diff options
-rw-r--r-- | md/writeup.md | 15 | ||||
-rw-r--r-- | md/writeup/kconfig2h_utility.md | 25 | ||||
-rw-r--r-- | md/writeup/linux_antidebug_1.md | 35 | ||||
-rw-r--r-- | md/writeup/linux_antidebug_2.md | 84 | ||||
-rw-r--r-- | md/writeup/linux_antidebug_3.md | 205 | ||||
-rw-r--r-- | md/writeup/linux_antidebug_4.md | 118 | ||||
-rw-r--r-- | md/writeup/linux_antidebug_5.md | 56 | ||||
-rw-r--r-- | md/writeup/x11_prototype_gui.md | 41 |
8 files changed, 571 insertions, 8 deletions
diff --git a/md/writeup.md b/md/writeup.md index f079f83..fa9b397 100644 --- a/md/writeup.md +++ b/md/writeup.md @@ -61,15 +61,14 @@ title: Writeup page [GDB helper functions](writeup/gdb_helper_functions.md) [MicroBBS minimalistic BBS system](writeup/microbbs_minimalistic_bbs_system.md) [Serial GPS data reading utility](writeup/serial_gps_data_reading_utility.md) +[X11 prototype GUI](writeup/x11_prototype_gui.md) +[kconfig2h utility](writeup/kconfig2h_utility.md) +[Linux antidebug 1](writeup/linux_antidebug_1.md) +[Linux antidebug 2](writeup/linux_antidebug_2.md) +[Linux antidebug 3](writeup/linux_antidebug_3.md) +[Linux antidebug 4](writeup/linux_antidebug_4.md) +[Linux antidebug 5](writeup/linux_antidebug_5.md) - -[X11 prototype GUI](http://archive.main.lv/writeup/x11_prototype_gui.html) -[kconfig2h utility](http://archive.main.lv/writeup/kconfig2h_utility.html) -[Linux antidebug 1](http://archive.main.lv/writeup/linux_antidebug_1.html) -[Linux antidebug 2](http://archive.main.lv/writeup/linux_antidebug_2.html) -[Linux antidebug 3](http://archive.main.lv/writeup/linux_antidebug_3.html) -[Linux antidebug 4](http://archive.main.lv/writeup/linux_antidebug_4.html) -[Linux antidebug 5](http://archive.main.lv/writeup/linux_antidebug_5.html) [C C11 standart _Generic keyword](http://archive.main.lv/writeup/c_c11_standart__generic_keyword.html) [C inline assembler](http://archive.main.lv/writeup/c_inline_assembler.html) [Wrapping C++ exceptions, templated and classes in C](http://archive.main.lv/writeup/wrapping_c___exceptions,_templated_and_classes_in_c.html) diff --git a/md/writeup/kconfig2h_utility.md b/md/writeup/kconfig2h_utility.md new file mode 100644 index 0000000..11db1fe --- /dev/null +++ b/md/writeup/kconfig2h_utility.md @@ -0,0 +1,25 @@ +title:kconfig2h utility +keywords:kconfig,linux + +# kconfig2h utility + +Kconfig converts linux kernel config files to C headers. Intended to use +with kconfig utility mconf. Developed to use "make menuconfig" with home +projects. Using ragel to generate parser of Kconfig file. + +## USE: +``` +./kconfig .config config.h +``` + +## TODO: +if there is need add converters to ruby,c++,python,java + + +## Links +http://www.complang.org/ragel/ +https://github.com/FreeArtMan/kconfig2h + +## Downloads +http://archive.main.lv/files/writeup/kconfig2h_utility/kconfig2h.tar.gz + diff --git a/md/writeup/linux_antidebug_1.md b/md/writeup/linux_antidebug_1.md new file mode 100644 index 0000000..2f17195 --- /dev/null +++ b/md/writeup/linux_antidebug_1.md @@ -0,0 +1,35 @@ +title:Linux antidebug 1 +keywords:linux,debug,antidebug + +# Linux antidebug 1 + + + +Content: When ptrace is used for programm debugin then only +one ptrace can be attached to programmwhen we trying run ptrace +with PTRACE_TRACEME then we get -1. I tested with gdb,ald. +Also this method should work with IDApro + +```c +#include <stdlib.h> +#include <stdio.h> +#include <sys/ptrace.h> + +long int ptraced() +{ + return (ptrace(PTRACE_TRACEME, 0, 0, 0) == -1); +} + +int main() +{ + if ( ptraced() ) + { + printf("Ptraced!\n"); + } + return 0; +} +``` + +## Downloads +http://archive.main.lv/files/writeup/linux_antidebug_1/antidebug1.tar.gz + diff --git a/md/writeup/linux_antidebug_2.md b/md/writeup/linux_antidebug_2.md new file mode 100644 index 0000000..b4c60e1 --- /dev/null +++ b/md/writeup/linux_antidebug_2.md @@ -0,0 +1,84 @@ +title:Linux antidebug 2 +keywords:linux,debug,antidebug + +# Linux antidebug 2 +Content: This is dirty solution it checks programms argv[0] name +with your defined namewhen running debuger such as gdb or ald name is +chaned to fullpath nameuser defined name from terminal is './main'. + +```c +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <sys/types.h> + +int main( int argc , char **argv ) +{ + pid_t pid,ppid; + FILE *f; + char str[128]; + char spid[10]; + + //openfile and write ppid + f = fopen( "pid.txt" , "w" ); + pid = getpid(); + fprintf(f,"%d ",pid); + fclose( f ); + f = fopen( "pid.txt" , "r" ); + fscanf( f , "%s" , spid ); + fclose( f ); + + strcpy( str , "cat /proc/" ); + strcat( str , &spid[0] ); + strcat( str , "/cmdline"); + printf( "[%s]\n", spid ); + system( str ); + + printf("\n"); +} +``` + +Dirty function that makes dirty solution at one place + +```c +int badppid( const char *real_name ) +{ + pid_t pid,ppid; + FILE *f; + char str[128]; + char spid[10]; + f = fopen( "pid.txt" , "w" ); + pid = getpid(); + fprintf(f,"%d ",pid); + fclose( f ); + + + f = fopen( "pid.txt" , "r" ); + fscanf( f , "%s" , spid ); + fclose( f ); + + + strcpy( str , "cat /proc/" ); + strcat( str , &spid[0] ); + strcat( str , "/cmdline > name.txt"); + system( str ); + + f = fopen( "name.txt" , "r" ); + fscanf( f , "%s" , str ); + fclose( f ); + if ( strncmp(str,real_name,strlen(real_name)) != 0 ) + { + return -1; + } + + return 0; +} +``` + +## Downloads + +http://archive.main.lv/files/writeup/linux_antidebug_2/antidebug2.tar.gz + + + + diff --git a/md/writeup/linux_antidebug_3.md b/md/writeup/linux_antidebug_3.md new file mode 100644 index 0000000..b93b5d9 --- /dev/null +++ b/md/writeup/linux_antidebug_3.md @@ -0,0 +1,205 @@ +title:Linux antidebug 3 +keywords:linux,debug,antidebug + +# Linux antidebug 3 +Content: Now we will try to make disasm output very unclear. +We make jump with eax register + +## Program 1 + +```asm +main: + push lbl+1 + pop eax + jmp eax +lbl: + db 0xe8 + mov eax, 4 + mov ebx, 1 + mov ecx, msg1 + mov edx, msg1_size + int 80h + + mov eax, 1 + mov ebx, 0 + int 80h +``` + +Output is same as source. Nothing changes +Disassembler output 1 +``` +? ....... ! main: ;xref o80482d7 +? ....... ! push offset_804837d +? 8048379 ! pop eax +? 804837a ! jmp eax +? 804837c db 0e8h +? 804837d ! +? ....... ! offset_804837d: ;xref o8048374 +? ....... ! mov eax, 4 +? 8048382 ! mov ebx, 1 +? 8048387 ! mov ecx, strz_I_am_running__8049568 +? 804838c ! mov edx, 0eh +? 8048391 ! int 80h +? 8048393 ! mov eax, 1 +? 8048398 ! mov ebx, 0 +? 804839d ! int 80h +``` + +Here we add only one instruction. We get jump adress and add 1. +Disasm cannot calculate adress of jmp. + +## Program 2 +Like in first programm disasm think that we push correct adress and +disasm it. And our byte 0xe9 is used for disasm output. That nice. + +```asm +main: + push lbl + pop eax + inc eax + jmp eax +lbl: + db 0xe9 + mov eax, 4 + mov ebx, 1 + mov ecx, msg1 + mov edx, msg1_size + int 80h + + mov eax, 1 + mov ebx, 0 + int 80h +``` + +Disassembler output 2 + +``` +? ....... ! main: ;xref o80482d7 +? ....... ! push offset_804837d +? 8048379 ! pop eax +? 804837a ! inc eax +? 804837b ! jmp eax +? 804837d ! +? ....... ! offset_804837d: ;xref o8048374 +? ....... ! jmp 804883ah +? 8048382 add [ebx+1], bh +? 8048388 mov ecx, 8049568h +? 804838d mov edx, 0eh +? 8048392 int 80h +? 8048394 mov eax, 1 +? 8048399 mov ebx, 0 +? 804839e int 80h +``` + +Now we add nop instruction after every line of our code. It doesnt have +any impact on program work. +## Program 3 + +```asm +main: + push lbl + pop eax + inc eax + jmp eax +lbl: + db 0xe9 + mov eax, 4 + nop + mov ebx, 1 + nop + mov ecx, msg1 + nop + mov edx, msg1_size + int 80h + + mov eax, 1 + mov ebx, 0 + jmp lbl2+1 +lbl2: + db 0xe9 + int 80h +``` + +Disasm output now is very nice. Output isnt very good. For first time +when you view this output it is very unclear about what exactly is done +by this code. + +Disassembler output 3 + +``` +? ....... ! main: ;xref o80482d7 +? ....... ! push offset_804837d +? 8048379 ! pop eax +? 804837a ! inc eax +? 804837b ! jmp eax +? 804837d ! +? ....... ! offset_804837d: ;xref o8048374 +? ....... ! jmp 804883ah +? 8048382 add [eax+1bbh], dl +? 8048388 add [eax+49578b9h], dl +? 804838e or [eax+0ebah], dl +? 8048394 add ch, cl +? 8048396 cmp byte ptr [eax+1], 0bbh +? 804839d add [eax], al +? 804839f add [eax], al +? 80483a1 jmp 80483a4h +? 80483a3 jmp 98950475h +``` + +Here is one more way how to make unclear jump to other place. We using +function and inside function we change return address by 1. + +## Program 4 +Thats also works fine. Disasm dont know real return address ans and +use 0xe8 as he think is better. + +```asm +main: + call fun + db 0xe8 + mov eax, 4 + mov ebx, 1 + mov ecx, msg1 + mov edx, msg1_size + int 80h + + mov eax, 1 + mov ebx, 0 + int 80h + +fun: + pop ebp + inc ebp + push ebp + ret +``` + +Disassembler output 4 + +``` +? ....... ! main: ;xref o80482d7 +? ....... ! call sub_804839c +? 8048379 ! call 8048836h +? 804837e ! add [ebx+1], bh +? 8048384 ! mov ecx, strz_I_am_running__8049568 +? 8048389 ! mov edx, 0eh +? 804838e ! int 80h +? 8048390 ! mov eax, 1 +? 8048395 ! mov ebx, 0 +? 804839a ! int 80h +? 804839c ! +? ....... ! ;----------------------- +? ....... ! ; S U B R O U T I N E +? ....... ! ;----------------------- +? ....... ! sub_804839c: ;xref c8048374 +? ....... ! pop ebp +? 804839d ! inc ebp +? 804839e ! push ebp +? 