Commit a3021b69 authored by Jason Hiser's avatar Jason Hiser 🚜

more code clean up and readmes

parent f89b2771
Pipeline #2610 passed with stages
in 7 minutes and 35 seconds
......@@ -2,7 +2,7 @@
This project is the "Cookbook" for building an IRDB transform.
Included are three sample transforms:
1. init\_stack -- intialize a stack frame upon entry to a function.
1. initialize\_stack -- intialize a stack frame upon entry to a function.
This transform may be useful to prevent attacks that leverage uninit'd data on the stack.
1. stack\_stamp -- "Stamp" return addresses passed to
functions by xoring the return value with a random value. This transform
......@@ -11,16 +11,21 @@ may be useful to prevent attacks that overwrite a return address, a classic atta
in a program do not contain a useful value, and "kill" the register by writing a random value to it.
This transform is only useful for demonstration and testing.
To build this, one must have downloaded the IRDB's SDK and set the IRDB\_SDK environment variable appropriately.
The IRDB SDK can be found [here](https://git.zephyr-software.com/opensrc/irdb-sdk).
To build this, one must:
To use these transforms, one should set PSPATH to include `COOKBOOK_HOME/plugins_install`, then run `ps_zipr.sh` with the proper step enabled. E.g.:
1. Download the IRDB's SDK and set the IRDB\_SDK environment variable appropriately. The IRDB SDK can be found [here](https://git.zephyr-software.com/opensrc/irdb-sdk).
1. Download the IRDB libraries and set IRDB\_LIBS environment variable appropriately. Documentation on obtaining the IRDB libraries is not yet available.
```
export PSPATH=$PSPATH:$COOKBOOK_HOME/plugins_install
/path/to/ps_zipr.sh --step stack_stamp /bin/ls ./ls.stamped
```
To use these transforms, one should:
To install `ps_zipr`, please see directions available [here](www.zephry-software.com):
1. set `PSPATH` to include `$COOKBOOK_HOME/plugins_install`, e.g. in `bash`:
```
export PSPATH=$PSPATH:$COOKBOOK_HOME/plugins_install
```
This can be achieved by `source set_env_vars` in bash, or the equivilent in your shell. Viewing `set_env_vars` is recommended.
1. Run run `ps_zipr.sh` with the proper step enabled, e.g.:
/path/to/ps_zipr.sh --step stack_stamp /bin/ls ./ls.stamped
```
Documentation on obtaining ps_zipr is not yet available.
......@@ -28,13 +28,11 @@ env.Append(LINKFLAGS=" -Wl,-unresolved-symbols=ignore-in-shared-libs ") # irdb l
# if we are building in debug mode, use -g, else use -O
if int(env['debug']) == 1:
print "Setting debug mode"
env.Append(CFLAGS=" -g ")
env.Append(CXXFLAGS=" -g ")
env.Append(LINKFLAGS=" -g ")
env.Append(SHLINKFLAGS=" -g ")
else:
print "Setting release mode"
env.Append(CFLAGS=" -O ")
env.Append(CXXFLAGS=" -O ")
env.Append(LINKFLAGS=" -O ")
......
This directory contains internal testing for gitlab.
Most people should be able to ignore this.
# import and create a copy of the environment so we don't mess
# up anyone else's env.
# import and create a copy of the environment so we don't change
# anyone else's env.
Import('irdb_env')
myenv=irdb_env.Clone()
......
/*
* Copyright (c) 2016, 2017 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#include "initialize_stack.hpp"
......
/*
* Copyright (c) 2014, 2015, 2016, 2017 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#ifndef _INIT_STACK_H
#define _INIT_STACK_H
......
/* fix copyright headers in all files */
/* fix variable name schema (camelcase? underscores? p_'s m_'s */
/*
* Copyright (c) 2016, 2017 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#include <getopt.h>
#include "initialize_stack.hpp"
using namespace std;
......@@ -81,7 +57,6 @@ int main(int argc, char **argv)
{0,0,0,0}
};
// parse the options in a standard getopts_long loop
while(true)
{
......
Import('irdb_env')
#
# import and create a copy of the environment so we don't screw up anyone elses env.
#
Import('irdb_env')
myenv=irdb_env.Clone()
#
......@@ -16,7 +18,9 @@ pgm="libkill_deads.so"
#
libs=Split("irdb-core irdb-transform irdb-deep irdb-util ")
#
# build and install the transform, by default
#
pgm=myenv.SharedLibrary(pgm, files, LIBS=libs)
install=myenv.Install("$INSTALL_PATH/", pgm)
Default(install)
......
