(%%ebx),%0;" 101 | : "=r" (ip2)); 102 | 103 | if (*ip1 == 66 && *ip2 == 66) 104 | increment(); 105 | else 106 | printf("ERROR\n"); 107 | return i; 108 | } 109 | -------------------------------------------------------------------------------- /test/secureloader/threads/main.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file main.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include 31 | 32 | pthread_mutex_t count_mutex = PTHREAD_MUTEX_INITIALIZER; 33 | pthread_cond_t condition_var = PTHREAD_COND_INITIALIZER; 34 | 35 | void *functionCount1(); 36 | void *functionCount2(); 37 | int count = 0; 38 | #define COUNT_DONE 10 39 | #define COUNT_HALT1 3 40 | #define COUNT_HALT2 6 41 | 42 | pthread_key_t key; 43 | void *value; 44 | 45 | 46 | int main() { 47 | pthread_t thread1, thread2; 48 | 49 | /* key create without destructor */ 50 | pthread_key_create(&key, NULL); 51 | 52 | pthread_create(&thread1, NULL, &functionCount1, NULL); 53 | pthread_create(&thread2, NULL, &functionCount2, NULL); 54 | 55 | pthread_join(thread1, NULL); 56 | pthread_join(thread2, NULL); 57 | 58 | if (count == 10) { 59 | printf("\nTest \"threads\" successful.\n\n"); 60 | return 0; 61 | } else { 62 | printf("\nError test \"threads\" failed.\n\n"); 63 | return 1; 64 | } 65 | } 66 | 67 | 68 | // Write numbers 1-3 and 8-10 as permitted by functionCount2() 69 | void *functionCount1() { 70 | printf("\nThread 1 started.\n"); 71 | 72 | /* Set thread specific data */ 73 | pthread_setspecific(key, (void *) 12345); 74 | 75 | while(1) { 76 | pthread_mutex_lock(&count_mutex); 77 | 78 | pthread_cond_wait(&condition_var, &count_mutex); 79 | 80 | count++; 81 | 82 | pthread_mutex_unlock( &count_mutex ); 83 | 84 | if(count >= COUNT_DONE) { 85 | /* key previously created */ 86 | value = pthread_getspecific(key); 87 | if ((int)value != 12345) 88 | count = 0; 89 | 90 | return NULL; 91 | } 92 | } 93 | } 94 | 95 | // Write numbers 4-7 96 | void *functionCount2() { 97 | printf("\nThread 2 started.\n"); 98 | 99 | int ts = 6789; 100 | pthread_setspecific(key, (void *)&ts); 101 | 102 | while(1) { 103 | pthread_mutex_lock( &count_mutex ); 104 | 105 | if( count < COUNT_HALT1 || count > COUNT_HALT2 ) { 106 | pthread_cond_signal( &condition_var ); 107 | } else { 108 | count++; 109 | } 110 | 111 | pthread_mutex_unlock( &count_mutex ); 112 | 113 | if(count >= COUNT_DONE) { 114 | value = pthread_getspecific(key); 115 | int val = *((int *)value); 116 | if (val != 6789) 117 | count = 0; 118 | 119 | return NULL; 120 | } 121 | } 122 | } 123 | -------------------------------------------------------------------------------- /HISTORY.md: -------------------------------------------------------------------------------- 1 | # TRuE/Lockdown 2 | 3 | **TRuE/Lockdown** is a secure runtime environment that enables the safe execution of untrusted (but not 4 | malicious) code. Untrusted code (e.g., the Apache server) is dynamically analyzed and secured against 5 | different forms of control-flow based attacks like code injection, control-flow redirection, and return 6 | oriented programming. This fine-grained security layer detects attacks right when they happen (i.e., before the 7 | control flow is executed) and the program is terminated. A second layer of protection uses a system-call 8 | interposition layer to validate each executed system call against a vigorous system call policy. TRuE uses 9 | several components to both extract information from the application and to secure the application: 10 | 11 | * A **secure loader** replaces the standard loader (ld.so). The secure loader is a part of the trusted domain and 12 | extracts information about each used shared object (the executable and all loaded shared libraries). The 13 | information contains details about individual memory regions and the locations of symbols and relocation slots. 14 | Details about the secure loader are published in the TRuE paper. The information is then used in the binary 15 | translator to weave control flow checks into the translated application code. 16 | * **libdetox** is the virtualization system that separates user-space into two execution domains: the trusted 17 | sandbox domain that contains the binary translator and the untrusted application domain. The sandbox domain 18 | uses a separate stack from the application stack and makes sure that no pointers leak to the application. All 19 | application code is translated using the binary translator. In addition, all system calls are redirected from 20 | the application domain to the sandbox domain where they are handled (interposed, redirected, or executed). The 21 | libdetox system is published at VEE'11, 27c3'11, and 26c3'09. The binary translator is also extended with 22 | low-level domain specific aspect language that makes code generation easier, see DSAL'12 for more information. 