Skip to content
Snippets Groups Projects
Commit 12639e82 authored by an7s's avatar an7s
Browse files

Skeleton callback for buffered_receive

parent 6b2bf071
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
.gitattributes
+ 3
0
View file @ 12639e82
* text=auto !eol
/Makefile.in -text
buffrecv/Makefile.in -text
buffrecv/br_callbacks.c -text
buffrecv/cgc.s -text
canaries/Makefile.in -text
canaries/canaries_callbacks.c -text
canaries/debug_canary_callbacks.c -text
......
buffrecv/Makefile.in 0 → 100644
+ 28
0
View file @ 12639e82
CC=@CC@
CFLAGS=@CFLAGS@
LIB=@LIB@
AR=@AR@
AS=@AS@
ASFLAGS=@ASFLAGS@
OBJS=br_callbacks.o cgc.o
.SUFFIXES: .o .s .c
.c.o:
$(CC) $(CFLAGS) $(INCLUDE) -D__$(ARCH) -c $<
.s.o:
$(AS) $(ASFLAGS) $<
all: $(OBJS)
$(AR) -r $(LIB) $(OBJS)
clean:
rm *.o
buffrecv/br_callbacks.c 0 → 100644
+ 226
0
View file @ 12639e82
#ifdef DEBUG
#include "malloc.h"
#include "itox.h"
#include "strlen.h"
#include "null.h"
#define DEBUG_ADD
#else
typedef unsigned uintptr_t;
#define NULL 0L
#endif
#ifdef DEBUG
#define print_str_debug print_str
#define print_int_debug print_int
#define assert(a) {if(!a) print_str("assert failure!"), cgc_terminate(254);}
#else
#define print_str_debug(a)
#define print_int_debug(a)
#define assert(a)
#endif
#ifdef DEBUG
#define write_fd 2
void print_char(char c)
{
write(write_fd,&c,1);
}
void print_str(char *s)
{
write(write_fd,s,strlen(s));
}
void print_int(int x)
{
char buf[100];
itox(x,buf);
write(write_fd,buf,strlen(buf));
}
#endif
typedef struct
{
int edi;
int esi;
int ebp;
int esp_dummy;
int ebx;
int edx;
int ecx;
int eax;
int flags;
} reg_values_t;
/*
deallocate(addr, length)
int zipr_delayed_deallocate(unsigned int ret_pc, reg_values_t rv)
{
void *addr=rv.ebx;
unsigned int length=rv.ecx;
static void* old_addr=0;
static unsigned int old_length=0;
cgc_deallocate(old_addr,old_length);
old_addr=addr;
old_length=length;
return 0;
}
global cgc_receive
cgc_receive:
orig_receive:
mov eax,0x3
push ebx
push ecx
push edx
push esi
mov ebx, [esp+0x14]
mov ecx, [esp+0x18]
mov edx, [esp+0x1c]
mov esi, [esp+0x20]
pushf
pusha
push retPC
int 0x80 ==> NOP callback to buffered_receive()
retPC:
popa
popf
pop esi
pop edx
pop ecx
pop ebx
ret
*/
#define STORAGE_SIZE 128
static char storage[STORAGE_SIZE];
static int cursor_pos = 0;
static int bytes_buffered = 0;
int buffered_receive(unsigned int ret_pc, reg_values_t rv)
{
int fd = rv.ebx;
char *buf = (char*) rv.ecx;
int count = rv.edx;
int *rx_bytes = (int*) rv.esi;
#ifdef DEBUG
print_str("\ncount: ");
print_int(count);
print_str("\n*rx_bytes: ");
print_int((int)rx_bytes);
#endif
int ret = cgc_receive(fd, buf, count, rx_bytes);
#ifdef DEBUG
print_str("\nret: ");
print_int(ret);
print_str("\nfd: ");
print_int(fd);
print_str("\nbuf[0]: ");
print_char(buf[0]);
print_str("\ncount: ");
print_int(count);
print_str("\nrx_bytes: ");
print_int(*rx_bytes);
#endif
rv.eax = ret;
return ret;
}
#ifdef XXX
/*
static int receive2(int fd, char *buf, int count, int *rx_bytes)
{
*/