/*
* Copyright (c) 2014, 2015 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#include "kill_deads.hpp"
#include <assert.h>
......@@ -29,7 +9,7 @@ KillDeads::KillDeads(FileIR_t *p_variantIR)
:
Transform_t(p_variantIR) // init transform class for insertAssembly and getFileIR
{
// no other setup needed
}
//
......@@ -71,10 +51,10 @@ bool KillDeads::execute()
// find the dead registers for the instruction
const auto &regset=reg_map[insn];
// each register that's dead
// for each register that's dead
for(auto reg : regset)
{
// if it's the flags, kill the flags with a cmp instruction
// if it's the x86 eflags register, kill it with a cmp instruction
if (reg==rn_EFLAGS)
{
// for flags, do a random compare to change them
......@@ -85,7 +65,7 @@ bool KillDeads::execute()
killed_flags++;
}
// check if it's an integer register
// if it's an integer register
if(is64bitRegister(reg) || is32bitRegister(reg) || is16bitRegister(reg) || is8bitRegister(reg))
{
// integer registers can be killed with a mov instruction
......@@ -100,7 +80,8 @@ bool KillDeads::execute()
}
//
// SELF_VALIDATE is used for nightly tseting to make sure we are finding at least some dead registers.
// SELF_VALIDATE is used for nightly testing to make sure we are finding at least some dead registers.
// This construct is not likely necessary or useful in your own transforms.
//
assert(getenv("SELF_VALIDATE")==nullptr || killed_flags > 5);
assert(getenv("SELF_VALIDATE")==nullptr || killed_regs > 15);
......@@ -109,7 +90,7 @@ bool KillDeads::execute()
// Output stats to log using #ATTRIBUTE convention
//
cout << "#ATTRIBUTE killed_flags=" << dec << killed_flags << endl;
cout << "#ATTRIBUTE killed_regs=" << dec << killed_regs << endl;
cout << "#ATTRIBUTE killed_regs=" << dec << killed_regs << endl;
// success!
return true;
......
/*
* Copyright (c) 2014, 2015 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#ifndef _LIBTRANSFORM_KILL_DEADS_H
#define _LIBTRANSFORM_KILL_DEADS_H
......
/*
* Copyright (c) 2014, 2015 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#include <stdlib.h>
#include <fstream>
#include <irdb-core>
......@@ -32,9 +12,9 @@ using namespace IRDB_SDK;
// kill_deads is a Thanos-enabled transform. Thanos-enabled transforms must implement the TransfromStep_t abstract class.
// See the IRDB SDK for additional details.
//
// For convenience, since this class is simple and shouldn't be used elsewhere, we just implement the class in the .cpp file
// Since this class is simple and shouldn't be used elsewhere, we just implement the class in the .cpp file for conviencence
//
// Note: Public inheritence here is required for Thanos integration
// Note: public inheritence here is required for Thanos integration
//
class KillDeadsDriver_t : public IRDB_SDK::TransformStep_t
{
......
#
# Useful for SCons files to know where top of project is.
#
export COOKBOOK_HOME=$PWD
#
# Tell ps_zipr where to search for plugins
#
export PSPATH=$PSPATH:$COOKBOOK_HOME/plugins_install
#
# import and create a copy of the environment so we don't screw up anyone elses env.
#
Import('irdb_env')
myenv=irdb_env.Clone()
#
# input fies and program name
#
files=Glob( Dir('.').srcnode().abspath+"/*.cpp")
pgm_name="libstack_stamp.so"
#
# add extra libraries needed for stack stamping
myenv.Append(LIBS= Split(" irdb-cfg irdb-util "))
#
myenv.Append(LIBS=Split(" irdb-cfg irdb-util "))
#
# build, and install the program by default
#
pgm=myenv.SharedLibrary(pgm_name, files)
install=myenv.Install("$INSTALL_PATH/", pgm)
Default(install)
#
# and we're done
#
Return('install')
/*
* Copyright (c) 2014, 2015 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#include "ss.hpp"
#include <assert.h>
#include <sstream>
#include <iomanip>
......@@ -30,10 +9,21 @@ using namespace IRDB_SDK;
using namespace Stamper;
//
// A really useful macro for calling methods from algorithm when you want to work on an entire container.
// This macro cannot be made a template function since it can not follow the the C++ language standards.
// Thus, it is not recommended to put it in a re-usable header file.
// ALLOF is a really useful macro for calling methods from algorithm when you want to work on an entire
// container. This macro cannot be made a template function since it can not follow the the C++ language
// standards. Thus, it is not recommended to put it in a re-usable header file.
//
// How it works: ALLOF(a) returns a comma-separated list of two things -- the begin() and end() of its argument.
// When used inside an argument list to a function/method call, it thus expands as two arguments. Calls to the
// C++ standard template library functions/methods (which takes a pair of iterators) can be simplified when
// one intends to operate on the entirety of a container. For example:
//
// auto my_iter = find_if(ALLOF(my_container), my_finder);
//
// is equivilant to:
//
// auto my_iter = find_if(begin(my_container), end(my_container), my_finder);
//
#define ALLOF(s) begin(s), end(s)
//
......@@ -88,10 +78,23 @@ bool StackStamp_t::can_stamp(Function_t* f)
{
// decode the insturction
const auto di=DecodedInstruction_t::factory(insn);
// grab several fields for later use.
const auto target=insn->getTarget();
const auto reloc=findRelocation(insn,fix_call_fallthrough_string);
const auto icfs=insn->getIBTargets();
//
// Check to see if this is a "fixed" call. A fixed call is an x86 call instruction that's been split into a
// push/jmp pair. The push/jmp pair can be relocated to any address without changing the value pushed on the stack.
// Fixed calls are not frequently used, but occassionally in x86-32 bit cod they are used when calling a "thunk".
// Fixed calls may also occur when exception handling is used by the application and exception handling rewriting
// is disabled.
//
// As you won't likely experience a fixed call, further explaination of fixed calls is beyond the scope of the cookbook.
//
const auto reloc=findRelocation(insn,fix_call_fallthrough_string);
// stamp all returns
if(di->isReturn())
{
......@@ -494,7 +497,7 @@ int StackStamp_t::execute()
{
//
// Use tie here so we sort by names first, but then by
// pointer value
// pointer value in the event of two functions with the same name
//
return tie(lhs->getName(), lhs ) < tie(rhs->getName(), rhs);
}
......@@ -505,10 +508,10 @@ int StackStamp_t::execute()
const auto ss_max_do_transform = getenv("SS_MAX_DO_TRANSFORM");
// let's sort the functions so the order of xform is deterministic.
const auto sortedFuncs = set<Function_t*, nameSorter> (getFileIR()->getFunctions().begin(), getFileIR()->getFunctions().end());
const auto sorted_funcs = set<Function_t*, nameSorter> (getFileIR()->getFunctions().begin(), getFileIR()->getFunctions().end());
// try to stamp functions one at a time, in the sorted order
for(auto func : sortedFuncs)
for(auto func : sorted_funcs)
{
// check to see if we've transformed everything we want already.
if (ss_max_do_transform && functionsTransformed > atoi(ss_max_do_transform))
......@@ -520,7 +523,6 @@ int StackStamp_t::execute()
stamp(func);
};
// do cleanup on the EH programs after we've likely made many of them useless.
cleanup_eh_pgms();
......@@ -542,7 +544,6 @@ int StackStamp_t::execute()
return 1; // true means success
}
//
// How to compare our EH program placeholders.
// Would this be better done with an explicitly named sorter?
......@@ -553,4 +554,3 @@ bool Stamper::operator<(const StackStamp_t::EhProgramPlaceHolder_t &a, const Sta
return tie( a.caf, a.daf, a.rr, a.ptrsize, a.cie_program, a.fde_program, a.relocs ) <
tie( b.caf, b.daf, b.rr, b.ptrsize, b.cie_program, b.fde_program, b.relocs ) ;
}
/*
* Copyright (c) 2014, 2015 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#ifndef _LIBTRANSFORM_KILL_DEADS_H
#define _LIBTRANSFORM_KILL_DEADS_H
......@@ -26,7 +6,7 @@
#include <memory>
//
// use a namespace for clarity
// using a namespace for clarity
//
namespace Stamper
{
......@@ -37,8 +17,9 @@ namespace Stamper
// a type for the stame values
using StampValue_t = unsigned int;
//
// a class to transform an IR by stamping (xoring) return addresses
//
class StackStamp_t : public Transform_t
{
public:
......@@ -138,12 +119,16 @@ namespace Stamper
int functionsTransformed = 0; // how many functions were transformed
int functionsNotTransformed = 0; // how many functions were skipped
// friends
friend bool operator<(const EhProgramPlaceHolder_t &a, const EhProgramPlaceHolder_t& b) ;
};
//
// this is how we compare "Placeholders" for eh programs. Useful for std::containers
//
// notes:
// Put the operator in the namespace for ADL (http://en.wikipedia.org/wiki/Argument-dependent_lookup)
//
bool operator<(const StackStamp_t::EhProgramPlaceHolder_t &a, const StackStamp_t::EhProgramPlaceHolder_t& b);
}
#endif
/*
* Copyright (c) 2014, 2015 - University of Virginia
*
* This file may be used and modified for non-commercial purposes as long as
* all copyright, permission, and nonwarranty notices are preserved.
* Redistribution is prohibited without prior written consent from the University
* of Virginia.
*
* Please contact the authors for restrictions applying to commercial use.
*
* THIS SOURCE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Author: University of Virginia
* e-mail: jwd@virginia.com
* URL : http://www.cs.virginia.edu/
*
*/
#include <algorithm>
#include <stdlib.h>
......@@ -25,9 +6,6 @@
#include <getopt.h>
#include <sys/types.h>
#include <unistd.h>
#include "ss.hpp"
using namespace std;
......@@ -35,7 +13,6 @@ using namespace IRDB_SDK;
#define ALLOF(a) begin(a), end(a)
//
// A thanos-enabled driver to "stamp" (xor) return addresses on the stack
//
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment