From 2201f74079d07fddfaf7fd5cdf0e8271e007c91a Mon Sep 17 00:00:00 2001
From: jdh8d <jdh8d@git.zephyr-software.com>
Date: Fri, 22 Jul 2011 15:46:45 +0000
Subject: [PATCH] working ILR defense.
---
.gitattributes | 3 ++
Makefile | 2 ++
tools/Makefile | 7 ++++
tools/db/Makefile | 7 ++++
tools/db/drop_my_tables.sh | 8 +++++
tools/db/large_object_insert.cpp | 30 ++++++++++++++++
tools/db/pdb.create.tbl | 2 +-
tools/db/pdb.createprogram.tbl | 8 ++++-
tools/db/pdb_register.sh | 6 ++--
tools/ps_analyze.sh | 59 ++++++++++++++++++++++----------
10 files changed, 109 insertions(+), 23 deletions(-)
create mode 100644 tools/Makefile
create mode 100644 tools/db/Makefile
create mode 100644 tools/db/large_object_insert.cpp
diff --git a/.gitattributes b/.gitattributes
index 44299651b..3d76c04d9 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -42,7 +42,10 @@ examples/memcpy.c -text
examples/myhanoi.c -text
examples/print_ptr.c -text
examples/recover_example.c -text
+tools/Makefile -text
+tools/db/Makefile -text
tools/db/drop_my_tables.sh -text
+tools/db/large_object_insert.cpp -text
tools/db/pdb.create.tbl -text
tools/db/pdb.createprogram.tbl -text
tools/db/pdb.drop.tbl -text
diff --git a/Makefile b/Makefile
index 3aa56f12e..ad74db6a8 100644
--- a/Makefile
+++ b/Makefile
@@ -2,8 +2,10 @@
all:
cd chopzero_src; make
+ cd tools;make
clean:
cd chopzero_src; make clean
cd examples; make clean
+ cd tools; make clean
diff --git a/tools/Makefile b/tools/Makefile
new file mode 100644
index 000000000..fed3ba116
--- /dev/null
+++ b/tools/Makefile
@@ -0,0 +1,7 @@
+
+
+all:
+ cd db; make
+
+clean:
+ cd db;make clean
diff --git a/tools/db/Makefile b/tools/db/Makefile
new file mode 100644
index 000000000..44c5098fd
--- /dev/null
+++ b/tools/db/Makefile
@@ -0,0 +1,7 @@
+
+
+large_object_insert: large_object_insert.cpp
+ g++ -o $@ -lpqxx $<
+
+clean:
+ rm -f large_object_insert
diff --git a/tools/db/drop_my_tables.sh b/tools/db/drop_my_tables.sh
index 1d03212a6..a78a4fe0a 100755
--- a/tools/db/drop_my_tables.sh
+++ b/tools/db/drop_my_tables.sh
@@ -1,6 +1,14 @@
#!/bin/bash
+elfoids=`psql -t -q -c "select elfoid from file_info"`
+
+for i in $elfoids
+do
+ psql -t -q -c "\lo_unlink $i"
+done
+
+
functables=`psql -t -q -c "select function_table_name from variant_info"`
insntables=`psql -t -q -c "select instruction_table_name from variant_info"`
addrtables=`psql -t -q -c "select address_table_name from variant_info"`
diff --git a/tools/db/large_object_insert.cpp b/tools/db/large_object_insert.cpp
new file mode 100644
index 000000000..adbf009f9
--- /dev/null
+++ b/tools/db/large_object_insert.cpp
@@ -0,0 +1,30 @@
+
+
+#include <string>
+#include <stdlib.h>
+#include <set>
+#include <assert.h>
+#include <string>
+#include <iostream>
+#include <pqxx/pqxx>
+
+
+int main(int argc, char *argv[])
+{
+ if(argc!=2)
+ {
+ std::cerr<<"Usage: "<<argv[0]<<" <filename>"<<std::endl;
+ exit(-1);
+ }
+
+ pqxx::connection conn;
+ pqxx::work txn(conn);
+
+ pqxx::largeobject file(txn,std::string(argv[1]));
+
+ pqxx::oid myoid=file.id();
+
+ txn.commit();
+
+ return myoid;
+}
diff --git a/tools/db/pdb.create.tbl b/tools/db/pdb.create.tbl
index c8d586315..ba5a2d8a4 100644
--- a/tools/db/pdb.create.tbl
+++ b/tools/db/pdb.create.tbl
@@ -27,8 +27,8 @@ CREATE TABLE file_info
hash text,
arch text,
type text DEFAULT 'ELF-Static',
+ elfoid OID,
doip_id integer DEFAULT -1
-
);
CREATE TABLE variant_dependency
diff --git a/tools/db/pdb.createprogram.tbl b/tools/db/pdb.createprogram.tbl
index 0ebc5af83..83ca2b74b 100644
--- a/tools/db/pdb.createprogram.tbl
+++ b/tools/db/pdb.createprogram.tbl
@@ -1,3 +1,9 @@
+--
+--
+-- WARNING! If you edit these tables, you must also edit the API in $SECURITY_TRANSFORMS_HOME/libIRDB/src/variantid.cpp
+--
+--
+
CREATE TABLE #PROGNAME#_address
(
address_id SERIAL PRIMARY KEY,
@@ -20,11 +26,11 @@ CREATE TABLE #PROGNAME#_instruction
instruction_id SERIAL PRIMARY KEY,
address_id integer REFERENCES #PROGNAME#_address,
parent_function_id integer,
- file_id integer REFERENCES file_info,
orig_address_id integer,
fallthrough_address_id integer,
target_address_id integer,
data bytea,
comment text,
+ is_indirect_target boolean DEFAULT true,
doip_id integer DEFAULT -1
);
diff --git a/tools/db/pdb_register.sh b/tools/db/pdb_register.sh
index 23f25235b..09b72559a 100755
--- a/tools/db/pdb_register.sh
+++ b/tools/db/pdb_register.sh
@@ -14,7 +14,7 @@ PROGRAM_PEASOUP_DIR=$2
usage()
{
- echo "pdb_register <peasoup_program_name> <peasoup_program_directory>"
+ echo "pdb_register <peasoup_program_name> <peasoup_program_directory> "
}
log_error()
@@ -73,7 +73,9 @@ psql -q -t -c "UPDATE variant_info SET orig_variant_id = '$PROGRAM_ID' WHERE var
# Update file_info table
#============================================
-FILE_ID=`psql -q -t -c "INSERT INTO file_info (url, arch, hash) VALUES ('$URL', '$ARCH', '$MD5HASH') RETURNING file_id;" | sed "s/^[ \t]*//"`
+
+oid=`psql -t -c "\lo_import '$FILENAME' 'original executable that was passed to ps_analyze.sh'" |cut -d" " -f2`
+FILE_ID=`psql -q -t -c "INSERT INTO file_info (url, arch, hash, elfoid) VALUES ('$URL', '$ARCH', '$MD5HASH', '$oid') RETURNING file_id;" | sed "s/^[ \t]*//"`
log_message "To do: if shared libs, then need to add them to this table"
diff --git a/tools/ps_analyze.sh b/tools/ps_analyze.sh
index 728c70d5f..c083ee85e 100755
--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -x
+#!/bin/sh
# This script depends on having the following environment variables defined
# STRATA - The path to the strata installation
# An example of these environment variables and their settings are listed in
@@ -12,6 +12,19 @@
# Version 3 - runs p1 transform
+
+
+log()
+{
+ if [ ! -z "$VERBOSE" ]; then
+ cat $1
+ fi
+}
+
+if [ ! -z "$VERBOSE" ]; then
+ set -x
+fi
+
if [ "$PEASOUP_HOME"X = X ]; then echo Please set PEASOUP_HOME; exit 1; fi
if [ ! -f $PEASOUP_HOME/tools/getsyms.sh ]; then echo PEASOUP_HOME is set poorly, please fix.; exit 1; fi
if [ "$SMPSA_HOME"X = X ]; then echo Please set SMPSA_HOME; exit 1; fi
@@ -46,7 +59,8 @@ cd $newdir
echo -n Creating stratafied executable...
-sh $STRATA_HOME/tools/pc_confinement/stratafy_with_pc_confine.sh $newname.ncexe $newname.stratafied > /dev/null 2>&1
+sh $STRATA_HOME/tools/pc_confinement/stratafy_with_pc_confine.sh $newname.ncexe $newname.stratafied > pc_confinement.out 2>&1
+log pc_confinement.out
echo Done.
# We've now got a stratafied program
@@ -75,9 +89,8 @@ echo Done.
#
echo Running concolic testing to generate inputs ...
