├── .gitignore ├── .hgignore ├── BinLoader ├── Abstract.Importer.h ├── Abstract.Loader.h ├── Abstract.Mapper.h ├── BinLoader.vcxproj ├── CMakeLists.txt ├── Common.cpp ├── Common.h ├── ELF.Loader.cpp ├── ELF.Loader.h ├── Extern.Mapper.cpp ├── Extern.Mapper.h ├── Extern.Native.Importer.cpp ├── Extern.Native.Importer.h ├── Inproc.Mapper.cpp ├── Inproc.Mapper.h ├── Inproc.Native.Importer.cpp ├── Inproc.Native.Importer.h ├── LoaderAPI.cpp ├── LoaderAPI.h ├── Main.cpp ├── Makefile ├── Mem.Mapper.cpp ├── Mem.Mapper.h ├── PE.Loader.cpp ├── PE.Loader.h ├── Shm.Mapper.cpp ├── Shm.Mapper.h ├── Types.h ├── Unified.Loader.cpp ├── __ELF.Loader.cpp ├── libbinloader └── tmp │ ├── .cproject │ ├── .project │ ├── Tester.cpp │ └── tester ├── CMakeLists.txt ├── CommonCrossPlatform ├── BasicTypes.h ├── CMakeLists.txt ├── Common.h ├── CommonSpecifiers.h └── LibraryLayout.h ├── DisableSSE ├── CMakeLists.txt ├── DisableSSE.S ├── DisableSSEHelper.c └── Makefile ├── Execution ├── CMakeLists.txt ├── CommonExecutionController.cpp ├── CommonExecutionController.h ├── CommonExecutionController2.cpp ├── Debugger.cpp ├── Debugger.h ├── DualAllocator.Linux.cpp ├── DualAllocator.Windows.cpp ├── DualAllocator.h ├── Execution.h ├── Execution.vcxproj ├── ExternExecutionController.Linux.cpp ├── ExternExecutionController.Windows.cpp ├── ExternExecutionController.h ├── InprocessExecutionController.cpp ├── InprocessExecutionController.h ├── InternalExecutionControllerExt.cpp ├── LargeStack.cpp ├── LargeStack.h ├── Main.cpp ├── Makefile ├── RiverStructs.h ├── TokenRingInit.Linux.cpp ├── TokenRingInit.Linux.h ├── TokenRingInit.Windows.cpp └── TokenRingInit.Windows.h ├── ExecutionWrapper ├── AssemblyInfo.cpp ├── ExecutionWrapper.cpp ├── ExecutionWrapper.h ├── ExecutionWrapper.vcxproj ├── Stdafx.cpp ├── Stdafx.h ├── app.ico ├── app.rc └── resource.h ├── LICENSE ├── LargeStack ├── LargeStack.cpp ├── LargeStack.h ├── LargeStack.vcxproj └── Main.cpp ├── Makefile ├── SymbolicEnvironment ├── CMakeLists.txt ├── Environment.cpp ├── Environment.h ├── LargeStack.cpp ├── LargeStack.h ├── Makefile ├── OverlappedRegisters.cpp ├── OverlappedRegisters.h ├── RevSymbolicEnvironment.cpp ├── RevSymbolicEnvironment.h ├── SymbolicEnvironment.cpp ├── SymbolicEnvironment.h └── SymbolicEnvironment.vcxproj ├── VirtualMemory ├── CMakeLists.txt ├── Makefile ├── MemoryLayout.Linux.cpp ├── MemoryLayout.Windows.cpp ├── MemoryLayout.h ├── VirtualMem.cpp ├── VirtualMem.h └── VirtualMemory.vcxproj ├── benchmarking-payload ├── CMakeLists.txt ├── freetype-payload │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── Payload.cpp │ └── config_freetype.sh ├── gumbo-payload │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── Payload.cpp │ └── config_gumbo.sh ├── http-parser-payload │ ├── CMakeLists.txt │ ├── Makefile │ ├── ParserPayload.vcxproj │ ├── Payload.cpp │ ├── http-parser.version │ ├── http_parser.c │ └── http_parser.h ├── jsmn-payload │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── Payload.cpp │ └── config_jsmn.sh ├── libjpeg-turbo-payload │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── Payload.cpp │ └── config_libjpeg-turbo.sh ├── libpng-payload │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── Payload.cpp │ └── config_libpng.sh ├── libxml2-payload │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── Payload.cpp │ └── config_libxml2.sh ├── simple-accumulator-payload │ ├── CMakeLists.txt │ ├── Payload.cpp │ └── simple-accumulator.c └── simple-address-payload │ ├── CMakeLists.txt │ ├── Payload.cpp │ └── simple-address.c ├── build-all.sh ├── docs ├── abi │ ├── .gitignore │ ├── Makefile │ ├── abi.tex │ ├── code │ │ ├── BranchHandler.h │ │ └── SysHandler.h │ ├── img │ │ └── river-transition-handling.png │ └── macros.tex ├── cheatsheet │ ├── .gitignore │ ├── Makefile │ ├── cheatsheet.tex │ └── code │ │ ├── RiverAddress.h │ │ ├── RiverInstruction.h │ │ └── RiverOperand.h ├── metafiles │ └── base.mk └── offline.sanitizer │ ├── .gitignore │ ├── Makefile │ ├── biblio.bib │ ├── header-standard.bib │ └── main.tex ├── evaluators.sln ├── execution.external.test ├── Main.cpp └── execution.external.test.vcxproj ├── execution.inprocess.test ├── Main.cpp ├── Makefile ├── Payload.cpp └── execution.inprocess.test.vcxproj ├── fibonacci └── fib.cpp ├── ipclib ├── CMakeLists.txt ├── Makefile ├── RingBuffer.h ├── common.h ├── ipclib.cpp ├── ipclib.h └── ipclib.vcxproj ├── libproc ├── libproc.cpp └── os-linux.h ├── loader.setup ├── Loader.Setup.h ├── Setup.Windows.cpp └── loader.setup.vcxproj ├── loader.test ├── Loader │ ├── Abstract.Mapper.h │ ├── Extern.Mapper.cpp │ ├── Extern.Mapper.h │ ├── Inproc.Mapper.cpp │ ├── Inproc.Mapper.h │ ├── Mem.Mapper.cpp │ ├── Mem.Mapper.h │ ├── PE.ldr.cpp │ ├── PE.ldr.h │ └── Types.h ├── Main.cpp └── loader.test.vcxproj ├── loader ├── CMakeLists.txt ├── Loader.Linux.Stub.S ├── Loader.Linux.cpp ├── Loader.Windows.cpp ├── Loader.h ├── Main.cpp ├── Makefile ├── libloader.idb └── loader.vcxproj ├── lzo ├── a.exe ├── a.pdb ├── hw.exe └── hw.pdb ├── makeSDK.bat ├── makeSDK.sh ├── nodeaddon ├── binding.gyp ├── executionwrapper.cpp └── index.js ├── notracer ├── Loader │ ├── Abstract.Mapper.h │ ├── Inproc.Mapper.cpp │ ├── Inproc.Mapper.h │ ├── PE.ldr.cpp │ ├── PE.ldr.h │ └── Types.h ├── MapPE.cpp ├── extern.cpp ├── extern.h ├── main.cpp └── notracer.vcxproj ├── release.conf ├── revmaster ├── DualAllocator.cpp ├── DualAllocator.h ├── Loader │ ├── Abstract.Mapper.h │ ├── Extern.Mapper.cpp │ ├── Extern.Mapper.h │ ├── Inproc.Mapper.cpp │ ├── Inproc.Mapper.h │ ├── Mem.Mapper.cpp │ ├── Mem.Mapper.h │ ├── PE.ldr.cpp │ ├── PE.ldr.h │ └── Types.h ├── Main.cpp └── revmaster.vcxproj ├── revtracer-wrapper ├── CMakeLists.txt ├── Main.cpp ├── Makefile ├── RevtracerWrapper.cpp ├── RevtracerWrapper.h ├── ShmTokenRingLin.cpp ├── ShmTokenRingLin.h ├── ShmTokenRingWin.cpp ├── TokenRing.Linux.h ├── TokenRing.Windows.h ├── TokenRing.h ├── UnifiedTokenRing.cpp ├── Wrapper.Global.h ├── Wrapper.Linux.cpp ├── Wrapper.Windows.cpp ├── revtracer-wrapper.vcxproj └── setup-libs.sh ├── revtracer ├── AddressContainer.cpp ├── AddressContainer.h ├── CMakeLists.txt ├── CodeGen.h ├── DebugPrintFlags.h ├── GenericX86Assembler.cpp ├── GenericX86Assembler.h ├── Loader │ ├── Abstract.Mapper.h │ ├── Inproc.Mapper.cpp │ ├── Inproc.Mapper.h │ ├── PE.ldr.cpp │ ├── PE.ldr.h │ └── Types.h ├── Makefile ├── NativeX86Assembler.cpp ├── NativeX86Assembler.h ├── PreTrackingX86Assembler.cpp ├── PreTrackingX86Assembler.h ├── RelocableCodeBuffer.cpp ├── RelocableCodeBuffer.h ├── RepInstrumentation.S ├── RiverAddress.cpp ├── RiverAddress.h ├── RiverMetaTranslator.cpp ├── RiverMetaTranslator.h ├── RiverPrintTable.cpp ├── RiverRepAssembler.cpp ├── RiverRepAssembler.h ├── RiverRepTranslator.cpp ├── RiverRepTranslator.h ├── RiverReverseTranslator.cpp ├── RiverReverseTranslator.h ├── RiverSaveTranslator.cpp ├── RiverSaveTranslator.h ├── RiverTrackingX86Assembler.cpp ├── RiverTrackingX86Assembler.h ├── RiverX86Assembler.cpp ├── RiverX86Assembler.h ├── RiverX86Disassembler.cpp ├── RiverX86Disassembler.h ├── RiverX86DisassemblerTable.cpp ├── Runtime.h ├── SymbopReverseTranslator.cpp ├── SymbopReverseTranslator.h ├── SymbopSaveTranslator.cpp ├── SymbopSaveTranslator.h ├── SymbopTranslator.cpp ├── SymbopTranslator.h ├── Tracking.cpp ├── Tracking.h ├── TrackingX86Assembler.cpp ├── TrackingX86Assembler.h ├── TranslatorUtil.cpp ├── TranslatorUtil.h ├── VBoxSnapshotDll.h ├── X86Assembler.cpp ├── X86Assembler.h ├── X86AssemblerFuncs.cpp ├── X86AssemblerFuncs.h ├── api.cpp ├── callgates.cpp ├── callgates.h ├── cb.cpp ├── cb.h ├── codegen.cpp ├── common.h ├── crc32.cpp ├── crc32.h ├── crtStub.cpp ├── environment.h ├── execenv.cpp ├── execenv.h ├── extern.cpp ├── main.cpp ├── mm.cpp ├── mm.h ├── modrm32.cpp ├── modrm32.h ├── revtracer.cpp ├── revtracer.h ├── revtracer.stub.S ├── revtracer.vcxproj ├── river.h ├── riverinternl.h ├── sync.cpp └── sync.h ├── revtracerexe ├── Extern.cpp ├── Extern.h ├── Loader │ ├── Abstract.Mapper.h │ ├── Inproc.Mapper.cpp │ ├── Inproc.Mapper.h │ ├── PE.ldr.cpp │ ├── PE.ldr.h │ └── Types.h ├── Main.cpp ├── MapPE.cpp └── revtracerexe.vcxproj ├── tracer.simple ├── Main.cpp ├── Makefile ├── ezOptionParser.h └── tracer.simple.vcxproj ├── tracer ├── Loader │ ├── Abstract.Mapper.h │ ├── Inproc.Mapper.cpp │ ├── Inproc.Mapper.h │ ├── PE.ldr.cpp │ ├── PE.ldr.h │ └── Types.h ├── MapPE.cpp ├── callgates.c ├── callgates.h ├── cb.c ├── cb.h ├── codegen.c ├── codetbl.c ├── codetbl.h ├── common.h ├── crc32.c ├── crc32.h ├── environment.h ├── execenv.c ├── execenv.h ├── extern.c ├── extern.h ├── main.c ├── mm.c ├── mm.h ├── modrm32.c ├── modrm32.h ├── nld2msg.h ├── src.c ├── sync.c ├── sync.h └── tracer.vcxproj ├── wrapper.setup ├── CMakeLists.txt ├── Makefile ├── Setup.Linux.cpp ├── Setup.Windows.cpp ├── Wrapper.Setup.h └── wrapper.setup.vcxproj └── z3 └── .hgempty /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows binaries 2 | *.dll 3 | *.exe 4 | *.lib 5 | *.pdb 6 | *.ilk 7 | 8 | # Linux binaries 9 | *.a 10 | *.o 11 | *.so 12 | 13 | # Visual Studio Metainformation 14 | Debug/ 15 | Release/ 16 | *.sdf 17 | *.suo 18 | *.user 19 | *.filters 20 | 21 | # Visual Studio Intellisense database 22 | *.opensdf 23 | *.VC.db 24 | *.VC.opendb 25 | 26 | # node.js deps 27 | node_modules/ 28 | 29 | #source/libs dependencies 30 | z3/ 31 | simpletracer/ 32 | river.sdk/ 33 | smtlib2parser/ 34 | yices2/ 35 | -------------------------------------------------------------------------------- /.hgignore: -------------------------------------------------------------------------------- 1 | syntax:glob 2 | Debug 3 | Release 4 | *.sdf 5 | *.suo 6 | *.user 7 | *.filters 8 | *.opensdf 9 | *.dll 10 | *.exe 11 | *.lib 12 | *.pdb 13 | *.ilk 14 | *.VC.db 15 | *.VC.opendb 16 | node_modules 17 | _deleted -------------------------------------------------------------------------------- /BinLoader/Abstract.Importer.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_IMPORTER_H_ 2 | #define _ABSTRACT_IMPORTER_H_ 3 | 4 | #include "Types.h" 5 | 6 | namespace ldr { 7 | #define IMPORT_NOT_FOUND 0xFFFFFFFF 8 | 9 | class AbstractImporter { 10 | public: 11 | virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 12 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0; 13 | virtual DWORD FindImport(const char *moduleName, const char *funcName, const char *version) = 0; 14 | }; 15 | }; 16 | 17 | #endif 18 | 19 | -------------------------------------------------------------------------------- /BinLoader/Abstract.Loader.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_LDR_H_ 2 | #define _ABSTRACT_LDR_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | #include "Abstract.Importer.h" 6 | 7 | #include 8 | 9 | namespace ldr { 10 | class AbstractBinary { 11 | public: 12 | virtual bool IsValid() const = 0; 13 | virtual bool Map(AbstractMapper &mapr, AbstractImporter &impr, DWORD &baseAddr, bool callConstructors) = 0; 14 | virtual bool GetExport(const char *funcName, DWORD &funcRVA) const = 0; 15 | virtual DWORD GetRequiredSize() const = 0; 16 | 17 | virtual void ForAllExports(std::function verb) const = 0; 18 | }; 19 | 20 | AbstractBinary *LoadBinary(const char *module); 21 | AbstractBinary *LoadBinary(const wchar_t *module); 22 | }; //namespace ldr 23 | 24 | #endif 25 | 26 | -------------------------------------------------------------------------------- /BinLoader/Abstract.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_MAPPER_H_ 2 | #define _ABSTRACT_MAPPER_H_ 3 | 4 | #include "Types.h" 5 | 6 | namespace ldr { 7 | #define PAGE_PROTECTION_READ 0x4 8 | #define PAGE_PROTECTION_WRITE 0x2 9 | #define PAGE_PROTECTION_EXECUTE 0x1 10 | 11 | class AbstractMapper { 12 | public: 13 | virtual void *CreateSection(void *lpAddress, SIZE_T dwSize, DWORD flProtect) = 0; 14 | virtual bool ChangeProtect(void *lpAddress, SIZE_T dwSize, DWORD flProtect) = 0; 15 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, SIZE_T nSize) = 0; 16 | 17 | /*virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 18 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0;*/ 19 | }; 20 | }; 21 | 22 | #endif 23 | 24 | -------------------------------------------------------------------------------- /BinLoader/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## BinLoader CMakeLists.txt 2 | 3 | set(LIBRARY_NAME binloader) 4 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11") 5 | 6 | add_library(${LIBRARY_NAME} STATIC 7 | Common.cpp 8 | ELF.Loader.cpp 9 | PE.Loader.cpp 10 | Unified.Loader.cpp 11 | LoaderAPI.cpp 12 | Inproc.Mapper.cpp 13 | Shm.Mapper.cpp 14 | Inproc.Native.Importer.cpp 15 | ) 16 | 17 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 18 | 19 | -------------------------------------------------------------------------------- /BinLoader/Common.h: -------------------------------------------------------------------------------- 1 | #ifndef _COMMON_EXECUTION_LOADER_H 2 | #define _COMMON_EXECUTION_LOADER_H 3 | 4 | #ifdef _MSC_VER 5 | #define DEBUG_BREAK __asm \ 6 | { __asm int 3 } 7 | #else 8 | #define DEBUG_BREAK asm volatile("int $0x3") 9 | #endif 10 | 11 | #ifdef __linux__ 12 | #include 13 | #define MAX_PATH_NAME 4096 14 | int wchar_to_utf8(const wchar_t *src, char *dst, ssize_t dst_len); 15 | void *w_dlopen(const wchar_t *filename, int flags); 16 | FILE *w_fopen(const wchar_t *path, const wchar_t *mode); 17 | 18 | #define FOPEN(res, path, mode) ( res = fopen((path), (mode)), res == nullptr) 19 | #define W_FOPEN(res, path, mode) ({ res = w_fopen((path), (mode)); nullptr == res; }) 20 | 21 | #else 22 | #define MAX_PATH_NAME 260 23 | #define FOPEN(res, path, mode) fopen_s(&(res), (path), (mode)) 24 | #define W_FOPEN(res, path, mode) _wfopen_s(&(res), (path), (mode)) 25 | #endif 26 | 27 | void solve_path(const char *moduleName, char *path); 28 | void solve_path(const wchar_t *moduleName, wchar_t *path); 29 | #endif 30 | -------------------------------------------------------------------------------- /BinLoader/Extern.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXTERN_MAPPER_H_ 2 | #define _EXTERN_MAPPER_H_ 3 | #ifdef _WIN32 4 | 5 | #include 6 | 7 | #include "Abstract.Mapper.h" 8 | #include "Abstract.Importer.h" 9 | 10 | namespace ldr { 11 | class ExternMapper : public AbstractMapper, public AbstractImporter { 12 | private: 13 | HANDLE hProc; 14 | bool ownProcess; 15 | 16 | HMODULE RemoteFindModule(const char *module); 17 | public: 18 | ExternMapper(unsigned int pid); 19 | ExternMapper(HANDLE process); 20 | virtual ~ExternMapper(); 21 | 22 | virtual void *CreateSection(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 23 | virtual bool ChangeProtect(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 24 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, SIZE_T nSize); 25 | 26 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 27 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 28 | virtual DWORD FindImport(const char *moduleName, const char *funcName, const char* version); 29 | }; 30 | }; 31 | #endif 32 | #endif 33 | -------------------------------------------------------------------------------- /BinLoader/Extern.Native.Importer.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/BinLoader/Extern.Native.Importer.cpp -------------------------------------------------------------------------------- /BinLoader/Extern.Native.Importer.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/BinLoader/Extern.Native.Importer.h -------------------------------------------------------------------------------- /BinLoader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include //size_t 5 | #include "Abstract.Mapper.h" 6 | 7 | namespace ldr { 8 | class InprocMapper : public AbstractMapper { 9 | private: 10 | int shmFd; 11 | size_t offset; 12 | 13 | public: 14 | InprocMapper(int shmFd = -1, size_t offset = 0); 15 | virtual void *CreateSection(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 16 | virtual bool ChangeProtect(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 17 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, SIZE_T nSize); 18 | }; 19 | }; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /BinLoader/Inproc.Native.Importer.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_NATIVE_IMPORTER_H_ 2 | #define _INPROC_NATIVE_IMPORTER_H_ 3 | 4 | #include "Abstract.Importer.h" 5 | #include 6 | #include 7 | 8 | namespace ldr { 9 | class InprocNativeImporter : public AbstractImporter { 10 | 11 | private: 12 | struct CachedEntry { 13 | std::string funcName; 14 | unsigned int ordinal; 15 | std::string version; 16 | DWORD rva; 17 | }; 18 | 19 | struct CachedModule { 20 | std::string moduleName; 21 | std::vector entries; 22 | 23 | void AddImport(const char *funcName, const unsigned int ordinal, const char *version, DWORD rva); 24 | 25 | DWORD FindCachedImport(const char *funcName); 26 | DWORD FindCachedImport(const unsigned int funcOrdinal); 27 | DWORD FindCachedImport(const char *funcName, const char *version); 28 | }; 29 | std::vector modules; 30 | 31 | 32 | CachedModule *AddModule(const char *name); 33 | CachedModule *FindModule(const char *moduleName); 34 | 35 | CachedModule *GetModule(const char *name); 36 | 37 | public: 38 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 39 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 40 | 41 | virtual DWORD FindImport(const char *moduleName, const char *funcName, const char *version); 42 | }; 43 | }; 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /BinLoader/Main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "Abstract.Loader.h" 4 | #include "Abstract.Importer.h" 5 | #include "Inproc.Mapper.h" 6 | #include "Inproc.Native.Importer.h" 7 | #include "LoaderAPI.h" 8 | 9 | typedef void* (*handler)(unsigned long); 10 | typedef int (*_printf)(const char *format, ...); 11 | _printf myPrintf; 12 | 13 | int main() { 14 | //ldr::AbstractBinary *fElf = ldr::LoadBinary("tested"); 15 | //if (!fElf) 16 | // return -1; 17 | 18 | //if (fElf->IsValid()) { 19 | // printf("All is good!\n\n"); 20 | //} 21 | 22 | ldr::DWORD entry = GetEntryPoint("tested"); 23 | printf("Got entry point %lx\n", entry); 24 | 25 | //void *func = (void*)imp.FindImport("librevtracerwrapper.so", "CallAllocateMemoryHandler"); 26 | 27 | //void *addr = ((handler)func) (1024); 28 | //printf("Allocated %d bytes @address %p\n", 1024, addr); 29 | 30 | //delete fElf; 31 | MODULE_PTR lModule = nullptr; 32 | BASE_PTR lBase = 0; 33 | CreateModule("libc.so", lModule); 34 | assert(lModule != nullptr); 35 | MapModule(lModule, lBase); 36 | assert(lBase != 0); 37 | LoadExportedName(lModule, lBase, "printf", myPrintf); 38 | assert(myPrintf != nullptr); 39 | myPrintf("My printf function is working\n"); 40 | fflush(stdout); 41 | 42 | //CreateModule("libpthread.so", lModule); 43 | //assert(lModule != nullptr); 44 | //lBase = 0; 45 | //MapModule(lModule, lBase); 46 | //assert(lBase != 0); 47 | return 0; 48 | } 49 | 50 | -------------------------------------------------------------------------------- /BinLoader/Makefile: -------------------------------------------------------------------------------- 1 | test_bin := test_bin 2 | lib_binloader := libbinloader.a 3 | CC := gcc 4 | CXX := g++ 5 | LOADER_FILES := ELF.Loader.cpp PE.Loader.cpp Unified.Loader.cpp LoaderAPI.cpp 6 | MAPPER_FILES := Inproc.Mapper.cpp Shm.Mapper.cpp 7 | IMPORTER_FILES := Inproc.Native.Importer.cpp 8 | CPP_FILES := Common.cpp $(LOADER_FILES) $(MAPPER_FILES) $(IMPORTER_FILES) 9 | OBJ_FILES := $(addprefix ,$(CPP_FILES:.cpp=.o)) 10 | CXX_FLAGS += -g -m32 -std=c++11 11 | prefix := /usr/local 12 | 13 | all: $(lib_binloader) 14 | 15 | test_bin: $(lib_binloader) Main.o 16 | $(CXX) -L. $(CXX_FLAGS) -o main Main.o -lbinloader -ldl 17 | 18 | install: $(lib_binloader) 19 | install -m 0755 $(lib_binloader) -t $(prefix)/lib -D 20 | 21 | $(lib_binloader): $(OBJ_FILES) 22 | $(AR) rcs $@ $^ 23 | 24 | %.o: %.cpp 25 | $(CXX) $(CXX_FLAGS) -c -o $@ $< 26 | 27 | .PHONY: clean 28 | clean: 29 | $(RM) $(lib_binloader) $(OBJ_FILES) *.o main 30 | -------------------------------------------------------------------------------- /BinLoader/Mem.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Mem.Mapper.h" 3 | 4 | namespace ldr { 5 | void *MemMapper::CreateSection(void *lpAddress, SIZE_T dwSize, DWORD flProtect) { 6 | return lpAddress; 7 | } 8 | 9 | bool MemMapper::ChangeProtect(void *lpAddress, SIZE_T dwSize, DWORD flProtect) { 10 | return true; 11 | } 12 | 13 | bool MemMapper::WriteBytes(void *lpAddress, void *lpBuffer, SIZE_T nSize) { 14 | memcpy(lpAddress, lpBuffer, nSize); 15 | return true; 16 | } 17 | }; -------------------------------------------------------------------------------- /BinLoader/Mem.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _MEM_MAPPER_H_ 2 | #define _MEM_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | namespace ldr { 7 | class MemMapper : public AbstractMapper { 8 | public: 9 | virtual void *CreateSection(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 10 | virtual bool ChangeProtect(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 11 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, SIZE_T nSize); 12 | }; 13 | } 14 | 15 | #endif -------------------------------------------------------------------------------- /BinLoader/Shm.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _SHM_MAPPER_H_ 2 | #define _SHM_MAPPER_H_ 3 | 4 | //#include //size_t 5 | #include "Abstract.Mapper.h" 6 | 7 | namespace ldr { 8 | class ShmMapper : public AbstractMapper { 9 | private: 10 | int shmFd; 11 | SIZE_T offset; 12 | 13 | public: 14 | ShmMapper(int shmFd = -1, SIZE_T offset = 0); 15 | virtual void *CreateSection(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 16 | virtual bool ChangeProtect(void *lpAddress, SIZE_T dwSize, DWORD flProtect); 17 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, SIZE_T nSize); 18 | }; 19 | }; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /BinLoader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | namespace ldr { 5 | typedef unsigned short USHORT; 6 | typedef long LONG; 7 | 8 | typedef unsigned char BYTE; 9 | typedef unsigned short WORD; 10 | typedef unsigned long DWORD; 11 | typedef unsigned long long QWORD; 12 | 13 | // TODO: Make arch aware size_t 14 | typedef unsigned long SIZE_T; 15 | }; // namespace ldr 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /BinLoader/Unified.Loader.cpp: -------------------------------------------------------------------------------- 1 | #include "Abstract.Loader.h" 2 | 3 | #include "Common.h" 4 | 5 | #include "ELF.Loader.h" 6 | #include "PE.Loader.h" 7 | 8 | namespace ldr { 9 | 10 | template AbstractBinary *LoadBinary(NT fileName, FILE *file) { 11 | if (FloatingPE::CanLoad(file)) { 12 | return new FloatingPE(fileName); 13 | } 14 | 15 | if (FloatingELF32::CanLoad(file)) { 16 | return new FloatingELF32(fileName); 17 | } 18 | 19 | return nullptr; 20 | } 21 | 22 | AbstractBinary *LoadBinary(const char *module) { 23 | FILE *fMod; 24 | char path[MAX_PATH_NAME]; 25 | solve_path(module, path); 26 | 27 | if (FOPEN(fMod, path, "rt")) 28 | return nullptr; 29 | 30 | AbstractBinary *bin = LoadBinary(path, fMod); 31 | 32 | fclose(fMod); 33 | 34 | return bin; 35 | } 36 | 37 | 38 | AbstractBinary *LoadBinary(const wchar_t * module) { 39 | FILE *fMod; 40 | wchar_t path[MAX_PATH_NAME]; 41 | solve_path(module, path); 42 | 43 | if (W_FOPEN(fMod, path, L"rt")) 44 | return nullptr; 45 | AbstractBinary *bin = LoadBinary(path, fMod); 46 | 47 | fclose(fMod); 48 | 49 | return bin; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /BinLoader/libbinloader: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/BinLoader/libbinloader -------------------------------------------------------------------------------- /BinLoader/tmp/Tester.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Tester.cpp 3 | * 4 | * Created on: Jan 3, 2012 5 | * Author: sorin 6 | */ 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include "CLoad.h" 13 | #include 14 | 15 | #define MAX_STRING 80 16 | 17 | using namespace std; 18 | 19 | void custom_invoke( char *lib, char *method, float argument ){ 20 | MyLib* result = myLibLoad(lib); 21 | float (*func)(float); 22 | 23 | func = (float (*)(float))getFunctPointer(result, method); 24 | dout << "found it at " << (long)func << endl; 25 | printf(" %f\n", (*func)(argument) ); 26 | 27 | } 28 | 29 | void invoke_method( char *lib, char *method, float argument ) 30 | { 31 | void *dl_handle; 32 | float (*func)(float); 33 | char *error; 34 | 35 | /* Open the shared object*/ 36 | dl_handle = dlopen( lib, RTLD_LAZY ); 37 | if (!dl_handle) { 38 | printf( "!!! %s\n", dlerror() ); 39 | return; 40 | } 41 | 42 | /* Resolve the symbol (method) from the object*/ 43 | func = (float (*)(float))dlsym( dl_handle, method ); 44 | error = dlerror(); 45 | if (error != NULL) { 46 | printf( "!!! %s\n", error ); 47 | return; 48 | } 49 | 50 | /* Call the resolved method and print the result*/ 51 | printf(" %f\n", (*func)(argument) ); 52 | 53 | /* Close the object*/ 54 | dlclose( dl_handle ); 55 | 56 | return; 57 | } 58 | 59 | int main( int argc, char *argv[] ) 60 | { 61 | char line[MAX_STRING+1]; 62 | char lib[MAX_STRING+1]; 63 | char method[MAX_STRING+1]; 64 | float argument; 65 | int custom; 66 | 67 | while (1) { 68 | 69 | printf("> "); 70 | 71 | line[0]=0; 72 | fgets( line, MAX_STRING, stdin); 73 | 74 | if (!strncmp(line, "bye", 3)) break; 75 | 76 | sscanf( line, "%s %s %f %d", lib, method, &argument, &custom); 77 | 78 | if (!custom) 79 | invoke_method( lib, method, argument ); 80 | else 81 | custom_invoke( lib, method, argument ); 82 | } 83 | 84 | } 85 | 86 | 87 | -------------------------------------------------------------------------------- /BinLoader/tmp/tester: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/BinLoader/tmp/tester -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 2.8) 2 | set(CMAKE_SYSTEM_NAME Linux) 3 | project(RIVER C CXX ASM) 4 | 5 | set(CMAKE_ASM_CREATE_SHARED_LIBRARY ${CMAKE_C_CREATE_SHARED_LIBRARY}) 6 | set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_INSTALL_PREFIX}/bin) 7 | 8 | set(CMAKE_POSITION_INDEPENDENT_CODE false) 9 | 10 | if(NOT CMAKE_BUILD_TYPE) 11 | set(CMAKE_BUILD_TYPE Release) 12 | endif() 13 | 14 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O0") 15 | set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS}") 16 | set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS}") 17 | 18 | # build targets 19 | add_subdirectory(CommonCrossPlatform) 20 | add_subdirectory(BinLoader) 21 | add_subdirectory(VirtualMemory) 22 | add_subdirectory(wrapper.setup) 23 | add_subdirectory(revtracer-wrapper) 24 | add_subdirectory(revtracer) 25 | add_subdirectory(ipclib) 26 | add_subdirectory(Execution) 27 | add_subdirectory(loader) 28 | add_subdirectory(SymbolicEnvironment) 29 | add_subdirectory(benchmarking-payload) 30 | -------------------------------------------------------------------------------- /CommonCrossPlatform/BasicTypes.h: -------------------------------------------------------------------------------- 1 | #ifndef _BASIC_TYPES_H_ 2 | #define _BASIC_TYPES_H_ 3 | 4 | /** Use this header in binaries that have no dependencies */ 5 | 6 | namespace nodep { 7 | /* Define NULL pointer value */ 8 | #ifndef NULL 9 | #ifdef __cplusplus 10 | #define NULL 0 11 | #else /* __cplusplus */ 12 | #define NULL ((void *)0) 13 | #endif /* __cplusplus */ 14 | #endif /* NULL */ 15 | 16 | #if !defined(_W64) 17 | #if !defined(__midl) && (defined(_X86_) || defined(_M_IX86) || defined(_ARM_) || defined(_M_ARM)) && _MSC_VER >= 1300 18 | #define _W64 __w64 19 | #else 20 | #define _W64 21 | #endif 22 | #endif 23 | 24 | 25 | #if defined(_WIN64) 26 | typedef __int64 INT_PTR, *PINT_PTR; 27 | typedef unsigned __int64 UINT_PTR, *PUINT_PTR; 28 | 29 | typedef __int64 LONG_PTR, *PLONG_PTR; 30 | typedef unsigned __int64 ULONG_PTR, *PULONG_PTR; 31 | 32 | #define __int3264 __int64 33 | 34 | #else 35 | typedef _W64 int INT_PTR, *PINT_PTR; 36 | typedef _W64 unsigned int UINT_PTR, *PUINT_PTR; 37 | 38 | typedef _W64 long LONG_PTR, *PLONG_PTR; 39 | typedef _W64 unsigned long ULONG_PTR, *PULONG_PTR; 40 | 41 | #define __int3264 __int32 42 | 43 | #endif 44 | 45 | typedef unsigned long ULONG; 46 | typedef ULONG *PULONG; 47 | typedef unsigned short USHORT; 48 | typedef USHORT *PUSHORT; 49 | typedef unsigned char UCHAR; 50 | typedef UCHAR *PUCHAR; 51 | 52 | typedef long LONG; 53 | typedef long long LONGLONG; 54 | 55 | typedef unsigned long long QWORD; 56 | typedef unsigned long DWORD; 57 | typedef unsigned short WORD; 58 | typedef unsigned char BYTE; 59 | 60 | /* Windows-like types */ 61 | typedef int BOOL; 62 | typedef void *HANDLE; 63 | typedef void *LPVOID; 64 | 65 | typedef ULONG_PTR SIZE_T, *PSIZE_T; 66 | 67 | typedef wchar_t WCHAR; 68 | typedef WCHAR *PWSTR; 69 | 70 | typedef BYTE BOOLEAN; 71 | 72 | typedef union _LARGE_INTEGER { 73 | struct { 74 | DWORD LowPart; 75 | LONG HighPart; 76 | }; 77 | struct { 78 | DWORD LowPart; 79 | LONG HighPart; 80 | } u; 81 | LONGLONG QuadPart; 82 | } LARGE_INTEGER, *PLARGE_INTEGER; 83 | 84 | #ifndef FALSE 85 | #define FALSE 0 86 | #endif 87 | 88 | #ifndef TRUE 89 | #define TRUE 1 90 | #endif 91 | 92 | }; 93 | 94 | #endif 95 | -------------------------------------------------------------------------------- /CommonCrossPlatform/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | install(FILES BasicTypes.h Common.h CommonSpecifiers.h 2 | DESTINATION ${CMAKE_INSTALL_PREFIX}/include/CommonCrossPlatform) 3 | -------------------------------------------------------------------------------- /CommonCrossPlatform/CommonSpecifiers.h: -------------------------------------------------------------------------------- 1 | #ifndef _COMMON_SPECIFIERS_H_ 2 | #define _COMMON_SPECIFIERS_H_ 3 | 4 | #if defined _WIN32 || defined __CYGWIN__ 5 | #ifdef _IMPORT_THIS_API_ 6 | #ifdef _MSC_VER 7 | #define DLL_PUBLIC __declspec(dllimport) 8 | #else 9 | #define DLL_PUBLIC __attribute__ ((dllimport)) 10 | #endif 11 | #elif defined _EXPORT_THIS_API_ 12 | #ifdef _MSC_VER 13 | #define DLL_PUBLIC __declspec(dllexport) 14 | #else 15 | #define DLL_PUBLIC __attribute__ ((dllexport)) 16 | #endif 17 | #else 18 | #ifdef _MSC_VER 19 | #define DLL_PUBLIC 20 | #else 21 | #define DLL_PUBLIC 22 | #endif 23 | #endif 24 | 25 | #ifdef _MSC_VER 26 | #define NAKED __declspec(naked) 27 | #else 28 | #define NAKED 29 | #endif 30 | 31 | #define DLL_LOCAL 32 | #else 33 | #if __GNUC__ >= 4 34 | #define DLL_PUBLIC __attribute__ ((visibility ("default"))) 35 | #define DLL_LOCAL __attribute__ ((visibility ("hidden"))) 36 | #define NAKED __attribute__ ((naked)) 37 | #else 38 | #define DLL_PUBLIC 39 | #define DLL_LOCAL 40 | #endif 41 | #endif 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /CommonCrossPlatform/LibraryLayout.h: -------------------------------------------------------------------------------- 1 | #ifndef _LIBRARY_LAYOUT_H_ 2 | #define _LIBRARY_LAYOUT_H_ 3 | 4 | namespace ext { 5 | union LibraryLayout { 6 | struct LinuxLayout { 7 | unsigned int libcBase; 8 | unsigned int librtBase; 9 | unsigned int libpthreadBase; 10 | } linLib; 11 | struct WindowsLayout { 12 | unsigned int ntdllBase; 13 | } winLib; 14 | }; 15 | }; 16 | 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /DisableSSE/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## disablesse CMakeLists.txt 2 | 3 | set(LIBRARY_NAME "disablesse") 4 | set(CMAKE_C_FLAGS "-m32 -mno-mmx -mno-sse -march=i386") 5 | set(CMAKE_ASM_FLAGS "${CMAKE_C_FLAGS}") 6 | 7 | add_library(${LIBRARY_NAME} SHARED 8 | DisableSSE.S 9 | DisableSSEHelper.c 10 | ) 11 | 12 | set_target_properties(${LIBRARY_NAME} 13 | PROPERTIES 14 | DEFINE_SYMBOL "" 15 | ) 16 | 17 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 18 | -------------------------------------------------------------------------------- /DisableSSE/DisableSSEHelper.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define DEBUG_BREAK asm volatile("int $0x3") 4 | #define bit_arch_Slow_BSF (1 << 2) 5 | 6 | extern unsigned int get_rtld_global_ro_addr(void); 7 | 8 | void patch__rtld_global_ro() { 9 | 10 | void *_rtld_global_ro = (void*)get_rtld_global_ro_addr(); 11 | off_t sse_flag = 0x64; 12 | off_t slow_bsf = 0x94; 13 | int ret = mprotect(_rtld_global_ro - 0xd00, 0x1000, PROT_READ | PROT_WRITE); 14 | 15 | void *_rtld_global_ro_sse = _rtld_global_ro + sse_flag; 16 | 17 | *((unsigned int*)_rtld_global_ro_sse) &= 0xfffffdff; 18 | *((unsigned int*)_rtld_global_ro_sse + 1) &= 0xfbffffff; 19 | *((unsigned int*)(_rtld_global_ro + slow_bsf)) &= ~bit_arch_Slow_BSF; 20 | mprotect((void *)_rtld_global_ro - 0xd00, 0x1000, PROT_READ); 21 | } 22 | 23 | __attribute__((constructor)) void somain(void) { 24 | patch__rtld_global_ro(); 25 | } 26 | -------------------------------------------------------------------------------- /DisableSSE/Makefile: -------------------------------------------------------------------------------- 1 | disable_sse_so := libdisablesse.so 2 | CC := gcc 3 | CXX := g++ 4 | NO_SSE := -mno-mmx -mno-sse -march=i386 5 | CC_FLAGS += -m32 $(NO_SSE) $(CC_FLAGS_CROSS) 6 | prefix := /usr/local 7 | 8 | ASM_FILES := DisableSSE.S 9 | C_FILES := DisableSSEHelper.c 10 | OBJ_FILES := DisableSSE.o DisableSSEHelper.o 11 | 12 | all: $(disable_sse_so) 13 | 14 | install: $(disable_sse_so) 15 | install -m 0755 $(disable_sse_so) -t $(prefix)/lib -D 16 | 17 | $(disable_sse_so): $(OBJ_FILES) 18 | $(CC) $(CC_FLAGS) -shared -o $@ $^ 19 | 20 | DisableSSEHelper.o: DisableSSEHelper.c 21 | $(CC) $(CC_FLAGS) -c -o $@ $< 22 | 23 | DisableSSE.o: DisableSSE.S 24 | $(CC) $(CC_FLAGS) -c -o $@ $< 25 | 26 | .PHONY: clean 27 | clean: 28 | $(RM) $(disable_sse_so) $(OBJ_FILES) 29 | -------------------------------------------------------------------------------- /Execution/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## Execution CMakeLists.txt 2 | 3 | set(LIBRARY_NAME execution) 4 | set(FLAGS_CROSS "-D__cdecl=\"\" -D__stdcall=\"\"") 5 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32 -std=c++11 -D_EXECUTION_EXPORTS \ 6 | -DBLOCK_CACHE_READ_ONLY ${FLAGS_CROSS}") 7 | 8 | include_directories(../BinLoader) 9 | add_library(${LIBRARY_NAME} SHARED 10 | Debugger.cpp 11 | ExternExecutionController.Linux.cpp 12 | DualAllocator.Linux.cpp 13 | TokenRingInit.Linux.cpp 14 | LargeStack.cpp 15 | CommonExecutionController2.cpp 16 | InprocessExecutionController.cpp 17 | CommonExecutionController.cpp 18 | Main.cpp 19 | ../revtracer/sync.cpp 20 | ../revtracer/crc32.cpp 21 | ../revtracer/cb.cpp 22 | ../libproc/libproc.cpp 23 | ) 24 | 25 | target_link_libraries(${LIBRARY_NAME} 26 | binloader 27 | wrappersetup 28 | virtualmemory 29 | rt 30 | dl) 31 | 32 | set_target_properties(${LIBRARY_NAME} PROPERTIES PUBLIC_HEADER "Execution.h") 33 | install(TARGETS ${LIBRARY_NAME} 34 | LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib 35 | PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/Execution 36 | ) 37 | -------------------------------------------------------------------------------- /Execution/Debugger.h: -------------------------------------------------------------------------------- 1 | #ifdef __linux__ 2 | 3 | #ifndef __DEBUGGER__ 4 | #define __DEBUGGER__ 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | namespace dbg { 11 | class Debugger { 12 | public: 13 | Debugger(); 14 | void Attach(pid_t pid); 15 | void Detach(); 16 | unsigned long InsertBreakpoint(unsigned long address); 17 | void DeleteBreakpoint(unsigned long address); 18 | int Run(enum __ptrace_request request); 19 | void SetEip(unsigned long address); 20 | void PrintEip(); 21 | void PrintRegs(); 22 | int CheckEip(unsigned eip); 23 | void GetData(long addr, unsigned char *str, int len); 24 | void PutData(long addr, unsigned char *str, int len); 25 | unsigned long GetAndResolveModuleAddress(unsigned long symbolAddress); 26 | 27 | private: 28 | pid_t Tracee; 29 | std::map BreakpointCode; 30 | 31 | }; 32 | } //namespace dbg 33 | #endif 34 | 35 | #endif -------------------------------------------------------------------------------- /Execution/DualAllocator.h: -------------------------------------------------------------------------------- 1 | #ifndef _DUAL_ALLOCATOR_H_ 2 | #define _DUAL_ALLOCATOR_H_ 3 | 4 | #include "../CommonCrossPlatform/Common.h" 5 | #include 6 | 7 | typedef void *FileView; 8 | 9 | class DualAllocator { 10 | private: 11 | MAPPING_HANDLE hMapping; 12 | DWORD dwSize; 13 | DWORD dwUsed; 14 | DWORD dwGran; 15 | DWORD baseAddress; 16 | 17 | std::vector > mappedViews; 18 | PROCESS_HANDLE hProcess[2]; 19 | public: 20 | DualAllocator(DWORD size, PROCESS_HANDLE remoteProcess, const char *shmName, DWORD granularity, DWORD initialOffset); 21 | ~DualAllocator(); 22 | 23 | HANDLE CloneTo(PROCESS_HANDLE process); 24 | 25 | void SetBaseAddress(DWORD baseAddress); 26 | void *Allocate(DWORD size, DWORD &offset); 27 | DWORD AllocateFixed(DWORD size, DWORD address); 28 | void Free(void *ptr); 29 | }; 30 | 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /Execution/InprocessExecutionController.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROCESS_EXECUTION_CONTROLLER_H_ 2 | #define _INPROCESS_EXECUTION_CONTROLLER_H_ 3 | 4 | #include "CommonExecutionController.h" 5 | /*#ifdef _WIN32 6 | #include 7 | #endif*/ 8 | 9 | #include "../revtracer-wrapper/RevtracerWrapper.h" 10 | #include "../revtracer/revtracer.h" 11 | #include "../CommonCrossPlatform/Common.h" 12 | #include "../BinLoader/LoaderAPI.h" 13 | 14 | class InprocessExecutionController : public CommonExecutionController { 15 | private : 16 | THREAD_T hThread; 17 | 18 | ext::LibraryLayout libLayout, **expLayout; 19 | 20 | struct { 21 | MODULE_PTR module; 22 | BASE_PTR base; 23 | revwrapper::WrapperImports *pImports; 24 | revwrapper::WrapperExports *pExports; 25 | } wrapper; 26 | 27 | struct { 28 | MODULE_PTR module; 29 | BASE_PTR base; 30 | rev::RevtracerConfig *pConfig; 31 | rev::RevtracerImports *pImports; 32 | rev::RevtracerExports *pExports; 33 | } revtracer; 34 | public : 35 | virtual bool SetPath(const wstring &p); 36 | virtual bool SetCmdLine(const wstring &c); 37 | 38 | bool PatchProcess(); 39 | 40 | virtual THREAD_T GetProcessHandle(); 41 | virtual rev::ADDR_TYPE GetTerminationCode(); 42 | 43 | /*virtual bool GetProcessVirtualMemory(VirtualMemorySection *§ions, int §ionCount); 44 | virtual bool GetModules(ModuleInfo *&modules, int &moduleCount);*/ 45 | virtual bool ReadProcessMemory(unsigned int base, unsigned int size, unsigned char *buff); 46 | virtual bool WriteProcessMemory(unsigned int base, unsigned int size, unsigned char *buff); 47 | 48 | DWORD ControlThread(); 49 | 50 | virtual bool Execute(); 51 | virtual bool WaitForTermination(); 52 | }; 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /Execution/InternalExecutionControllerExt.cpp: -------------------------------------------------------------------------------- 1 | #include "InternalExecutionController.h" 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /Execution/LargeStack.h: -------------------------------------------------------------------------------- 1 | #ifndef _LARGE_STACK_H_ 2 | #define _LARGE_STACK_H_ 3 | 4 | #ifdef _WIN32 5 | #include 6 | #endif 7 | 8 | #include "../CommonCrossPlatform/Common.h" 9 | 10 | namespace rev { 11 | typedef unsigned int DWORD; 12 | 13 | class LargeStack { 14 | private: 15 | DWORD *stackTop; 16 | DWORD *stackBase; 17 | DWORD stackSize; 18 | DWORD chunkSize; 19 | DWORD currentRegion; 20 | 21 | DWORD offsets[3]; 22 | 23 | FILE_T hVirtualStack; 24 | 25 | DWORD CurrentRegion() const; 26 | 27 | bool VirtualPush(DWORD *buffer); 28 | bool VirtualPop(DWORD *buffer); 29 | public: 30 | LargeStack(DWORD *base, DWORD size, DWORD *top, char *fName); 31 | ~LargeStack(); 32 | 33 | void Update(); 34 | }; 35 | }; 36 | 37 | #endif // !_LARGE_STACK_H_ 38 | -------------------------------------------------------------------------------- /Execution/Main.cpp: -------------------------------------------------------------------------------- 1 | #ifndef DISABLE_EXTERN_EXECUTION 2 | #include "ExternExecutionController.h" 3 | #endif 4 | 5 | #ifndef DISABLE_EXTERN_EXECUTION 6 | #include "ExternExecutionController.h" 7 | #endif 8 | 9 | #ifndef DISABLE_INPROCESS_EXECUTION 10 | #include "InprocessExecutionController.h" 11 | #endif 12 | 13 | DLL_EXECUTION_PUBLIC ExecutionController *NewExecutionController(uint32_t type) { 14 | switch (type) { 15 | #ifndef DISABLE_EXTERN_EXECUTION 16 | case EXECUTION_EXTERNAL: 17 | return new ExternExecutionController(); 18 | #endif 19 | #ifndef DISABLE_INPROCESS_EXECUTION 20 | case EXECUTION_INPROCESS: 21 | return new InprocessExecutionController(); 22 | #endif 23 | default: 24 | return nullptr; 25 | }; 26 | } 27 | 28 | DLL_EXECUTION_PUBLIC void DeleteExecutionController(ExecutionController *ptr) { 29 | delete ptr; 30 | } 31 | 32 | 33 | #ifdef _WIN32 34 | #include 35 | BOOL WINAPI DllMain(_In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, _In_ LPVOID lpvReserved) { 36 | return TRUE; 37 | } 38 | #endif 39 | -------------------------------------------------------------------------------- /Execution/Makefile: -------------------------------------------------------------------------------- 1 | lib_execution := libexecution.so 2 | CC := gcc 3 | CXX := g++ 4 | 5 | EXTERNAL_FILES := ../revtracer/sync.cpp ../revtracer/crc32.cpp ../revtracer/cb.cpp ../libproc/libproc.cpp 6 | 7 | INCLUDE_PATHS := -I../BinLoader 8 | 9 | INPROCESS_EXECUTION_CPP := LargeStack.cpp CommonExecutionController2.cpp InprocessExecutionController.cpp CommonExecutionController.cpp Main.cpp 10 | EXTERN_EXECUTION_CPP := Debugger.cpp ExternExecutionController.Linux.cpp DualAllocator.Linux.cpp TokenRingInit.Linux.cpp 11 | 12 | CPP_FILES := $(EXTERN_EXECUTION_CPP) $(INPROCESS_EXECUTION_CPP) $(EXTERNAL_FILES) 13 | 14 | OBJ_FILES := $(addprefix ,$(CPP_FILES:.cpp=.o)) 15 | LIB_BINLOADER_PATH := ../BinLoader/libbinloader.a 16 | LIB_WRAPPER_SETUP_PATH := ../wrapper.setup/libwrappersetup.a 17 | LIB_VIRTUALMEMORY_PATH := ../VirtualMemory/libvirtualmemory.a 18 | LD_FLAGS := -lrt 19 | 20 | CC_FLAGS_CROSS = -D__cdecl="" -D__stdcall="" 21 | CC_FLAGS += -g -m32 -std=c++11 -D_EXECUTION_EXPORTS \ 22 | -DBLOCK_CACHE_READ_ONLY \ 23 | $(INCLUDE_PATHS) $(CC_FLAGS_CROSS) 24 | 25 | prefix := /usr/local 26 | 27 | all: $(lib_execution) 28 | 29 | install: $(lib_execution) 30 | install -m 0755 $(lib_execution) -t $(prefix)/lib -D 31 | 32 | $(lib_execution): $(OBJ_FILES) 33 | $(CXX) $(CC_FLAGS) -shared -o $@ $^ $(LIB_BINLOADER_PATH) $(LIB_WRAPPER_SETUP_PATH) $(LIB_VIRTUALMEMORY_PATH) $(LD_FLAGS) 34 | 35 | %.o: %.cpp 36 | $(CXX) $(CC_FLAGS) -c -o $@ $< 37 | 38 | .PHONY: clean 39 | clean: 40 | $(RM) $(lib_execution) $(OBJ_FILES) 41 | -------------------------------------------------------------------------------- /Execution/RiverStructs.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_STRUCTS_H 2 | #define _RIVER_STRUCTS_H 3 | 4 | #include "../CommonCrossPlatform/Common.h" 5 | 6 | struct RemoteRuntime { 7 | UINT_PTR virtualStack; // + 0x00 - mandatory first member (used in vm-rm transitions) 8 | UINT_PTR returnRegister; // + 0x04 - ax/eax/rax value 9 | UINT_PTR jumpBuff; // + 0x08 10 | UINT_PTR execBuff; // + 0x0C 11 | UINT_PTR trackBuff; // + 0x10 12 | UINT_PTR trackBase; // + 0x14 13 | UINT_PTR taintedAddresses; // + 0x18 14 | UINT_PTR registers; // + 0x1C 15 | 16 | DWORD taintedFlags[8]; // + 0x20 17 | DWORD taintedRegisters[8]; // + 0x40 18 | }; 19 | 20 | //struct RiverExecutionEnvironment { 21 | // RiverRuntime runtimeContext; 22 | // 23 | // UINT_PTR saveLog; 24 | // 25 | // unsigned int /*heapSize,*/ historySize /*, logHashSize*/, outBufferSize; 26 | // 27 | // unsigned char *pStack; // = NULL; 28 | // 29 | // RiverHeap heap; 30 | // 31 | // //_tbm_mutex cbLock; // = 0; 32 | // //struct _cb_info **hashTable; // = 0 33 | // RiverBasicBlockCache blockCache; 34 | // 35 | // UINT_PTR lastFwBlock; 36 | // //UINT_PTR *history; 37 | // //unsigned long posHist, totHist; // = 0; 38 | // 39 | // UINT_PTR *executionBuffer; 40 | // 41 | // //unsigned char *saveBuffer; 42 | // 43 | // unsigned int bForward; 44 | // 45 | // RiverCodeGen codeGen; 46 | // 47 | // DWORD exitAddr; 48 | // 49 | // bool bValid; 50 | // void *userContext; 51 | //}; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /Execution/TokenRingInit.Linux.cpp: -------------------------------------------------------------------------------- 1 | #ifdef __linux__ 2 | 3 | 4 | #include "TokenRingInit.Linux.h" 5 | 6 | //#include 7 | #include 8 | #include 9 | #include 10 | 11 | #include "../CommonCrossPlatform/Common.h" 12 | #include "../revtracer-wrapper/TokenRing.Linux.h" 13 | 14 | namespace revwrapper { 15 | typedef int (*semInitFunc)(sem_t *sem, int pshared, unsigned int value); 16 | 17 | int FindLibPthread(struct dl_phdr_info *info, size_t size, void *data) { 18 | LIB_T *dest = (LIB_T *)data; 19 | //printf("[Child] module name=\"%s\" @ %08x\n", info->dlpi_name, info->dlpi_addr); 20 | 21 | const char *p = strrchr(info->dlpi_name, '/'); 22 | p = (nullptr == p) ? info->dlpi_name : (p + 1); 23 | 24 | if (0 == strncmp("libpthread.so", p, 13)) { 25 | printf("Found libpthread @ %08x\n", info->dlpi_addr); 26 | *dest = GET_LIB_HANDLER(info->dlpi_name); 27 | return 0; 28 | } 29 | 30 | return 0; 31 | } 32 | 33 | 34 | bool InitTokenRing(TokenRing *_this, long uCount) { 35 | LIB_T libPthread; 36 | dl_iterate_phdr(FindLibPthread, &libPthread); 37 | semInitFunc _sem_init = (semInitFunc)dlvsym(libPthread, "sem_init", "GLIBC_2.1"); 38 | 39 | TokenRingOsData *_data = (TokenRingOsData *)_this->osData; 40 | 41 | _data->userCount = uCount; 42 | 43 | for (int i = 0; i < uCount; ++i) { 44 | if (-1 == _sem_init(&_data->semaphores[i], 1, 0)) { 45 | return false; 46 | } 47 | } 48 | 49 | return true; 50 | } 51 | 52 | }; // namespace ipc 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /Execution/TokenRingInit.Linux.h: -------------------------------------------------------------------------------- 1 | #ifndef _TOKEN_RING_INIT_WINDOWS_H_ 2 | #define _TOKEN_RING_INIT_WINDOWS_H_ 3 | 4 | #ifdef __linux__ 5 | 6 | #include "../revtracer-wrapper/TokenRing.h" 7 | 8 | namespace revwrapper { 9 | bool InitTokenRing(TokenRing *_this, long userCount); 10 | }; 11 | #endif 12 | 13 | #endif 14 | 15 | -------------------------------------------------------------------------------- /Execution/TokenRingInit.Windows.cpp: -------------------------------------------------------------------------------- 1 | #if defined _WIN32 || defined __CYGWIN__ 2 | 3 | #include "TokenRingInit.Windows.h" 4 | 5 | #include 6 | 7 | #include "../revtracer-wrapper/TokenRing.Windows.h" 8 | 9 | namespace revwrapper { 10 | bool InitTokenRing(TokenRing *_this, long uCount, unsigned int *pids) { 11 | //_this->trw = WaitTokenRingWin; 12 | //_this->trr = ReleaseTokenRingWin; 13 | 14 | TokenRingOsData *_data = (TokenRingOsData *)_this->osData; 15 | 16 | _data->userCount = uCount; 17 | 18 | HANDLE processes[MAX_USER_COUNT]; 19 | for (int i = 0; i < uCount; ++i) { 20 | processes[i] = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pids[i]); 21 | } 22 | 23 | for (int i = 0; i < uCount; ++i) { 24 | HANDLE hEvt = CreateEvent(nullptr, FALSE, FALSE, nullptr); // (token == i) ? TRUE : FALSE, nullptr); 25 | 26 | DuplicateHandle( 27 | GetCurrentProcess(), 28 | hEvt, 29 | processes[i], 30 | &_data->waitSem[i], 31 | 0, 32 | FALSE, 33 | DUPLICATE_SAME_ACCESS 34 | ); 35 | 36 | DuplicateHandle( 37 | GetCurrentProcess(), 38 | hEvt, 39 | processes[(0 == i) ? (uCount - 1) : (i - 1)], 40 | &_data->postSem[i], 41 | 0, 42 | FALSE, 43 | DUPLICATE_SAME_ACCESS 44 | ); 45 | 46 | CloseHandle(hEvt); 47 | } 48 | 49 | for (int i = 0; i < uCount; ++i) { 50 | CloseHandle(processes[i]); 51 | } 52 | 53 | return true; 54 | } 55 | 56 | }; // namespace ipc 57 | 58 | #endif -------------------------------------------------------------------------------- /Execution/TokenRingInit.Windows.h: -------------------------------------------------------------------------------- 1 | #ifndef _TOKEN_RING_INIT_WINDOWS_H_ 2 | #define _TOKEN_RING_INIT_WINDOWS_H_ 3 | 4 | #if defined _WIN32 || defined __CYGWIN__ 5 | 6 | #include "../revtracer-wrapper/TokenRing.h" 7 | 8 | namespace revwrapper { 9 | bool InitTokenRing(TokenRing *_this, long userCount, unsigned int *pids); 10 | }; 11 | 12 | #endif 13 | 14 | #endif 15 | 16 | -------------------------------------------------------------------------------- /ExecutionWrapper/AssemblyInfo.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | 3 | using namespace System; 4 | using namespace System::Reflection; 5 | using namespace System::Runtime::CompilerServices; 6 | using namespace System::Runtime::InteropServices; 7 | using namespace System::Security::Permissions; 8 | 9 | // 10 | // General Information about an assembly is controlled through the following 11 | // set of attributes. Change these attribute values to modify the information 12 | // associated with an assembly. 13 | // 14 | [assembly:AssemblyTitleAttribute(L"ExecutionWrapper")]; 15 | [assembly:AssemblyDescriptionAttribute(L"")]; 16 | [assembly:AssemblyConfigurationAttribute(L"")]; 17 | [assembly:AssemblyCompanyAttribute(L"")]; 18 | [assembly:AssemblyProductAttribute(L"ExecutionWrapper")]; 19 | [assembly:AssemblyCopyrightAttribute(L"Copyright (c) 2015")]; 20 | [assembly:AssemblyTrademarkAttribute(L"")]; 21 | [assembly:AssemblyCultureAttribute(L"")]; 22 | 23 | // 24 | // Version information for an assembly consists of the following four values: 25 | // 26 | // Major Version 27 | // Minor Version 28 | // Build Number 29 | // Revision 30 | // 31 | // You can specify all the value or you can default the Revision and Build Numbers 32 | // by using the '*' as shown below: 33 | 34 | [assembly:AssemblyVersionAttribute("1.0.*")]; 35 | 36 | [assembly:ComVisible(false)]; 37 | 38 | [assembly:CLSCompliantAttribute(true)]; -------------------------------------------------------------------------------- /ExecutionWrapper/Stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // ExecutionWrapper.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | -------------------------------------------------------------------------------- /ExecutionWrapper/Stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, 3 | // but are changed infrequently 4 | 5 | #pragma once 6 | 7 | 8 | -------------------------------------------------------------------------------- /ExecutionWrapper/app.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/ExecutionWrapper/app.ico -------------------------------------------------------------------------------- /ExecutionWrapper/app.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/ExecutionWrapper/app.rc -------------------------------------------------------------------------------- /ExecutionWrapper/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by app.rc 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Bitdefender 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /LargeStack/LargeStack.h: -------------------------------------------------------------------------------- 1 | #ifndef _LARGE_STACK_H_ 2 | #define _LARGE_STACK_H_ 3 | 4 | #include 5 | 6 | namespace rev { 7 | typedef unsigned int DWORD; 8 | 9 | class LargeStack { 10 | private: 11 | DWORD *stackTop; 12 | DWORD *stackBase; 13 | DWORD stackSize; 14 | DWORD chunkSize; 15 | DWORD currentRegion; 16 | 17 | DWORD offsets[3]; 18 | 19 | HANDLE hVirtualStack; 20 | 21 | DWORD CurrentRegion() const; 22 | 23 | bool VirtualPush(DWORD *buffer); 24 | bool VirtualPop(DWORD *buffer); 25 | public: 26 | LargeStack(DWORD *base, DWORD size, DWORD *top, char *fName); 27 | ~LargeStack(); 28 | 29 | void Update(); 30 | }; 31 | }; 32 | 33 | #endif // !_LARGE_STACK_H_ 34 | -------------------------------------------------------------------------------- /LargeStack/Main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "LargeStack.h" 4 | 5 | using namespace rev; 6 | 7 | rev::DWORD stack[0x10000]; 8 | rev::DWORD top; 9 | 10 | int main() { 11 | LargeStack ls(stack, sizeof(stack), &top, "stack.bin"); 12 | 13 | unsigned int val = 0; 14 | for (int i = 0; i < 0x1000000; ++i) { 15 | for (int j = 0; j < 13; ++j) { 16 | 17 | //push equivalent 18 | top -= 4; 19 | *((rev::DWORD *)top) = val; 20 | 21 | val++; 22 | } 23 | 24 | ls.Update(); 25 | 26 | for (int j = 0; j < 12; ++j) { 27 | val--; 28 | 29 | rev::DWORD v = *((rev::DWORD *)top); 30 | top += 4; 31 | 32 | if (v != val) __asm int 3; 33 | } 34 | 35 | ls.Update(); 36 | } 37 | 38 | return 0; 39 | } -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | DIRS := BinLoader VirtualMemory wrapper.setup revtracer-wrapper \ 2 | revtracer ipclib DisableSSE Execution loader http-parser-payload \ 3 | SymbolicEnvironment SymbolicDemo 4 | prefix := /usr/local 5 | 6 | all: 7 | for d in $(DIRS); do $(MAKE) clean -C $$d && $(MAKE) -C $$d; done 8 | 9 | clean: 10 | for d in $(DIRS); do $(MAKE) clean -C $$d; done 11 | 12 | install: 13 | for d in $(DIRS); do $(MAKE) clean -C $$d && \ 14 | $(MAKE) -C $$d && \ 15 | $(MAKE) install prefix=$(prefix) -C $$d; done 16 | 17 | 18 | -------------------------------------------------------------------------------- /SymbolicEnvironment/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## SymbolicEnvironment CMakeLists.txt 2 | 3 | set(LIBRARY_NAME symbolicenvironment) 4 | set(FLAGS_CROSS "-D__cdecl=\"\" -D__stdcall=\"\"") 5 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11 \ 6 | -D_BUILDING_ENVIRONMENT_DLL -D_NO_TRACK_CALLBACKS_ ${FLAGS_CROSS}") 7 | 8 | add_library(${LIBRARY_NAME} SHARED 9 | Environment.cpp 10 | LargeStack.cpp 11 | OverlappedRegisters.cpp 12 | RevSymbolicEnvironment.cpp 13 | SymbolicEnvironment.cpp 14 | ../revtracer/Tracking.cpp 15 | ../revtracer/AddressContainer.cpp 16 | ) 17 | 18 | set_target_properties(${LIBRARY_NAME} PROPERTIES 19 | PUBLIC_HEADER "Environment.h;LargeStack.h;SymbolicEnvironment.h" 20 | ) 21 | 22 | install(TARGETS ${LIBRARY_NAME} 23 | LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib 24 | PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/SymbolicEnvironment 25 | ) 26 | -------------------------------------------------------------------------------- /SymbolicEnvironment/Environment.cpp: -------------------------------------------------------------------------------- 1 | #include "Environment.h" 2 | 3 | #include "RevSymbolicEnvironment.h" 4 | #include "OverlappedRegisters.h" 5 | 6 | DLL_ENVIRONMENT_PUBLIC sym::SymbolicEnvironment *NewX86RevtracerEnvironment(void *revEnv, void *ctl) { 7 | return new RevSymbolicEnvironment(revEnv, (ExecutionController *)ctl); 8 | } 9 | 10 | DLL_ENVIRONMENT_PUBLIC sym::SymbolicEnvironment *NewX86RegistersEnvironment(sym::SymbolicEnvironment *parent) { 11 | sym::ScopedSymbolicEnvironment *ret = new OverlappedRegistersEnvironment(); 12 | ret->SetSubEnvironment(parent); 13 | 14 | return ret; 15 | } -------------------------------------------------------------------------------- /SymbolicEnvironment/Environment.