23 | * The binary translator **fastBT** uses a table-based translation scheme and thread-local code caches to 24 | dynamically translate all application code. Trampolines are used to translate individual indirect control flow 25 | transfers (indirect jumps, indirect calls, and function returns). The translation tables cover the complete set 26 | of x86-ia32 instructions and a table generator can be used to specify high-level code transformations (the API 27 | is similar to PIN with the difference that fastBT offers the high-level API at compile time while PIN offers 28 | the API at runtime). fastBT is published at SYSTOR'10 and AMAS-BT'09. 29 | 30 | For a complete description and evaluation of TRuE look at Mathias Payer's PhD thesis. If you are interested in 31 | a quick overview watch the Google TechTalk for an overview of fastBT, or the 27c3 talk and the 26c3 talk for an 32 | overview of libdetox. See the [HexHive group homepage](http://nebelwelt.net/group) for publications and vidoes. 33 | 34 | TRuE has the following runtime requirements: a machine with an IA-32 (x86) CPU, a Linux kernel 2.6 or higher, 35 | and GCC version 4.2 or higher. You can download a given software package below, unpack it in a directory, read 36 | the INSTALL information, (optionally) adapt the translation tables, configure the optimizations (for both 37 | additional security and performance settings) and let it run. fastBT and libdetox both use LD_PRELOAD to inject 38 | the binary translator into the application while TRuE uses the secure loader to initialize the sandbox before 39 | the application is loaded. 40 | -------------------------------------------------------------------------------- /src/secureloader/sl_gscope.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_gscope.c 3 | * Implements the global search scope. All shared objects in this scope are 4 | * searched when resolving symbols. 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * @author Tobias Hartmann 8 | * @author Mathias Payer 9 | * 10 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 12 | * $LastChangedBy: payerm $ 13 | * $Revision: 1134 $ 14 | * 15 | * This program is free software; you can redistribute it and/or 16 | * modify it under the terms of the GNU General Public License 17 | * as published by the Free Software Foundation; either version 2 18 | * of the License, or (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License 26 | * along with this program; if not, write to the Free Software 27 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 28 | * MA 02110-1301, USA. 29 | */ 30 | 31 | 32 | #include "sl_gscope.h" 33 | #include "sl_datatypes.h" 34 | #include "sl_macros.h" 35 | #include "sl_libc.h" 36 | 37 | struct shared_object *gscope = 0; 38 | 39 | 40 | /** 41 | * Adds the given shared object to the global search scope. 42 | * @param so The shared object to add 43 | */ 44 | static void gscope_addl(struct shared_object *so) { 45 | if (gscope == 0) { 46 | /* First element in scope */ 47 | gscope = so; 48 | } else { 49 | /* Add to end of scope */ 50 | struct shared_object *last_so; 51 | for (last_so = gscope; last_so->gs_next != 0; last_so = last_so->gs_next); 52 | 53 | /* If memory protection is enabled, first unprotect last and new object and 54 | then add new object */ 55 | UNPROT(so); 56 | so->gs_prev = last_so; 57 | PROT(so); 58 | 59 | UNPROT(last_so); 60 | last_so->gs_next = so; 61 | PROT(last_so); 62 | } 63 | } 64 | 65 | 66 | void gscope_add_recursive(struct shared_object *so) { 67 | unsigned long i = 0; 68 | /* We have to add the objects in a breadth-first order! */ 69 | 70 | if (so) { 71 | /* If not already in scope, add object itself */ 72 | if (!so->gs_next && !so->gs_prev) { 73 | gscope_addl(so); 74 | } 75 | 76 | /* First add direct dependencies, if not already in scope */ 77 | for (i = 0; i < so->deps_count; ++i) { 78 | struct shared_object *dep = so->deps[i]; 79 | if (!dep->gs_next && !dep->gs_prev) { 80 | gscope_addl(dep); 81 | } 82 | } 83 | 84 | /* Now add dependencies resursively */ 85 | for (i = 0; i < so->deps_count; ++i) { 86 | gscope_add_recursive(so->deps[i]); 87 | } 88 | } 89 | } 90 | 91 | 92 | void gscope_remove(struct shared_object *so) { 93 | /* Unlink the object from the linked list. We have to be careful with memory 94 | protection.*/ 95 | if (so->gs_prev) { 96 | if (so->gs_next) { 97 | UNPROT(so->gs_next); 98 | so->gs_next->gs_prev = so->gs_prev; 99 | PROT(so->gs_next); 100 | } 101 | UNPROT(so->gs_prev); 102 | so->gs_prev->gs_next = so->gs_next; 103 | PROT(so->gs_prev); 104 | } else if (so->gs_next) { 105 | gscope = so->gs_next; 106 | UNPROT(so->gs_prev); 107 | so->gs_next->gs_prev = 0; 108 | PROT(so->gs_prev); 109 | } 110 | } 111 | 112 | -------------------------------------------------------------------------------- /src/secureloader/sl_so_chain.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_so_chain.c 3 | * Implements the global chain of loaded DSOs. 4 | * 5 | * Copyright (c) 2011 ETH Zurich 6 | * @author Tobias Hartmann 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | 30 | #include "sl_libc.h" 31 | #include "sl_so_chain.h" 32 | #include "sl_macros.h" 33 | #include "sl_datatypes.h" 34 | 35 | /* The chain of loaded DSOs */ 36 | dso *so_chain; 37 | 38 | 39 | dso *chain_search(const char *name) { 40 | dso *so; 41 | 42 | /* Iterate over all loaded DSOs and compare name */ 43 | for (so=so_chain; so!=0; so=so->next) { 44 | if (sl_strncmp(name, so->name, MAX_LIB_NAME) == 0) { 45 | return so; 46 | } 47 | } 48 | return 0; 49 | } 50 | 51 | 52 | void chain_add(dso *so) { 53 | if (so_chain == 0) { 54 | /* First element */ 55 | so_chain = so; 56 | } else { 57 | /* Go to last element */ 58 | dso *last; 59 | for (last=so_chain; last->next!=0; last=last->next); 60 | 61 | /* Insert after last element and reprotect */ 62 | so->prev = last; 63 | UNPROT(last); 64 | last->next = so; 65 | PROT(last); 66 | } 67 | } 68 | 69 | 70 | void chain_delete(dso *so) { 71 | if (so->prev) { 72 | /* Not first element */ 73 | if (so->next) { 74 | /* Not last element */ 75 | UNPROT(so->next); 76 | so->next->prev = so->prev; 77 | PROT(so->next); 78 | } 79 | UNPROT(so->prev); 80 | so->prev->next = so->next; 81 | PROT(so->prev); 82 | } else if (so->next) { 83 | /* First element */ 84 | so_chain = so->next; 85 | UNPROT(so->next); 86 | so->next->prev = 0; 87 | PROT(so->next); 88 | } 89 | } 90 | 91 | 92 | void print_loaded_objects() { 93 | dso *so; 94 | 95 | /* Iterate over all loaded DSOs */ 96 | for (so = so_chain; so != 0; so = so->next) { 97 | /* Print information about object and direct dependencies */ 98 | sl_printf("%s, Base: %p End: %p Ref_count %d \n", so->name, so->base_addr, 99 | so->end_addr, so->ref_count); 100 | long i = 0; 101 | if (so->deps_count != 0) { 102 | sl_printf("Dependencies: "); 103 | sl_printf("[%s]", so->deps[i]->name); 104 | 105 | for (i = 1; ideps_count; ++i){ 106 | sl_printf(", [%s]", so->deps[i]->name); 107 | } 108 | sl_printf("\n\n"); 109 | } 110 | } 111 | } 112 | 113 | 114 | dso *get_object_at(char *addr) { 115 | dso *so; 116 | /* Get DSO for which addr is inside memory block */ 117 | for (so = so_chain; so != 0; so = so->next) { 118 | if ((char *)so->text_addr <= addr && addr <= (char *)so->end_addr) { 119 | return so; 120 | } 121 | } 122 | return 0; 123 | } 124 | 125 | -------------------------------------------------------------------------------- /src/secureloader/sl_tls.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sl_tls.h 3 | * Implementation of methods needed for static and dynamic Thread Local Storage 4 | * (TLS). Static tls is composed of all TLS blocks that are available at 5 | * process startup. For DSOs loaded after process startup, only dynamic tls 6 | * is allowed. 7 | * 8 | * Copyright (c) 2011-2015 ETH Zurich 9 | * @author Tobias Hartmann 10 | * @author Mathias Payer 11 | * @author Antonio Barresi 12 | * 13 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 14 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 15 | * $LastChangedBy: payerm $ 16 | * $Revision: 1134 $ 17 | * 18 | * This program is free software; you can redistribute it and/or 19 | * modify it under the terms of the GNU General Public License 20 | * as published by the Free Software Foundation; either version 2 21 | * of the License, or (at your option) any later version. 22 | * 23 | * This program is distributed in the hope that it will be useful, 24 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 25 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 26 | * GNU General Public License for more details. 27 | * 28 | * You should have received a copy of the GNU General Public License 29 | * along with this program; if not, write to the Free Software 30 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 31 | * MA 02110-1301, USA. 32 | */ 33 | 34 | #ifndef SL_TLS_H 35 | #define SL_TLS_H 36 | 37 | #include "sl_macros.h" 38 | #include "sl_datatypes.h" 39 | 40 | /** 41 | * Syscall trampoline to int80. 42 | */ 43 | void sysinfo_int80 (); 44 | 45 | /* Global loader-specific data (read/write) */ 46 | extern struct rtld_global *rtld_glob; 47 | 48 | /* Global loader-specific data (readonly) */ 49 | extern struct rtld_global_ro *rtld_glob_ro; 50 | 51 | /** 52 | * Sets up the tls data structures for all objects loaded at startup. 53 | * @return pointer to the thread control block (tcb) 54 | */ 55 | thread_control_block *setup_tls(); 56 | 57 | /** 58 | * Adds the given shared object containing tls to the slotinfo list. May 59 | * increase its size. 60 | * @param so Shared object to be added 61 | */ 62 | void add_to_slotinfo (dso *so); 63 | 64 | 65 | /* --- Exported functions --- */ 66 | 67 | /** 68 | * Allocates memory for the dtv, maps tls init image for all loaded objects 69 | * and sets up dtv. 70 | * @param tcb Thread Control Block 71 | * @return pointer to the tcb 72 | */ 73 | void *allocate_tls(void *tcb) REG_ARGS(1); 74 | 75 | /** 76 | * Maps the tls init image for all loaded objects and sets up the dynamic 77 | * thread vector (dtv). 78 | * @param tcb Thread Control Block 79 | * @return pointer to the tcb 80 | */ 81 | void *allocate_tls_init(void *tcb) REG_ARGS(1); 82 | 83 | /** 84 | * Get size and alignment of static tls block. 85 | * @param sizep Size of the block 86 | * @param alignp Alignment of the block 87 | */ 88 | void get_tls_static_info(unsigned long *sizep, unsigned long *alignp) 89 | REG_ARGS(2); 90 | 91 | /** 92 | * Determines the thread-specific address of a tls variable. 93 | * @param ti Struct containing module and offset of variable 94 | * @return address of tls variable 95 | */ 96 | void *tls_get_addr(struct tls_index *ti) REG_ARGS(1); 97 | 98 | /** 99 | * Free all tls for the given thread. 100 | * @param tcb Thread Control Block 101 | * @param dealloc_tcb 1 if tcb should be freed, 0 otherwise 102 | */ 103 | void deallocate_tls(void *tcb, unsigned long dealloc_tcb) REG_ARGS(2); 104 | 105 | /** 106 | * This function is not implemented. 107 | */ 108 | void *tls_get_addr_2(struct tls_index *ti); 109 | 110 | /** 111 | * This function is not implemented. 112 | */ 113 | long tls_setup(void); 114 | 115 | #endif 116 | -------------------------------------------------------------------------------- /test/secureloader/lib_resolve/lib1.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file lib1.c 3 | * 4 | * Copyright (c) 2011 ETH Zurich 5 | * @author Tobias Hartmann 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include "lib1.h" 34 | 35 | int m_called = 0; 36 | int global = 33; 37 | 38 | void method() { 39 | m_called = 1; 40 | } 41 | 42 | char* test(char *lib_path) { 43 | void *handle; 44 | void *global_handle; 45 | char *(*fh)(); 46 | char *error; 47 | 48 | char *lib2 = malloc(256); 49 | int len = strnlen(lib_path, 256)-4; 50 | strncpy(lib2, lib_path, len); 51 | lib2[len] = '\0'; 52 | strcat(lib2, "lib2.so"); 53 | 54 | /* Open lib2 in local scope */ 55 | handle = dlopen (lib2, RTLD_LAZY|RTLD_LOCAL); 56 | if (!handle) { 57 | fprintf (stderr, "%s\n", dlerror()); 58 | exit(1); 59 | } 60 | dlerror(); 61 | 62 | /* Lookup defined symbols */ 63 | fh = dlsym(handle, "lib2_go"); 64 | if ((error = dlerror()) != NULL) { 65 | fprintf (stderr, "%s\n", error); 66 | exit(1); 67 | } 68 | fh(); 69 | fh = dlsym(handle, "lib3_go"); 70 | if ((error = dlerror()) != NULL) { 71 | fprintf (stderr, "%s\n", error); 72 | exit(1); 73 | } 74 | fh(); 75 | 76 | /* This should fail, because we only search in 77 | local scope */ 78 | fh = dlsym(handle, "main"); 79 | if (dlerror() == NULL) { 80 | printf("Error: main found in local scope\n"); 81 | exit(1); 82 | } 83 | 84 | /* Check if method called */ 85 | if (!m_called) { 86 | printf("Error: method in lib1 not called\n"); 87 | exit(1); 88 | } 89 | 90 | /* Get handle to global scope */ 91 | global_handle = dlopen ("", RTLD_LAZY); 92 | if (!handle) { 93 | fprintf (stderr, "%s\n", dlerror()); 94 | exit(1); 95 | } 96 | dlerror(); 97 | 98 | /* This should fail, because lib2 is NOT 99 | in global scope! */ 100 | fh = dlsym(global_handle, "lib2_go"); 101 | if (dlerror() == NULL) { 102 | printf("Error: lib2 is in global scope\n"); 103 | exit(1); 104 | } 105 | dlclose(handle); 106 | 107 | /* Now open lib2 in global scope */ 108 | handle = dlopen (lib2, RTLD_LAZY|RTLD_GLOBAL); 109 | if (!handle) { 110 | fprintf (stderr, "%s\n", dlerror()); 111 | exit(1); 112 | } 113 | dlerror(); 114 | 115 | /* These should pass, because lib2 is now 116 | in global scope! */ 117 | fh = dlsym(global_handle, "lib2_go"); 118 | if ((error = dlerror()) != NULL) { 119 | fprintf (stderr, "%s\n", error); 120 | exit(1); 121 | } 122 | fh = dlsym(global_handle, "lib3_go"); 123 | 124 | if ((error = dlerror()) != NULL) { 125 | fprintf (stderr, "%s\n", error); 126 | exit(1); 127 | } 128 | 129 | dlclose(handle); 130 | dlclose(global_handle); 131 | 132 | return "\nTest \"lib resolve\" successful.\n"; 133 | } 134 | -------------------------------------------------------------------------------- /src/fastbt/fbt_debug.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_debug.h 3 | * This handles the debug output that can be customized in the Makefile 4 | * 5 | * IMPORTANT: 6 | * - The macro START_DEBUG and START_DUMP must be called before any 7 | * call to PRINT_* or DUMP_* respectively, otherwise the program 8 | * will fail. 9 | * - The macro STOP_DEBUG and STOP_DUMP clean up the data structure 10 | * after calling one of these macros the corresponding debugging 11 | * features must not be called anymore otherwise the program will 12 | * abort. 13 | * 14 | * WARNING: concerns DEBUG_FUNCTION_{START,END} and DEBUG_PRINT_N 15 | * - Everything_ written on the same line after one of the above 16 | * macros will be ignored! 17 | * - output is written to file (i.e. debug.txt) 18 | * - macros are thread safe 19 | * 20 | * Copyright (c) 2011 ETH Zurich 21 | * @author Mathias Payer 22 | * 23 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 24 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 25 | * $LastChangedBy: payerm $ 26 | * $Revision: 1134 $ 27 | * 28 | * This program is free software; you can redistribute it and/or 29 | * modify it under the terms of the GNU General Public License 30 | * as published by the Free Software Foundation; either version 2 31 | * of the License, or (at your option) any later version. 32 | * 33 | * This program is distributed in the hope that it will be useful, 34 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 35 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 36 | * GNU General Public License for more details. 37 | * 38 | * You should have received a copy of the GNU General Public License 39 | * along with this program; if not, write to the Free Software 40 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 41 | * MA 02110-1301, USA. 42 | */ 43 | 44 | #ifndef FBT_DEBUG_H 45 | #define FBT_DEBUG_H 46 | 47 | #ifdef __cplusplus 48 | extern "C" { 49 | #endif 50 | 51 | #ifdef DEBUG 52 | /* forward declare translate_t */ 53 | struct translate; 54 | 55 | /* use debug */ 56 | void debug_start(); 57 | void debug_end(); 58 | void debug_print_function_start(char *str, ...); 59 | void debug_print_function_end(char *str, ...); 60 | /* print a debug string with indentation */ 61 | void debug_print(char *str, ...); 62 | char* debug_memdump(unsigned char *addr, unsigned int n); 63 | 64 | #define DEBUG_START() debug_start() 65 | #define DEBUG_END() debug_end() 66 | #define PRINT_DEBUG(...) debug_print(__VA_ARGS__) 67 | #define PRINT_DEBUG_FUNCTION_START(...) debug_print_function_start(__VA_ARGS__) 68 | #define PRINT_DEBUG_FUNCTION_END(...) debug_print_function_end(__VA_ARGS__) 69 | #define MEMDUMP(addr, n) debug_memdump(addr, n) 70 | 71 | /* todo remove */ 72 | char* printnbytes(unsigned char *addr, unsigned int n); 73 | #else 74 | /* no debug */ 75 | #define DEBUG_START() 76 | #define DEBUG_END() 77 | #define PRINT_DEBUG(...) 78 | #define PRINT_DEBUG_FUNCTION_START(...) 79 | #define PRINT_DEBUG_FUNCTION_END(...) 80 | #define MEMDUMP(...) 81 | #endif 82 | 83 | #ifdef DUMP_GENERATED_CODE 84 | /* dump generated code */ 85 | void debug_dump_start(); 86 | void debug_dump_end(); 87 | void debug_dump_code(struct translate *ts, int instr_len, int transl_len); 88 | void debug_dump_jmptable(char *orig_addr, char *transl_addr); 89 | #define DUMP_START() debug_dump_start() 90 | #define DUMP_END() debug_dump_end() 91 | #define DUMP_CODE(ts, instr_len, transl_len) \ 92 | debug_dump_code(ts, instr_len, transl_len) 93 | #define DUMP_JMP_TABLE_ENTRY(org_addr, transl_addr) \ 94 | debug_dump_jmptable(org_addr, transl_addr) 95 | #else 96 | /* do not dump generated code */ 97 | #define DUMP_START() 98 | #define DUMP_END() 99 | #define DUMP_CODE(ts, instr_len, transl_len) 100 | #define DUMP_JMP_TABLE_ENTRY(org_addr, transl_addr) 101 | #endif 102 | 103 | #ifdef __cplusplus 104 | } 105 | #endif 106 | 107 | #endif /* FBT_DEBUG_H */ 108 | -------------------------------------------------------------------------------- /tableGenerator/src/instr_analyse_helpers.cpp: -------------------------------------------------------------------------------- 1 | #include "table_generator.h" 2 | 3 | /* 4 | * A lot of helper functions which should ease the use of the table generator 5 | * see "table_generator.h" for documentation of the following functions 6 | * 7 | * feel free to add more functions if you think they might be handy 8 | */ 9 | 10 | bool mayOperandAccessMemory (unsigned int operandFlags) { 11 | switch (operandFlags & OP_ADDRM_MASK) { 12 | case ADDRM_A: 13 | case ADDRM_E: 14 | case ADDRM_J: 15 | case ADDRM_M: 16 | case ADDRM_O: 17 | case ADDRM_Q: 18 | case ADDRM_W: 19 | case ADDRM_X: 20 | case ADDRM_Y: 21 | return true; 22 | } 23 | 24 | return false; 25 | } 26 | 27 | 28 | bool mayOperandAccessRegister (unsigned int operandFlags) { 29 | switch (operandFlags & OP_ADDRM_MASK) { 30 | case ADDRM_C: 31 | case ADDRM_D: 32 | case ADDRM_E: 33 | case ADDRM_G: 34 | case ADDRM_N: 35 | case ADDRM_P: 36 | case ADDRM_Q: 37 | case ADDRM_R: 38 | case ADDRM_S: 39 | case ADDRM_U: 40 | case ADDRM_V: 41 | case ADDRM_W: 42 | return true; 43 | } 44 | 45 | if ((operandFlags & IMPL) != 0) { 46 | return true; 47 | } 48 | 49 | return false; 50 | } 51 | 52 | 53 | bool isModRMOperand (unsigned int operandFlags) { 54 | 55 | switch (operandFlags & OP_ADDRM_MASK) { 56 | case ADDRM_C: 57 | case ADDRM_D: 58 | case ADDRM_E: 59 | case ADDRM_G: 60 | case ADDRM_M: 61 | case ADDRM_N: 62 | case ADDRM_P: 63 | case ADDRM_Q: 64 | case ADDRM_R: 65 | case ADDRM_S: 66 | case ADDRM_U: 67 | case ADDRM_V: 68 | case ADDRM_W: 69 | return true; 70 | } 71 | 72 | return false; 73 | } 74 | 75 | 76 | bool isImmediateOperand (unsigned int operandFlags) { 77 | 78 | switch (operandFlags & OP_ADDRM_MASK) { 79 | case ADDRM_A: 80 | case ADDRM_I: 81 | case ADDRM_J: 82 | case ADDRM_O: 83 | return true; 84 | } 85 | 86 | return false; 87 | } 88 | 89 | 90 | bool isImplizitOperand (unsigned int operandFlags) { 91 | 92 | switch (operandFlags & OP_SPECIAL_MASK) { 93 | case IMPL: 94 | case CONST: 95 | return true; 96 | } 97 | 98 | return false; 99 | } 100 | 101 | 102 | bool isReadOperand (unsigned int operandFlags) { 103 | return operandFlags & READ; 104 | } 105 | 106 | 107 | bool isWriteOperand (unsigned int operandFlags) { 108 | return operandFlags & WRITE; 109 | } 110 | 111 | unsigned int operandSize (unsigned int operandFlags) { 112 | switch (operandFlags & OPT_MASK) { 113 | case OPT_b: 114 | return 1; 115 | case OPT_c: 116 | case OPT_w: 117 | return 2; 118 | case OPT_a: 119 | case OPT_d: 120 | case OPT_si: 121 | case OPT_v: 122 | case OPT_z: 123 | case OPT_fs: 124 | return 4; 125 | case OPT_p: 126 | return 6; 127 | case OPT_pi: 128 | case OPT_q: 129 | case OPT_fd: 130 | return 8; 131 | case OPT_s: 132 | case OPT_fe: 133 | case OPT_fp: 134 | return 10; 135 | case OPT_dq: 136 | case OPT_ps: 137 | case OPT_pd: 138 | case OPT_ss: 139 | case OPT_sd: 140 | return 16; 141 | case OPT_fv: 142 | return 28; 143 | case OPT_fst: 144 | return 108; 145 | } 146 | return 0; 147 | } 148 | 149 | 150 | bool isPushOpcode (unsigned int opcodeFlags) { 151 | switch (opcodeFlags & INS_TYPE_MASK) { 152 | case PUSH: 153 | case PUSHREGS: 154 | case PUSHFLAGS: 155 | case ENTER: 156 | return true; 157 | } 158 | return false; 159 | } 160 | 161 | 162 | bool isPopOpcode (unsigned int opcodeFlags) { 163 | switch (opcodeFlags & INS_TYPE_MASK) { 164 | case POP: 165 | case POPREGS: 166 | case POPFLAGS: 167 | case LEAVE: 168 | return true; 169 | } 170 | return false; 171 | } 172 | 173 | 174 | bool isImmediateMemAddr (unsigned int operandFlags) 175 | { 176 | return mayOperandAccessMemory(operandFlags) && isImmediateOperand(operandFlags); 177 | } 178 | 179 | 180 | bool isMemAddrInModRM (unsigned int operandFlags) 181 | { 182 | return mayOperandAccessMemory(operandFlags) && isModRMOperand(operandFlags); 183 | } 184 | 185 | 186 | 187 | -------------------------------------------------------------------------------- /src/fastbt/fbt_mem_pool.