#$PEASOUP_HOME/tools/do_concolic.sh a --iterations 25 --logging tracer,instance_times,trace
-$PEASOUP_HOME/tools/do_concolic.sh a --iterations 25 --logging tracer,trace,inputs
-# 2>&1 |egrep -e "INPUT VECTOR:" -e "1: argc ="
-# >/dev/null 2>&1
+$PEASOUP_HOME/tools/do_concolic.sh a --iterations 25 --logging tracer,trace,inputs > do_concolic.out 2>&1
+log do_concolic.out
echo Done.
@@ -90,26 +103,34 @@ if [ ! "X" = "X"$PGUSER ]; then
DB_PROGRAM_NAME=`basename $orig_exe.$$ | sed "s/[\.;+\\-\ ]/_/g"`
MD5HASH=`md5sum a.ncexe | cut -f1 -d' '`
- $PEASOUP_HOME/tools/db/pdb_register.sh $DB_PROGRAM_NAME $current_dir # register the program.
+ $PEASOUP_HOME/tools/db/pdb_register.sh $DB_PROGRAM_NAME $current_dir > pdb_register.out 2>&1 # register the program.
varid=$?
-
- $PEASOUP_HOME/tools/db/pdb_create_program_tables.sh $DB_PROGRAM_NAME # create the tables for the program.
-
- echo "RUNNING MEDS2PDB:"
- date
- time $SECURITY_TRANSFORMS_HOME/tools/meds2pdb/meds2pdb $DB_PROGRAM_NAME a.ncexe $MD5HASH a.ncexe.annot # import meds information
- date
+ log pdb_register.out
+
+ $PEASOUP_HOME/tools/db/pdb_create_program_tables.sh $DB_PROGRAM_NAME > pdb_create_program_tables.out 2>&1 # create the tables for the program.
+ log pdb_create_program_tables.out
+ time $SECURITY_TRANSFORMS_HOME/tools/meds2pdb/meds2pdb $DB_PROGRAM_NAME a.ncexe $MD5HASH a.ncexe.annot > meds2pdb.out 2>&1 # import meds information
+ log meds2pdb.out
if [ $varid > 0 ]; then
- $SECURITY_TRANSFORMS_HOME/libIRDB/test/clone.exe $varid # create a clone
+ $SECURITY_TRANSFORMS_HOME/libIRDB/test/fill_in_cfg.exe $varid > fill_in_cfg.out 2>&1 # finish the initial IR by setting target/fallthrough
+ log fill_in_cfg.out
+ $SECURITY_TRANSFORMS_HOME/libIRDB/test/fill_in_indtargs.exe $varid ./a.ncexe > fill_in_indtargs.out 2>&1 # analyze for indirect branch targets
+ log fill_in_indtargs.out
+ $SECURITY_TRANSFORMS_HOME/libIRDB/test/clone.exe $varid > clone.out 2>&1 # create a clone
cloneid=$?
+ log clone.out
if [ $cloneid > 0 ]; then
- $SECURITY_TRANSFORMS_HOME/libIRDB/test/fill_in_cfg.exe $cloneid # finish the initial IR
- $SECURITY_TRANSFORMS_HOME/libIRDB/test/fix_calls.exe $cloneid # fix call insns so they are OK for spri emitting
- $SECURITY_TRANSFORMS_HOME/libIRDB/test/ilr.exe $cloneid # perform ILR
- $SECURITY_TRANSFORMS_HOME/libIRDB/test/generate_spri.exe $cloneid a.irdb.aspri # generate the aspri code
- $SECURITY_TRANSFORMS_HOME/tools/spasm/spasm a.irdb.aspri a.irdb.bspri # generate the bspri code
+ # paths for direct control transfers insns.
+ $SECURITY_TRANSFORMS_HOME/libIRDB/test/fix_calls.exe $cloneid > fix_calls.out 2>&1 # fix call insns so they are OK for spri emitting
+ log fix_calls.out
+ $SECURITY_TRANSFORMS_HOME/libIRDB/test/ilr.exe $cloneid > ilr.out 2>&1 # perform ILR
+ log ilr.out
+ $SECURITY_TRANSFORMS_HOME/libIRDB/test/generate_spri.exe $cloneid a.irdb.aspri > spri.out 2>&1 # generate the aspri code
+ log spri.out
+ $SECURITY_TRANSFORMS_HOME/tools/spasm/spasm a.irdb.aspri a.irdb.bspri > spasm.out 2>&1 # generate the bspri code
+ log spasm.out
fi
fi
echo -------------------------------------------------------------------------------
--
GitLab