int bytes_out = 0;
if (bytes_buffered == 0)
{
cursor_pos = 0;
// handle the case where nothing's buffered
// and requested size > STORAGE_SIZE
if (count > STORAGE_SIZE)
{
// call out to original receive()
return cgc_receive(fd, buf, count, rx_bytes);
}
}
else
{
// drain out buffer up to count bytes
while (bytes_buffered > 0 && bytes_out < count) {
*buf++ = storage[cursor_pos++];
bytes_out++;
bytes_buffered--;
}
if (bytes_buffered == 0 || cursor_pos == STORAGE_SIZE) {
cursor_pos = 0;
}
// if we're lucky, we've copied out all the requested data
count -= bytes_out;
if (count == 0)
{
if (rx_bytes)
*rx_bytes = bytes_out;
return 0;
}
}
// fill up the storage area again
int num_bytes;
int err_code = cgc_receive(fd, &storage[cursor_pos], STORAGE_SIZE - cursor_pos, &num_bytes);
if (err_code == 0)
{
int bytes_to_copy = count;
if (num_bytes < count) {
bytes_to_copy = num_bytes;
}
// copy out to user buffer
while (bytes_to_copy--) {
*buf++ = storage[cursor_pos++];
}
bytes_buffered = num_bytes - count;
if (bytes_buffered >= 0)
{
if (rx_bytes)
*rx_bytes = count + bytes_out;
}
else
{
// the user requested more bytes that we can hold in storage area...
// return only the bytes we have
// higher-level code has to be able to cope w/ the case
// where the OS returns fewer bytes than requested anyhow
if (rx_bytes)
*rx_bytes = num_bytes + bytes_out;
bytes_buffered = 0;
}
}
return err_code;
}
#endif
buffrecv/cgc.s 0 → 100644
+ 136
0
View file @ 12639e82
%ifdef CGC
section .text
BITS 32
global cgc_terminate
cgc_terminate:
mov eax,0x1
push ebx
mov ebx, [esp+0x8]
int 0x80
pop ebx
ret
global cgc_transmit
cgc_transmit:
mov eax,0x2
push ebx
push ecx
push edx
push esi
mov ebx, [esp+0x14]
mov ecx, [esp+0x18]
mov edx, [esp+0x1c]
mov esi, [esp+0x20]
int 0x80
pop esi
pop edx
pop ecx
pop ebx
ret
global cgc_receive
cgc_receive:
mov eax,0x3
push ebx
push ecx
push edx
push esi
mov ebx, [esp+0x14]
mov ecx, [esp+0x18]
mov edx, [esp+0x1c]
mov esi, [esp+0x20]
int 0x80
pop esi
pop edx
pop ecx
pop ebx
ret
global cgc_fdwait
cgc_fdwait:
mov eax,0x4
push ebx
push ecx
push edx
push esi
push edi
mov ebx, [esp+0x18]
mov ecx, [esp+0x1c]
mov edx, [esp+0x20]
mov esi, [esp+0x24]
mov edi, [esp+0x28]
int 0x80
pop edi
pop esi
pop edx
pop ecx
pop ebx
ret
global cgc_allocate
cgc_allocate:
mov eax,0x5
push ebx
push ecx
push edx
mov ebx, [esp+0x10]
mov ecx, [esp+0x14]
mov edx, [esp+0x18]
int 0x80
pop edx
pop ecx
pop ebx
ret
global cgc_deallocate
cgc_deallocate:
mov eax,0x6
push ebx
push ecx
mov ebx, [esp+0xc]
mov ecx, [esp+0x10]
int 0x80
pop ecx
pop ebx
ret
global cgc_random
cgc_random:
mov eax,0x7
push ebx
push ecx
push edx
mov ebx, [esp+0x10]
mov ecx, [esp+0x14]
mov edx, [esp+0x18]
int 0x80
pop edx
pop ecx
pop ebx
ret
%else
global syscall
syscall:
push edi
push esi
push ebx
mov edi, [esp+0x24]
mov esi, [esp+0x20]
mov edx, [esp+0x1c]
mov ecx, [esp+0x18]
mov ebx, [esp+0x14]
mov eax, [esp+0x10]
int 0x80
pop ebx
pop esi
pop edi
ret
%endif
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment