Initial hook_start checkin.

Former-commit-id: 7f9a5b67addb6cc366dcf343cabaf916406013fe

Initial hook_start checkin.
1109f401 · whh8b · 06790956 · 1109f401 · 1109f401 · 1109f401
Commit 1109f401 authored 9 years ago by whh8b
--- a/.gitattributes
+++ b/.gitattributes
@@ -1084,6 +1084,11 @@ tools/hook_dynamic_call/SConstruct -text
 tools/hook_dynamic_call/hook_dynamic_calls.cpp -text
 tools/hook_dynamic_call/hook_dynamic_calls.hpp -text
 tools/hook_dynamic_call/hook_dynamic_calls_driver.cpp -text
+tools/hook_start/SConscript -text
+tools/hook_start/SConstruct -text
+tools/hook_start/hook_start.cpp -text
+tools/hook_start/hook_start.hpp -text
+tools/hook_start/hook_start_driver.cpp -text
 tools/ibtcheck/Makefile -text
 tools/ibtcheck/ibtcheck.py -text
 tools/ibtcheck/test_cal.sh -text

--- a/tools/hook_start/SConscript
+++ b/tools/hook_start/SConscript
+import os
+
+
+Import('env')
+myenv=env.Clone()
+myenv.Replace(SECURITY_TRANSFORMS_HOME=os.environ['SECURITY_TRANSFORMS_HOME'])
+
+cpppath=''' 
+	 $SECURITY_TRANSFORMS_HOME/include 
+	 $SECURITY_TRANSFORMS_HOME/libIRDB/include 
+	 $SECURITY_TRANSFORMS_HOME/libEXEIO/include 
+	 $SECURITY_TRANSFORMS_HOME/beaengine/include 
+	 $SECURITY_TRANSFORMS_HOME/tools/transforms
+	 $SECURITY_TRANSFORMS_HOME/xform
+	 $SECURITY_TRANSFORMS_HOME/libMEDSannotation/include
+	'''
+
+#	 $SECURITY_TRANSFORMS_HOME/libtransform/include 
+CPPFLAGS="--std=c++11"
+LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
+LIBS=Split( env.subst('$BASE_IRDB_LIBS')+ "IRDB-core IRDB-cfg IRDB-util pqxx rewrite BeaEngine_s_d transform MEDSannotation")
+
+myenv=myenv.Clone(CPPPATH=Split(cpppath))
+myenv.Append(CPPFLAGS=CPPFLAGS)
+
+pgm=myenv.Program(target="hook_start.exe", source=Split("hook_start.cpp hook_start_driver.cpp"), LIBPATH=LIBPATH, LIBS=LIBS)
+install=myenv.Install("$SECURITY_TRANSFORMS_HOME/plugins_install/", pgm)
+Default(install)
--- a/tools/hook_start/SConstruct
+++ b/tools/hook_start/SConstruct
+
+
+
+env=Environment()
+Export('env')
+lib=SConscript("SConscript")
--- a/tools/hook_start/hook_start.cpp
+++ b/tools/hook_start/hook_start.cpp
+#include "hook_start.hpp"
+
+#include "Rewrite_Utility.hpp"
+#include <assert.h>
+#include <stdexcept>
+
+using namespace libTransform;
+using namespace ELFIO;
+using namespace libIRDB;
+
+HookStart::HookStart(FileIR_t *p_variantIR) :
+	Transform(NULL, p_variantIR, NULL),
+	m_callback_name("zipr_hook_start")
+{
+}
+
+HookStart::~HookStart() 
+{
+}
+
+void HookStart::LoadElf()
+{
+	unsigned int elfoid=0;
+	pqxxDB_t *interface=NULL;
+
+	if (m_elfiop)
+		return;
+
+	elfoid = getFileIR()->GetFile()->GetELFOID();
+	interface = dynamic_cast<pqxxDB_t*>(BaseObj_t::GetInterface());
+		
+	assert(interface);
+
+	m_file_object.reset(
+		new pqxx::largeobjectaccess(interface->GetTransaction(),
+		                            elfoid,
+		                            std::ios::in));
+	
+	m_file_object->to_file("tmp.exe");
+
+	m_elfiop.reset(new ELFIO::elfio);
+	m_elfiop->load("tmp.exe");
+}
+
+Instruction_t *HookStart::add_instrumentation(Instruction_t *site)
+{
+	Relocation_t *zipr_reloc = new Relocation_t;
+	FileIR_t *firp = getFileIR();
+	virtual_offset_t postCallbackReturn = getAvailableAddress();
+	char pushRetBuf[100],
+	     movIdBuf[100],
+			 movRaxBuf[100],
+			 movRspBuf[100],
+			 movRetBuf[100];
+	sprintf(pushRetBuf,"push  0x%lx", postCallbackReturn);
+	sprintf(movIdBuf,"mov rdi, 0x0");
+	sprintf(movRaxBuf,"mov rsi, rax");
+	sprintf(movRspBuf,"mov rdx, rsp");
+
+	zipr_reloc->SetType("zipr_value");
+
+	Instruction_t *tmp=site,
+	              *callback=NULL,
+								*post_callback=NULL,
+								*fallthrough=NULL;
+
+	fallthrough = site->GetFallthrough();
+
+	site=insertAssemblyBefore(firp,tmp,"push rsp");
+	tmp=insertAssemblyAfter(firp,tmp,"push rbp");
+	tmp=insertAssemblyAfter(firp,tmp,"push rdi");
+	tmp=insertAssemblyAfter(firp,tmp,"push rsi");
+	tmp=insertAssemblyAfter(firp,tmp,"push rdx");
+	tmp=insertAssemblyAfter(firp,tmp,"push rcx");
+	tmp=insertAssemblyAfter(firp,tmp,"push rbx");
+	tmp=insertAssemblyAfter(firp,tmp,"push rax");
+	tmp=insertAssemblyAfter(firp,tmp,"push r8");
+	tmp=insertAssemblyAfter(firp,tmp,"push r9");
+	tmp=insertAssemblyAfter(firp,tmp,"push r10");
+	tmp=insertAssemblyAfter(firp,tmp,"push r11");
+	tmp=insertAssemblyAfter(firp,tmp,"push r12");
+	tmp=insertAssemblyAfter(firp,tmp,"push r13");
+	tmp=insertAssemblyAfter(firp,tmp,"push r14");
+	tmp=insertAssemblyAfter(firp,tmp,"push r15");
+	tmp=insertAssemblyAfter(firp,tmp,"pushf");
+	tmp=insertAssemblyAfter(firp,tmp,movIdBuf);
+	/*
+	 * Let's put a relocation on here!
+	 */
+	tmp->GetRelocations().insert(zipr_reloc);
+	tmp=insertAssemblyAfter(firp,tmp,movRaxBuf);
+	tmp=insertAssemblyAfter(firp,tmp,movRspBuf);
+	/*
+	 * The "bogus" return address that we push here
+	 * will be popped by the callback handler 
+	 * invocation code in zipr.
+	 */
+	tmp=insertAssemblyAfter(firp,tmp,pushRetBuf);	 // push <ret addr>
+
+	callback=tmp=insertAssemblyAfter(firp,tmp,"nop");
+	callback->SetCallback(m_callback_name);
+
+	post_callback=tmp=insertAssemblyAfter(firp,tmp,"popf");
+	post_callback->GetAddress()->SetVirtualOffset(postCallbackReturn);
+
+	tmp=insertAssemblyAfter(firp,tmp,"pop r15");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r14");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r13");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r12");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r11");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r10");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r9");
+	tmp=insertAssemblyAfter(firp,tmp,"pop r8");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rax");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rbx");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rcx");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rdx");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rsi");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rdi");
+	tmp=insertAssemblyAfter(firp,tmp,"pop rbp");
+	tmp=insertAssemblyAfter(firp,tmp,"lea rsp, [rsp+8]");
+
+	tmp->SetFallthrough(site);
+
+	return tmp;
+}
+
+int HookStart::execute()
+{
+	LoadElf();
+	for(
+	  set<Function_t*>::const_iterator itf=getFileIR()->GetFunctions().begin();
+	  itf!=getFileIR()->GetFunctions().end();
+	  ++itf
+	  )
+	{
+		Function_t* func=*itf;
+		for(
+		  set<Instruction_t*>::const_iterator it=func->GetInstructions().begin();
+		  it!=func->GetInstructions().end();
+		  ++it)
+		{
+			Instruction_t *insn = *it;
+			virtual_offset_t target = 0;
+
+			if (insn->GetAddress() && 
+			    insn->GetAddress()->GetVirtualOffset()==m_elfiop->get_entry())
+			{
+				add_instrumentation(insn);
+			}
+		}
+	}
+	return true;
+}
--- a/tools/hook_start/hook_start.hpp
+++ b/tools/hook_start/hook_start.hpp
+#ifndef _LIBTRANSFORM_HOOK_START_H_
+#define _LIBTRANSFORM_HOOK_START_H_
+
+#include "../../libtransform/include/transform.hpp"
+#include "../../libMEDSannotation/include/VirtualOffset.hpp"
+#include <libIRDB-core.hpp>
+#include <libIRDB-cfg.hpp>
+#include <libIRDB-syscall.hpp>
+#include "elfio/elfio.hpp"
+
+using namespace std;
+using namespace libIRDB;
+
+class HookStart : public libTransform::Transform
+{
+	public:
+		HookStart(FileIR_t*p_variantIR);
+		~HookStart();
+
+		void CallbackName(const std::string &callback_name)
+		{
+			m_callback_name = callback_name;
+		}
+		std::string CallbackName()
+		{
+			return m_callback_name;
+		}
+		int execute();
+	private:
+		void LoadElf();
+		Instruction_t *add_instrumentation(Instruction_t *site);
+		std::string m_callback_name;
+		std::unique_ptr<ELFIO::elfio> m_elfiop;
+		std::unique_ptr<pqxx::largeobjectaccess> m_file_object;
+		ELFIO::Elf64_Addr *m_plt_addresses;
+};
+#endif
--- a/tools/hook_start/hook_start_driver.cpp
+++ b/tools/hook_start/hook_start_driver.cpp
+#include <stdlib.h>
+#include <fstream>
+#include <libIRDB-core.hpp>
+#include <libgen.h>
+
+#include "hook_start.hpp"
+
+using namespace std;
+using namespace libIRDB;
+
+void usage(char* name)
+{
+	cerr<<"Usage: "<<name<<" <variant_id> [callback name]\n"; 
+}
+
+int main(int argc, char **argv)
+{
+	pqxxDB_t pqxx_interface;
+	VariantID_t *pidp=NULL;
+	int variantID;
+	string programName, callback_name;
+		
+	if(argc < 2)
+	{
+		usage(argv[0]);
+		exit(1);
+	}
+
+	programName = string(argv[0]);
+	variantID = atoi(argv[1]);
+
+	if (argv[2] != NULL)
+		callback_name = string(argv[2]);	
+
+	/* setup the interface to the sql server */
+	BaseObj_t::SetInterface(&pqxx_interface);
+
+	pidp=new VariantID_t(variantID);
+	assert(pidp->IsRegistered()==true);
+
+	cout<<"hook_start.exe started\n";
+
+	bool one_success = false;
+	for(set<File_t*>::iterator it=pidp->GetFiles().begin();
+	    it!=pidp->GetFiles().end();
+	    ++it)
+	{
+		File_t* this_file = *it;
+		FileIR_t *firp = new FileIR_t(*pidp, this_file);
+
+		cout<<"Transforming "<<this_file->GetURL()<<endl;
+
+		assert(firp && pidp);
+
+		try
+		{
+			int success = 0;
+			HookStart hookstart(firp);
+
+			if (callback_name != "")
+				hookstart.CallbackName(callback_name);
+
+			success=hookstart.execute();
+
+			if (success)
+			{
+				cout<<"Writing changes for "<<this_file->GetURL()<<endl;
+				one_success = true;
+				firp->WriteToDB();
+				delete firp;
+			}
+			else
+			{
+				cout<<"Skipping (no changes) "<<this_file->GetURL()<<endl;
+			}
+		}
+		catch (DatabaseError_t pnide)
+		{
+			cerr << programName << ": Unexpected database error: " << pnide << "file url: " << this_file->GetURL() << endl;
+		}
+		catch (...)
+		{
+			cerr << programName << ": Unexpected error file url: " << this_file->GetURL() << endl;
+		}
+	} // end file iterator
+
+	// if any integer transforms for any files succeeded, we commit
+	if (one_success)
+	{
+		cout<<"Commiting changes...\n";
+		pqxx_interface.Commit();
+	}
+
+	return 0;
+}