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENVIRONMENT_H_ 2 | #define _ENVIRONMENT_H_ 3 | 4 | #if defined _WIN32 || defined __CYGWIN__ 5 | #ifdef _BUILDING_ENVIRONMENT_DLL 6 | #ifdef __GNUC__ 7 | #define DLL_ENVIRONMENT_PUBLIC __attribute__ ((dllexport)) 8 | #else 9 | #define DLL_ENVIRONMENT_PUBLIC __declspec(dllexport) 10 | #endif 11 | #else 12 | #ifdef __GNUC__ 13 | #define DLL_ENVIRONMENT_PUBLIC __attribute__ ((dllimport)) 14 | #else 15 | #define DLL_ENVIRONMENT_PUBLIC __declspec(dllimport) 16 | #endif 17 | #endif 18 | #define DLL_LOCAL 19 | #else 20 | #if __GNUC__ >= 4 21 | #define DLL_ENVIRONMENT_PUBLIC __attribute__ ((visibility ("default"))) 22 | #define DLL_LOCAL __attribute__ ((visibility ("hidden"))) 23 | #else 24 | #define DLL_ENVIRONMENT_PUBLIC 25 | #define DLL_LOCAL 26 | #endif 27 | #endif 28 | 29 | #include "SymbolicEnvironment.h" 30 | 31 | /** Get a symbolic environment that can be used directly with the revtracer. 32 | * Features: 33 | * - Lazy CPU flag evaluation 34 | * - Only 32-bit CPU registers support 35 | * - Constructs symbolic expressions on the fly for unaligned memory accesses 36 | */ 37 | DLL_ENVIRONMENT_PUBLIC sym::SymbolicEnvironment *NewX86RevtracerEnvironment(void *revEnv, void *ctl); 38 | 39 | /** Get a symbolic environment that lazily constructs x86 register expressions 40 | * Features: 41 | * - Delegates flag evaluation to the underlying environment 42 | * - Lazy evalauation of register symbolic values 43 | * - Delegates memory evaluation to underlying environment 44 | */ 45 | DLL_ENVIRONMENT_PUBLIC sym::SymbolicEnvironment *NewX86RegistersEnvironment(sym::SymbolicEnvironment *parent); 46 | 47 | 48 | #endif 49 | 50 | -------------------------------------------------------------------------------- /SymbolicEnvironment/LargeStack.h: -------------------------------------------------------------------------------- 1 | #ifndef _LARGE_STACK_H_ 2 | #define _LARGE_STACK_H_ 3 | 4 | #ifdef _WIN32 5 | #include 6 | #endif 7 | 8 | #include "../CommonCrossPlatform/Common.h" 9 | 10 | namespace stk { 11 | typedef unsigned int DWORD; 12 | 13 | class LargeStack { 14 | private: 15 | DWORD *stackTop; 16 | DWORD *stackBase; 17 | DWORD stackSize; 18 | DWORD chunkSize; 19 | DWORD currentRegion; 20 | 21 | DWORD offsets[3]; 22 | 23 | FILE_T hVirtualStack; 24 | 25 | DWORD CurrentRegion() const; 26 | 27 | bool VirtualPush(DWORD *buffer); 28 | bool VirtualPop(DWORD *buffer); 29 | public: 30 | LargeStack(DWORD *base, DWORD size, DWORD *top, const char *fName); 31 | ~LargeStack(); 32 | 33 | void Push(DWORD value); 34 | DWORD Pop(); 35 | 36 | void Update(); 37 | }; 38 | }; 39 | 40 | #endif // !_LARGE_STACK_H_ 41 | -------------------------------------------------------------------------------- /SymbolicEnvironment/Makefile: -------------------------------------------------------------------------------- 1 | lib_symbolicenvironment := libsymbolicenvironment.so 2 | CC := gcc 3 | CXX := g++ 4 | EXTERNAL_FILES := ../revtracer/Tracking.cpp ../revtracer/AddressContainer.cpp 5 | CPP_FILES := Environment.cpp LargeStack.cpp OverlappedRegisters.cpp RevSymbolicEnvironment.cpp SymbolicEnvironment.cpp $(EXTERNAL_FILES) 6 | OBJ_FILES := $(addprefix ,$(CPP_FILES:.cpp=.o)) 7 | CC_FLAGS += -g -m32 -march=i386 -std=c++11 -D_BUILDING_ENVIRONMENT_DLL -D_NO_TRACK_CALLBACKS_ 8 | prefix := /usr/local 9 | 10 | all: $(lib_symbolicenvironment) 11 | 12 | install: $(lib_symbolicenvironment) 13 | install -m 0755 $(lib_symbolicenvironment) -t $(prefix)/lib -D 14 | 15 | $(lib_symbolicenvironment): $(OBJ_FILES) 16 | $(CXX) $(CC_FLAGS) -shared -o $@ $^ 17 | 18 | %.o: %.cpp 19 | $(CXX) $(CC_FLAGS) -c -o $@ $< 20 | 21 | .PHONY: clean 22 | clean: 23 | $(RM) $(lib_symbolicenvironment) $(OBJ_FILES) 24 | -------------------------------------------------------------------------------- /SymbolicEnvironment/OverlappedRegisters.h: -------------------------------------------------------------------------------- 1 | #ifndef _OVERLAPPED_REGISTERS_H_ 2 | #define _OVERLAPPED_REGISTERS_H_ 3 | 4 | #include "LargeStack.h" 5 | #include "SymbolicEnvironment.h" 6 | 7 | #include "../revtracer/river.h" 8 | 9 | class OverlappedRegistersEnvironment : public sym::ScopedSymbolicEnvironment { 10 | private : 11 | class OverlappedRegister { 12 | private: 13 | void *subRegs[5]; 14 | static const nodep::DWORD rOff[5], rSize[5], rParent[5], rMChild[5], rLChild[5]; 15 | static const nodep::DWORD rSeed[4]; 16 | static nodep::DWORD needConcat, needExtract; 17 | OverlappedRegistersEnvironment *parent; 18 | 19 | // marks children as need extraction 20 | void MarkNeedExtract(nodep::DWORD node, bool doRefCount); 21 | void MarkNeedConcat(nodep::DWORD node, bool doRefCount); 22 | void MarkUnset(nodep::DWORD node, bool doRefCount); 23 | 24 | void *Get(nodep::DWORD node, nodep::DWORD concreteValue); 25 | public: 26 | OverlappedRegister(); 27 | 28 | void SetParent(OverlappedRegistersEnvironment *p); 29 | 30 | void *Get(RiverRegister ®, nodep::DWORD &concreteValue); 31 | void Set(RiverRegister ®, void *value, bool doRefCount); 32 | bool Unset(RiverRegister ®, bool doRefCount); 33 | 34 | void SaveState(stk::LargeStack &stack); 35 | void LoadState(stk::LargeStack &stack); 36 | } subRegisters[8]; 37 | 38 | RiverInstruction *current; 39 | AddRefFunc addRefFunc; 40 | DecRefFunc decRefFunc; 41 | 42 | protected : 43 | virtual bool _SetCurrentInstruction(RiverInstruction *instruction, void *opBuffer); 44 | 45 | virtual void _SetReferenceCounting(AddRefFunc addRef, DecRefFunc decRef); 46 | 47 | virtual void _PushState(stk::LargeStack &stack); 48 | virtual void _PopState(stk::LargeStack &stack); 49 | 50 | public : 51 | OverlappedRegistersEnvironment(); 52 | 53 | virtual bool GetOperand(struct OperandInfo &opInfo); 54 | virtual bool GetAddressBase(struct OperandInfo &opInfo); 55 | virtual bool GetAddressScaleAndIndex(struct OperandInfo &opInfo, nodep::BYTE &scale); 56 | virtual bool GetAddressDisplacement(const nodep::BYTE opIdx, struct AddressDisplacement &addressDisplacement); 57 | virtual bool SetOperand(nodep::BYTE opIdx, void *symbolicValue, bool doRefCount); 58 | virtual bool UnsetOperand(nodep::BYTE opIdx, bool doRefCount); 59 | }; 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /VirtualMemory/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## VirtualMemory CMakeLists.txt 2 | 3 | set(LIBRARY_NAME virtualmemory) 4 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11") 5 | 6 | add_library(${LIBRARY_NAME} STATIC 7 | VirtualMem.cpp 8 | MemoryLayout.Linux.cpp 9 | ../libproc/libproc.cpp 10 | ) 11 | 12 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 13 | -------------------------------------------------------------------------------- /VirtualMemory/Makefile: -------------------------------------------------------------------------------- 1 | lib_virtualmemory := libvirtualmemory.a 2 | CC := gcc 3 | CXX := g++ 4 | 5 | EXTERNAL_FILES := ../libproc/libproc.cpp 6 | CPP_FILES := VirtualMem.cpp MemoryLayout.Linux.cpp $(EXTERNAL_FILES) 7 | 8 | OBJ_FILES := $(addprefix ,$(CPP_FILES:.cpp=.o)) 9 | CXX_FLAGS += -g -m32 -std=c++11 10 | prefix := /usr/local 11 | 12 | all: $(lib_virtualmemory) 13 | 14 | test_bin: $(lib_virtualmemory) Main.o 15 | $(CXX) -L. $(CXX_FLAGS) -o main Main.o -lbinloader -ldl 16 | 17 | install: $(lib_virtualmemory) 18 | install -m 0755 $(lib_virtualmemory) -t $(prefix)/lib -D 19 | 20 | $(lib_virtualmemory): $(OBJ_FILES) 21 | $(AR) rcs $@ $^ 22 | 23 | %.o: %.cpp 24 | $(CXX) $(CXX_FLAGS) -c -o $@ $< 25 | 26 | .PHONY: clean 27 | clean: 28 | $(RM) $(lib_virtualmemory) $(OBJ_FILES) *.o main 29 | -------------------------------------------------------------------------------- /VirtualMemory/MemoryLayout.h: -------------------------------------------------------------------------------- 1 | #ifndef _MEMORY_LAYOUT_H_ 2 | 3 | #include "VirtualMem.h" 4 | 5 | namespace vmem { 6 | 7 | #define MEMORY_REGION_FREE 0x00 8 | #define MEMORY_REGION_RESERVED 0x01 9 | #define MEMORY_REGION_COMMITED 0x02 10 | #define MEMORY_REGION_UNKNOWN 0xFF 11 | 12 | #define MEMORY_REGION_READ 0x4 13 | #define MEMORY_REGION_WRITE 0x2 14 | #define MEMORY_REGION_EXECUTE 0x1 15 | 16 | struct MemoryRegionInfo { 17 | void *baseAddress; 18 | void *allocationBase; 19 | 20 | unsigned int size; 21 | 22 | // free, reserved, protected 23 | unsigned int state; 24 | 25 | // read, write, execute 26 | unsigned int protection; 27 | 28 | char *moduleName; 29 | }; 30 | 31 | class MemoryLayout { 32 | public: 33 | virtual bool Snapshot() = 0; 34 | virtual bool Query(void *addr, MemoryRegionInfo &out) = 0; 35 | virtual bool Release() = 0; 36 | 37 | virtual bool Debug() = 0; 38 | }; 39 | 40 | MemoryLayout *CreateMemoryLayout(process_t process); 41 | 42 | }; 43 | 44 | #endif // !_MEMORY_LAYOUT_H_ -------------------------------------------------------------------------------- /VirtualMemory/VirtualMem.h: -------------------------------------------------------------------------------- 1 | #ifndef _VIRTUAL_MEM_H_ 2 | #define _VIRTUAL_MEM_H_ 3 | 4 | #include "../CommonCrossPlatform/BasicTypes.h" 5 | 6 | namespace vmem { 7 | // the process_t aliases depending on the os 8 | // Linux: pid - used by libproc 9 | // Windows: HANDLE (to an opened process) - used by kernel32!VirtualQuery 10 | 11 | #ifdef __linux__ 12 | typedef int process_t; 13 | #elif defined _WIN32 || defined __CYGWIN__ 14 | #include 15 | typedef HANDLE process_t; 16 | #endif 17 | 18 | nodep::BYTE *GetFreeRegion(process_t hProcess, nodep::DWORD size, nodep::DWORD granularity); 19 | nodep::BYTE *GetFreeRegion(process_t hProcess1, process_t hProcess2, nodep::DWORD size, nodep::DWORD granularity); 20 | 21 | }; 22 | 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /benchmarking-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(${CMAKE_SOURCE_DIR}) 2 | 3 | add_subdirectory(jsmn-payload) 4 | add_subdirectory(gumbo-payload) 5 | #add_subdirectory(libxml2-payload) 6 | #add_subdirectory(libpng-payload) 7 | #add_subdirectory(freetype-payload) 8 | #add_subdirectory(http-parser-payload) 9 | #add_subdirectory(libjpeg-turbo-payload) 10 | #add_subdirectory(simple-address-payload) 11 | #add_subdirectory(simple-accumulator-payload) 12 | -------------------------------------------------------------------------------- /benchmarking-payload/freetype-payload/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | *-src 3 | tmp 4 | -------------------------------------------------------------------------------- /benchmarking-payload/freetype-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME freetype-payload) 2 | set(CMAKE_C_FLAGS "-m32 -g") 3 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -D_PAYLOAD_EXPORTS") 4 | 5 | add_library(${LIBRARY_NAME} SHARED 6 | Payload.cpp 7 | ) 8 | 9 | include_directories(${CMAKE_CURRENT_SOURCE_DIR}/freetype-src/include 10 | ${CMAKE_CURRENT_SOURCE_DIR}/freetype-src 11 | $ENV{RIVER_SDK_DIR}/include 12 | ) 13 | 14 | target_link_libraries(${LIBRARY_NAME} 15 | ${CMAKE_CURRENT_SOURCE_DIR}/freetype-src/objs/.libs/libfreetype.a 16 | archive 17 | png16 18 | ) 19 | 20 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 21 | -------------------------------------------------------------------------------- /benchmarking-payload/freetype-payload/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | freetype := libfreetype.so 5 | CC := gcc 6 | CXX := g++ 7 | INCLUDE_PATHS = "-I$(makefile_dir)/freetype-src/include -I$(makefile_dir)/freetype-src/" 8 | OBJ_FILES := Payload.o $(makefile_dir)/freetype-src/objs/.libs/libfreetype.a 9 | CXX_FLAGS += -m32 -std=c++11 -D_PAYLOAD_EXPORTS 10 | prefix := /usr/local 11 | 12 | all: $(freetype) 13 | 14 | install: $(freetype) 15 | install -m 0755 $(freetype) -t $(prefix)/lib -D 16 | 17 | $(freetype): $(OBJ_FILES) 18 | $(CXX) -m32 -shared $(OBJ_FILES) -o $@ -lz -larchive -lpng12 19 | 20 | Payload.o: Payload.cpp 21 | $(CXX) $(CXX_FLAGS) $(INCLUDE_PATHS) -c -o $@ $< 22 | 23 | .PHONY: clean 24 | clean: 25 | $(RM) $(freetype) Payload.o 26 | -------------------------------------------------------------------------------- /benchmarking-payload/freetype-payload/config_freetype.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Init source code 4 | SRC_DIR="$(pwd)/freetype-src" 5 | 6 | DEFAULT_CFLAGS="-m32" 7 | DEFAULT_LDFLAGS="-m32" 8 | CC=gcc 9 | 10 | init_target() { 11 | if ! [ -d $SRC_DIR ]; then 12 | wget http://download.savannah.gnu.org/releases/freetype/freetype-2.8.tar.gz 13 | tar xvf freetype-2.8.tar.gz 14 | mv freetype-2.8 $SRC_DIR 15 | cd $SRC_DIR 16 | ./autogen.sh 17 | cd - 18 | fi 19 | } 20 | 21 | 22 | # Build http-parser with the given `name` and flags. 23 | build_target() { 24 | cd $SRC_DIR 25 | CC="$CC" CFLAGS="$DEFAULT_CFLAGS" LDFLAGS="$DEFAULT_LDFLAGS" \ 26 | LD="ld -m elf_i386" ./configure 27 | make 28 | make library 29 | cd - 30 | } 31 | 32 | init_target 33 | build_target 34 | -------------------------------------------------------------------------------- /benchmarking-payload/gumbo-payload/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | *-src 3 | -------------------------------------------------------------------------------- /benchmarking-payload/gumbo-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME gumbo-payload) 2 | set(CMAKE_C_FLAGS "-m32 -g") 3 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -D_PAYLOAD_EXPORTS") 4 | 5 | add_library(${LIBRARY_NAME} SHARED 6 | Payload.cpp 7 | ) 8 | 9 | include_directories(${CMAKE_CURRENT_SOURCE_DIR}/gumbo-src/src 10 | $ENV{RIVER_SDK_DIR}/include 11 | ) 12 | 13 | target_link_libraries(${LIBRARY_NAME} 14 | ${CMAKE_CURRENT_SOURCE_DIR}/gumbo-src/.libs/libgumbo.a 15 | ) 16 | 17 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 18 | -------------------------------------------------------------------------------- /benchmarking-payload/gumbo-payload/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | lib_gumbo := libgumbo.so 5 | CC := gcc 6 | CXX := g++ 7 | INCLUDE_PATHS = -I$(makefile_dir)/gumbo-src/src 8 | OBJ_FILES := Payload.o $(makefile_dir)/gumbo-src/.libs/libgumbo.a 9 | CXX_FLAGS += -m32 -D_PAYLOAD_EXPORTS 10 | prefix := /usr/local 11 | 12 | all: $(lib_gumbo) 13 | 14 | install: $(lib_gumbo) 15 | install -m 0755 $(lib_gumbo) -t $(prefix)/lib -D 16 | 17 | $(lib_gumbo): $(OBJ_FILES) 18 | $(CXX) -m32 -shared $(OBJ_FILES) -o $@ 19 | 20 | Payload.o: Payload.cpp 21 | $(CXX) $(CXX_FLAGS) $(INCLUDE_PATHS) -c -o $@ $< 22 | 23 | .PHONY: clean 24 | clean: 25 | $(RM) $(lib_gumbo) Payload.o 26 | -------------------------------------------------------------------------------- /benchmarking-payload/gumbo-payload/Payload.cpp: -------------------------------------------------------------------------------- 1 | #include "CommonCrossPlatform/Common.h" 2 | #include "CommonCrossPlatform/CommonSpecifiers.h" 3 | 4 | #include "gumbo.h" 5 | #include 6 | 7 | void test_simple(const unsigned char *buf) { 8 | GumboOutput* output = gumbo_parse_with_options( 9 | &kGumboDefaultOptions, (const char *)buf, MAX_PAYLOAD_BUF); 10 | gumbo_destroy_output(&kGumboDefaultOptions, output); 11 | } 12 | 13 | extern "C" { 14 | DLL_PUBLIC unsigned char payloadBuffer[MAX_PAYLOAD_BUF]; 15 | DLL_PUBLIC int Payload() { 16 | test_simple(payloadBuffer); 17 | return 0; 18 | } 19 | }; 20 | 21 | #ifdef _WIN32 22 | #include 23 | BOOL WINAPI DllMain( 24 | _In_ HINSTANCE hinstDLL, 25 | _In_ DWORD fdwReason, 26 | _In_ LPVOID lpvReserved 27 | ) { 28 | return TRUE; 29 | } 30 | #endif 31 | -------------------------------------------------------------------------------- /benchmarking-payload/gumbo-payload/config_gumbo.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Init source code 4 | SRC_DIR="$(pwd)/gumbo-src" 5 | 6 | DEFAULT_CFLAGS="-m32" 7 | DEFAULT_LDFLAGS="-m32" 8 | CC=gcc 9 | CXX=g++ 10 | 11 | init_target() { 12 | if ! [ -d $SRC_DIR ]; then 13 | git clone https://github.com/google/gumbo-parser.git $SRC_DIR 14 | cd $SRC_DIR 15 | ./autogen.sh 16 | cd - 17 | fi 18 | } 19 | 20 | 21 | # Build http-parser with the given `name` and flags. 22 | build_target() { 23 | cd $SRC_DIR 24 | CC="$CC" CXX="$CXX" CXXFLAGS="$DEFAULT_CFLAGS" CFLAGS="$DEFAULT_CFLAGS" \ 25 | LDFLAGS="$DEFAULT_LDFLAGS" ./configure 26 | 27 | make 28 | cd - 29 | } 30 | 31 | init_target 32 | build_target 33 | -------------------------------------------------------------------------------- /benchmarking-payload/http-parser-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## http-parser CMakeLists.txt 2 | # https://software.intel.com/en-us/articles/performance-tools-for-software-developers-bsymbolic-can-cause-dangerous-side-effects 3 | 4 | set(LIBRARY_NAME "http-parser") 5 | 6 | set(CMAKE_C_FLAGS "-m32 -g -O2") 7 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -nostdlib -std=c++11 -D_PAYLOAD_EXPORTS") 8 | 9 | include_directories($ENV{RIVER_SDK_DIR}/include) 10 | 11 | add_library(${LIBRARY_NAME} SHARED 12 | http_parser.c 13 | Payload.cpp 14 | ) 15 | 16 | set_target_properties(${LIBRARY_NAME} PROPERTIES LINK_FLAGS 17 | "${LINK_FLAGS} \ 18 | -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/http-parser.version") 19 | 20 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 21 | -------------------------------------------------------------------------------- /benchmarking-payload/http-parser-payload/Makefile: -------------------------------------------------------------------------------- 1 | # https://software.intel.com/en-us/articles/performance-tools-for-software-developers-bsymbolic-can-cause-dangerous-side-effects 2 | 3 | lib_http_parser := libhttp-parser.so 4 | CC := gcc 5 | CXX := g++ 6 | OBJ_FILES := http_parser.o Payload.o 7 | DEFAULT_CFLAGS := -m32 -O2 -g 8 | CC_FLAGS += $(DEFAULT_CFLAGS) 9 | CXX_FLAGS += $(DEFAULT_CFLAGS) -nostdlib -std=c++11 -D_PAYLOAD_EXPORTS 10 | prefix := /usr/local 11 | 12 | all: $(lib_http_parser) 13 | 14 | install: $(lib_http_parser) 15 | install -m 0755 $(lib_http_parser) -t $(prefix)/lib -D 16 | 17 | $(lib_http_parser): $(OBJ_FILES) 18 | $(CXX) $(CC_FLAGS) -Wl,--version-script=http-parser.version -shared -o $@ $^ 19 | 20 | Payload.o: Payload.cpp 21 | $(CXX) $(CXX_FLAGS) -c $< 22 | 23 | http_parser.o: http_parser.c 24 | $(CC) $(CC_FLAGS) -c $< 25 | 26 | .PHONY: clean 27 | clean: 28 | $(RM) $(lib_http_parser) $(OBJ_FILES) 29 | -------------------------------------------------------------------------------- /benchmarking-payload/http-parser-payload/http-parser.version: -------------------------------------------------------------------------------- 1 | LIBHTTPPARSER_1.0 { 2 | local: 3 | http_parser_version; 4 | http_parser_init; 5 | http_parser_settings_init; 6 | http_parser_execute; 7 | http_should_keep_alive; 8 | http_method_str; 9 | http_errno_description; 10 | http_parser_url_init; 11 | http_parser_parse_url; 12 | http_parser_pause; 13 | http_body_is_final; 14 | }; 15 | -------------------------------------------------------------------------------- /benchmarking-payload/jsmn-payload/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | *-src 3 | -------------------------------------------------------------------------------- /benchmarking-payload/jsmn-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(CMAKE_VERBOSE_MAKEFILE on) 2 | set(LIBRARY_NAME jsmn-parser) 3 | set(CMAKE_C_FLAGS "-m32 -g") 4 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -D_PAYLOAD_EXPORTS") 5 | 6 | add_library(${LIBRARY_NAME} SHARED 7 | Payload.cpp 8 | ) 9 | 10 | include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libjsmn-src 11 | $ENV{RIVER_SDK_DIR}/include 12 | ) 13 | 14 | target_link_libraries(${LIBRARY_NAME} 15 | ${CMAKE_CURRENT_SOURCE_DIR}/libjsmn-src/libjsmn.a 16 | ) 17 | 18 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 19 | -------------------------------------------------------------------------------- /benchmarking-payload/jsmn-payload/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | libjsmn := libjsmn.so 5 | CC := gcc 6 | CXX := g++ 7 | OBJ_FILES := Payload.o $(makefile_dir)/libjsmn-src/libjsmn.a 8 | INCLUDE_PATH := -I$(makefile_dir)/libjsmn-src 9 | CXX_FLAGS += -m32 -std=c++11 -D_PAYLOAD_EXPORTS 10 | prefix := /usr/local 11 | 12 | all: $(libjsmn) 13 | 14 | install: $(libjsmn) 15 | install -m 0755 $(libjsmn) -t $(prefix)/lib -D 16 | 17 | $(libjsmn): $(OBJ_FILES) 18 | $(CXX) -m32 -shared $(OBJ_FILES) -o $@ 19 | 20 | Payload.o: Payload.cpp 21 | $(CXX) $(CXX_FLAGS) $(INCLUDE_PATH) -c -o $@ $< 22 | 23 | .PHONY: clean 24 | clean: 25 | $(RM) -r $(libjsmn) Payload.o 26 | -------------------------------------------------------------------------------- /benchmarking-payload/jsmn-payload/Payload.cpp: -------------------------------------------------------------------------------- 1 | #include "CommonCrossPlatform/Common.h" 2 | #include "CommonCrossPlatform/CommonSpecifiers.h" 3 | 4 | #include "jsmn.h" 5 | 6 | 7 | #define TOKEN_SIZE 256 8 | 9 | static jsmn_parser parser; 10 | static jsmntok_t tokens[TOKEN_SIZE]; 11 | 12 | void test_simple(const unsigned char *buf) { 13 | jsmn_init(&parser); 14 | // js - pointer to JSON string 15 | // tokens - an array of tokens available 16 | jsmn_parse(&parser, (const char *)buf, MAX_PAYLOAD_BUF, tokens, TOKEN_SIZE); 17 | } 18 | 19 | extern "C" { 20 | DLL_PUBLIC unsigned char payloadBuffer[MAX_PAYLOAD_BUF]; 21 | DLL_PUBLIC int Payload() { 22 | test_simple(payloadBuffer); 23 | return 0; 24 | } 25 | }; 26 | 27 | #ifdef _WIN32 28 | #include 29 | BOOL WINAPI DllMain( 30 | _In_ HINSTANCE hinstDLL, 31 | _In_ DWORD fdwReason, 32 | _In_ LPVOID lpvReserved 33 | ) { 34 | return TRUE; 35 | } 36 | #endif 37 | -------------------------------------------------------------------------------- /benchmarking-payload/jsmn-payload/config_jsmn.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Init http-parser source code 4 | SRC_DIR="$(pwd)/libjsmn-src" 5 | 6 | DEFAULT_CFLAGS="-m32" 7 | DEFAULT_LDFLAGS="-m32" 8 | CC=gcc 9 | CXX=g++ 10 | 11 | # Build http-parser with the given `name` and flags. 12 | build_target() { 13 | 14 | if ! [ -d $SRC_DIR ]; then 15 | git clone https://github.com/zserge/jsmn.git $SRC_DIR 16 | fi 17 | 18 | cd $SRC_DIR 19 | make clean 20 | CC="$CC" CXX="$CXX" CXXFLAGS="$DEFAULT_CFLAGS" \ 21 | CFLAGS="$DEFAULT_CFLAGS" LDFLAGS="$DEFAULT_LDFLAGS" \ 22 | make all 23 | 24 | cd - 25 | } 26 | 27 | build_target 28 | -------------------------------------------------------------------------------- /benchmarking-payload/libjpeg-turbo-payload/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | *-src 3 | -------------------------------------------------------------------------------- /benchmarking-payload/libjpeg-turbo-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME jpeg-turbo-payload) 2 | set(CMAKE_C_FLAGS "-m32 -g") 3 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -D_PAYLOAD_EXPORTS") 4 | 5 | add_library(${LIBRARY_NAME} SHARED 6 | Payload.cpp 7 | ) 8 | 9 | include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libjpeg-turbo-src 10 | $ENV{RIVER_SDK_DIR}/include 11 | ) 12 | 13 | target_link_libraries(${LIBRARY_NAME} 14 | ${CMAKE_CURRENT_SOURCE_DIR}/libjpeg-turbo-src/.libs/libturbojpeg.a 15 | ) 16 | 17 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 18 | -------------------------------------------------------------------------------- /benchmarking-payload/libjpeg-turbo-payload/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | libjpeg_turbo := libjpeg_turbo.so 5 | CC := gcc 6 | CXX := g++ 7 | INCLUDE_PATHS = -I$(makefile_dir)/libjpeg-turbo-src 8 | OBJ_FILES := Payload.o $(makefile_dir)/libjpeg-turbo-src/.libs/libturbojpeg.a 9 | CXX_FLAGS += -m32 -std=c++11 -D_PAYLOAD_EXPORTS 10 | prefix := /usr/local 11 | 12 | all: $(libjpeg_turbo) 13 | 14 | install: $(libjpeg_turbo) 15 | install -m 0755 $(libjpeg_turbo) -t $(prefix)/lib -D 16 | 17 | $(libjpeg_turbo): $(OBJ_FILES) 18 | $(CXX) -m32 -shared $(OBJ_FILES) -o $@ 19 | 20 | Payload.o: Payload.cpp 21 | $(CXX) $(CXX_FLAGS) $(INCLUDE_PATHS) -c -o $@ $< 22 | 23 | .PHONY: clean 24 | clean: 25 | $(RM) $(libjpeg_turbo) Payload.o 26 | -------------------------------------------------------------------------------- /benchmarking-payload/libjpeg-turbo-payload/Payload.cpp: -------------------------------------------------------------------------------- 1 | #include "CommonCrossPlatform/Common.h" 2 | #include "CommonCrossPlatform/CommonSpecifiers.h" 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #include 9 | 10 | void test_simple(const unsigned char *data) { 11 | tjhandle jpegDecompressor = tjInitDecompress(); 12 | 13 | int width, height, subsamp, colorspace; 14 | int res = tjDecompressHeader3( 15 | jpegDecompressor, data, MAX_PAYLOAD_BUF, 16 | &width, &height, &subsamp, &colorspace); 17 | 18 | // Bail out if decompressing the headers failed, the width or height is 0, 19 | // or the image is too large (avoids slowing down too much). Cast to size_t to 20 | // avoid overflows on the multiplication 21 | if (res != 0 || width == 0 || height == 0 || ((size_t)width * height > (1024 * 1024))) { 22 | tjDestroy(jpegDecompressor); 23 | return; 24 | } 25 | 26 | std::unique_ptr buf(new unsigned char[width * height * 3]); 27 | tjDecompress2( 28 | jpegDecompressor, data, MAX_PAYLOAD_BUF, 29 | buf.get(), width, 0, height, TJPF_RGB, 0); 30 | 31 | tjDestroy(jpegDecompressor); 32 | } 33 | 34 | extern "C" { 35 | DLL_PUBLIC unsigned char payloadBuffer[MAX_PAYLOAD_BUF]; 36 | DLL_PUBLIC int Payload() { 37 | test_simple(payloadBuffer); 38 | return 0; 39 | } 40 | }; 41 | 42 | #ifdef _WIN32 43 | #include 44 | BOOL WINAPI DllMain( 45 | _In_ HINSTANCE hinstDLL, 46 | _In_ DWORD fdwReason, 47 | _In_ LPVOID lpvReserved 48 | ) { 49 | return TRUE; 50 | } 51 | #endif 52 | -------------------------------------------------------------------------------- /benchmarking-payload/libjpeg-turbo-payload/config_libjpeg-turbo.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Init source code 4 | SRC_DIR="$(pwd)/libjpeg-turbo-src" 5 | 6 | DEFAULT_CFLAGS="-m32" 7 | DEFAULT_LDFLAGS="-m32" 8 | CC=gcc 9 | CXX=g++ 10 | 11 | init_target() { 12 | if ! [ -d $SRC_DIR ]; then 13 | wget https://github.com/libjpeg-turbo/libjpeg-turbo/archive/1.5.1.tar.gz 14 | tar xvf 1.5.1.tar.gz 15 | mv libjpeg-turbo-1.5.1 $SRC_DIR 16 | cd $SRC_DIR 17 | autoreconf -fiv 18 | cd - 19 | fi 20 | } 21 | 22 | LIBTURBOJPEG_FLAGS="--host i686-pc-linux-gnu" 23 | LIBTURBOJPEG_CFLAGS="-O3 -m32" 24 | LIBTURBOJPEG_LDFLAGS="-m32" 25 | 26 | build_target() { 27 | cd $SRC_DIR 28 | CC="$CC" CFLAGS="$DEFAULT_CFLAGS $LIBTURBOJPEG_CFLAGS" \ 29 | LDFLAGS="$DEFAULT_LDFLAGS $LIBTURBOJPEG_LDFLAGS" \ 30 | $SRC_DIR/configure $LIBTURBOJPEG_FLAGS 31 | 32 | make 33 | cd - 34 | } 35 | 36 | init_target 37 | build_target 38 | -------------------------------------------------------------------------------- /benchmarking-payload/libpng-payload/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | *-src 3 | -------------------------------------------------------------------------------- /benchmarking-payload/libpng-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME png-payload) 2 | set(CMAKE_C_FLAGS "-m32 -g") 3 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -nostdlib -D_PAYLOAD_EXPORTS") 4 | 5 | add_library(${LIBRARY_NAME} SHARED 6 | Payload.cpp 7 | ) 8 | 9 | include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libpng-src 10 | $ENV{RIVER_SDK_DIR}/include 11 | ) 12 | 13 | target_link_libraries(${LIBRARY_NAME} 14 | ${CMAKE_CURRENT_SOURCE_DIR}/libpng-src/.libs/libpng16.a 15 | z 16 | ) 17 | 18 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 19 | -------------------------------------------------------------------------------- /benchmarking-payload/libpng-payload/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | libpng := libpng.so 5 | CC := gcc 6 | CXX := g++ 7 | INCLUDE_PATHS = -I$(makefile_dir)/libpng-src 8 | OBJ_FILES := Payload.o $(makefile_dir)/libpng-src/.libs/libpng16.a 9 | CXX_FLAGS += -m32 -std=c++11 -D_PAYLOAD_EXPORTS 10 | prefix := /usr/local 11 | 12 | all: $(libpng) 13 | 14 | install: $(libpng) 15 | install -m 0755 $(libpng) -t $(prefix)/lib -D 16 | 17 | $(libpng): $(OBJ_FILES) 18 | $(CXX) -m32 -shared $(OBJ_FILES) -o $@ -lz 19 | 20 | Payload.o: Payload.cpp 21 | $(CXX) $(CXX_FLAGS) $(INCLUDE_PATHS) -c -o $@ $< 22 | 23 | .PHONY: clean 24 | clean: 25 | $(RM) $(libpng) Payload.o 26 | -------------------------------------------------------------------------------- /benchmarking-payload/libpng-payload/config_libpng.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Init source code 4 | SRC_DIR="$(pwd)/libpng-src" 5 | 6 | DEFAULT_CFLAGS="-m32 -fno-stack-protector" 7 | DEFAULT_LDFLAGS="-m32" 8 | CC=gcc 9 | CXX=g++ 10 | 11 | init_target() { 12 | if ! [ -d $SRC_DIR ]; then 13 | wget https://github.com/glennrp/libpng/archive/v1.6.33.tar.gz 14 | tar xvf v1.6.33.tar.gz 15 | mv libpng-1.6.33 $SRC_DIR 16 | cd $SRC_DIR 17 | autoreconf -fiv 18 | cd - 19 | fi 20 | } 21 | 22 | 23 | # Build http-parser with the given `name` and flags. 24 | build_target() { 25 | cd $SRC_DIR 26 | make clean 27 | CC="$CC" CFLAGS="$DEFAULT_CFLAGS" LDFLAGS="$DEFAULT_LDFLAGS" \ 28 | LD="ld -m elf_i386" ./configure --enable-werror=no \ 29 | --enable-hardware-optimizations=no --enable-shared=no \ 30 | --enable-unversioned-links=no 31 | 32 | make libpng16.la 33 | cd - 34 | } 35 | 36 | init_target 37 | build_target 38 | -------------------------------------------------------------------------------- /benchmarking-payload/libxml2-payload/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | *-src 3 | build 4 | -------------------------------------------------------------------------------- /benchmarking-payload/libxml2-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME xml2-payload) 2 | set(CMAKE_C_FLAGS "-m32 -g") 3 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -D_PAYLOAD_EXPORTS") 4 | 5 | add_library(${LIBRARY_NAME} SHARED 6 | Payload.cpp 7 | ) 8 | 9 | include_directories(${CMAKE_CURRENT_SOURCE_DIR}/build/include 10 | ${CMAKE_CURRENT_SOURCE_DIR}/libxml2-src/include 11 | $ENV{RIVER_SDK_DIR}/include 12 | ) 13 | 14 | target_link_libraries(${LIBRARY_NAME} 15 | ${CMAKE_CURRENT_SOURCE_DIR}/build/.libs/libxml2.a 16 | ) 17 | 18 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 19 | -------------------------------------------------------------------------------- /benchmarking-payload/libxml2-payload/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | libxml := libxml.so 5 | CC := gcc 6 | CXX := g++ 7 | LIBPATHS := -L$(makefile_dir) -L$(makefile_dir)/build/.libs/ 8 | OBJ_FILES := Payload.o 9 | INCLUDE_PATH := -I$(makefile_dir)/build/include -I$(makefile_dir)/libxml2-src/include 10 | NO_SSE := -mno-mmx -mno-sse -march=i386 11 | CXX_FLAGS += -m32 -std=c++11 $(NO_SSE) -D_PAYLOAD_EXPORTS 12 | prefix := /usr/local 13 | 14 | all: $(libxml) 15 | 16 | install: $(libxml) 17 | install -m 0755 $(libxml) -t $(prefix)/lib -D 18 | 19 | $(libxml): $(OBJ_FILES) 20 | $(CXX) -m32 -shared $(LIBPATHS) $(OBJ_FILES) -lxml2 -o $@ 21 | 22 | Payload.o: Payload.cpp 23 | $(CXX) $(CXX_FLAGS) $(INCLUDE_PATH) -c -o $@ $< 24 | 25 | .PHONY: clean 26 | clean: 27 | $(RM) -r $(libxml) Payload.o #build/ 28 | -------------------------------------------------------------------------------- /benchmarking-payload/libxml2-payload/Payload.cpp: -------------------------------------------------------------------------------- 1 | #include "CommonCrossPlatform/Common.h" 2 | #include "CommonCrossPlatform/CommonSpecifiers.h" 3 | 4 | #include "libxml/parser.h" 5 | #include "libxml/tree.h" 6 | 7 | static void nopErrorHandlerFunction(void *ctx, const char *msg, ...) {} 8 | static xmlGenericErrorFunc nopErrorHandler = nopErrorHandlerFunction; 9 | 10 | void test_simple(const unsigned char *buf) { 11 | initGenericErrorDefaultFunc(&nopErrorHandler); 12 | 13 | if (auto doc = xmlReadMemory(reinterpret_cast(buf), MAX_PAYLOAD_BUF, "noname.xml", NULL, 14 | XML_PARSE_NOERROR | XML_PARSE_NOWARNING | XML_PARSE_NONET)) { 15 | xmlFreeDoc(doc); 16 | } 17 | } 18 | 19 | extern "C" { 20 | DLL_PUBLIC unsigned char payloadBuffer[MAX_PAYLOAD_BUF]; 21 | DLL_PUBLIC int Payload() { 22 | test_simple(payloadBuffer); 23 | return 0; 24 | } 25 | }; 26 | 27 | #ifdef _WIN32 28 | #include 29 | BOOL WINAPI DllMain( 30 | _In_ HINSTANCE hinstDLL, 31 | _In_ DWORD fdwReason, 32 | _In_ LPVOID lpvReserved 33 | ) { 34 | return TRUE; 35 | } 36 | #endif 37 | -------------------------------------------------------------------------------- /benchmarking-payload/libxml2-payload/config_libxml2.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | ARGS="--enable-option-checking --disable-shared --disable-ipv6 --without-c14n --without-catalog 4 | --without-debug --without-docbook --without-ftp --without-http --without-legacy 5 | --without-output --without-pattern --without-push --without-python 6 | --without-reader --without-readline --without-regexps --without-sax1 --without-schemas 7 | --without-schematron --without-threads --without-valid --without-writer --without-xinclude 8 | --without-xpath --without-xptr --with-zlib=no --with-lzma=no" 9 | 10 | NO_SSE="-mno-mmx -mno-sse -march=i386" 11 | 12 | init_target() { 13 | if ! [ -d libxml2-src ]; then 14 | git clone git://git.gnome.org/libxml2 libxml2-src 15 | ( 16 | cd libxml2-src 17 | autoreconf -fiv 18 | ) 19 | fi 20 | } 21 | 22 | build_target() { 23 | 24 | mkdir -p build 25 | cd build 26 | CC="$CC" CXX="$CXX" CFLAGS="-m32 $NO_SSE" LDFLAGS="-m32" \ 27 | ../libxml2-src/configure $ARGS 28 | make -j $N_CORES libxml2.la include/libxml/xmlversion.h 29 | cd .. 30 | } 31 | 32 | init_target 33 | build_target 34 | -------------------------------------------------------------------------------- /benchmarking-payload/simple-accumulator-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME "simple-accumulator") 2 | 3 | set(CMAKE_C_FLAGS "-m32 -g") 4 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -D_PAYLOAD_EXPORTS") 5 | 6 | include_directories($ENV{RIVER_SDK_DIR}/include) 7 | 8 | add_library(${LIBRARY_NAME} SHARED 9 | simple-accumulator.c 10 | Payload.cpp 11 | ) 12 | 13 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 14 | -------------------------------------------------------------------------------- /benchmarking-payload/simple-accumulator-payload/Payload.cpp: -------------------------------------------------------------------------------- 1 | #include "CommonCrossPlatform/CommonSpecifiers.h" 2 | #include "CommonCrossPlatform/Common.h" 3 | 4 | extern "C" void test_simple(const unsigned char *buf); 5 | 6 | extern "C" { 7 | DLL_PUBLIC unsigned char payloadBuffer[MAX_PAYLOAD_BUF]; 8 | DLL_PUBLIC int Payload() { 9 | test_simple(payloadBuffer); 10 | return 0; 11 | } 12 | }; 13 | 14 | #ifdef _WIN32 15 | #include 16 | BOOL WINAPI DllMain( 17 | _In_ HINSTANCE hinstDLL, 18 | _In_ DWORD fdwReason, 19 | _In_ LPVOID lpvReserved 20 | ) { 21 | return TRUE; 22 | } 23 | #else 24 | __attribute__((constructor)) void somain(void) { 25 | } 26 | #endif 27 | -------------------------------------------------------------------------------- /benchmarking-payload/simple-accumulator-payload/simple-accumulator.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define MAX_PAYLOAD_BUF 128 4 | 5 | void print_payload(const unsigned char *buf) { 6 | for (unsigned i = 0; i < MAX_PAYLOAD_BUF; ++i) { 7 | printf("%02X", buf[i]); 8 | } 9 | printf("\n"); 10 | } 11 | 12 | void test_simple(const unsigned char *buf) { 13 | const unsigned alpha_len = 'z' - 'A'; 14 | unsigned char magic = 0; 15 | for (unsigned i = 0; i < alpha_len; ++i) { 16 | magic = magic | ('A' + i); 17 | } 18 | 19 | if (magic == buf[0]) { 20 | print_payload(buf); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /benchmarking-payload/simple-address-payload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(LIBRARY_NAME "simple-address") 2 | 3 | set(CMAKE_C_FLAGS "-m32 -g") 4 | set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -D_PAYLOAD_EXPORTS") 5 | 6 | include_directories($ENV{RIVER_SDK_DIR}/include) 7 | 8 | add_library(${LIBRARY_NAME} SHARED 9 | simple-address.c 10 | Payload.cpp 11 | ) 12 | 13 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 14 | -------------------------------------------------------------------------------- /benchmarking-payload/simple-address-payload/Payload.cpp: -------------------------------------------------------------------------------- 1 | #include "CommonCrossPlatform/CommonSpecifiers.h" 2 | #include "CommonCrossPlatform/Common.h" 3 | 4 | extern "C" void test_simple(const unsigned char *buf); 5 | 6 | extern "C" { 7 | DLL_PUBLIC unsigned char payloadBuffer[MAX_PAYLOAD_BUF]; 8 | DLL_PUBLIC int Payload() { 9 | test_simple(payloadBuffer); 10 | return 0; 11 | } 12 | }; 13 | 14 | #ifdef _WIN32 15 | #include 16 | BOOL WINAPI DllMain( 17 | _In_ HINSTANCE hinstDLL, 18 | _In_ DWORD fdwReason, 19 | _In_ LPVOID lpvReserved 20 | ) { 21 | return TRUE; 22 | } 23 | #else 24 | __attribute__((constructor)) void somain(void) { 25 | } 26 | #endif 27 | -------------------------------------------------------------------------------- /benchmarking-payload/simple-address-payload/simple-address.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "CommonCrossPlatform/Common.h" 4 | 5 | // data layout 6 | // size | ... | payload | payload ... | payload 7 | // payload layout 8 | // data | size 9 | 10 | void my_warn(void) { 11 | exit(0); 12 | } 13 | 14 | void test_simple(const unsigned char *buf) { 15 | unsigned size = 0; 16 | const unsigned char *payload_cursor = NULL; 17 | 18 | size = ((unsigned *)buf)[0]; 19 | payload_cursor = buf + size; 20 | 21 | payload_cursor -= 4; 22 | 23 | unsigned payload_size = ((unsigned *)payload_cursor)[0]; 24 | //payload_cursor -= payload_size; 25 | 26 | __asm("mov 4(%%ebp), %%ebx;" 27 | "mov %0, %%eax;" 28 | "test %%eax, %%eax;" 29 | "jz my_warn;" 30 | : : "r" (payload_cursor) : "%eax", "%ebx" 31 | ); 32 | } 33 | -------------------------------------------------------------------------------- /build-all.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | [ $# != 2 ] && { echo "Usage: ./build-all.sh "; exit 1; } 4 | DIRS="revtracer-wrapper revtracer BinLoader Execution http-parser-payload libxml-payload" 5 | 6 | for d in $DIRS; do 7 | make clean -C $d 8 | prefix="$1" 9 | if [ "$d" == "http-parser-payload" ] || [ "$d" == "libxml-payload" ]; then 10 | prefix="$2" 11 | fi 12 | make install prefix="$prefix" -C $d 13 | done 14 | -------------------------------------------------------------------------------- /docs/abi/.gitignore: -------------------------------------------------------------------------------- 1 | *.pdf 2 | texfiles 3 | -------------------------------------------------------------------------------- /docs/abi/Makefile: -------------------------------------------------------------------------------- 1 | BASENAME = abi 2 | 3 | include ../metafiles/base.mk 4 | -------------------------------------------------------------------------------- /docs/abi/code/BranchHandler.h: -------------------------------------------------------------------------------- 1 | DWORD __stdcall BranchHandler(struct _exec_env *pEnv, DWORD address); 2 | -------------------------------------------------------------------------------- /docs/abi/code/SysHandler.h: -------------------------------------------------------------------------------- 1 | void __stdcall SysHandler(struct _exec_env *pEnv); 2 | -------------------------------------------------------------------------------- /docs/abi/img/river-transition-handling.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/docs/abi/img/river-transition-handling.png -------------------------------------------------------------------------------- /docs/cheatsheet/.gitignore: -------------------------------------------------------------------------------- 1 | *.pdf 2 | texfiles 3 | -------------------------------------------------------------------------------- /docs/cheatsheet/Makefile: -------------------------------------------------------------------------------- 1 | BASENAME = cheatsheet 2 | 3 | include ../metafiles/base.mk 4 | -------------------------------------------------------------------------------- /docs/cheatsheet/code/RiverAddress.h: -------------------------------------------------------------------------------- 1 | struct RiverAddress { 2 | nodep::BYTE type; 3 | nodep::BYTE scaleAndSegment; 4 | nodep::BYTE modRM; 5 | nodep::BYTE sib; 6 | union RiverRegister base; 7 | union RiverRegister index; 8 | union { 9 | nodep::BYTE d8; 10 | nodep::DWORD d32; 11 | } disp; 12 | 13 | inline nodep::BYTE GetScale() const { 14 | return 1 << (scaleAndSegment & 0x3); 15 | } 16 | 17 | inline nodep::BYTE GetScaleBits() const { 18 | return scaleAndSegment & 0x03; 19 | } 20 | 21 | inline nodep::BYTE HasSegment() const { 22 | return scaleAndSegment & 0xFC; 23 | } 24 | 25 | inline nodep::BYTE GetSegment() const { 26 | return scaleAndSegment >> 2; 27 | } 28 | ... 29 | }; 30 | -------------------------------------------------------------------------------- /docs/cheatsheet/code/RiverInstruction.h: -------------------------------------------------------------------------------- 1 | struct RiverInstruction { 2 | nodep::WORD modifiers; 3 | nodep::WORD specifiers; 4 | 5 | nodep::BYTE family; 6 | nodep::BYTE unusedRegisters; 7 | nodep::BYTE opCode; 8 | nodep::BYTE subOpCode; 9 | 10 | nodep::BYTE disassFlags, modFlags, testFlags; 11 | 12 | nodep::BYTE opTypes[4]; 13 | union RiverOperand operands[4]; 14 | 15 | nodep::DWORD instructionAddress; 16 | }; 17 | -------------------------------------------------------------------------------- /docs/cheatsheet/code/RiverOperand.h: -------------------------------------------------------------------------------- 1 | union RiverOperand { 2 | nodep::BYTE asImm8; 3 | nodep::WORD asImm16; 4 | nodep::DWORD asImm32; 5 | RiverRegister asRegister; 6 | RiverAddress *asAddress; 7 | }; 8 | -------------------------------------------------------------------------------- /docs/metafiles/base.mk: -------------------------------------------------------------------------------- 1 | # folders required throughout rules 2 | STY_DIR = ../sty 3 | FORMAT_DIR = ../metafiles/format 4 | OUT_DIR = texfiles 5 | CODE_DIR = code 6 | IMG_DIR = img 7 | 8 | PDFLATEX = pdflatex 9 | 10 | 11 | # 12 | # PDF output files 13 | # * cheatsheet 14 | # * abi 15 | # 16 | # BASENAME is defined in top-level Makefile including this file. 17 | # 18 | TARGET = $(addsuffix .pdf, $(BASENAME)) 19 | 20 | .PHONY: main all clean 21 | .PHONY: target 22 | 23 | # If running `make' with no arguments, only generate slides. 24 | main: target 25 | 26 | all: target 27 | 28 | # Phony targets depend on PDF output files. 29 | target: $(TARGET) 30 | 31 | TARGET_TEX = $(addsuffix .tex, $(BASENAME)) 32 | 33 | $(TARGET): $(TARGET_TEX) 34 | # Rebuild source files, if any. 35 | -test -d $(CODE_DIR) && make -C $(CODE_DIR) 36 | # Rebuild image files, if any. 37 | -test -d $(IMG_DIR) && make -C $(IMG_DIR) 38 | # Create out directory. 39 | -test -d $(OUT_DIR) || mkdir $(OUT_DIR) 40 | # Run twice, so TOC is also updated. 41 | TEXINPUTS=$(STY_DIR)//: $(PDFLATEX) -output-directory $(OUT_DIR) -jobname $(basename $@) $< 42 | TEXINPUTS=$(STY_DIR)//: $(PDFLATEX) -output-directory $(OUT_DIR) -jobname $(basename $@) $< 43 | ln -f $(OUT_DIR)/$@ . 44 | 45 | 46 | clean: 47 | -test -d $(OUT_DIR) && rm -fr $(OUT_DIR) 48 | -rm -f $(TARGET) 49 | -test -d $(CODE_DIR) && make -C $(CODE_DIR) clean 50 | -------------------------------------------------------------------------------- /docs/offline.sanitizer/.gitignore: -------------------------------------------------------------------------------- 1 | *.pdf 2 | *.out 3 | *.aux 4 | texfiles 5 | -------------------------------------------------------------------------------- /docs/offline.sanitizer/Makefile: -------------------------------------------------------------------------------- 1 | TEX=pdflatex 2 | BIBTEX=bibtex 3 | 4 | ALL=main 5 | SOURCES := $(wildcard *.bib *.sty *.cls *.tex media/* media/*/*.pdf) 6 | 7 | # Sources are copied to the .build folder to manage LaTeX's flurry of 8 | # intermediate files. 9 | PROCESSED_SOURCES := $(patsubst %,.build/%,${SOURCES}) 10 | PROCESSED_SOURCES := $(sort ${PROCESSED_SOURCES}) 11 | 12 | all: ${ALL}.pdf 13 | 14 | ${ALL}.pdf: ${PROCESSED_SOURCES} 15 | rm -f "$@" 16 | cd .build && \ 17 | ${TEX} ${ALL} && \ 18 | ${BIBTEX} ${ALL} && \ 19 | ${TEX} ${ALL} && \ 20 | ${TEX} ${ALL} 21 | cp -a .build/${ALL}.pdf "$@" 22 | 23 | .build/%: % 24 | mkdir -p $$(dirname "$@") && cp -a "$^" "$@" 25 | 26 | .PHONY: clean 27 | clean: 28 | rm -rf .build/ ${ALL}.pdf 29 | -------------------------------------------------------------------------------- /docs/offline.sanitizer/biblio.bib: -------------------------------------------------------------------------------- 1 | % 2 | %% 3 | %% 4 | %% Usage: 5 | %% 6 | %% \bibliography{../../common/header-short,../../common/biblio} 7 | %% or 8 | %% \bibliography{../../common/header-standard,../../common/biblio} 9 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 10 | 11 | @article{Wagner2015, 12 | author = {Wagner, Jonas and Kuznetsov, Volodymyr and Candea, George and Kinder, Johannes}, 13 | doi = {10.1109/SP.2015.58}, 14 | isbn = {978-1-4673-6949-7}, 15 | issn = {1081-6011}, 16 | journal = {Oakland}, 17 | title = {{High System-Code Security with Low Overhead}}, 18 | year = {2015} 19 | } 20 | 21 | @misc{afl, 22 | title={{American Fuzzy Lop}}, 23 | author={Michał Zalewski}, 24 | howpublished = {\url{http://lcamtuf.coredump.cx/afl/}}, 25 | } 26 | 27 | @misc{libfuzzer, 28 | title={{LibFuzzer}---A Library for Coverage-Guided Fuzz Testing}, 29 | howpublished = {\url{http://llvm.org/docs/LibFuzzer.html}}, 30 | } 31 | -------------------------------------------------------------------------------- /execution.external.test/Main.cpp: -------------------------------------------------------------------------------- 1 | #include "../Execution/Execution.h" 2 | 3 | #include 4 | 5 | ExecutionController *ctrl = NULL; 6 | HANDLE hEvent; 7 | 8 | class CustomObserver : public ExecutionObserver { 9 | public : 10 | FILE *fBlocks; 11 | 12 | virtual void TerminationNotification(void *ctx) { 13 | printf("Process Terminated\n"); 14 | SetEvent(hEvent); 15 | } 16 | 17 | virtual unsigned int ExecutionBegin(void *ctx, void *address) { 18 | printf("Process starting\n"); 19 | return EXECUTION_ADVANCE; 20 | } 21 | 22 | virtual unsigned int ExecutionControl(void *ctx, void *address) { 23 | //static bool b = true; 24 | rev::ExecutionRegs rgs; 25 | 26 | /*if (0xE39A == (address & 0xFFFF)) { 27 | __asm int 3; 28 | }*/ 29 | 30 | /*if (b) {*/ 31 | ctrl->GetCurrentRegisters(ctx, &rgs); 32 | 33 | const char module[] = ""; 34 | fprintf(fBlocks, "%-15s+%08X EAX:%08x ECX:%08x EDX:%08x EBX:%08x ESP:%08x EBP:%08x ESI:%08x EDI:%08x\n", 35 | module, 36 | (DWORD)address, 37 | rgs.eax, 38 | rgs.ecx, 39 | rgs.edx, 40 | rgs.ebx, 41 | rgs.esp, 42 | rgs.ebp, 43 | rgs.esi, 44 | rgs.edi 45 | ); 46 | /*}*/ 47 | 48 | return EXECUTION_ADVANCE; 49 | } 50 | 51 | virtual unsigned int ExecutionEnd(void *ctx) { 52 | return EXECUTION_TERMINATE; 53 | } 54 | 55 | virtual unsigned int TranslationError(void *ctx, void *address) { 56 | printf("Translation error @%08p\n", address); 57 | return EXECUTION_TERMINATE; 58 | } 59 | 60 | } observer; 61 | 62 | int main() { 63 | 64 | fopen_s(&observer.fBlocks, "e.t.txt", "wt"); 65 | 66 | ctrl = NewExecutionController(EXECUTION_EXTERNAL); 67 | ctrl->SetPath(L"D:\\wrk\\evaluators\\lzo\\a.exe"); 68 | 69 | ctrl->SetExecutionFeatures(0 /*EXECUTION_FEATURE_REVERSIBLE | EXECUTION_FEATURE_TRACKING*/); 70 | 71 | ctrl->SetExecutionObserver(&observer); 72 | //ctrl->SetExecutionControlNotification(ExecControl); 73 | //ctrl->SetTerminationNotification(Term); 74 | 75 | hEvent = CreateEvent(NULL, FALSE, FALSE, NULL); 76 | 77 | ctrl->Execute(); 78 | 79 | WaitForSingleObject(hEvent, INFINITE); 80 | 81 | DeleteExecutionController(ctrl); 82 | ctrl = NULL; 83 | 84 | fclose(observer.fBlocks); 85 | system("pause"); 86 | 87 | return 0; 88 | } -------------------------------------------------------------------------------- /execution.inprocess.test/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | inprocess_test := inprocess_test 5 | CC := gcc 6 | CXX := g++ 7 | CPP_FILES := Main.cpp 8 | OBJ_FILES := Main.o 9 | LD_PATHS:= -L$(makefile_dir)/../DisableSSE -L$(makefile_dir)/../Execution \ 10 | -L$(makefile_dir)/../ParserPayload -L$(makefile_dir) 11 | 12 | LD_FLAGS:= -lexecution -lpthread -ldl -lhttp-parser -ldisablesse 13 | CC_FLAGS_CROSS = -D__cdecl="" -D__stdcall="" 14 | NO_SSE := -mno-mmx -mno-sse -march=i386 15 | CXX_FLAGS += -m32 $(NO_SSE) -std=c++11 $(CC_FLAGS_CROSS) 16 | CC_FLAGS += -m32 $(NO_SSE) $(CC_FLAGS_CROSS) 17 | prefix := /usr/local 18 | 19 | all: $(inprocess_test) 20 | 21 | install: $(inprocess_test) 22 | install -m 0755 $(inprocess_test) -t $(prefix)/bin -D 23 | 24 | $(inprocess_test): $(OBJ_FILES) 25 | $(CXX) $(LD_PATHS) $(CXX_FLAGS) -o $@ $(OBJ_FILES) $(LD_FLAGS) 26 | 27 | Main.o: Main.cpp 28 | $(CXX) $(CXX_FLAGS) -c -o $@ $< 29 | 30 | .PHONY: clean 31 | clean: 32 | $(RM) $(inprocess_test) $(OBJ_FILES_SO) $(OBJ_FILES) 33 | -------------------------------------------------------------------------------- /fibonacci/fib.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | unsigned int fibo0 = 1, fibo1 = 1; 4 | 5 | int main() { 6 | unsigned int fib0 = fibo0, fib1 = fibo1; 7 | for (int i = 0; i < 1000 - 2; ++i) { 8 | unsigned int t = fib0 + fib1; 9 | fib0 = fib1; 10 | fib1 = t; 11 | } 12 | 13 | printf("%u\n", fib1); 14 | } 15 | 16 | -------------------------------------------------------------------------------- /ipclib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## ipclib CMakeLists.txt 2 | 3 | set(LIBRARY_NAME ipc) 4 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32 -std=c++11") 5 | 6 | add_library(${LIBRARY_NAME} SHARED 7 | ipclib.cpp 8 | ) 9 | 10 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 11 | -------------------------------------------------------------------------------- /ipclib/Makefile: -------------------------------------------------------------------------------- 1 | ipc_lib := libipc.so 2 | CC := gcc 3 | CXX := g++ 4 | CPP_FILES := ipclib.cpp 5 | OBJ_FILES := ipclib.o 6 | 7 | CXX_FLAGS += -m32 -std=c++11 8 | prefix := /usr/local 9 | 10 | all: $(ipc_lib) 11 | 12 | install: $(ipc_lib) 13 | install -m 0755 $(ipc_lib) -t $(prefix)/lib -D 14 | 15 | $(ipc_lib): $(OBJ_FILES) 16 | $(CXX) $(CXX_FLAGS) -shared -o $@ $(OBJ_FILES) 17 | 18 | %.o: %.cpp 19 | $(CXX) $(CXX_FLAGS) -c -o $@ $< 20 | 21 | .PHONY: clean 22 | clean: 23 | $(RM) -r $(ipc_lib) $(OBJ_FILES) 24 | 25 | -------------------------------------------------------------------------------- /ipclib/RingBuffer.h: -------------------------------------------------------------------------------- 1 | #ifndef _RING_BUFFER_H_ 2 | #define _RING_BUFFER_H_ 3 | 4 | namespace ipc { 5 | template class RingBuffer { 6 | private: 7 | char buffer[SZ]; 8 | volatile int head, tail; 9 | 10 | public: 11 | void Init() { 12 | head = tail = 0; 13 | buffer[0] = 0; 14 | } 15 | 16 | bool IsEmpty() const { 17 | return head == tail; 18 | } 19 | 20 | bool IsFull() const { 21 | int nextTail = (tail + 1) % SZ; 22 | return nextTail == head; 23 | } 24 | 25 | void Read(char *buf, int size, int &read) { 26 | int vH = head; 27 | if (vH < tail) { 28 | vH += SZ; 29 | } 30 | 31 | read = vH - tail; 32 | if (size < read) { 33 | read = size; 34 | } 35 | 36 | int dwLast = (tail + read) % SZ; 37 | 38 | for (int p = 0; tail != dwLast; ++p) { 39 | buf[p] = buffer[tail]; 40 | tail++; 41 | if (tail >= SZ) { 42 | tail -= SZ; 43 | } 44 | } 45 | } 46 | 47 | void Write(char *buf, int size) { 48 | int vT = tail; 49 | 50 | if (vT <= head) { 51 | vT += SZ; 52 | } 53 | 54 | int write = vT - head - 1; 55 | 56 | if (size > write) { 57 | tail = (head + write + 1) % SZ; 58 | } 59 | else if (size < write) { 60 | write = size; 61 | } 62 | 63 | int dwLast = (head + write) % SZ; 64 | 65 | for (int p = 0; head != dwLast; ++p) { 66 | buffer[head] = buf[p]; 67 | head++; 68 | if (head >= SZ) { 69 | head -= SZ; 70 | } 71 | } 72 | buffer[dwLast] = '\0'; 73 | } 74 | }; 75 | }; 76 | 77 | #endif -------------------------------------------------------------------------------- /ipclib/common.h: -------------------------------------------------------------------------------- 1 | #ifndef _COMMON_IPC_H 2 | #define _COMMON_IPC_H 3 | 4 | #ifdef _MSC_VER 5 | #define DEBUG_BREAK __asm \ 6 | { __asm int 3 } 7 | #else 8 | #define DEBUG_BREAK asm volatile("int $0x3") 9 | typedef unsigned int size_t; 10 | #endif 11 | 12 | #if defined _WIN32 || defined __CYGWIN__ 13 | #ifdef _BUILDING_IPC_DLL 14 | #ifdef __GNUC__ 15 | #define DLL_IPC_PUBLIC __attribute__ ((dllexport)) 16 | #else 17 | #define DLL_IPC_PUBLIC __declspec(dllexport) 18 | #endif 19 | #else 20 | #ifdef __GNUC__ 21 | #define DLL_IPC_PUBLIC __attribute__ ((dllimport)) 22 | #else 23 | #define DLL_IPC_PUBLIC __declspec(dllimport) 24 | #endif 25 | #endif 26 | #define DLL_IPC_LOCAL 27 | #else 28 | #if __GNUC__ >= 4 29 | #define DLL_IPC_PUBLIC __attribute__ ((visibility ("default"))) 30 | #define DLL_IPC_LOCAL __attribute__ ((visibility ("hidden"))) 31 | #else 32 | #define DLL_IPC_PUBLIC 33 | #define DLL_IPC_LOCAL 34 | #endif 35 | #endif 36 | 37 | 38 | typedef void *ADDR_TYPE; 39 | 40 | namespace ipc { 41 | typedef int (*InitSemaphoreHandler)(void *, int, int); 42 | typedef int (*WaitSemaphoreFunc)(void *, bool); 43 | typedef int (*PostSemaphoreFunc)(void *); 44 | typedef int (*DestroySemaphoreHandler)(void *); 45 | typedef int (*GetvalueSemaphoreHandler)(void *, int*); 46 | 47 | /*struct IpcAPI { 48 | ADDR_TYPE ntYieldExecution; 49 | ADDR_TYPE initSemaphore; 50 | ADDR_TYPE waitSemaphore; 51 | ADDR_TYPE postSemaphore; 52 | ADDR_TYPE destroySemaphore; 53 | ADDR_TYPE getvalueSemaphore; 54 | ADDR_TYPE vsnprintf_s; 55 | 56 | ADDR_TYPE ldrMapMemory; 57 | };*/ 58 | } //namespace ipc 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /libproc/os-linux.h: -------------------------------------------------------------------------------- 1 | /* libunwind - a platform-independent unwind library 2 | Copyright (C) 2003-2004 Hewlett-Packard Co 3 | Copyright (C) 2007 David Mosberger-Tang 4 | Contributed by David Mosberger-Tang 5 | 6 | This file is part of libunwind. 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining 9 | a copy of this software and associated documentation files (the 10 | "Software"), to deal in the Software without restriction, including 11 | without limitation the rights to use, copy, modify, merge, publish, 12 | distribute, sublicense, and/or sell copies of the Software, and to 13 | permit persons to whom the Software is furnished to do so, subject to 14 | the following conditions: 15 | 16 | The above copyright notice and this permission notice shall be 17 | included in all copies or substantial portions of the Software. 18 | 19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 22 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 23 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 24 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 25 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 26 | 27 | #ifndef os_linux_h 28 | #define os_linux_h 29 | 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | struct map_iterator 37 | { 38 | off_t offset; 39 | int fd; 40 | size_t buf_size; 41 | char *buf; 42 | char *buf_end; 43 | char *path; 44 | }; 45 | 46 | struct map_prot 47 | { 48 | uint32_t prot; 49 | uint32_t flags; 50 | }; 51 | 52 | #define FREE 0 53 | #define ALLOCATED 1 54 | 55 | struct map_region 56 | { 57 | unsigned long address; 58 | unsigned long size; 59 | uint32_t state; 60 | }; 61 | 62 | extern int maps_init(struct map_iterator *mi, pid_t pid); 63 | 64 | extern int maps_next (struct map_iterator *mi, 65 | unsigned long *low, unsigned long *high, unsigned long *offset, 66 | struct map_prot *mp); 67 | 68 | extern void maps_close (struct map_iterator *mi); 69 | 70 | extern long get_rss(); 71 | #endif /* os_linux_h */ 72 | -------------------------------------------------------------------------------- /loader.setup/Loader.Setup.h: -------------------------------------------------------------------------------- 1 | #ifndef _LOADER_SETUP_H_ 2 | #define _LOADER_SETUP_H_ 3 | 4 | #include "../loader/Loader.h" 5 | 6 | extern "C" bool InitLoaderOffsets(ext::LibraryLayout *libs, ldr::LoaderImports *api); 7 | 8 | #endif -------------------------------------------------------------------------------- /loader.setup/Setup.Windows.cpp: -------------------------------------------------------------------------------- 1 | #ifndef __linux__ 2 | 3 | #include "../CommonCrossPlatform/Common.h" 4 | #include "Loader.Setup.h" 5 | 6 | extern "C" bool InitLoaderOffsets(ext::LibraryLayout *libs, ldr::LoaderImports *api) { 7 | 8 | LIB_T hNtDll = GET_LIB_HANDLER(L"ntdll.dll"); 9 | DWORD baseNtDll = GET_LIB_BASE(hNtDll); 10 | 11 | if (!hNtDll) { 12 | return false; 13 | } 14 | 15 | libs->winLib.ntdllBase = baseNtDll; 16 | 17 | api->functions.winFunc.ntdll._ntMapViewOfSection = (DWORD)LOAD_PROC(hNtDll, "NtMapViewOfSection") - baseNtDll; 18 | api->functions.winFunc.ntdll._ntFlushInstructionCache = (DWORD)LOAD_PROC(hNtDll, "NtFlushInstructionCache") - baseNtDll; 19 | api->functions.winFunc.ntdll._ntFreeVirtualMemory = (DWORD)LOAD_PROC(hNtDll, "NtFreeVirtualMemory") - baseNtDll; 20 | 21 | return true; 22 | } 23 | 24 | 25 | #endif -------------------------------------------------------------------------------- /loader.test/Loader/Abstract.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_MAPPER_H_ 2 | #define _ABSTRACT_MAPPER_H_ 3 | 4 | #include "Types.h" 5 | 6 | class AbstractPEMapper { 7 | public: 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) = 0; 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0; 14 | }; 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /loader.test/Loader/Extern.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXTERN_MAPPER_H_ 2 | #define _EXTERN_MAPPER_H_ 3 | 4 | #include 5 | 6 | #include "Abstract.Mapper.h" 7 | 8 | class ExternMapper : public AbstractPEMapper { 9 | private : 10 | HANDLE hProc; 11 | bool ownProcess; 12 | 13 | HMODULE RemoteFindModule(const char *module); 14 | public: 15 | ExternMapper(unsigned int pid); 16 | ExternMapper(HANDLE process); 17 | virtual ~ExternMapper(); 18 | 19 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 20 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 21 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 22 | 23 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 24 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 25 | }; 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /loader.test/Loader/Inproc.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Inproc.Mapper.h" 3 | 4 | 5 | void *InprocMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return VirtualAlloc(lpAddress, dwSize, MEM_RESERVE | MEM_COMMIT, flProtect); 7 | } 8 | 9 | bool InprocMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | DWORD oldProtect; 11 | return TRUE == VirtualProtect(lpAddress, dwSize, flProtect, &oldProtect); 12 | } 13 | 14 | bool InprocMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 15 | memcpy(lpAddress, lpBuffer, nSize); 16 | return true; 17 | } 18 | 19 | DWORD InprocMapper::FindImport(const char *moduleName, const char *funcName) { 20 | HMODULE hModule = GetModuleHandleA(moduleName); 21 | 22 | if (NULL == hModule) { 23 | return 0xFFFFFFFF; 24 | } 25 | 26 | return (DWORD)GetProcAddress(hModule, funcName); 27 | } 28 | 29 | DWORD InprocMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 30 | HMODULE hModule = GetModuleHandleA(moduleName); 31 | 32 | if (NULL == hModule) { 33 | return 0xFFFFFFFF; 34 | } 35 | 36 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 37 | } -------------------------------------------------------------------------------- /loader.test/Loader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class InprocMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /loader.test/Loader/Mem.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Mem.Mapper.h" 3 | 4 | 5 | void *MemMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return lpAddress; 7 | } 8 | 9 | bool MemMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | return true; 11 | } 12 | 13 | bool MemMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 14 | memcpy(lpAddress, lpBuffer, nSize); 15 | return true; 16 | } 17 | 18 | DWORD MemMapper::FindImport(const char *moduleName, const char *funcName) { 19 | HMODULE hModule = GetModuleHandleA(moduleName); 20 | 21 | if (NULL == hModule) { 22 | return 0xFFFFFFFF; 23 | } 24 | 25 | return (DWORD)GetProcAddress(hModule, funcName); 26 | } 27 | 28 | DWORD MemMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 29 | HMODULE hModule = GetModuleHandleA(moduleName); 30 | 31 | if (NULL == hModule) { 32 | return 0xFFFFFFFF; 33 | } 34 | 35 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 36 | } -------------------------------------------------------------------------------- /loader.test/Loader/Mem.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _MEM_MAPPER_H_ 2 | #define _MEM_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class MemMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /loader.test/Loader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | typedef unsigned short USHORT; 5 | typedef long LONG; 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned short WORD; 9 | typedef unsigned long DWORD; 10 | typedef unsigned long long QWORD; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /loader.test/Main.cpp: -------------------------------------------------------------------------------- 1 | #include "../loader/loader.h" 2 | #include 3 | #include 4 | 5 | #include "Loader/PE.ldr.h" 6 | #include "Loader/Mem.Mapper.h" 7 | 8 | int main() { 9 | HANDLE hMapping = CreateFileMappingA( 10 | INVALID_HANDLE_VALUE, 11 | NULL, 12 | PAGE_EXECUTE_READWRITE, 13 | 0, 14 | 0x508000, 15 | "Global\\Mumbojumbo" 16 | ); 17 | 18 | if (NULL == hMapping) { 19 | printf("CreateFileMapping() error %d\n", GetLastError()); 20 | } 21 | 22 | void *map = MapViewOfFileEx( 23 | hMapping, 24 | FILE_MAP_ALL_ACCESS, 25 | 0, 26 | 0, 27 | 0, 28 | NULL 29 | ); 30 | 31 | FloatingPE fpe("revtracer.dll"); 32 | MemMapper mpr; 33 | 34 | DWORD dwAddr = (DWORD)map; 35 | fpe.MapPE(mpr, dwAddr); 36 | 37 | 38 | ldr::LoaderConfig *lCfg = &ldr::loaderConfig; 39 | wcscpy_s(lCfg->sharedMemoryName, L"Global\\Mumbojumbo"); 40 | lCfg->mappingAddress = (ldr::ADDR_TYPE)(dwAddr + 0x1000000); 41 | lCfg->entryPoint = 0; 42 | 43 | ldr::LoaderAPI *lAPI = &ldr::loaderAPI; 44 | HMODULE hNtDll = GetModuleHandle("ntdll.dll"); 45 | lAPI->ntOpenSection = GetProcAddress(hNtDll, "NtOpenSection"); 46 | lAPI->ntMapViewOfSection = GetProcAddress(hNtDll, "NtMapViewOfSection"); 47 | 48 | lAPI->ntOpenDirectoryObject = GetProcAddress(hNtDll, "NtOpenDirectoryObject"); 49 | lAPI->ntClose = GetProcAddress(hNtDll, "NtClose"); 50 | 51 | lAPI->rtlInitUnicodeStringEx = GetProcAddress(hNtDll, "RtlInitUnicodeStringEx"); 52 | lAPI->rtlFreeUnicodeString = GetProcAddress(hNtDll, "RtlFreeUnicodeString"); 53 | 54 | ldr::LoaderPerform(); 55 | 56 | 57 | 58 | UnmapViewOfFile(map); 59 | CloseHandle(hMapping); 60 | 61 | return 0; 62 | } -------------------------------------------------------------------------------- /loader/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## loader CMakeLists.txt 2 | 3 | set(LIBRARY_NAME "loader") 4 | 5 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32 -std=c++11") 6 | set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS}") 7 | set(CMAKE_CXX_FLAGS_DEGUB "-g ${CMAKE_CXX_FLAGS}") 8 | 9 | set(CMAKE_ASM_COMPILER as) 10 | set(CMAKE_ASM_FLAGS "--32") 11 | set(CMAKE_ASM_FLAGS_RELEASE "${CMAKE_ASM_FLAGS}") 12 | set(CMAKE_ASM_FLAGS_DEBUG "-g ${CMAKE_ASM_FLAGS}") 13 | 14 | add_library(${LIBRARY_NAME} SHARED 15 | Loader.Linux.cpp 16 | Loader.Linux.Stub.S 17 | ) 18 | 19 | target_link_libraries(${LIBRARY_NAME} 20 | rt 21 | dl 22 | ) 23 | 24 | # disable -${LIBRARY_NAME}_EXPORTS 25 | set_target_properties(${LIBRARY_NAME} 26 | PROPERTIES 27 | DEFINE_SYMBOL "" 28 | ) 29 | 30 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 31 | -------------------------------------------------------------------------------- /loader/Loader.Linux.Stub.S: -------------------------------------------------------------------------------- 1 | .intel_syntax noprefix 2 | .global shadowStack 3 | .global loaderConfig 4 | .global LoaderInit 5 | 6 | .section .init 7 | xchg esp, shadowStack 8 | pusha 9 | pushf 10 | 11 | lea eax, jumphere 12 | push eax 13 | call LoaderInit 14 | add esp, 4 15 | 16 | popf 17 | popa 18 | xchg esp, shadowStack 19 | jmp [loaderConfig + 8] 20 | jumphere: 21 | -------------------------------------------------------------------------------- /loader/Main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | extern void init(void); 3 | int main() { 4 | init(); 5 | printf("I am the traced process!\n"); 6 | } 7 | -------------------------------------------------------------------------------- /loader/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | lib_loader := libloader.so 5 | CC := gcc 6 | CXX := g++ 7 | AS := as 8 | 9 | CPP_FILES := Loader.Linux.cpp 10 | AS_FILES := Loader.Linux.Stub.S 11 | OBJ_FILES := Loader.Linux.o Loader.Linux.Stub.o 12 | CC_FLAGS += -m32 -std=c++11 13 | AS_FLAGS += --32 14 | LIB_BINLOADER_PATH := ../BinLoader/libbinloader.a 15 | LD_FLAGS := -lrt -ldl 16 | LD_PATHS := 17 | 18 | prefix := /usr/local 19 | 20 | all: $(lib_loader) 21 | 22 | test: all 23 | g++ $(CC_FLAGS) -L. Main.cpp -o test -lloader 24 | 25 | run-test: test 26 | LD_PRELOAD=$(lib_loader) ./test 27 | 28 | install: $(lib_loader) 29 | install -m 0755 $(lib_loader) -t $(prefix)/lib -D 30 | 31 | $(lib_loader): $(OBJ_FILES) 32 | $(CXX) $(CC_FLAGS) $(LD_PATHS) -shared -o $@ $^ $(LIB_BINLOADER_PATH) $(LD_FLAGS) 33 | 34 | %.o: %.cpp 35 | $(CXX) $(CC_FLAGS) -c -o $@ $< 36 | 37 | %.o: %.S 38 | $(AS) $(AS_FLAGS) -o $@ $< 39 | 40 | .PHONY: clean 41 | clean: 42 | $(RM) $(lib_loader) $(OBJ_FILES) test 43 | -------------------------------------------------------------------------------- /loader/libloader.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/loader/libloader.idb -------------------------------------------------------------------------------- /lzo/a.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/lzo/a.exe -------------------------------------------------------------------------------- /lzo/a.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/lzo/a.pdb -------------------------------------------------------------------------------- /lzo/hw.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/lzo/hw.exe -------------------------------------------------------------------------------- /lzo/hw.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/lzo/hw.pdb -------------------------------------------------------------------------------- /makeSDK.bat: -------------------------------------------------------------------------------- 1 | md %1 2 | md %1\include 3 | 4 | md %1\include\CommonCrossPlatform 5 | copy CommonCrossPlatform\Common.h %1\include\CommonCrossPlatform 6 | copy CommonCrossPlatform\BasicTypes.h %1\include\CommonCrossPlatform 7 | 8 | md %1\include\Execution 9 | copy Execution\Execution.h %1\include\Execution 10 | 11 | md %1\include\revtracer 12 | copy revtracer\common.h %1\include\revtracer 13 | copy revtracer\DebugPrintFlags.h %1\include\revtracer 14 | copy revtracer\environment.h %1\include\revtracer 15 | copy revtracer\revtracer.h %1\include\revtracer 16 | copy revtracer\river.h %1\include\revtracer 17 | copy revtracer\RiverAddress.h %1\include\revtracer 18 | 19 | md %1\include\SymbolicEnvironment 20 | copy SymbolicEnvironment\Environment.h %1\include\SymbolicEnvironment 21 | copy SymbolicEnvironment\LargeStack.h %1\include\SymbolicEnvironment 22 | copy SymbolicEnvironment\SymbolicEnvironment.h %1\include\SymbolicEnvironment 23 | 24 | md %1\win 25 | md %1\win\lib 26 | copy Debug\Execution.lib %1\win\lib 27 | copy Debug\SymbolicEnvironment.lib %1\win\lib 28 | 29 | md %1\win\bin 30 | copy Debug\revtracer.dll %1\win\bin 31 | copy Debug\revtracer.pdb %1\win\bin 32 | copy Debug\revtracer-wrapper.dll %1\win\bin 33 | copy Debug\revtracer-wrapper.pdb %1\win\bin 34 | copy Debug\Execution.dll %1\win\bin 35 | copy Debug\Execution.pdb %1\win\bin 36 | copy Debug\SymbolicEnvironment.dll %1\win\bin 37 | copy Debug\SymbolicEnvironment.pdb %1\win\bin -------------------------------------------------------------------------------- /makeSDK.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | [ $# -ne 2 ] && { echo "Usage: $0 "; exit 1; } 4 | 5 | if [ ! -d $1 ]; then 6 | echo "Src dir: $1 does not exist. Pass the build directory of river" 7 | exit 1; 8 | fi 9 | 10 | if [ -d $2 ]; then 11 | echo "Dst dir exists! Pass a non-existing destination dir" 12 | exit 1; 13 | fi 14 | 15 | mkdir $2 16 | mkdir $1/include 17 | 18 | mkdir $1/include/CommonCrossPlatform 19 | cp CommonCrossPlatform/Common.h $1/include/CommonCrossPlatform 20 | cp CommonCrossPlatform/BasicTypes.h $1/include/CommonCrossPlatform 21 | 22 | mkdir $1/include/Execution 23 | cp Execution/Execution.h $1/include/Execution 24 | 25 | mkdir $1/include/revtracer 26 | cp revtracer/common.h $1/include/revtracer 27 | cp revtracer/DebugPrintFlags.h $1/include/revtracer 28 | cp revtracer/environment.h $1/include/revtracer 29 | cp revtracer/revtracer.h $1/include/revtracer 30 | cp revtracer/river.h $1/include/revtracer 31 | cp revtracer/RiverAddress.h $1/include/revtracer 32 | 33 | mkdir $1/include/SymbolicEnvironment 34 | cp SymbolicEnvironment/Environment.h $1/include/SymbolicEnvironment 35 | cp SymbolicEnvironment/LargeStack.h $1/include/SymbolicEnvironment 36 | cp SymbolicEnvironment/SymbolicEnvironment.h $1/include/SymbolicEnvironment 37 | 38 | mkdir $1/lin 39 | mkdir $1/lin/lib 40 | cp revtracer/revtracer.dll $1/lin/lib 41 | cp revtracer-wrapper/librevtracerwrapper.so $1/lin/lib 42 | cp Execution/libexecution.so $1/lin/lib 43 | cp loader/libloader.so $1/lin/lib 44 | cp ipclib/libipc.so $1/lin/lib 45 | cp SymbolicEnvironment/libsymbolicenvironment.so $1/lin/lib 46 | 47 | mkdir $1/libs 48 | cp http-parser-payload/libhttp-parser.so $1/libs 49 | cp freetype-payload/libfreetype.so $1/libs 50 | cp gumbo-payload/libgumbo.so $1/libs 51 | cp jsmn-payload/libjsmn.so $1/libs 52 | cp libjpeg-turbo-payload/libjpeg_turbo.so $1/libs 53 | cp libpng-payload/libpng.so $1/libs 54 | cp libxml-payload/libxml.so $1/libs 55 | -------------------------------------------------------------------------------- /nodeaddon/binding.gyp: -------------------------------------------------------------------------------- 1 | { 2 | "targets": [ 3 | { 4 | "target_name": "executionwrapper", 5 | "sources": [ "executionwrapper.cpp" ], 6 | "include_dirs": [ 7 | "../Execution", 8 | " 2 | #include "Inproc.Mapper.h" 3 | 4 | 5 | void *InprocMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return VirtualAlloc(lpAddress, dwSize, MEM_RESERVE | MEM_COMMIT, flProtect); 7 | } 8 | 9 | bool InprocMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | DWORD oldProtect; 11 | return TRUE == VirtualProtect(lpAddress, dwSize, flProtect, &oldProtect); 12 | } 13 | 14 | bool InprocMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 15 | memcpy(lpAddress, lpBuffer, nSize); 16 | return true; 17 | } 18 | 19 | DWORD InprocMapper::FindImport(const char *moduleName, const char *funcName) { 20 | HMODULE hModule = GetModuleHandleA(moduleName); 21 | 22 | if (NULL == hModule) { 23 | return 0xFFFFFFFF; 24 | } 25 | 26 | return (DWORD)GetProcAddress(hModule, funcName); 27 | } 28 | 29 | DWORD InprocMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 30 | HMODULE hModule = GetModuleHandleA(moduleName); 31 | 32 | if (NULL == hModule) { 33 | return 0xFFFFFFFF; 34 | } 35 | 36 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 37 | } -------------------------------------------------------------------------------- /notracer/Loader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class InprocMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /notracer/Loader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | typedef unsigned short USHORT; 5 | typedef long LONG; 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned short WORD; 9 | typedef unsigned long DWORD; 10 | typedef unsigned long long QWORD; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /notracer/MapPE.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include "Loader/PE.ldr.h" 3 | #include "Loader/Inproc.Mapper.h" 4 | 5 | bool MapPE(DWORD &baseAddr) { 6 | InprocMapper mapper; 7 | FloatingPE pe("..\\lzo\\a.exe"); 8 | 9 | if (!pe.MapPE(mapper, baseAddr)) { 10 | printf("Couldn't map pe!"); 11 | return false; 12 | } 13 | 14 | return true; 15 | } -------------------------------------------------------------------------------- /notracer/extern.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include 6 | 7 | #include "extern.h" 8 | 9 | 10 | void DbgPrint(const char *fmt, ...) { 11 | va_list va; 12 | 13 | va_start(va, fmt); 14 | vprintf(fmt, va); 15 | va_end(va); 16 | 17 | fflush(stdout); 18 | } 19 | 20 | void *EnvMemoryAlloc(unsigned long dwSize) { 21 | //return ExAllocatePoolWithTag(NonPagedPool, dwSize, 0x3070754C); 22 | void *ret = VirtualAlloc(NULL, dwSize, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); 23 | 24 | return ret; 25 | } 26 | 27 | void EnvMemoryFree(void *b) { 28 | //ExFreePoolWithTag(b, 0x3070754C); 29 | //VirtualFree(b); 30 | } -------------------------------------------------------------------------------- /notracer/extern.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXTERN_H 2 | #define _EXTERN_H 3 | 4 | /* Define NULL pointer value */ 5 | #ifndef NULL 6 | #ifdef __cplusplus 7 | #define NULL 0 8 | #else /* __cplusplus */ 9 | #define NULL ((void *)0) 10 | #endif /* __cplusplus */ 11 | #endif /* NULL */ 12 | 13 | #if !defined(_W64) 14 | #if !defined(__midl) && (defined(_X86_) || defined(_M_IX86) || defined(_ARM_) || defined(_M_ARM)) && _MSC_VER >= 1300 15 | #define _W64 __w64 16 | #else 17 | #define _W64 18 | #endif 19 | #endif 20 | 21 | #if defined(_WIN64) 22 | typedef __int64 INT_PTR, *PINT_PTR; 23 | typedef unsigned __int64 UINT_PTR, *PUINT_PTR; 24 | 25 | typedef __int64 LONG_PTR, *PLONG_PTR; 26 | typedef unsigned __int64 ULONG_PTR, *PULONG_PTR; 27 | 28 | #define __int3264 __int64 29 | 30 | #else 31 | typedef _W64 int INT_PTR, *PINT_PTR; 32 | typedef _W64 unsigned int UINT_PTR, *PUINT_PTR; 33 | 34 | typedef _W64 long LONG_PTR, *PLONG_PTR; 35 | typedef _W64 unsigned long ULONG_PTR, *PULONG_PTR; 36 | 37 | #define __int3264 __int32 38 | 39 | #endif 40 | 41 | typedef unsigned long DWORD; 42 | typedef unsigned short WORD; 43 | typedef unsigned char BYTE; 44 | 45 | void DbgPrint(const char *fmt, ...); 46 | 47 | void *EnvMemoryAlloc(unsigned long dwSize); 48 | void EnvMemoryFree(void *b); 49 | 50 | #endif -------------------------------------------------------------------------------- /notracer/main.cpp: -------------------------------------------------------------------------------- 1 | #include "extern.h" 2 | #include 3 | 4 | int overlap(unsigned int a1, unsigned int a2, unsigned int b1, unsigned int b2); 5 | 6 | bool MapPE(DWORD &baseAddr); 7 | 8 | typedef int(*MainFunc)(unsigned int argc, char *argv[]); 9 | 10 | int main(unsigned int argc, char *argv[]) { 11 | DWORD baseAddr = 0; 12 | if (!MapPE(baseAddr)) { 13 | return false; 14 | } 15 | 16 | //MainFunc pMain = (MainFunc)(baseAddr + 0x1032); 17 | MainFunc pMain = (MainFunc)(baseAddr + 0x96CE); 18 | pMain(argc, argv); 19 | return 0; 20 | } -------------------------------------------------------------------------------- /release.conf: -------------------------------------------------------------------------------- 1 | river.sdk.version=0.3.3 2 | -------------------------------------------------------------------------------- /revmaster/DualAllocator.h: -------------------------------------------------------------------------------- 1 | #ifndef _DUAL_ALLOCATOR_H_ 2 | #define _DUAL_ALLOCATOR_H_ 3 | 4 | #include 5 | 6 | class DualAllocator { 7 | private: 8 | HANDLE hMapping; 9 | DWORD dwSize; 10 | DWORD dwUsed; 11 | DWORD dwGran; 12 | 13 | HANDLE hProcess[2]; 14 | public: 15 | DualAllocator(DWORD size, HANDLE remoteProcess, const wchar_t *shmName, DWORD granularity); 16 | ~DualAllocator(); 17 | 18 | void *Allocate(DWORD size, DWORD &offset); 19 | void Free(void *ptr); 20 | }; 21 | 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /revmaster/Loader/Abstract.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_MAPPER_H_ 2 | #define _ABSTRACT_MAPPER_H_ 3 | 4 | #include "Types.h" 5 | 6 | class AbstractPEMapper { 7 | public: 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) = 0; 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0; 14 | }; 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /revmaster/Loader/Extern.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXTERN_MAPPER_H_ 2 | #define _EXTERN_MAPPER_H_ 3 | 4 | #include 5 | 6 | #include "Abstract.Mapper.h" 7 | 8 | class ExternMapper : public AbstractPEMapper { 9 | private : 10 | HANDLE hProc; 11 | bool ownProcess; 12 | 13 | HMODULE RemoteFindModule(const char *module); 14 | public: 15 | ExternMapper(unsigned int pid); 16 | ExternMapper(HANDLE process); 17 | virtual ~ExternMapper(); 18 | 19 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 20 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 21 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 22 | 23 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 24 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 25 | }; 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /revmaster/Loader/Inproc.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Inproc.Mapper.h" 3 | 4 | 5 | void *InprocMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return VirtualAlloc(lpAddress, dwSize, MEM_RESERVE | MEM_COMMIT, flProtect); 7 | } 8 | 9 | bool InprocMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | DWORD oldProtect; 11 | return TRUE == VirtualProtect(lpAddress, dwSize, flProtect, &oldProtect); 12 | } 13 | 14 | bool InprocMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 15 | memcpy(lpAddress, lpBuffer, nSize); 16 | return true; 17 | } 18 | 19 | DWORD InprocMapper::FindImport(const char *moduleName, const char *funcName) { 20 | HMODULE hModule = GetModuleHandleA(moduleName); 21 | 22 | if (NULL == hModule) { 23 | return 0xFFFFFFFF; 24 | } 25 | 26 | return (DWORD)GetProcAddress(hModule, funcName); 27 | } 28 | 29 | DWORD InprocMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 30 | HMODULE hModule = GetModuleHandleA(moduleName); 31 | 32 | if (NULL == hModule) { 33 | return 0xFFFFFFFF; 34 | } 35 | 36 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 37 | } -------------------------------------------------------------------------------- /revmaster/Loader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class InprocMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /revmaster/Loader/Mem.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Mem.Mapper.h" 3 | 4 | 5 | void *MemMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return lpAddress; 7 | } 8 | 9 | bool MemMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | return true; 11 | } 12 | 13 | bool MemMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 14 | memcpy(lpAddress, lpBuffer, nSize); 15 | return true; 16 | } 17 | 18 | DWORD MemMapper::FindImport(const char *moduleName, const char *funcName) { 19 | HMODULE hModule = GetModuleHandleA(moduleName); 20 | 21 | if (NULL == hModule) { 22 | return 0xFFFFFFFF; 23 | } 24 | 25 | return (DWORD)GetProcAddress(hModule, funcName); 26 | } 27 | 28 | DWORD MemMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 29 | HMODULE hModule = GetModuleHandleA(moduleName); 30 | 31 | if (NULL == hModule) { 32 | return 0xFFFFFFFF; 33 | } 34 | 35 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 36 | } -------------------------------------------------------------------------------- /revmaster/Loader/Mem.