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_mem_pool.h 3 | * Implementation of memory pools for fine-grained memory management 4 | * 5 | * Copyright (c) 2011 ETH Zurich 6 | * @author Mathias Payer 7 | * 8 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 9 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedBy: payerm $ 11 | * $Revision: 1134 $ 12 | * 13 | * This program is free software; you can redistribute it and/or 14 | * modify it under the terms of the GNU General Public License 15 | * as published by the Free Software Foundation; either version 2 16 | * of the License, or (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program; if not, write to the Free Software 25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 26 | * MA 02110-1301, USA. 27 | */ 28 | #ifndef FBT_MEM_POOL_H 29 | #define FBT_MEM_POOL_H 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | #include "fbt_datatypes.h" 36 | 37 | struct mem_pool_info; 38 | struct mem_pool; 39 | 40 | /** Initializes a memory pool at the location pointed to by mp 41 | * 42 | * @param mp The memory pool to initialize. Must have allocation_size 43 | * and flags already initialized. 44 | */ 45 | void fbt_mem_pool_init(struct mem_pool *mp); 46 | 47 | /** Initializes a memory pool with the settings in mp, but 48 | * bootstraps the memory pool to use memory from itself to store 49 | * a copy of the mem_pool structure. 50 | * 51 | * This function allows the creation of bootstrapped memory pools from 52 | * e.g. stack memory that will then be completely removed when being 53 | * freed using fbt_mem_pool_free 54 | * 55 | * @param mp Temporary memory pool settings that will be used for the boostrapped 56 | * memory pool 57 | * @return Pointer to the memory pool descriptor in memory allocated within 58 | * the same memory pool 59 | */ 60 | struct mem_pool *fbt_mem_pool_bootstrap(struct mem_pool *mp); 61 | 62 | /** Allocates a chunk of memory 63 | * 64 | * @param size Number of bytes to allocate 65 | * @return Pointer to the start of memory region 66 | */ 67 | void *fbt_mem_pool_allocate(struct mem_pool *mp, unsigned long size); 68 | 69 | /** Frees a thread pool with all its allocated pages */ 70 | void fbt_mem_pool_free(struct mem_pool *mp); 71 | 72 | /** A memory pool allows allocating of memory chunks of arbitrary size. It therefore 73 | * can be used like both fbt_smalloc and fbt_malloc. Memory pools group together 74 | * memory that is used for a specific task and is not stored in a tld's memory 75 | * chunk list and instead is freed explicitly by calling mem_pool_free. 76 | * */ 77 | struct mem_pool { 78 | /** Number of bytes to be allocated when new memory has to be requested */ 79 | unsigned long allocation_size; 80 | 81 | /** Number of bytes remaining */ 82 | unsigned long size; 83 | 84 | /** Pointer to start of remaining memory */ 85 | char *mem; 86 | 87 | /** Flags used when allocating new memory */ 88 | long flags; 89 | 90 | /** Number of bytes remaining in the mem_pool_info storage */ 91 | unsigned long info_size; 92 | 93 | /** Pointer to start of mem_pool_info storage */ 94 | char* info_mem; 95 | 96 | /** Information about allocated memory */ 97 | struct mem_pool_info *info; 98 | 99 | #if defined(DEBUG) 100 | /** In debug mode, we keep track of the number of bytes allocated in total 101 | * to check that all memory has been correctly released */ 102 | long allocated; 103 | #endif /* DEBUG */ 104 | }; 105 | 106 | struct mem_pool_info { 107 | /**Pointer to start of memory region allocated using fbt_mmap */ 108 | void *mem; 109 | /** Length of memory region */ 110 | long size; 111 | /** Pointer to next allocated chunk */ 112 | struct mem_pool_info *next; 113 | }; 114 | 115 | #ifdef __cplusplus 116 | } 117 | #endif 118 | #endif /* FBT_MEM_MGMT_H */ 119 | -------------------------------------------------------------------------------- /src/fastbt/fbt_libc.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file fbt_libc.h 3 | * This file contains reimplementations of some library functions 4 | * to remove dependencies on these libs. 5 | * 6 | * Copyright (c) 2011 ETH Zurich 7 | * @author Mathias Payer 8 | * 9 | * $Date: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 10 | * $LastChangedDate: 2011-12-30 14:24:05 +0100 (Fri, 30 Dec 2011) $ 11 | * $LastChangedBy: payerm $ 12 | * $Revision: 1134 $ 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 27 | * MA 02110-1301, USA. 28 | */ 29 | #ifndef FBT_LIBC_H 30 | #define FBT_LIBC_H 31 | 32 | /* include ugliness of system call definition */ 33 | #include "fbt_syscalls_impl.h" 34 | 35 | /** definition of NULL */ 36 | #if !defined(NULL) 37 | #define NULL ((void *)0) 38 | #endif 39 | 40 | #define MAP_FAILED ((void *)-1) 41 | 42 | 43 | /** 44 | * Local implementation of memcpy. Copies one memory region to another address. 45 | * @param dest Destination memory region 46 | * @param src Source region 47 | * @param n number of bytes that are copied 48 | * @return Pointer to the target region. 49 | */ 50 | void *fbt_memcpy(void *dest, const void *src, int n); 51 | 52 | /** 53 | * Local implementation of memcmp. Compares two memory regions. 54 | * @param s1 First region. 55 | * @param s2 Second region. 56 | * @param n Length that is compared. 57 | * @return Returns 0 if they are equal. 58 | */ 59 | int fbt_memncmp(const char *s1, const char *s2, int n); 60 | 61 | /** 62 | * Local implementation of strncpy. Copies one string into another buffer. 63 | * @param dest Destination memory region. 64 | * @param src Source region. 65 | * @param n Max. number of copied characters. 66 | * @return Pointer to the copied string. 67 | */ 68 | char *fbt_strncpy(char *dest, const char *src, int n); 69 | 70 | /** 71 | * Local implementation of strnlen. Calculates the length of a string. 72 | * @param s Source string 73 | * @param maxlen Maximum length 74 | * @return Length of the string or maxlen. 75 | */ 76 | int fbt_strnlen(const char *s, int maxlen); 77 | 78 | /** 79 | * Local implementation of strncmp. Compares two strings. 80 | * @param s1 First string. 81 | * @param s2 Second string. 82 | * @param n Maximum length that is compared. 83 | * @return Returns 0 if they are equal. 84 | */ 85 | int fbt_strncmp(const char *s1, const char *s2, int n); 86 | 87 | /** 88 | * Convert integer to string 89 | * @param value to convert. 90 | * @param str array where to store string. 91 | * @param base numerical base. 92 | * @return same as str. 93 | */ 94 | char *fbt_itoa(int value, char* str, int base); 95 | 96 | /** 97 | * Fill the first 'len' bytes of the memory area pointed to by 'dest' with the 98 | * constant byte 'val' 99 | * 100 | * @param dest Pointer to start of memory area to fill 101 | * @param val Byte to fill with 102 | * @param len Length of area in bytes 103 | * */ 104 | void *fbt_memset(void *dest, long val, long len); 105 | 106 | /** useful macro that checks if a pointer is in a certain region */ 107 | #define PTR_IN_REGION(ptr, regionptr, size) \ 108 | ((ulong_t)(ptr) >= (ulong_t)(regionptr) && \ 109 | (ulong_t)(ptr) < ((ulong_t)(regionptr)+(size))) 110 | 111 | /* for a discussion of overlapping regions see 112 | http://c2.com/cgi/wiki?TestIfDateRangesOverlap 113 | */ 114 | #define OVERLAPPING_REGIONS(regptr1, regsize1, regptr2, regsize2) \ 115 | (((ulong_t)regptr1 < ((ulong_t)regptr2 + regsize2)) && \ 116 | ((ulong_t)regptr2 < ((ulong_t)regptr1 + regsize1))) 117 | 118 | /** kill program */ 119 | /* one possible implementation of fbt_suicide is an exit system call with an 120 | exit number, but this will not work if the stack is corrupted, so we just use 121 | a hlt instruction that causes a low level fault and terminates the 122 | program. sys_exit terminates the program and never returns, that's why we 123 | don't need to worry about saving the ebx register or return value. */ 124 | #define fbt_suicide_str(str) do { \ 125 | fllwrite(STDOUT_FILENO, str); \ 126 | fbt_suicide(255); } while (0) 127 | 128 | #endif /* FBT_LIBC_H */ 129 | --------------------------------------------------------------------------------