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _MEM_MAPPER_H_ 2 | #define _MEM_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class MemMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /revmaster/Loader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | typedef unsigned short USHORT; 5 | typedef long LONG; 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned short WORD; 9 | typedef unsigned long DWORD; 10 | typedef unsigned long long QWORD; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /revtracer-wrapper/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## revtracer-wrapper CMakeLists.txt 2 | 3 | set(LIBRARY_NAME "revtracerwrapper") 4 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11") 5 | 6 | add_library(${LIBRARY_NAME} SHARED 7 | RevtracerWrapper.cpp 8 | Wrapper.Linux.cpp 9 | Wrapper.Windows.cpp 10 | ) 11 | 12 | target_link_libraries(${LIBRARY_NAME} 13 | binloader 14 | dl 15 | ) 16 | 17 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 18 | -------------------------------------------------------------------------------- /revtracer-wrapper/Main.cpp: -------------------------------------------------------------------------------- 1 | #include "RevtracerWrapper.h" 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "../BinLoader/LoaderAPI.h" 10 | 11 | 12 | // Used for revtracer wrapper local tests 13 | // 14 | int TestCallMapMemoryHandler_basic() { 15 | void *address = (void*)0; 16 | void *addr = revwrapper::CallMapMemoryHandler(0, 0, 0, 1000, address); 17 | printf("[TestCallMapMemoryHandler_basic] Result [%p]\n", addr); 18 | return addr == (void*)-1; 19 | } 20 | 21 | int TestCallMapMemoryHandler_valid_shm() { 22 | int shmFd = revwrapper::CallOpenSharedMemory("/test-valid-shm", O_CREAT | O_RDWR | O_TRUNC | O_EXCL, 0644); 23 | assert(shmFd != -1); 24 | void *address = (void*)0xb7aab000; 25 | void *addr = revwrapper::CallMapMemoryHandler(shmFd, 0, 0, 1000, address); 26 | revwrapper::CallUnlinkSharedMemory("/test-valid-shm"); 27 | printf("[TestCallMapMemoryHandler_valid_shm] Result [%p]\n", addr); 28 | return addr != (void*)-1; 29 | } 30 | 31 | int TestSemaphore() { 32 | sem_t semaphore; 33 | int ret = revwrapper::CallInitSemaphore((void*)&semaphore, 0, 1); 34 | assert(ret == 0); 35 | ret = revwrapper::CallWaitSemaphore((void*)&semaphore, true); 36 | assert(ret == 0); 37 | ret = revwrapper::CallPostSemaphore((void*)&semaphore); 38 | assert(ret == 0); 39 | int value = 0; 40 | ret = revwrapper::CallGetValueSemaphore((void*)&semaphore, &value); 41 | assert(ret == 0); 42 | ret = revwrapper::CallDestroySemaphore((void*)&semaphore); 43 | assert(ret == 0); 44 | return 1; 45 | } 46 | 47 | int main () { 48 | MODULE_PTR lpModule; 49 | BASE_PTR lpBase; 50 | CreateModule("libpthread.so", lpModule); 51 | MapModule(lpModule, lpBase, true); 52 | int ret = revwrapper::InitRevtracerWrapper(0, lpBase); 53 | if (ret != 0) { 54 | printf("Cannot initialize revtracer-wrapper\n"); 55 | return 0; 56 | } 57 | assert(TestCallMapMemoryHandler_basic() == 1); 58 | assert(TestCallMapMemoryHandler_valid_shm() == 1); 59 | assert(TestSemaphore() == 1); 60 | } 61 | -------------------------------------------------------------------------------- /revtracer-wrapper/Makefile: -------------------------------------------------------------------------------- 1 | lib_revwrapper := librevtracerwrapper.so 2 | CC := gcc 3 | CXX := g++ 4 | CPP_FILES := RevtracerWrapper.cpp Wrapper.Linux.cpp Wrapper.Windows.cpp 5 | OBJ_FILES := $(addprefix ,$(notdir $(CPP_FILES:.cpp=.o))) 6 | LD_FLAGS := -ldl 7 | CC_FLAGS += -g -m32 -std=c++11 8 | LIB_BINLOADER_PATH := ../BinLoader/libbinloader.a 9 | prefix := /usr/local 10 | 11 | all: $(lib_revwrapper) 12 | 13 | test: $(lib_revwrapper) Main.o 14 | $(CXX) $(CC_FLAGS) Main.o -L. -lrevtracerwrapper -lrt -o test 15 | 16 | install: $(lib_revwrapper) 17 | install -m 0755 $(lib_revwrapper) -t $(prefix)/lib -D 18 | 19 | $(lib_revwrapper): $(OBJ_FILES) 20 | $(CXX) $(CC_FLAGS) -shared -o $@ $^ $(LIB_BINLOADER_PATH) $(LD_FLAGS) 21 | 22 | %.o: %.cpp 23 | $(CXX) $(CC_FLAGS) -c $(CC_LIB) -o $@ $< 24 | 25 | .PHONY: clean 26 | clean: 27 | $(RM) $(lib_revwrapper) $(OBJ_FILES) test Main.o lib/* 28 | -------------------------------------------------------------------------------- /revtracer-wrapper/ShmTokenRingLin.h: -------------------------------------------------------------------------------- 1 | #ifndef _SHM_TOKEN_RING_LIN 2 | #define _SHM_TOKEN_RING_LIN 3 | 4 | #ifdef __linux__ 5 | #include 6 | #include "common.h" 7 | #define MAX_USER_COUNT 2 8 | 9 | namespace revwrapper { 10 | class ShmTokenRingLin { 11 | private: 12 | sem_t semaphores[MAX_USER_COUNT]; 13 | bool valid[MAX_USER_COUNT]; 14 | sem_t use_semaphore; 15 | IpcAPI *ipcAPI; 16 | volatile long currentOwner; 17 | volatile long userCount; 18 | 19 | public: 20 | ~ShmTokenRingLin(); 21 | void Init(long presetUsers); 22 | void SetIpcApiHandler(IpcAPI *ipcAPI); 23 | 24 | unsigned long Use(unsigned long id); 25 | 26 | bool Wait(long int userId, bool blocking = true); 27 | void Release(long userId); 28 | }; 29 | 30 | } //namespace revwrapper 31 | 32 | #endif 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /revtracer-wrapper/ShmTokenRingWin.cpp: -------------------------------------------------------------------------------- 1 | #if defined _WIN32 || defined __CYGWIN__ 2 | 3 | 4 | //#include "ipclib.h" 5 | 6 | 7 | 8 | namespace revwrapper { 9 | 10 | 11 | }; 12 | 13 | #endif -------------------------------------------------------------------------------- /revtracer-wrapper/TokenRing.Linux.h: -------------------------------------------------------------------------------- 1 | #ifndef _TOKEN_RING_LINUX_H_ 2 | #define _TOKEN_RING_LINUX_H_ 3 | 4 | #if defined __linux__ 5 | #include 6 | #include "../CommonCrossPlatform/Common.h" 7 | 8 | namespace revwrapper { 9 | 10 | #define MAX_USER_COUNT 4 11 | 12 | struct TokenRingOsData { 13 | long userCount; 14 | 15 | sem_t semaphores[MAX_USER_COUNT]; 16 | }; 17 | }; 18 | 19 | 20 | #endif 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /revtracer-wrapper/TokenRing.Windows.h: -------------------------------------------------------------------------------- 1 | #ifndef _TOKEN_RING_WINDOWS_H_ 2 | #define _TOKEN_RING_WINDOWS_H_ 3 | 4 | #if defined _WIN32 || defined __CYGWIN__ 5 | 6 | namespace revwrapper { 7 | typedef void *HANDLE; 8 | 9 | #define MAX_USER_COUNT 4 10 | 11 | struct TokenRingOsData { 12 | long userCount; 13 | 14 | HANDLE waitSem[MAX_USER_COUNT]; 15 | HANDLE postSem[MAX_USER_COUNT]; 16 | }; 17 | }; 18 | 19 | #endif 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /revtracer-wrapper/TokenRing.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_TOKEN_RING_ 2 | #define _ABSTRACT_TOKEN_RING_ 3 | 4 | namespace revwrapper { 5 | 6 | typedef bool(*WaitEventFunc)(void *handle, int timeout); 7 | typedef bool(*PostEventFunc)(void *handle); 8 | 9 | #define RING_OS_DATA_SIZE 64 10 | 11 | 12 | struct TokenRing; 13 | 14 | struct TokenRingOps { 15 | typedef bool(*WaitFunc)(TokenRing *_this, long userId, bool blocking); 16 | typedef void(*ReleaseFunc)(TokenRing *_this, long userId); 17 | 18 | WaitFunc __Wait; 19 | ReleaseFunc __Release; 20 | }; 21 | 22 | struct TokenRing { 23 | TokenRingOps *ops; 24 | unsigned char osData[RING_OS_DATA_SIZE]; 25 | 26 | //friend bool InitTokenRing(TokenRing *_this, long userCount, unsigned int *pids, long token); 27 | //friend struct TokenRingOps; 28 | 29 | bool Wait(long userId, bool blocking = true) { 30 | return ops->__Wait(this, userId, blocking); 31 | } 32 | 33 | void Release(long userId) { 34 | ops->__Release(this, userId); 35 | } 36 | }; 37 | 38 | 39 | } //namespace ipc 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /revtracer-wrapper/UnifiedTokenRing.cpp: -------------------------------------------------------------------------------- 1 | #include "AbstractShmTokenRing.h" 2 | 3 | #ifdef __linux__ 4 | #include "ShmTokenRingLin.h" 5 | #elif defined(_WIN32) 6 | #include "ShmTokenRingWin.h" 7 | #endif 8 | 9 | namespace ipc { 10 | AbstractShmTokenRing *AbstractShmTokenRingFactory(void) { 11 | #ifdef __linux__ 12 | return new ShmTokenRingLin(); 13 | #elif defined(_WIN32) 14 | return new ShmTokenRingWin(); 15 | #endif 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /revtracer-wrapper/Wrapper.Global.h: -------------------------------------------------------------------------------- 1 | #ifndef _WRAPPER_GLOBAL_H_ 2 | #define _WRAPPER_GLOBAL_H_ 3 | 4 | typedef void *(*AllocateVirtualFunc)(unsigned long); 5 | typedef void (*FreeVirtualFunc)(void *); 6 | typedef void *(*MapMemoryFunc)(unsigned long, unsigned long, unsigned long, unsigned long, void *); 7 | 8 | typedef void (*TerminateProcessFunc)(int); 9 | typedef void *(*GetTerminationCodeFunc)(); 10 | 11 | typedef int (*FormatPrintFunc)(char *buffer, size_t sizeOfBuffer, const char *format, char *); 12 | 13 | typedef bool (*WriteFileFunc)(void *, void *, size_t, unsigned long *); 14 | typedef long (*ToErrnoFunc)(long); 15 | 16 | typedef long (*YieldExecutionFunc)(void); 17 | typedef bool (*InitEventFunc)(void *, bool); 18 | typedef bool (*WaitEventFunc)(void *, int); 19 | typedef bool (*PostEventFunc)(void *); 20 | typedef void (*DestroyEventFunc)(void *); 21 | typedef int (*GetValueEventFunc) (void *); 22 | 23 | typedef int (*OpenSharedMemoryFunc) (const char *, int, int); 24 | typedef int (*UnlinkSharedMemoryFunc) (const char *); 25 | 26 | typedef void (*FlushInstructionCacheFunc)(void); 27 | 28 | 29 | extern AllocateVirtualFunc allocateVirtual; 30 | extern FreeVirtualFunc freeVirtual; 31 | extern MapMemoryFunc mapMemory; 32 | 33 | extern TerminateProcessFunc terminateProcess; 34 | extern GetTerminationCodeFunc getTerminationCode; 35 | 36 | extern FormatPrintFunc formatPrint; 37 | 38 | extern WriteFileFunc writeFile; 39 | extern ToErrnoFunc toErrno; 40 | 41 | extern YieldExecutionFunc yieldExecution; 42 | extern InitEventFunc initEvent; 43 | extern WaitEventFunc waitEvent; 44 | extern PostEventFunc postEvent; 45 | extern DestroyEventFunc destroyEvent; 46 | extern GetValueEventFunc getvalueEvent; 47 | 48 | extern OpenSharedMemoryFunc openSharedMemory; 49 | extern UnlinkSharedMemoryFunc unlinkSharedMemory; 50 | 51 | extern FlushInstructionCacheFunc flushInstructionCache; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /revtracer-wrapper/setup-libs.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 3 | 4 | rm -rf $DIR/lib 5 | mkdir $DIR/lib 6 | 7 | ln --symbolic -T `find /lib -name libc.so.6 -path *i386*` $DIR//lib/libc.so 8 | ln --symbolic -T `find /lib -name libpthread.so.0 -path *i386*` $DIR/lib/libpthread.so 9 | ln --symbolic -T `find /lib -name librt.so.1 -path *i386*` $DIR/lib/librt.so 10 | ln --symbolic -T `find /lib -name ld-linux.so.2 -path *i386*` $DIR/lib/ld-linux.so.2 11 | -------------------------------------------------------------------------------- /revtracer/AddressContainer.h: -------------------------------------------------------------------------------- 1 | #ifndef _ADDRESS_CONTAINER_H 2 | #define _ADDRESS_CONTAINER_H 3 | 4 | #include "revtracer.h" 5 | 6 | #define MAX_CONTAINER_PAGES 1024 7 | 8 | struct ContainerPage { 9 | nodep::DWORD mem[1024]; 10 | }; 11 | 12 | class AddressContainer { 13 | private : 14 | ContainerPage pages[MAX_CONTAINER_PAGES]; 15 | ContainerPage *freePages[MAX_CONTAINER_PAGES]; 16 | nodep::DWORD freePageCount; 17 | 18 | void InitPageAllocator(); 19 | ContainerPage *AllocPage(); 20 | void FreePage(ContainerPage *page); 21 | 22 | ContainerPage *root; 23 | 24 | nodep::DWORD RecursiveSet(ContainerPage *&page, nodep::DWORD dwAddress, nodep::DWORD value, nodep::DWORD mask, nodep::DWORD shift); 25 | void RecursivePrintAddreses(ContainerPage *page, nodep::DWORD prefix, nodep::DWORD shift) const; 26 | public : 27 | //AddressContainer(); 28 | void Init(); 29 | 30 | nodep::DWORD Set(nodep::DWORD dwAddress, nodep::DWORD value); 31 | nodep::DWORD Get(nodep::DWORD dwAddress) const; 32 | 33 | void PrintAddreses() const; 34 | }; 35 | 36 | 37 | #endif -------------------------------------------------------------------------------- /revtracer/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## revtracer CMakeLists.txt 2 | 3 | set(CMAKE_VERBOSE_MAKEFILE true) 4 | set(CMAKE_CXX_COMPILER i686-w64-mingw32-g++) 5 | 6 | set(FLAGS_CROSS "-D_cdecl=\"__attribute__((cdecl))\" \ 7 | -D_stdcall=\"__attribute__((stdcall))\"") 8 | set(CMAKE_CXX_FLAGS "-g -m32 -march=i386 -fno-exceptions \ 9 | -fno-stack-protector -fcheck-new -std=c++11 ${FLAGS_CROSS} \ 10 | -D_BUILDING_REVTRACER_DLL") 11 | set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS}") 12 | set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_RELEASE} -D_REVTRACER_DEBUG_PRINT_") 13 | 14 | set(CMAKE_SHARED_LINKER_FLAGS "--disable-stdcall-fixup -static-libstdc++") 15 | 16 | set(CMAKE_ASM_COMPILER i686-w64-mingw32-as) 17 | set(CMAKE_ASM_FLAGS "--32") 18 | set(CMAKE_ASM_FLAGS_RELEASE "${CMAKE_ASM_FLAGS}") 19 | set(CMAKE_ASM_FLAGS_DEBUG "${CMAKE_ASM_FLAGS} -g") 20 | 21 | set_source_files_properties(revtracer.stub.S PROPERTIES COMPILE_FLAGS "${CMAKE_ASM_FLAGS}") 22 | 23 | add_library(revtracer SHARED 24 | AddressContainer.cpp 25 | api.cpp 26 | callgates.cpp 27 | cb.cpp crc32.cpp 28 | crtStub.cpp 29 | execenv.cpp 30 | GenericX86Assembler.cpp 31 | mm.cpp modrm32.cpp 32 | PreTrackingX86Assembler.cpp 33 | RelocableCodeBuffer.cpp 34 | revtracer.cpp 35 | RiverAddress.cpp 36 | TranslatorUtil.cpp 37 | RiverMetaTranslator.cpp 38 | RiverRepTranslator.cpp 39 | RiverRepAssembler.cpp 40 | RiverPrintTable.cpp 41 | RiverReverseTranslator.cpp 42 | RiverSaveTranslator.cpp 43 | RiverTrackingX86Assembler.cpp 44 | RiverX86Assembler.cpp 45 | RiverX86Disassembler.cpp 46 | NativeX86Assembler.cpp 47 | SymbopReverseTranslator.cpp 48 | SymbopTranslator.cpp 49 | SymbopSaveTranslator.cpp 50 | sync.cpp 51 | Tracking.cpp 52 | TrackingX86Assembler.cpp 53 | X86Assembler.cpp 54 | X86AssemblerFuncs.cpp 55 | RiverX86DisassemblerTable.cpp 56 | codegen.cpp 57 | revtracer.stub.S 58 | ) 59 | 60 | # disable -revtracer_EXPORTS 61 | set_target_properties(revtracer 62 | PROPERTIES 63 | DEFINE_SYMBOL "" 64 | NO_SONAME ON 65 | PREFIX "" 66 | SUFFIX ".dll" 67 | PUBLIC_HEADER "DebugPrintFlags.h;RiverAddress.h;common.h;environment.h;revtracer.h;river.h" 68 | ) 69 | 70 | install(TARGETS revtracer 71 | LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib 72 | PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/revtracer) 73 | -------------------------------------------------------------------------------- /revtracer/DebugPrintFlags.h: -------------------------------------------------------------------------------- 1 | #ifndef _DEBUG_PRINT_FLAGS_H_ 2 | #define _DEBUG_PRINT_FLAGS_H_ 3 | 4 | // message type 5 | #define PRINT_ERROR 0x01000000 6 | #define PRINT_INFO 0x02000000 7 | #define PRINT_DEBUG 0x03000000 8 | #define PRINT_MESSAGE_MASK 0x0F000000 9 | #define PRINT_MESSAGE_SHIFT 24 10 | 11 | // execution stages 12 | #define PRINT_BRANCH_HANDLER 0x00100000 13 | #define PRINT_DISASSEMBLY 0x00200000 14 | #define PRINT_TRANSLATION 0x00300000 15 | #define PRINT_ASSEMBLY 0x00400000 16 | #define PRINT_RUNTIME 0x00500000 17 | #define PRINT_INSPECTION 0x00600000 18 | #define PRINT_CONTAINER 0x00700000 19 | #define PRINT_EXECUTION_MASK 0x00F00000 20 | #define PRINT_EXECUTION_SHIFT 20 21 | 22 | // code type - only for translation and assembly 23 | #define PRINT_NATIVE 0x00010000 24 | #define PRINT_RIVER 0x00020000 25 | #define PRINT_TRACKING 0x00030000 26 | #define PRINT_SYMBOLIC 0x00040000 27 | #define PRINT_CODE_TYPE_MASK 0x000F0000 28 | #define PRINT_CODE_TYPE_SHIFT 16 29 | 30 | // code direction, only for river, tracking and symbolic 31 | #define PRINT_FORWARD 0x00001000 32 | #define PRINT_BACKWARD 0x00002000 33 | #define PRINT_CODE_DIRECTION_MASK 0x0000F000 34 | #define PRINT_CODE_DIRECTION_SHIFT 12 35 | 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /revtracer/GenericX86Assembler.cpp: -------------------------------------------------------------------------------- 1 | #include "GenericX86Assembler.h" 2 | 3 | #define X86_OPZISE_PREFIX 0x66 4 | 5 | #define X86_LOCK_PREFIX 0xF0 6 | 7 | #define X86_ESSEG_PREFIX 0x26 8 | #define X86_CSSEG_PREFIX 0x2E 9 | #define X86_SSSEG_PREFIX 0x36 10 | #define X86_DSSEG_PREFIX 0x3E 11 | #define X86_FSSEG_PREFIX 0x64 12 | #define X86_GSSEG_PREFIX 0x65 13 | 14 | bool GenericX86Assembler::Init(RiverRuntime *rt) { 15 | runtime = rt; 16 | return true; 17 | } 18 | 19 | bool GeneratePrefixes(const RiverInstruction &ri, nodep::BYTE *&px86) { 20 | if (ri.modifiers & RIVER_MODIFIER_LOCK) { 21 | *px86 = X86_LOCK_PREFIX; 22 | px86++; 23 | } 24 | 25 | if (ri.modifiers & RIVER_MODIFIER_O16) { 26 | *px86 = X86_OPZISE_PREFIX; 27 | px86++; 28 | } 29 | 30 | switch (ri.modifiers & 0x07) { 31 | case RIVER_MODIFIER_ESSEG: 32 | *px86 = X86_ESSEG_PREFIX; 33 | px86++; 34 | break; 35 | case RIVER_MODIFIER_CSSEG: 36 | *px86 = X86_CSSEG_PREFIX; 37 | px86++; 38 | break; 39 | case RIVER_MODIFIER_SSSEG: 40 | *px86 = X86_SSSEG_PREFIX; 41 | px86++; 42 | break; 43 | case RIVER_MODIFIER_DSSEG: 44 | *px86 = X86_DSSEG_PREFIX; 45 | px86++; 46 | break; 47 | case RIVER_MODIFIER_FSSEG: 48 | *px86 = X86_FSSEG_PREFIX; 49 | px86++; 50 | break; 51 | case RIVER_MODIFIER_GSSEG: 52 | *px86 = X86_GSSEG_PREFIX; 53 | px86++; 54 | break; 55 | } 56 | return true; 57 | } 58 | 59 | bool ClearPrefixes(const RiverInstruction &ri, nodep::BYTE *&px86) { 60 | if (ri.modifiers & 0x07) { 61 | px86--; 62 | } 63 | 64 | if (ri.modifiers & RIVER_MODIFIER_REPNZ) { 65 | px86--; 66 | } 67 | 68 | if (ri.modifiers & RIVER_MODIFIER_REPZ) { 69 | px86--; 70 | } 71 | 72 | if (ri.modifiers & RIVER_MODIFIER_REP) { 73 | px86--; 74 | } 75 | 76 | if (ri.modifiers & RIVER_MODIFIER_LOCK) { 77 | px86--; 78 | } 79 | 80 | return true; 81 | } 82 | -------------------------------------------------------------------------------- /revtracer/GenericX86Assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _GENERIC_X86_ASSEMBLER_H 2 | #define _GENERIC_X86_ASSEMBLER_H 3 | 4 | #include "revtracer.h" 5 | #include "river.h" 6 | #include "Runtime.h" 7 | 8 | #include "RelocableCodeBuffer.h" 9 | 10 | #define ASSEMBLER_DIR_FORWARD 0x00 11 | #define ASSEMBLER_DIR_BACKWARD 0x01 12 | 13 | #define ASSEMBLER_CODE_NATIVE 0x00 14 | #define ASSEMBLER_CODE_TRACKING 0x02 15 | 16 | class UnusedRegister { 17 | //virtual nodep::Acquire() 18 | }; 19 | 20 | class GenericX86Assembler { 21 | protected : 22 | RiverRuntime *runtime; 23 | 24 | public: 25 | virtual bool Init(RiverRuntime *rt); 26 | virtual bool Translate(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::BYTE ¤tFamily, nodep::BYTE &repReg, nodep::DWORD &instrCounter, nodep::BYTE outputType) = 0; 27 | }; 28 | 29 | bool GeneratePrefixes(const RiverInstruction &ri, nodep::BYTE *&px86); 30 | bool ClearPrefixes(const RiverInstruction &ri, nodep::BYTE *&px86); 31 | 32 | #endif -------------------------------------------------------------------------------- /revtracer/Loader/Abstract.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_MAPPER_H_ 2 | #define _ABSTRACT_MAPPER_H_ 3 | 4 | #include "Types.h" 5 | 6 | class AbstractPEMapper { 7 | public: 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) = 0; 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0; 14 | }; 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /revtracer/Loader/Inproc.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Inproc.Mapper.h" 3 | 4 | 5 | void *InprocMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return VirtualAlloc(lpAddress, dwSize, MEM_RESERVE | MEM_COMMIT, flProtect); 7 | } 8 | 9 | bool InprocMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | DWORD oldProtect; 11 | return TRUE == VirtualProtect(lpAddress, dwSize, flProtect, &oldProtect); 12 | } 13 | 14 | bool InprocMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 15 | memcpy(lpAddress, lpBuffer, nSize); 16 | return true; 17 | } 18 | 19 | DWORD InprocMapper::FindImport(const char *moduleName, const char *funcName) { 20 | HMODULE hModule = GetModuleHandleA(moduleName); 21 | 22 | if (NULL == hModule) { 23 | return 0xFFFFFFFF; 24 | } 25 | 26 | return (DWORD)GetProcAddress(hModule, funcName); 27 | } 28 | 29 | DWORD InprocMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 30 | HMODULE hModule = GetModuleHandleA(moduleName); 31 | 32 | if (NULL == hModule) { 33 | return 0xFFFFFFFF; 34 | } 35 | 36 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 37 | } -------------------------------------------------------------------------------- /revtracer/Loader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class InprocMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /revtracer/Loader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | typedef unsigned short USHORT; 5 | typedef long LONG; 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned short WORD; 9 | typedef unsigned long DWORD; 10 | typedef unsigned long long QWORD; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /revtracer/Makefile: -------------------------------------------------------------------------------- 1 | lib_revtracer := revtracer.dll 2 | 3 | CXX := i686-w64-mingw32-g++ 4 | AS := i686-w64-mingw32-as 5 | 6 | CPP_FILES := AddressContainer.cpp api.cpp callgates.cpp cb.cpp crc32.cpp crtStub.cpp execenv.cpp GenericX86Assembler.cpp mm.cpp modrm32.cpp PreTrackingX86Assembler.cpp RelocableCodeBuffer.cpp revtracer.cpp RiverAddress.cpp RiverMetaTranslator.cpp RiverPrintTable.cpp RiverReverseTranslator.cpp RiverSaveTranslator.cpp RiverTrackingX86Assembler.cpp RiverX86Assembler.cpp RiverX86Disassembler.cpp NativeX86Assembler.cpp SymbopReverseTranslator.cpp SymbopTranslator.cpp SymbopSaveTranslator.cpp sync.cpp Tracking.cpp TrackingX86Assembler.cpp X86Assembler.cpp X86AssemblerFuncs.cpp RiverX86DisassemblerTable.cpp codegen.cpp 7 | AS_FILES := revtracer.stub.S 8 | OBJ_FILES := $(addprefix ,$(notdir $(CPP_FILES:.cpp=.o))) 9 | OBJAS_FILES := $(addprefix ,$(notdir $(AS_FILES:.S=.o))) 10 | 11 | LD_FLAGS := 12 | AS_FLAGS += --32 13 | CC_FLAGS_CROSS = -D_cdecl="__attribute__((cdecl))" -D_stdcall="__attribute__((stdcall))" 14 | CC_FLAGS += -g -m32 -march=i386 -fno-exceptions -fno-stack-protector -fcheck-new -std=c++11 $(CC_FLAGS_CROSS) -D_BUILDING_REVTRACER_DLL #-D_REVTRACER_DEBUG_PRINT_ 15 | prefix := /usr/local 16 | 17 | all: $(lib_revtracer) 18 | 19 | install: $(lib_revtracer) 20 | install -m 0755 $(lib_revtracer) -t $(prefix)/lib -D 21 | 22 | $(lib_revtracer): $(OBJ_FILES) $(OBJAS_FILES) 23 | $(CXX) $(CC_FLAGS) --disable-stdcall-fixup -static-libstdc++ -shared -o $@ $^ 24 | 25 | %.o: %.cpp 26 | $(CXX) $(CC_FLAGS) -c -o $@ $< 27 | 28 | %.o: %.S 29 | $(AS) $(AS_FLAGS) -o $@ $< 30 | 31 | .PHONY: clean 32 | clean: 33 | $(RM) $(lib_revtracer) $(OBJ_FILES) $(OBJAS_FILES) 34 | -------------------------------------------------------------------------------- /revtracer/PreTrackingX86Assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _PRETRACKING_ASSEMBLER_H_ 2 | #define _PRETRACKING_ASSEMBLER_H_ 3 | 4 | #include "GenericX86Assembler.h" 5 | 6 | class PreTrackingAssembler : public GenericX86Assembler { 7 | private : 8 | static const nodep::BYTE regByte[]; 9 | 10 | void SaveUnusedRegister(nodep::BYTE reg, RelocableCodeBuffer &px86, int idx); 11 | void RestoreUnusedRegister(nodep::BYTE reg, RelocableCodeBuffer &px86, int idx); 12 | 13 | void AssemblePreTrackAddr(RiverAddress *addr, nodep::BYTE riverFamily, nodep::BYTE repReg, RelocableCodeBuffer &px86, nodep::DWORD &instrCounter); 14 | void AssemblePreTrackMem(RiverAddress * addr, nodep::BYTE riverFamily, nodep::BYTE repReg, RelocableCodeBuffer &px86, nodep::DWORD & instrCounter); 15 | public : 16 | virtual bool Translate(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::BYTE ¤tFamily, nodep::BYTE &repReg, nodep::DWORD &instrCounter, nodep::BYTE outputType); 17 | }; 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /revtracer/RelocableCodeBuffer.cpp: -------------------------------------------------------------------------------- 1 | #include "RelocableCodeBuffer.h" 2 | 3 | using namespace rev; 4 | 5 | RelocableCodeBuffer::RelocableCodeBuffer() { 6 | buffer = NULL; 7 | Reset(); 8 | } 9 | 10 | void RelocableCodeBuffer::Init(nodep::BYTE *buff) { 11 | buffer = buff; 12 | Reset(); 13 | } 14 | 15 | void RelocableCodeBuffer::Reset() { 16 | needsRAFix = needsRepFix = false; 17 | rvAddress = NULL; 18 | repInitCursor = NULL; 19 | cursor = buffer; 20 | } 21 | 22 | void RelocableCodeBuffer::SetRelocation(nodep::BYTE *reloc) { 23 | needsRAFix = true; 24 | rvAddress = reloc; 25 | } 26 | 27 | void RelocableCodeBuffer::CopyToFixed(nodep::BYTE *dst) const { 28 | rev_memcpy(dst, buffer, cursor - buffer); 29 | if (needsRAFix) { 30 | nodep::DWORD offset = (rvAddress - buffer); 31 | 32 | *(nodep::DWORD *)(&dst[offset]) -= (nodep::DWORD)buffer; 33 | *(nodep::DWORD *)(&dst[offset]) += (nodep::DWORD)dst; 34 | } 35 | } 36 | void RelocableCodeBuffer::MarkRepInit() { 37 | needsRepFix = true; 38 | repInitCursor = cursor; 39 | } 40 | 41 | void RelocableCodeBuffer::MarkRepFini() { 42 | const nodep::DWORD jmpSize = 5; 43 | const nodep::DWORD loopSize = 2; 44 | const nodep::DWORD repinitInstrSize = jmpSize + jmpSize + loopSize + jmpSize; 45 | const nodep::DWORD farloopInstrSize = jmpSize + 3 + loopSize; 46 | const nodep::DWORD repfiniInstrSize = jmpSize + jmpSize + farloopInstrSize; 47 | 48 | nodep::DWORD actualCodeSize = cursor - repInitCursor - (repinitInstrSize + repfiniInstrSize); 49 | 50 | // fix jumps 51 | nodep::BYTE *jmpWrapin = repInitCursor + 1; 52 | *(nodep::DWORD *)(jmpWrapin) += actualCodeSize; 53 | 54 | nodep::BYTE *jmpCodeout = repInitCursor + jmpSize + jmpSize + loopSize + 1; 55 | *(nodep::DWORD *)(jmpCodeout) += actualCodeSize; 56 | 57 | nodep::BYTE *jmpLoop = repInitCursor + jmpSize + jmpSize + loopSize + jmpSize + actualCodeSize + 1; 58 | *(nodep::DWORD *)(jmpLoop) -= actualCodeSize; 59 | 60 | nodep::BYTE *jmpInit = cursor - (loopSize + 3 + jmpSize) + 1; 61 | *(nodep::DWORD *)(jmpInit) -= actualCodeSize; 62 | 63 | needsRepFix = false; 64 | repInitCursor = NULL; 65 | } 66 | 67 | 68 | -------------------------------------------------------------------------------- /revtracer/RelocableCodeBuffer.h: -------------------------------------------------------------------------------- 1 | #ifndef _RELOCABLE_CODE_BUFFER_H 2 | #define _RELOCABLE_CODE_BUFFER_H 3 | 4 | #include "revtracer.h" 5 | #include "mm.h" 6 | 7 | class RelocableCodeBuffer { 8 | private : 9 | nodep::BYTE *buffer; 10 | nodep::BYTE *repInitCursor; 11 | bool needsRAFix, needsRepFix; 12 | nodep::BYTE *rvAddress; 13 | public : 14 | nodep::BYTE *cursor; 15 | 16 | RelocableCodeBuffer(); 17 | void Init(nodep::BYTE *buff); 18 | 19 | void Reset(); 20 | void SetRelocation(nodep::BYTE *reloc); 21 | void CopyToFixed(nodep::BYTE *dst) const; 22 | 23 | 24 | /* ->>> loop init 25 | * repinit <=> jmp repfini 26 | * **actual code** 27 | * repfini <=> jmp loop 28 | */ 29 | // start counting instructions 30 | void MarkRepInit(); 31 | // fix jump offsets 32 | void MarkRepFini(); 33 | }; 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /revtracer/RepInstrumentation.S: -------------------------------------------------------------------------------- 1 | BITS 32 2 | 3 | /* 4 | * this code is the equivalent of rep modifier 5 | * the code between `init` label and `jmp wrapout` 6 | * should work fine if ecx value is not 0, otherwise it's infinite loop 7 | * 8 | * the code between wrapin and wrapout is what we call a `farloop` 9 | * loop operand is signed imm8 so if the instrumented code that 10 | * we `rep` is larger than 127 bytes, loop cannot jump enough. So we use 11 | * loop to a jmp instruction that points to the actual target 12 | * 13 | * `lea ecx, ecx + 1` is needed in case ecx value is zero. In order for 14 | * loop to have valid behavior, ecx must be one before reaching the loop 15 | * instruction, thus triggering the loop not to take the natural path, 16 | * but to exit. 17 | */ 18 | 19 | jmp wrapin 20 | init: 21 | jmp codein 22 | loop: 23 | loop init 24 | jmp codeout 25 | 26 | codein: 27 | // actual code 28 | jmp loop 29 | codeout: 30 | jmp wrapout 31 | 32 | farloop: 33 | jmp init 34 | wrapin: 35 | lea ecx, [ecx + 1] 36 | loop farloop 37 | wrapout: 38 | -------------------------------------------------------------------------------- /revtracer/RiverRepAssembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_REP_ASSEMBLER_H 2 | #define _RIVER_REP_ASSEMBLER_H 3 | 4 | #include "GenericX86Assembler.h" 5 | 6 | class RiverRepAssembler : public GenericX86Assembler { 7 | public: 8 | virtual bool Translate(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::BYTE ¤tFamily, nodep::BYTE &repReg, nodep::DWORD &instrCounter, nodep::BYTE outputType); 9 | }; 10 | 11 | #endif 12 | -------------------------------------------------------------------------------- /revtracer/RiverRepTranslator.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_REP_TRANSLATOR_ 2 | #define _RIVER_REP_TRANSLATOR_ 3 | 4 | #include "river.h" 5 | 6 | class RiverCodeGen; 7 | 8 | class RiverRepTranslator { 9 | public: 10 | bool Init(RiverCodeGen *cg); 11 | bool Translate(const RiverInstruction &rIn, RiverInstruction *rOut, nodep::DWORD &instrCount); 12 | private: 13 | RiverCodeGen *codegen; 14 | void TranslateDefault(const RiverInstruction &rIn, RiverInstruction *rOut, nodep::DWORD &instrCount); 15 | void TranslateCommon(const RiverInstruction &rIn, RiverInstruction *rOut, nodep::DWORD &instrCount, nodep::DWORD riverModifier); 16 | }; 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /revtracer/RiverReverseTranslator.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_REVERSE_TRANSLATOR_H 2 | #define _RIVER_REVERSE_TRANSLATOR_H 3 | 4 | #include "revtracer.h" 5 | #include "river.h" 6 | 7 | using namespace rev; 8 | 9 | class RiverCodeGen; 10 | 11 | class RiverReverseTranslator { 12 | private : 13 | RiverCodeGen *codegen; 14 | typedef void(RiverReverseTranslator::*TranslateOpcodeFunc)(RiverInstruction &rOut, const RiverInstruction &rIn); 15 | 16 | static TranslateOpcodeFunc translateOpcodes[2][0x100]; 17 | public : 18 | bool Init(RiverCodeGen *cg); 19 | bool Translate(const RiverInstruction &rIn, RiverInstruction &rOut); 20 | private : 21 | void TranslateUnk(RiverInstruction &rOut, const RiverInstruction &rIn); 22 | void TranslatePushReg(RiverInstruction &rOut, const RiverInstruction &rIn); 23 | void TranslatePopReg(RiverInstruction &rOut, const RiverInstruction &rIn); 24 | void TranslatePushf(RiverInstruction &rOut, const RiverInstruction &rIn); 25 | void TranslatePopf(RiverInstruction &rOut, const RiverInstruction &rIn); 26 | void TranslatePushModRM(RiverInstruction &rOut, const RiverInstruction &rIn); 27 | void TranslatePopModRM(RiverInstruction &rOut, const RiverInstruction &rIn); 28 | void Translate0x83(RiverInstruction &rOut, const RiverInstruction &rIn); 29 | }; 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /revtracer/RiverTrackingX86Assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_TRACKING_X86_ASSEMBLER_H_ 2 | #define _RIVER_TRACKING_X86_ASSEMBLER_H_ 3 | 4 | #include "GenericX86Assembler.h" 5 | 6 | class RiverTrackingX86Assembler : public GenericX86Assembler { 7 | private: 8 | void AssemblePushFlg(nodep::DWORD testFlags, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 9 | void AssemblePushReg(const RiverRegister ®, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 10 | void AssemblePushMem(const RiverAddress *addr, nodep::BYTE offset, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 11 | 12 | void AssemblePopFlg(nodep::DWORD testFlags, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 13 | void AssemblePopReg(const RiverRegister ®, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 14 | void AssemblePopMem(const RiverAddress *addr, nodep::BYTE offset, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 15 | 16 | void AssembleUnmark(RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 17 | public: 18 | virtual bool Translate(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::BYTE ¤tFamily, nodep::BYTE &repReg, nodep::DWORD &instrCounter, nodep::BYTE outputType); 19 | }; 20 | 21 | #endif -------------------------------------------------------------------------------- /revtracer/RiverX86Assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_X86_ASSEMBLER_H 2 | #define _RIVER_X86_ASSEMBLER_H 3 | 4 | #include "revtracer.h" 5 | #include "river.h" 6 | #include "Runtime.h" 7 | 8 | #include "GenericX86Assembler.h" 9 | 10 | class RiverX86Assembler : public GenericX86Assembler { 11 | private : 12 | bool needsRAFix; 13 | nodep::BYTE *rvAddress; 14 | 15 | void SwitchToRiver(nodep::BYTE *&px86, nodep::DWORD &instrCounter); 16 | void SwitchToRiverEsp(nodep::BYTE *&px86, nodep::DWORD &instrCounter, nodep::BYTE repReg); 17 | void EndRiverConversion(nodep::BYTE *&px86, nodep::DWORD &pFlags, nodep::BYTE &repReg, nodep::DWORD &instrCounter); 18 | 19 | bool GenerateTransitions(const RiverInstruction &ri, nodep::BYTE *&px86, nodep::DWORD &pFlags, nodep::BYTE &repReg, nodep::DWORD &instrCounter); 20 | 21 | public : 22 | //bool Init(RiverRuntime *rt); 23 | //bool Assemble(RiverInstruction *pRiver, nodep::WORD dwInstrCount, BYTE *px86, nodep::WORD flg, nodep::WORD &instrCounter, nodep::WORD &byteCounter); 24 | virtual bool Translate(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::BYTE ¤tFamily, nodep::BYTE &repReg, nodep::DWORD &instrCounter, nodep::BYTE outputType); 25 | 26 | private : 27 | void AssembleRiverAddSubInstr(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 28 | 29 | void AssembleRiverAddSubOp(const RiverInstruction &ri, RelocableCodeBuffer &px86); 30 | 31 | void AssembleRegModRMOp(const RiverInstruction &ri, RelocableCodeBuffer &px86); 32 | 33 | void AssembleModRMOp(unsigned int opIdx, const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::BYTE extra); 34 | }; 35 | 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /revtracer/Runtime.h: -------------------------------------------------------------------------------- 1 | #ifndef _RUNTIME_H 2 | #define _RUNTIME_H 3 | 4 | #include "revtracer.h" 5 | 6 | /* River runtime context */ 7 | /* TODO: make the runtime threadsafe */ 8 | struct RiverRuntime { 9 | nodep::UINT_PTR virtualStack; // + 0x00 - mandatory first member (used in vm-rm transitions) 10 | nodep::UINT_PTR returnRegister; // + 0x04 - ax/eax/rax value 11 | nodep::UINT_PTR jumpBuff; // + 0x08 12 | nodep::UINT_PTR execBuff; // + 0x0C 13 | nodep::UINT_PTR trackBuff; // + 0x10 14 | nodep::UINT_PTR trackBase; // + 0x14 15 | nodep::UINT_PTR taintedAddresses; // + 0x18 16 | nodep::UINT_PTR registers; // + 0x1C 17 | 18 | nodep::DWORD taintedFlags[8]; // + 0x20 19 | nodep::DWORD taintedRegisters[8]; // + 0x40 20 | 21 | nodep::UINT_PTR trackStack; // + 0x60 22 | nodep::UINT_PTR secondaryRegister; // + 0x64 23 | nodep::DWORD firstEsp; 24 | }; 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /revtracer/SymbopReverseTranslator.cpp: -------------------------------------------------------------------------------- 1 | #include "SymbopReverseTranslator.h" 2 | #include "CodeGen.h" 3 | #include "TranslatorUtil.h" 4 | 5 | bool SymbopReverseTranslator::Init(RiverCodeGen *cg) { 6 | codegen = cg; 7 | return true; 8 | } 9 | 10 | bool SymbopReverseTranslator::Translate(const RiverInstruction &rIn, RiverInstruction &rOut) { 11 | if ((RIVER_FAMILY_RIVER_TRACK != RIVER_FAMILY(rIn.family)) && 12 | (RIVER_FAMILY_TRACK != RIVER_FAMILY(rIn.family))) { 13 | return false; 14 | } 15 | 16 | if (RIVER_FAMILY_RIVER_TRACK == RIVER_FAMILY(rIn.family)) { 17 | switch (rIn.opCode) { 18 | case 0x9C : // pushf 19 | TranslatePushFlg(rOut, rIn); 20 | break; 21 | case 0x50 : // push reg 22 | TranslatePushReg(rOut, rIn); 23 | break; 24 | case 0xFF : // push mem 25 | if (6 == rIn.subOpCode) { 26 | TranslatePushMem(rOut, rIn); 27 | } else { 28 | return false; 29 | } 30 | 31 | break; 32 | 33 | case 0x9D : 34 | case 0x58 : 35 | case 0x8F : 36 | return false; 37 | break; 38 | default : 39 | CopyInstruction(codegen, rOut, rIn); 40 | rOut.family |= RIVER_FAMILY_FLAG_IGNORE; 41 | break; 42 | }; 43 | } else if (RIVER_FAMILY_TRACK == RIVER_FAMILY(rIn.family)) { 44 | switch (rIn.opCode) { 45 | case 0x8F : 46 | CopyInstruction(codegen, rOut, rIn); 47 | break; 48 | default : 49 | CopyInstruction(codegen, rOut, rIn); 50 | rOut.family |= RIVER_FAMILY_FLAG_IGNORE; 51 | break; 52 | } 53 | } else { 54 | CopyInstruction(codegen, rOut, rIn); 55 | rOut.family |= RIVER_FAMILY_FLAG_IGNORE; 56 | } 57 | 58 | return true; 59 | } 60 | 61 | void SymbopReverseTranslator::TranslatePushReg(RiverInstruction &rOut, const RiverInstruction &rIn) { 62 | CopyInstruction(codegen, rOut, rIn); 63 | rOut.opCode += 8; 64 | } 65 | 66 | void SymbopReverseTranslator::TranslatePushFlg(RiverInstruction &rOut, const RiverInstruction &rIn) { 67 | CopyInstruction(codegen, rOut, rIn); 68 | rOut.opCode += 1; 69 | } 70 | 71 | void SymbopReverseTranslator::TranslatePushMem(RiverInstruction &rOut, const RiverInstruction &rIn) { 72 | CopyInstruction(codegen, rOut, rIn); 73 | rOut.opCode = 0x8F; 74 | rOut.subOpCode = 0; 75 | } 76 | -------------------------------------------------------------------------------- /revtracer/SymbopReverseTranslator.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYMBOP_REVERSE_TRANSLATOR_H_ 2 | #define _SYMBOP_REVERSE_TRANSLATOR_H_ 3 | 4 | #include "revtracer.h" 5 | #include "river.h" 6 | 7 | using namespace rev; 8 | 9 | class RiverCodeGen; 10 | 11 | class SymbopReverseTranslator { 12 | private : 13 | RiverCodeGen *codegen; 14 | 15 | public : 16 | bool Init(RiverCodeGen *cg); 17 | bool Translate(const RiverInstruction &rIn, RiverInstruction &rOut); 18 | 19 | private : 20 | void TranslatePushReg(RiverInstruction &rOut, const RiverInstruction &rIn); 21 | void TranslatePushFlg(RiverInstruction &rOut, const RiverInstruction &rIn); 22 | void TranslatePushMem(RiverInstruction &rOut, const RiverInstruction &rIn); 23 | }; 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /revtracer/SymbopSaveTranslator.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYMBOP_SAVE_TRANSLATOR_H_ 2 | #define _SYMBOP_SAVE_TRANSLATOR_H_ 3 | 4 | #include "revtracer.h" 5 | #include "river.h" 6 | 7 | class SymbopSaveTranslator { 8 | private : 9 | RiverCodeGen *codegen; 10 | 11 | void MakePushFlg(nodep::BYTE flags, RiverInstruction *&rOut, nodep::DWORD &instrCount); 12 | void MakePushReg(RiverRegister reg, RiverInstruction *&rOut, nodep::DWORD &instrCount); 13 | void MakePushMem(const RiverInstruction &rIn, RiverInstruction *&rOut, nodep::DWORD &instrCount); 14 | public : 15 | bool Init(RiverCodeGen *cg); 16 | 17 | bool Translate(const RiverInstruction &rIn, RiverInstruction *rMainOut, nodep::DWORD &instrCount); 18 | }; 19 | 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /revtracer/Tracking.cpp: -------------------------------------------------------------------------------- 1 | #include "Tracking.h" 2 | #include "common.h" 3 | 4 | #define PRINT_RUNTIME_TRACKING PRINT_INFO | PRINT_RUNTIME | PRINT_TRACKING 5 | 6 | namespace rev { 7 | #ifndef _NO_TRACK_CALLBACKS_ 8 | nodep::DWORD __stdcall TrackAddr(void *pEnv, nodep::DWORD dwAddr, nodep::DWORD segSel) { 9 | nodep::DWORD ret = ((::ExecutionEnvironment *)pEnv)->ac.Get(dwAddr + revtracerConfig.segmentOffsets[segSel & 0xFFFF]); 10 | 11 | TRACKING_PRINT(PRINT_RUNTIME_TRACKING, "TrackAddr 0x%08x => 0x%08X\n", dwAddr + revtracerConfig.segmentOffsets[segSel & 0xFFFF], ret); 12 | 13 | if (0 != ret) { 14 | revtracerImports.trackCallback(ret, dwAddr, segSel); 15 | } 16 | 17 | return ret; 18 | } 19 | 20 | nodep::DWORD __stdcall MarkAddr(void *pEnv, nodep::DWORD dwAddr, nodep::DWORD value, nodep::DWORD segSel) { 21 | TRACKING_PRINT(PRINT_RUNTIME_TRACKING, "MarkAddr 0x%08x <= %d\n", dwAddr + revtracerConfig.segmentOffsets[segSel & 0xFFFF], value); 22 | nodep::DWORD ret = ((::ExecutionEnvironment *)pEnv)->ac.Set(dwAddr + revtracerConfig.segmentOffsets[segSel & 0xFFFF], value); 23 | 24 | if (0 != ret) { 25 | revtracerImports.markCallback(ret, value, dwAddr, segSel); 26 | } 27 | 28 | return ret; 29 | } 30 | #else 31 | 32 | nodep::DWORD __stdcall TrackAddr(void *pEnv, nodep::DWORD dwAddr, nodep::DWORD segSel) { 33 | return ((::ExecutionEnvironment *)pEnv)->ac.Get(dwAddr); 34 | } 35 | 36 | nodep::DWORD __stdcall MarkAddr(void *pEnv, nodep::DWORD dwAddr, nodep::DWORD value, nodep::DWORD segSel) { 37 | return ((::ExecutionEnvironment *)pEnv)->ac.Set(dwAddr, value); 38 | } 39 | 40 | #endif 41 | }; 42 | -------------------------------------------------------------------------------- /revtracer/Tracking.h: -------------------------------------------------------------------------------- 1 | #ifndef _TRACKING_H_ 2 | #define _TRACKING_H_ 3 | 4 | #include "../CommonCrossPlatform/BasicTypes.h" 5 | #include "execenv.h" 6 | 7 | namespace rev { 8 | //TrackingTable trItem; 9 | 10 | nodep::DWORD __stdcall TrackAddr(void *pEnv, nodep::DWORD dwAddr, nodep::DWORD segSel); 11 | nodep::DWORD __stdcall MarkAddr(void *pEnv, nodep::DWORD dwAddr, nodep::DWORD value, nodep::DWORD segSel); 12 | 13 | }; 14 | 15 | #endif 16 | 17 | 18 | -------------------------------------------------------------------------------- /revtracer/TrackingX86Assembler.h: -------------------------------------------------------------------------------- 1 | #ifndef _TRACKING_X86_ASSEMBLER_ 2 | #define _TRACKING_X86_ASSEMBLER_ 3 | 4 | #include "GenericX86Assembler.h" 5 | 6 | class TrackingX86Assembler : public GenericX86Assembler { 7 | private : 8 | void AssembleTrackFlag(nodep::DWORD testFlags, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 9 | void AssembleMarkFlag(nodep::DWORD testFlags, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 10 | 11 | void AssembleTrackRegister(const RiverRegister ®, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 12 | void AssembleMarkRegister(const RiverRegister ®, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 13 | 14 | void AssembleTrackMemory(const RiverAddress *addr, nodep::BYTE offset, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 15 | void AssembleMarkMemory(const RiverAddress *addr, nodep::BYTE offset, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 16 | 17 | void AssembleTrackAddress(const RiverAddress *addr, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 18 | void AssembleUnmark(RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 19 | 20 | void AssembleAdjustESI(nodep::BYTE count, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 21 | void AssembleSetZero(nodep::BYTE reg, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 22 | 23 | void AssembleSymbolicCall(nodep::DWORD address, nodep::BYTE index, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::DWORD &instrCounter); 24 | 25 | nodep::DWORD GetOperandTrackSize(const RiverInstruction &ri, nodep::BYTE idx); 26 | 27 | nodep::DWORD dwTranslationFlags; 28 | public : 29 | void SetTranslationFlags(nodep::DWORD dwFlags); 30 | 31 | virtual bool Translate(const RiverInstruction &ri, RelocableCodeBuffer &px86, nodep::DWORD &pFlags, nodep::BYTE ¤tFamily, nodep::BYTE &repReg, nodep::DWORD &instrCounter, nodep::BYTE outputType); 32 | }; 33 | 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /revtracer/TranslatorUtil.cpp: -------------------------------------------------------------------------------- 1 | #include "TranslatorUtil.h" 2 | #include "CodeGen.h" 3 | 4 | void CopyInstruction(RiverCodeGen *codegen, RiverInstruction &rOut, const RiverInstruction &rIn) { 5 | rev_memcpy(&rOut, &rIn, sizeof(rOut)); 6 | 7 | for (int i = 0; i < 4; ++i) { 8 | if (RIVER_OPTYPE_MEM == RIVER_OPTYPE(rIn.opTypes[i])) { 9 | rOut.operands[i].asAddress = codegen->CloneAddress(*rIn.operands[i].asAddress, rIn.modifiers); 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /revtracer/TranslatorUtil.h: -------------------------------------------------------------------------------- 1 | #ifndef _TRANSLATOR_UTIL_ 2 | #define _TRANSLATOR_UTIL_ 3 | 4 | #include "river.h" 5 | 6 | void CopyInstruction(RiverCodeGen *codegen, RiverInstruction &rOut, const RiverInstruction &rIn); 7 | #endif 8 | -------------------------------------------------------------------------------- /revtracer/VBoxSnapshotDll.h: -------------------------------------------------------------------------------- 1 | /* $Id: VBoxHook.h $ */ 2 | /** @file 3 | * VBoxHook -- Global windows hook dll. 4 | */ 5 | 6 | /* 7 | * Copyright (C) 2006-2013 Oracle Corporation 8 | * 9 | * This file is part of VirtualBox Open Source Edition (OSE), as 10 | * available from http://www.virtualbox.org. This file is free software; 11 | * you can redistribute it and/or modify it under the terms of the GNU 12 | * General Public License (GPL) as published by the Free Software 13 | * Foundation, in version 2 as it comes in the "COPYING" file of the 14 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the 15 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. 16 | */ 17 | #ifndef ___winnt_include_VBoxSnapshotDll_h 18 | #define ___winnt_include_VBoxSnapshotDll_h 19 | 20 | #include 21 | #include 22 | 23 | #define VBOXSNAPSHOTDLL_DLL_NAME "VBoxSnapshotDll.dll" 24 | 25 | extern "C" uint64_t BDTakeSnapshot(); 26 | extern "C" uint64_t BDRestoreSnapshot(); 27 | extern "C" BOOL BDSnapshotInit(); 28 | 29 | typedef uint64_t (*BDTakeSnapshotType)(); 30 | typedef uint64_t (*BDRestoreSnapshotType)(); 31 | typedef BOOL (*BDSnapshotInitType)(); 32 | 33 | // This values are extracted from the HostServices/GuestSnapshot/service.cpp file 34 | #define BD_SNAPSHOT_FAIL 0 35 | #define BD_SNAPSHOT_TAKE 1 36 | #define BD_SNAPSHOT_RESTORE 2 37 | 38 | #endif -------------------------------------------------------------------------------- /revtracer/callgates.h: -------------------------------------------------------------------------------- 1 | #ifndef _CALL_GATES_H 2 | #define _CALL_GATES_H 3 | 4 | #include "environment.h" 5 | #include "revtracer.h" 6 | 7 | typedef nodep::DWORD (_cdecl *_fn_cdecl_0) (void); 8 | typedef nodep::DWORD (_cdecl *_fn_cdecl_1) (void *); 9 | typedef nodep::DWORD (_cdecl *_fn_cdecl_2) (void *, void *); 10 | typedef nodep::DWORD (_cdecl *_fn_cdecl_3) (void *, void *, void *); 11 | typedef nodep::DWORD (_cdecl *_fn_cdecl_4) (void *, void *, void *, void *); 12 | 13 | typedef nodep::DWORD (_stdcall *_fn_stdcall_0) (void); 14 | typedef nodep::DWORD (_stdcall *_fn_stdcall_1) (void *); 15 | typedef nodep::DWORD (_stdcall *_fn_stdcall_2) (void *, void *); 16 | typedef nodep::DWORD (_stdcall *_fn_stdcall_3) (void *, void *, void *); 17 | typedef nodep::DWORD (_stdcall *_fn_stdcall_4) (void *, void *, void *, void *); 18 | 19 | nodep::DWORD __declspec(noinline) call_cdecl_0(struct ExecutionEnvironment *env, _fn_cdecl_0 f); 20 | nodep::DWORD __declspec(noinline) call_cdecl_1(struct ExecutionEnvironment *env, _fn_cdecl_1 f, void *); 21 | nodep::DWORD __declspec(noinline) call_cdecl_2(struct ExecutionEnvironment *env, _fn_cdecl_2 f, void *, void *); 22 | nodep::DWORD __declspec(noinline) call_cdecl_3(struct ExecutionEnvironment *env, _fn_cdecl_3 f, void *, void *, void *); 23 | nodep::DWORD __declspec(noinline) call_cdecl_4(struct ExecutionEnvironment *env, _fn_cdecl_4 f, void *, void *, void *, void *); 24 | 25 | nodep::DWORD __declspec(noinline) call_stdcall_0(struct ExecutionEnvironment *env, _fn_stdcall_0 f); 26 | nodep::DWORD __declspec(noinline) call_stdcall_1(struct ExecutionEnvironment *env, _fn_stdcall_1 f, void *); 27 | nodep::DWORD __declspec(noinline) call_stdcall_2(struct ExecutionEnvironment *env, _fn_stdcall_2 f, void *, void *); 28 | nodep::DWORD __declspec(noinline) call_stdcall_3(struct ExecutionEnvironment *env, _fn_stdcall_3 f, void *, void *, void *); 29 | nodep::DWORD __declspec(noinline) call_stdcall_4(struct ExecutionEnvironment *env, _fn_stdcall_4 f, void *, void *, void *, void *); 30 | 31 | 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /revtracer/common.h: -------------------------------------------------------------------------------- 1 | #ifndef _COMMON_H 2 | #define _COMMON_H 3 | 4 | #ifdef _REVTRACER_DEBUG_PRINT_ 5 | #define ENABLE_DEBUG_TRANSLATIONS 6 | #define ENABLE_DEBUG_TRACKING 7 | #define ENABLE_DEBUG_BRANCHING 8 | #endif 9 | 10 | 11 | #ifdef ENABLE_DEBUG_TRANSLATIONS 12 | #define TRANSLATE_PRINT revtracerImports.dbgPrintFunc 13 | #define TRANSLATE_PRINT_INSTRUCTION RiverPrintInstruction 14 | #else 15 | #define TRANSLATE_PRINT 16 | #define TRANSLATE_PRINT_INSTRUCTION 17 | #endif 18 | 19 | #ifdef ENABLE_DEBUG_TRACKING 20 | #define TRACKING_PRINT revtracerImports.dbgPrintFunc 21 | #define LIB_TRACKING_PRINT exec->DebugPrintf 22 | #else 23 | #define TRACKING_PRINT 24 | #define LIB_TRACKING_PRINT 25 | #endif 26 | 27 | #ifdef ENABLE_DEBUG_BRANCHING 28 | #define BRANCHING_PRINT revtracerImports.dbgPrintFunc 29 | #else 30 | #define BRANCHING_PRINT 31 | #endif 32 | 33 | #ifdef _MSC_VER 34 | #define DEBUG_BREAK __asm \ 35 | { __asm int 3 } 36 | #else 37 | #define DEBUG_BREAK asm volatile("int $0x3") 38 | typedef unsigned int size_t; 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /revtracer/crc32.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRC32_H 2 | #define _CRC32_H 3 | 4 | unsigned long crc32 (unsigned long crc, unsigned char *buf, unsigned long len); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /revtracer/crtStub.cpp: -------------------------------------------------------------------------------- 1 | #include "common.h" 2 | 3 | extern "C" int __cdecl _purecall(void) { 4 | DEBUG_BREAK; 5 | return 0; 6 | } -------------------------------------------------------------------------------- /revtracer/environment.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENVIRONMENT_H 2 | #define _ENVIRONMENT_H 3 | 4 | #include "revtracer.h" 5 | 6 | //void *EnvMemoryAlloc (DWORD dwSize); 7 | //void EnvMemoryFree (void *b); 8 | 9 | extern "C" { 10 | void __stdcall BranchHandler( 11 | struct ExecutionEnvironment *, 12 | rev::ADDR_TYPE 13 | ); 14 | void __stdcall SysHandler( 15 | struct ExecutionEnvironment * 16 | ); 17 | void __cdecl SysEndHandler( 18 | struct ExecutionEnvironment *, 19 | nodep::DWORD, 20 | nodep::DWORD, 21 | nodep::DWORD, 22 | nodep::DWORD, 23 | nodep::DWORD, 24 | nodep::DWORD, 25 | nodep::DWORD, 26 | nodep::DWORD, 27 | nodep::DWORD 28 | ); 29 | }; 30 | 31 | int dbg0(char *pFormat); 32 | int dbg1(char *pFormat, nodep::DWORD p1); 33 | int dbg2(char *pFormat, nodep::DWORD p1, nodep::DWORD p2); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /revtracer/execenv.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXEC_ENV_H 2 | #define _EXEC_ENV_H 3 | 4 | #include "environment.h" 5 | #include "sync.h" 6 | #include "river.h" 7 | #include "mm.h" 8 | #include "cb.h" 9 | #include "CodeGen.h" 10 | #include "Runtime.h" 11 | #include "AddressContainer.h" 12 | 13 | struct ExecutionEnvironment { 14 | RiverRuntime runtimeContext; 15 | 16 | nodep::UINT_PTR saveLog; 17 | 18 | unsigned int /*heapSize,*/ historySize /*, logHashSize*/, outBufferSize; 19 | 20 | unsigned char *pStack; // = NULL; 21 | 22 | RiverHeap heap; 23 | 24 | //_tbm_mutex cbLock; // = 0; 25 | //struct _cb_info **hashTable; // = 0 26 | RiverBasicBlockCache blockCache; 27 | 28 | nodep::UINT_PTR lastFwBlock; 29 | //UINT_PTR *history; 30 | //unsigned long posHist, totHist; // = 0; 31 | 32 | nodep::UINT_PTR *executionBuffer, executionBase; 33 | 34 | //unsigned char *saveBuffer; 35 | 36 | unsigned int bForward; 37 | 38 | RiverCodeGen codeGen; 39 | 40 | nodep::DWORD exitAddr; 41 | 42 | bool bValid; 43 | void *userContext; 44 | 45 | AddressContainer ac; 46 | 47 | nodep::DWORD generationFlags; 48 | public : 49 | void* operator new(size_t); 50 | void operator delete(void*); 51 | 52 | ExecutionEnvironment(nodep::DWORD flags, unsigned int heapSize, unsigned int historySize, unsigned int executionSize, unsigned int trackSize, unsigned int logHashSize, unsigned int outBufferSize); 53 | ~ExecutionEnvironment(); 54 | }; 55 | 56 | void *AllocUserContext(struct ExecutionEnvironment *pEnv, unsigned int size); 57 | void DeleteUserContext(struct ExecutionEnvironment *pEnv); 58 | 59 | #endif 60 | -------------------------------------------------------------------------------- /revtracer/mm.h: -------------------------------------------------------------------------------- 1 | #ifndef __MM_H 2 | #define __MM_H 3 | 4 | #include "revtracer.h" 5 | 6 | #define HEAP_SIZE 0x100000 7 | 8 | extern "C" void rev_memcpy(void *dest, const void *src, unsigned int size); 9 | extern "C" void rev_memset(void *dest, int val, unsigned int size); 10 | 11 | struct HeapZone; 12 | 13 | /* A self contained heap */ 14 | class RiverHeap { 15 | private : 16 | nodep::BYTE *pHeap; 17 | HeapZone *pFirstFree; 18 | nodep::DWORD size; 19 | public : 20 | RiverHeap(); 21 | ~RiverHeap(); 22 | 23 | bool Init(nodep::DWORD heapSize); 24 | bool Destroy(); 25 | 26 | void PrintInfo(HeapZone *fz); 27 | void List(); 28 | 29 | void *Alloc(nodep::DWORD size); 30 | void Free(void *ptr); 31 | }; 32 | 33 | #endif // __MM_H 34 | 35 | -------------------------------------------------------------------------------- /revtracer/modrm32.h: -------------------------------------------------------------------------------- 1 | #ifndef _MODRM32_H 2 | #define _MODRM32_H 3 | 4 | #define FLAG_NONE 0x00000000 5 | #define FLAG_REP 0x00000001 6 | #define FLAG_SEG 0x00000002 7 | #define FLAG_O16 0x00000004 8 | #define FLAG_A16 0x00000008 9 | #define FLAG_LOCK 0x00000010 10 | #define FLAG_EXT 0x00000020 11 | 12 | /* river flag to mark a disabled instruction */ 13 | #define FLAG_RNONE 0x10000000 14 | /* river flag to mark a custom opcode */ 15 | #define FLAG_RIVER 0x20000000 16 | #define FLAG_PFX 0x40000000 17 | #define FLAG_BRANCH 0x80000000 18 | 19 | nodep::DWORD GetModrmSize (nodep::DWORD, nodep::BYTE *pI); 20 | 21 | #endif // _MODRM32_H 22 | 23 | -------------------------------------------------------------------------------- /revtracer/revtracer.stub.S: -------------------------------------------------------------------------------- 1 | .intel_syntax noprefix 2 | .global _RevtracerPerform 3 | .global _shadowStack 4 | .global _TracerInitialization 5 | .global _revtracerConfig 6 | 7 | .text 8 | _RevtracerPerform: 9 | xchg esp, _shadowStack 10 | pusha 11 | pushf 12 | 13 | call _TracerInitialization 14 | 15 | popf 16 | popa 17 | xchg esp, _shadowStack 18 | jmp [_revtracerConfig + 0] 19 | -------------------------------------------------------------------------------- /revtracer/riverinternl.h: -------------------------------------------------------------------------------- 1 | #ifndef _RIVER_INTERNAL_H 2 | #define _RIVER_INTERNAL_H 3 | 4 | #include "river.h" 5 | #include "CodeGen.h" 6 | #include "Runtime.h" 7 | 8 | typedef void(*AssemblingOpcodeFunc)(RiverCodeGen *cg, RiverRuntime *rt, struct RiverInstruction *ri, nodep::BYTE **px86, nodep::DWORD *pFlags); 9 | typedef void(*AssemblingOperandsFunc)(RiverCodeGen *cg, struct RiverInstruction *ri, nodep::BYTE **px86); 10 | 11 | typedef void(*TranslateOpcodeFunc)(RiverCodeGen *cg, struct RiverInstruction *ri, nodep::BYTE **px86, nodep::DWORD *pFlags); 12 | typedef void(*TranslateOperandsFunc)(RiverCodeGen *cg, struct RiverInstruction *ri, nodep::BYTE **px86); 13 | 14 | typedef void(*ConvertInstructionFunc)(RiverCodeGen *cg, struct RiverInstruction *rIn, struct RiverInstruction *rOut, nodep::DWORD *outCount); 15 | 16 | 17 | /*extern const TranslateOpcodeFunc TranslateOpcodeTable00[]; 18 | extern const TranslateOpcodeFunc TranslateOpcodeTable0F[]; 19 | 20 | extern const TranslateOperandsFunc TranslateOperandsTable00[]; 21 | extern const TranslateOperandsFunc TranslateOperandsTable0F[];*/ 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /revtracer/sync.cpp: -------------------------------------------------------------------------------- 1 | //#include 2 | #include "revtracer.h" 3 | #include "sync.h" 4 | 5 | //using namespace rev; 6 | #ifdef _MSC_VER 7 | #include 8 | #define LOCK_XCHG(target, value) _InterlockedExchange(target, value) 9 | #else 10 | #define LOCK_XCHG(target, value) ({ asm volatile("xchgl %0, %1" : "+m"(*target) : "r"(value) : "memory"); value; }) 11 | #endif 12 | 13 | RiverMutex::RiverMutex() { 14 | mtx = 0; 15 | } 16 | 17 | RiverMutex::~RiverMutex() { 18 | } 19 | 20 | void RiverMutex::Lock() { 21 | while (1) { 22 | if (0 == LOCK_XCHG(&mtx, 1)) { 23 | break; 24 | } 25 | 26 | //Sleep? 27 | } 28 | } 29 | 30 | void RiverMutex::Unlock() { 31 | //DbgPrint("UNLOCK %08x\n", mutex); 32 | LOCK_XCHG(&mtx, 0); 33 | } 34 | -------------------------------------------------------------------------------- /revtracer/sync.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYNC_H 2 | #define _SYNC_H 3 | 4 | class RiverMutex { 5 | private : 6 | volatile long mtx; 7 | public : 8 | RiverMutex(); 9 | ~RiverMutex(); 10 | 11 | void Lock(); 12 | void Unlock(); 13 | }; 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /revtracerexe/Extern.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | //#include 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #include "extern.h" 11 | #include "../revtracer/revtracer.h" 12 | 13 | __declspec(dllimport) int vsnprintf_s( 14 | char *buffer, 15 | size_t sizeOfBuffer, 16 | size_t count, 17 | const char *format, 18 | va_list argptr 19 | ); 20 | 21 | void ___DbgPrint(const char *fmt, ...) { 22 | } 23 | 24 | DbgPrintFunc DbgPrint = ___DbgPrint; 25 | 26 | typedef BOOL (*MyIPFPFunc)(DWORD ProcessorFeature); 27 | 28 | BOOL __stdcall MyIsProcessorFeaturePresent(DWORD ProcessorFeature) { 29 | static MyIPFPFunc func = NULL; 30 | 31 | /*if (NULL == func) { 32 | HMODULE hKernel = GetModuleHandle("kernel32.dll"); 33 | func = (MyIPFPFunc)GetProcAddress(hKernel, "IsProcessorFeaturePresent"); 34 | }*/ 35 | 36 | switch (ProcessorFeature) { 37 | case PF_MMX_INSTRUCTIONS_AVAILABLE : 38 | case PF_SSE3_INSTRUCTIONS_AVAILABLE : 39 | case PF_XMMI64_INSTRUCTIONS_AVAILABLE : 40 | case PF_XMMI_INSTRUCTIONS_AVAILABLE : 41 | case PF_COMPARE_EXCHANGE_DOUBLE : 42 | case PF_COMPARE_EXCHANGE128 : 43 | case PF_COMPARE64_EXCHANGE128 : 44 | return FALSE; 45 | default: 46 | //return func(ProcessorFeature); 47 | return TRUE; 48 | } 49 | } 50 | 51 | VOID __stdcall MyExitProcess(DWORD retCode) { 52 | //rev::RevtracerAPI *api = &rev::revtracerAPI; 53 | //api->dbgPrintFunc("Guest process exited with code %d\n", retCode); 54 | ExitProcess(retCode); 55 | } -------------------------------------------------------------------------------- /revtracerexe/Extern.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXTERN_H 2 | #define _EXTERN_H 3 | 4 | /* Define NULL pointer value */ 5 | #ifndef NULL 6 | #ifdef __cplusplus 7 | #define NULL 0 8 | #else /* __cplusplus */ 9 | #define NULL ((void *)0) 10 | #endif /* __cplusplus */ 11 | #endif /* NULL */ 12 | 13 | #if !defined(_W64) 14 | #if !defined(__midl) && (defined(_X86_) || defined(_M_IX86) || defined(_ARM_) || defined(_M_ARM)) && _MSC_VER >= 1300 15 | #define _W64 __w64 16 | #else 17 | #define _W64 18 | #endif 19 | #endif 20 | 21 | #if defined(_WIN64) 22 | typedef __int64 INT_PTR, *PINT_PTR; 23 | typedef unsigned __int64 UINT_PTR, *PUINT_PTR; 24 | 25 | typedef __int64 LONG_PTR, *PLONG_PTR; 26 | typedef unsigned __int64 ULONG_PTR, *PULONG_PTR; 27 | 28 | #define __int3264 __int64 29 | 30 | #else 31 | typedef _W64 int INT_PTR, *PINT_PTR; 32 | typedef _W64 unsigned int UINT_PTR, *PUINT_PTR; 33 | 34 | typedef _W64 long LONG_PTR, *PLONG_PTR; 35 | typedef _W64 unsigned long ULONG_PTR, *PULONG_PTR; 36 | 37 | #define __int3264 __int32 38 | 39 | #endif 40 | 41 | typedef void *ADDR_TYPE; 42 | 43 | typedef unsigned long long QWORD; 44 | typedef unsigned long DWORD; 45 | typedef unsigned short WORD; 46 | typedef unsigned char BYTE; 47 | 48 | typedef void(*DbgPrintFunc)(const char *fmt, ...); 49 | typedef void *(*MemoryAllocFunc)(DWORD dwSize); 50 | typedef void(*MemoryFreeFunc)(void *ptr); 51 | 52 | 53 | typedef QWORD(*TakeSnapshotFunc)(); 54 | typedef QWORD(*RestoreSnapshotFunc)(); 55 | 56 | 57 | 58 | 59 | extern DbgPrintFunc DbgPrint; 60 | 61 | extern MemoryAllocFunc EnvMemoryAlloc; 62 | extern MemoryFreeFunc EnvMemoryFree; 63 | 64 | extern TakeSnapshotFunc TakeSnapshot; 65 | extern RestoreSnapshotFunc RestoreSnapshot; 66 | 67 | /*void DbgPrint(const char *fmt, ...); 68 | 69 | void *EnvMemoryAlloc(unsigned long dwSize); 70 | void EnvMemoryFree(void *b); 71 | 72 | unsigned long long TakeSnapshot(); 73 | unsigned long long RestoreSnapshot();*/ 74 | 75 | #endif -------------------------------------------------------------------------------- /revtracerexe/Loader/Abstract.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_MAPPER_H_ 2 | #define _ABSTRACT_MAPPER_H_ 3 | 4 | #include "Types.h" 5 | 6 | class AbstractPEMapper { 7 | public: 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) = 0; 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0; 14 | }; 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /revtracerexe/Loader/Inproc.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Inproc.Mapper.h" 3 | 4 | 5 | void *InprocMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return VirtualAlloc(lpAddress, dwSize, MEM_RESERVE | MEM_COMMIT, flProtect); 7 | } 8 | 9 | bool InprocMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | DWORD oldProtect; 11 | return TRUE == VirtualProtect(lpAddress, dwSize, flProtect, &oldProtect); 12 | } 13 | 14 | bool InprocMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 15 | memcpy(lpAddress, lpBuffer, nSize); 16 | return true; 17 | } 18 | 19 | DWORD InprocMapper::FindImport(const char *moduleName, const char *funcName) { 20 | HMODULE hModule = GetModuleHandleA(moduleName); 21 | 22 | if (NULL == hModule) { 23 | return 0xFFFFFFFF; 24 | } 25 | 26 | return (DWORD)GetProcAddress(hModule, funcName); 27 | } 28 | 29 | DWORD InprocMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 30 | HMODULE hModule = GetModuleHandleA(moduleName); 31 | 32 | if (NULL == hModule) { 33 | return 0xFFFFFFFF; 34 | } 35 | 36 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 37 | } -------------------------------------------------------------------------------- /revtracerexe/Loader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class InprocMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /revtracerexe/Loader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | typedef unsigned short USHORT; 5 | typedef long LONG; 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned short WORD; 9 | typedef unsigned long DWORD; 10 | typedef unsigned long long QWORD; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /revtracerexe/MapPE.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include "Loader/PE.ldr.h" 3 | #include "Loader/Inproc.Mapper.h" 4 | 5 | int __stdcall MyIsProcessorFeaturePresent(DWORD ProcessorFeature); 6 | void __stdcall MyExitProcess(DWORD retCode); 7 | 8 | class HookedMapper : public InprocMapper { 9 | public : 10 | virtual DWORD FindImport(const char *moduleName, const char *funcName) { 11 | if (0 == _strcmpi(moduleName, "kernel32.dll")) { 12 | if (0 == _strcmpi(funcName, "IsProcessorFeaturePresent")) { 13 | return (DWORD)MyIsProcessorFeaturePresent; 14 | } 15 | 16 | if (0 == _strcmpi(funcName, "ExitProcess")) { 17 | return (DWORD)MyExitProcess; 18 | } 19 | } 20 | return InprocMapper::FindImport(moduleName, funcName); 21 | 22 | } 23 | }; 24 | 25 | bool MapPE(DWORD &baseAddr) { 26 | HookedMapper mapper; 27 | FloatingPE pe("..\\lzo\\a.exe"); 28 | //FloatingPE pe("..\\fibonacci\\fib.exe"); 29 | //FloatingPE pe("..\\lzo\\hw.exe"); 30 | 31 | if (!pe.MapPE(mapper, baseAddr)) { 32 | printf("Couldn't map pe!"); 33 | return false; 34 | } 35 | 36 | return true; 37 | } -------------------------------------------------------------------------------- /tracer.simple/Makefile: -------------------------------------------------------------------------------- 1 | mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST))) 2 | makefile_dir := $(patsubst %/,%,$(dir $(mkfile_path))) 3 | 4 | simple_tracer := simple_tracer 5 | CC := gcc 6 | CXX := g++ 7 | CPP_FILES := Main.cpp 8 | OBJ_FILES := Main.o 9 | LD_PATHS:= -L$(makefile_dir)/../DisableSSE -L$(makefile_dir)/../Execution -L$(makefile_dir) 10 | 11 | LD_FLAGS:= -lexecution -lpthread -ldl -ldisablesse 12 | CC_FLAGS_CROSS = -D__cdecl="" -D__stdcall="" 13 | NO_SSE := -mno-mmx -mno-sse -march=i386 14 | CXX_FLAGS += -m32 $(NO_SSE) -std=c++11 $(CC_FLAGS_CROSS) 15 | CC_FLAGS += -m32 $(NO_SSE) $(CC_FLAGS_CROSS) 16 | prefix := /usr/local 17 | 18 | all: $(simple_tracer) 19 | 20 | install: $(simple_tracer) 21 | install -m 0755 $(simple_tracer) -t $(prefix)/bin -D 22 | 23 | $(simple_tracer): $(OBJ_FILES) 24 | $(CXX) $(LD_PATHS) $(CXX_FLAGS) -o $@ $(OBJ_FILES) $(LD_FLAGS) 25 | 26 | Main.o: Main.cpp 27 | $(CXX) $(CXX_FLAGS) -c -o $@ $< 28 | 29 | .PHONY: clean 30 | clean: 31 | $(RM) $(simple_tracer) $(OBJ_FILES_SO) $(OBJ_FILES) 32 | -------------------------------------------------------------------------------- /tracer/Loader/Abstract.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _ABSTRACT_MAPPER_H_ 2 | #define _ABSTRACT_MAPPER_H_ 3 | 4 | #include "Types.h" 5 | 6 | class AbstractPEMapper { 7 | public: 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) = 0; 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) = 0; 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName) = 0; 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal) = 0; 14 | }; 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /tracer/Loader/Inproc.Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "Inproc.Mapper.h" 3 | 4 | 5 | void *InprocMapper::CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect) { 6 | return VirtualAlloc(lpAddress, dwSize, MEM_RESERVE | MEM_COMMIT, flProtect); 7 | } 8 | 9 | bool InprocMapper::ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect) { 10 | DWORD oldProtect; 11 | return TRUE == VirtualProtect(lpAddress, dwSize, flProtect, &oldProtect); 12 | } 13 | 14 | bool InprocMapper::WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize) { 15 | memcpy(lpAddress, lpBuffer, nSize); 16 | return true; 17 | } 18 | 19 | DWORD InprocMapper::FindImport(const char *moduleName, const char *funcName) { 20 | HMODULE hModule = GetModuleHandleA(moduleName); 21 | 22 | if (NULL == hModule) { 23 | return 0xFFFFFFFF; 24 | } 25 | 26 | return (DWORD)GetProcAddress(hModule, funcName); 27 | } 28 | 29 | DWORD InprocMapper::FindImport(const char *moduleName, const unsigned int funcOrdinal) { 30 | HMODULE hModule = GetModuleHandleA(moduleName); 31 | 32 | if (NULL == hModule) { 33 | return 0xFFFFFFFF; 34 | } 35 | 36 | return (DWORD)GetProcAddress(hModule, (LPCSTR)funcOrdinal); 37 | } -------------------------------------------------------------------------------- /tracer/Loader/Inproc.Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _INPROC_MAPPER_H_ 2 | #define _INPROC_MAPPER_H_ 3 | 4 | #include "Abstract.Mapper.h" 5 | 6 | class InprocMapper : public AbstractPEMapper { 7 | public : 8 | virtual void *CreateSection(void *lpAddress, size_t dwSize, DWORD flProtect); 9 | virtual bool ChangeProtect(void *lpAddress, size_t dwSize, DWORD flProtect); 10 | virtual bool WriteBytes(void *lpAddress, void *lpBuffer, size_t nSize); 11 | 12 | virtual DWORD FindImport(const char *moduleName, const char *funcName); 13 | virtual DWORD FindImport(const char *moduleName, const unsigned int funcOrdinal); 14 | }; 15 | 16 | #endif -------------------------------------------------------------------------------- /tracer/Loader/Types.h: -------------------------------------------------------------------------------- 1 | #ifndef _TYPES_H_ 2 | #define _TYPES_H_ 3 | 4 | typedef unsigned short USHORT; 5 | typedef long LONG; 6 | 7 | typedef unsigned char BYTE; 8 | typedef unsigned short WORD; 9 | typedef unsigned long DWORD; 10 | typedef unsigned long long QWORD; 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /tracer/MapPE.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include "Loader/PE.ldr.h" 3 | #include "Loader/Inproc.Mapper.h" 4 | 5 | extern "C" BYTE MapPE(DWORD *baseAddr) { 6 | InprocMapper mapper; 7 | FloatingPE pe("..\\lzo\\a.exe"); 8 | DWORD dwAddr = *baseAddr; 9 | 10 | if (!pe.MapPE(mapper, dwAddr)) { 11 | printf("Couldn't map pe!"); 12 | return 0; 13 | } 14 | 15 | *baseAddr = dwAddr; 16 | return 1; 17 | } -------------------------------------------------------------------------------- /tracer/callgates.h: -------------------------------------------------------------------------------- 1 | #ifndef _CALL_GATES_H 2 | #define _CALL_GATES_H 3 | 4 | #include "environment.h" 5 | #include "execenv.h" 6 | 7 | typedef DWORD (_cdecl *_fn_cdecl_0) (void); 8 | typedef DWORD (_cdecl *_fn_cdecl_1) (void *); 9 | typedef DWORD (_cdecl *_fn_cdecl_2) (void *, void *); 10 | typedef DWORD (_cdecl *_fn_cdecl_3) (void *, void *, void *); 11 | typedef DWORD (_cdecl *_fn_cdecl_4) (void *, void *, void *, void *); 12 | 13 | typedef DWORD (_stdcall *_fn_stdcall_0) (void); 14 | typedef DWORD (_stdcall *_fn_stdcall_1) (void *); 15 | typedef DWORD (_stdcall *_fn_stdcall_2) (void *, void *); 16 | typedef DWORD (_stdcall *_fn_stdcall_3) (void *, void *, void *); 17 | typedef DWORD (_stdcall *_fn_stdcall_4) (void *, void *, void *, void *); 18 | 19 | DWORD __declspec(noinline) call_cdecl_0 (struct _exec_env *env, _fn_cdecl_0 f); 20 | DWORD __declspec(noinline) call_cdecl_1 (struct _exec_env *env, _fn_cdecl_1 f, void *); 21 | DWORD __declspec(noinline) call_cdecl_2 (struct _exec_env *env, _fn_cdecl_2 f, void *, void *); 22 | DWORD __declspec(noinline) call_cdecl_3 (struct _exec_env *env, _fn_cdecl_3 f, void *, void *, void *); 23 | DWORD __declspec(noinline) call_cdecl_4 (struct _exec_env *env, _fn_cdecl_4 f, void *, void *, void *, void *); 24 | 25 | DWORD __declspec(noinline) call_stdcall_0 (struct _exec_env *env, _fn_stdcall_0 f); 26 | DWORD __declspec(noinline) call_stdcall_1 (struct _exec_env *env, _fn_stdcall_1 f, void *); 27 | DWORD __declspec(noinline) call_stdcall_2 (struct _exec_env *env, _fn_stdcall_2 f, void *, void *); 28 | DWORD __declspec(noinline) call_stdcall_3 (struct _exec_env *env, _fn_stdcall_3 f, void *, void *, void *); 29 | DWORD __declspec(noinline) call_stdcall_4 (struct _exec_env *env, _fn_stdcall_4 f, void *, void *, void *, void *); 30 | 31 | 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /tracer/cb.h: -------------------------------------------------------------------------------- 1 | #ifndef _CB_H 2 | #define _CB_H 3 | 4 | #include "execenv.h" 5 | 6 | //#include 7 | //#include 8 | 9 | 10 | struct _cb_info { 11 | UINT_PTR address; 12 | unsigned long dwSize; 13 | unsigned long dwCRC; 14 | unsigned long dwParses; 15 | unsigned char *pCode; 16 | struct _cb_info *pNext; 17 | }; 18 | 19 | struct _cb_info *NewBlock (struct _exec_env *pEnv); 20 | struct _cb_info *FindBlock (struct _exec_env *pEnv, unsigned long); 21 | 22 | void AddBlock (struct _exec_env *pEnv, struct _cb_info *); 23 | int InitBlock(struct _exec_env *pEnv, unsigned int logHashSize, unsigned int historySize); 24 | void CloseBlock (struct _exec_env *pEnv); 25 | 26 | void PrintHistory (struct _exec_env *pEnv); 27 | DWORD DumpHistory(struct _exec_env *pEnv, unsigned char *o, unsigned long s, unsigned long *sz); 28 | 29 | int Translate (struct _exec_env *pEnv, struct _cb_info *pCB, DWORD dwTranslationFlags); 30 | 31 | 32 | /* 33 | 8 dwords = 32 bytes 34 | */ 35 | 36 | 37 | #define CB_FLAG_SYSOUT 0x80000000 38 | 39 | 40 | #endif // _CB_H 41 | 42 | -------------------------------------------------------------------------------- /tracer/codetbl.h: -------------------------------------------------------------------------------- 1 | #ifndef _CODETBL_H 2 | #define _CODETBL_H 3 | 4 | #include "execenv.h" 5 | 6 | typedef unsigned int (__stdcall *OpCopy)(struct _exec_env *pEnv, struct _cb_info *pCB, unsigned int *dwFlags, char *pI, char *pD, unsigned int *dwWritten); 7 | 8 | extern OpCopy Table00[], Table0F[]; 9 | 10 | unsigned int AddSysEndPrefix(struct _exec_env *pEnv, char *p); 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /tracer/common.h: -------------------------------------------------------------------------------- 1 | #ifndef _COMMON_H 2 | #define _COMMON_H 3 | 4 | #define NULL ((void *)0) 5 | 6 | #endif -------------------------------------------------------------------------------- /tracer/crc32.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRC32_H 2 | #define _CRC32_H 3 | 4 | unsigned long crc32 (unsigned long crc, unsigned char *buf, unsigned long len); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /tracer/environment.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENVIRONMENT_H 2 | #define _ENVIRONMENT_H 3 | 4 | typedef unsigned long DWORD; 5 | typedef unsigned short WORD; 6 | typedef unsigned char BYTE; 7 | 8 | void *EnvMemoryAlloc (DWORD dwSize); 9 | void EnvMemoryFree (BYTE *b); 10 | 11 | void __stdcall BranchHandler(struct _exec_env *, DWORD); 12 | void __cdecl SysHandler(struct _exec_env *, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD); 13 | void __cdecl SysEndHandler(struct _exec_env *, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD); 14 | 15 | int dbg0(char *pFormat); 16 | int dbg1(char *pFormat, DWORD p1); 17 | int dbg2(char *pFormat, DWORD p1, DWORD p2); 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /tracer/execenv.c: -------------------------------------------------------------------------------- 1 | #include "execenv.h" 2 | #include "mm.h" 3 | #include "cb.h" 4 | 5 | //#include "lup.h" //for now 6 | #include "common.h" 7 | 8 | struct _exec_env *NewEnv(unsigned int heapSize, unsigned int historySize, unsigned int logHashSize, unsigned int outBufferSize) { 9 | struct _exec_env *pEnv; 10 | 11 | if (NULL == (pEnv = EnvMemoryAlloc(sizeof(*pEnv)))) { 12 | return NULL; 13 | } 14 | 15 | memset(pEnv, 0, sizeof(*pEnv)); 16 | 17 | if (0 == SC_HeapInit(pEnv, heapSize)) { 18 | EnvMemoryFree((BYTE *)pEnv); 19 | return NULL; 20 | } 21 | 22 | if (0 == InitBlock(pEnv, logHashSize, historySize)) { 23 | SC_HeapDestroy(pEnv); 24 | EnvMemoryFree((BYTE *)pEnv); 25 | return NULL; 26 | } 27 | 28 | if (NULL == (pEnv->outBuffer = EnvMemoryAlloc(outBufferSize))) { 29 | CloseBlock(pEnv); 30 | SC_HeapDestroy(pEnv); 31 | EnvMemoryFree((BYTE *)pEnv); 32 | return NULL; 33 | } 34 | pEnv->outBufferSize = outBufferSize; 35 | 36 | if (NULL == (pEnv->pStack = EnvMemoryAlloc (0x100000))) { 37 | EnvMemoryFree((BYTE *)pEnv->outBuffer); 38 | CloseBlock(pEnv); 39 | SC_HeapDestroy(pEnv); 40 | EnvMemoryFree((BYTE *)pEnv); 41 | return NULL; 42 | } 43 | 44 | memset (pEnv->pStack, 0, 0x100000); 45 | 46 | pEnv->virtualStack = (DWORD) pEnv->pStack + 0xFFFF0; 47 | 48 | return pEnv; 49 | } 50 | 51 | void DeleteEnv(struct _exec_env *pEnv) { 52 | if (pEnv != NULL) { 53 | DeleteUserContext(pEnv); 54 | 55 | CloseBlock(pEnv); 56 | SC_HeapDestroy(pEnv); 57 | 58 | EnvMemoryFree((BYTE *)pEnv->pStack); 59 | pEnv->pStack = NULL; 60 | 61 | EnvMemoryFree((BYTE *)pEnv); 62 | pEnv = NULL; 63 | } 64 | } 65 | 66 | void *AllocUserContext(struct _exec_env *pEnv, unsigned int size) { 67 | if (NULL != pEnv->userContext) { 68 | return NULL; 69 | } 70 | 71 | pEnv->userContext = SC_HeapAlloc(pEnv, size); 72 | memset(pEnv->userContext, 0, size); 73 | return pEnv->userContext; 74 | } 75 | 76 | void DeleteUserContext(struct _exec_env *pEnv) { 77 | if (NULL == pEnv->userContext) { 78 | return; 79 | } 80 | 81 | SC_HeapFree(pEnv, pEnv->userContext); 82 | pEnv->userContext = NULL; 83 | } 84 | -------------------------------------------------------------------------------- /tracer/execenv.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXEC_ENV_H 2 | #define _EXEC_ENV_H 3 | 4 | //#include 5 | #include 6 | #include "environment.h" 7 | #include "sync.h" 8 | 9 | 10 | struct _zone; 11 | struct _cb_info; 12 | 13 | typedef struct _exec_env { 14 | UINT_PTR virtualStack; //mandatory first member (used in vm-rm transitions 15 | UINT_PTR returnRegister; // ax/eax/rax value 16 | UINT_PTR jumpBuff; 17 | 18 | unsigned int heapSize, historySize, logHashSize, outBufferSize; 19 | 20 | unsigned char *pStack; // = NULL; 21 | 22 | unsigned char *pHeap; //NULL 23 | struct _zone *pFirstFree; //NULL 24 | 25 | _tbm_mutex cbLock; // = 0; 26 | struct _cb_info **hashTable; // = 0 27 | 28 | UINT_PTR *history; 29 | unsigned long posHist, totHist; // = 0; 30 | 31 | unsigned char *outBuffer; // = NULL; 32 | void *userContext; 33 | }; 34 | 35 | struct _exec_env *NewEnv(unsigned int heapSize, unsigned int historySize, unsigned int logHashSize, unsigned int outBufferSize); 36 | void DeleteEnv(struct _exec_env *pEnv); 37 | 38 | void *AllocUserContext(struct _exec_env *pEnv, unsigned int size); 39 | void DeleteUserContext(struct _exec_env *pEnv); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /tracer/extern.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include 6 | 7 | #include "extern.h" 8 | 9 | 10 | void DbgPrint(const char *fmt, ...) { 11 | va_list va; 12 | 13 | va_start(va, fmt); 14 | vprintf(fmt, va); 15 | va_end(va); 16 | } 17 | 18 | void *EnvMemoryAlloc(unsigned long dwSize) { 19 | //return ExAllocatePoolWithTag(NonPagedPool, dwSize, 0x3070754C); 20 | void *ret = VirtualAlloc(NULL, dwSize, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); 21 | 22 | return ret; 23 | } 24 | 25 | void EnvMemoryFree(unsigned char *b) { 26 | //ExFreePoolWithTag(b, 0x3070754C); 27 | //VirtualFree(b); 28 | } -------------------------------------------------------------------------------- /tracer/extern.h: -------------------------------------------------------------------------------- 1 | #ifndef _EXTERN_H 2 | #define _EXTERN_H 3 | 4 | void DbgPrint(const char *fmt, ...); 5 | 6 | void *EnvMemoryAlloc(unsigned long dwSize); 7 | void EnvMemoryFree(unsigned char *b); 8 | 9 | #endif -------------------------------------------------------------------------------- /tracer/mm.h: -------------------------------------------------------------------------------- 1 | #ifndef __MM_H 2 | #define __MM_H 3 | 4 | #include "execenv.h" 5 | 6 | #define HEAP_SIZE 0x100000 7 | 8 | void memcpy(void *dest, const void *src, unsigned int size); 9 | void memset(void *dest, int val, unsigned int size); 10 | 11 | int SC_HeapInit (struct _exec_env *pEnv, unsigned int heapSize); 12 | int SC_HeapDestroy (struct _exec_env *pEnv); 13 | void SC_PrintInfo (struct _exec_env *pEnv, struct _zone *fz); 14 | int SC_HeapList (struct _exec_env *pEnv); 15 | unsigned char *SC_HeapAlloc (struct _exec_env *pEnv, unsigned long sz); 16 | int SC_HeapFree (struct _exec_env *pEnv, unsigned char *p); 17 | 18 | 19 | #endif // __MM_H 20 | 21 | -------------------------------------------------------------------------------- /tracer/modrm32.h: -------------------------------------------------------------------------------- 1 | #ifndef _MODRM32_H 2 | #define _MODRM32_H 3 | 4 | #define FLAG_NONE 0x00000000 5 | #define FLAG_REP 0x00000001 6 | #define FLAG_SEG 0x00000002 7 | #define FLAG_O16 0x00000004 8 | #define FLAG_A16 0x00000008 9 | #define FLAG_LOCK 0x00000010 10 | #define FLAG_EXT 0x00000020 11 | #define FLAG_PFX 0x40000000 12 | #define FLAG_BRANCH 0x80000000 13 | 14 | DWORD GetModrmSize (DWORD, BYTE *pI); 15 | 16 | #endif // _MODRM32_H 17 | 18 | -------------------------------------------------------------------------------- /tracer/nld2msg.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitdefender/river/3d779856c4ba142a526c9b4f998f7439a15826f5/tracer/nld2msg.h -------------------------------------------------------------------------------- /tracer/src.c: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | int __cdecl overlap(unsigned int a1, unsigned int a2, unsigned int b1, unsigned int b2) { 5 | 6 | if (!(a1 < a2 || b1 < b2)) { 7 | return -1; 8 | } 9 | 10 | if (b1 > a2) { 11 | return 0; 12 | } 13 | 14 | if (b2 < a1) { 15 | return 0; 16 | } 17 | 18 | if (b1 <= a1 && b2 <= a2) { 19 | return 1; 20 | } 21 | 22 | return 0; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /tracer/sync.c: -------------------------------------------------------------------------------- 1 | //#include 2 | #include "extern.h" 3 | #include "sync.h" 4 | 5 | void TbmMutexLock(_tbm_mutex *mutex) { 6 | //DbgPrint("LOCK %08x\n", mutex); 7 | while (1) { 8 | if (0 == _InterlockedExchange(mutex, 1)) { 9 | break; 10 | } 11 | 12 | //Sleep? 13 | } 14 | } 15 | 16 | void TbmMutexUnlock(_tbm_mutex *mutex) { 17 | //DbgPrint("UNLOCK %08x\n", mutex); 18 | _InterlockedExchange(mutex, 0); 19 | } -------------------------------------------------------------------------------- /tracer/sync.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYNC_H 2 | #define _SYNC_H 3 | 4 | typedef volatile long _tbm_mutex; 5 | 6 | void TbmMutexLock(_tbm_mutex *mutex); 7 | void TbmMutexUnlock(_tbm_mutex *mutex); 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /wrapper.setup/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | ## wrapper.setup CMakeLists.txt 2 | 3 | set(LIBRARY_NAME wrappersetup) 4 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11") 5 | 6 | add_library(${LIBRARY_NAME} STATIC 7 | Setup.Linux.cpp 8 | Setup.Windows.cpp 9 | ) 10 | 11 | install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib) 12 | -------------------------------------------------------------------------------- /wrapper.setup/Makefile: -------------------------------------------------------------------------------- 1 | lib_wrappersetup := libwrappersetup.a 2 | CC := gcc 3 | CXX := g++ 4 | CPP_FILES := Setup.Linux.cpp Setup.Windows.cpp 5 | OBJ_FILES := $(addprefix ,$(notdir $(CPP_FILES:.cpp=.o))) 6 | LD_FLAGS := 7 | CXX_FLAGS += -g -m32 -std=c++11 8 | CC_FLAGS += -g -m32 -std=c++11 9 | prefix := /usr/local 10 | 11 | all: $(lib_wrappersetup) 12 | 13 | install: $(lib_wrappersetup) 14 | install -m 0755 $(lib_wrappersetup) -t $(prefix)/lib -D 15 | 16 | $(lib_wrappersetup): $(OBJ_FILES) 17 | $(AR) rcs $@ $^ 18 | 19 | %.o: %.cpp 20 | $(CXX) $(CXX_FLAGS) -c -o $@ $< 21 | 22 | .PHONY: clean 23 | clean: 24 | $(RM) $(lib_wrappersetup) $(OBJ_FILES) *.o main 25 | -------------------------------------------------------------------------------- /wrapper.setup/Setup.Windows.cpp: -------------------------------------------------------------------------------- 1 | #ifndef __linux__ 2 | 3 | #include "../CommonCrossPlatform/Common.h" 4 | #include "Wrapper.Setup.h" 5 | 6 | extern "C" bool InitWrapperOffsets(ext::LibraryLayout *libs, revwrapper::WrapperImports *api) { 7 | 8 | LIB_T hNtDll = GET_LIB_HANDLER(L"ntdll.dll"); 9 | DWORD baseNtDll = GET_LIB_BASE(hNtDll); 10 | 11 | if (!hNtDll) { 12 | return false; 13 | } 14 | 15 | libs->winLib.ntdllBase = baseNtDll; 16 | 17 | api->libraries = libs; 18 | 19 | api->functions.winFunc.ntdll._virtualAlloc = (DWORD)LOAD_PROC(hNtDll, "NtAllocateVirtualMemory") - baseNtDll; 20 | api->functions.winFunc.ntdll._virtualFree = (DWORD)LOAD_PROC(hNtDll, "NtFreeVirtualMemory") - baseNtDll; 21 | api->functions.winFunc.ntdll._mapMemory = (DWORD)LOAD_PROC(hNtDll, "NtMapViewOfSection") - baseNtDll; 22 | api->functions.winFunc.ntdll._flushMemoryCache = (DWORD)LOAD_PROC(hNtDll, "RtlFlushSecureMemoryCache") - baseNtDll; 23 | api->functions.winFunc.ntdll._terminateProcess = (DWORD)LOAD_PROC(hNtDll, "NtTerminateProcess") - baseNtDll; 24 | api->functions.winFunc.ntdll._writeFile = (DWORD)LOAD_PROC(hNtDll, "NtWriteFile") - baseNtDll; 25 | api->functions.winFunc.ntdll._waitForSingleObject = (DWORD)LOAD_PROC(hNtDll, "NtWaitForSingleObject") - baseNtDll; 26 | api->functions.winFunc.ntdll._systemError = (DWORD)LOAD_PROC(hNtDll, "RtlNtStatusToDosError") - baseNtDll; 27 | api->functions.winFunc.ntdll._formatPrint = (DWORD)LOAD_PROC(hNtDll, "_vsnprintf_s") - baseNtDll; 28 | api->functions.winFunc.ntdll._ntYieldExecution = (DWORD)LOAD_PROC(hNtDll, "NtYieldExecution") - baseNtDll; 29 | api->functions.winFunc.ntdll._flushInstructionCache = (DWORD)LOAD_PROC(hNtDll, "NtFlushInstructionCache") - baseNtDll; 30 | api->functions.winFunc.ntdll._createEvent = (DWORD)LOAD_PROC(hNtDll, "NtCreateEvent") - baseNtDll; 31 | api->functions.winFunc.ntdll._setEvent = (DWORD)LOAD_PROC(hNtDll, "NtSetEvent") - baseNtDll; 32 | 33 | return true; 34 | } 35 | 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /wrapper.setup/Wrapper.Setup.h: -------------------------------------------------------------------------------- 1 | #ifndef _WRAPPER_SETUP_H_ 2 | #define _WRAPPER_SETUP_H_ 3 | 4 | #include "../revtracer-wrapper/RevtracerWrapper.h" 5 | 6 | extern "C" bool InitWrapperOffsets(ext::LibraryLayout *libs, revwrapper::WrapperImports *api); 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /z3/.hgempty: -------------------------------------------------------------------------------- 1 | Download and extract contents of https://github.com/Z3Prover/z3/releases/download/z3-4.4.1/z3-4.4.1-x86-win.zip here. --------------------------------------------------------------------------------