804839f ! ret +``` + +## Download + +http://archive.main.lv/files/writeup/linux_antidebug_3/antidebug3.tar.gz + + diff --git a/md/writeup/linux_antidebug_4.md b/md/writeup/linux_antidebug_4.md new file mode 100644 index 0000000..63325cc --- /dev/null +++ b/md/writeup/linux_antidebug_4.md @@ -0,0 +1,118 @@ +title:Linux antidebug 4 +keywords:linux,debug,antidebug + +# Linux antidebug 4 +Content: Here is one more method how to check if your +application is debugged. Need to set signal handler with handles +interrupt number 3 with is used for step by step debugging + +Compile: + +``` +gcc main.c -o main +``` + +```c +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> + +#define FALSE 0 +#define TRUE 1 + +void sig_handler( int ); + +int debuging; + +int main() +{ + debuging = FALSE; + signal(SIGTRAP, sig_handler); + __asm__("int3"); + if (debuging == FALSE) + { + printf("Nothing special\n"); + } else + { + printf("Playing seek and hide\n"); + } + exit(1); +} + +void sig_handler( int sig) +{ + debuging = TRUE; +} +``` + + +Run: +```bash +./main +``` + +Example with asm + +Compile: + +```bash +fasm ad4.asm ad4.o + +gcc ad4.o -o ad4 +``` + +```asm +format ELF + +include 'ccall.inc' + +SYS_EXIT equ 1 +SIGTRAP equ 5 +TRUE equ 1 +FALSE equ 0 +section '.text' executable + +public main + +extrn printf +extrn exit +extrn signal + +main: + ccall signal, SIGTRAP, sig_handler + int 3h + + cmp [debug],FALSE + jne no_dbg + ccall printf,str1 + jmp exit + +no_dbg: + ccall printf,str2 + +to_exit: + mov eax, SYS_EXIT + mov ebx, 0 + int 80h + +sig_handler: + param1 equ dword [ebp+8] + mov [debug], TRUE + ret + +section '.data' writable + +debug db FALSE +str1 db "Under debug",0xA,0 +str2 db "No debug",0xA,0 +``` + +Tested and works for gdb and ald. + + +## Links +http://blog.binarycell.org/2011/04/simple-antidebugging-methods-part-2.html + +## Downloads +http://archive.main.lv/files/writeup/linux_antidebug_4/antidebug4.zip + diff --git a/md/writeup/linux_antidebug_5.md b/md/writeup/linux_antidebug_5.md new file mode 100644 index 0000000..fc71e6e --- /dev/null +++ b/md/writeup/linux_antidebug_5.md @@ -0,0 +1,56 @@ +title:Linux antidebug 5 +keywords:math,statistics + +# Linux antidebug 5 + +Content: When debugging program line by line or when running it +in some debugger then there can be some time delays when you +pressing buttons. We can measure them with asm command + +```asm +rdtsc +``` + +this instruction read time-stamp counter into edx:eax in our +program will be enough values from +eax + +function for c that uses rdtsc is + +```c +extern int get_timer() +``` + +in fasm it looks like + +```asm +get_timer: + rdtsc + ret +``` + +there is written code + +```c +s = get_timer(); +for (i=0;i<10000;i++) +{ +} +e = get_timer(); +d = e - s; +``` + +average time to execute 10000 is 70069 ticks for value +on with we detecting how fast working code i have choose +twice of average 120000 if execution time is larger then +probably it is debuged. + +## Compile +``` +make +``` + +## Download + +http://archive.main.lv/files/writeup/linux_antidebug_5/antidebug5.zip + diff --git a/md/writeup/x11_prototype_gui.md b/md/writeup/x11_prototype_gui.md new file mode 100644 index 0000000..8576ce1 --- /dev/null +++ b/md/writeup/x11_prototype_gui.md @@ -0,0 +1,41 @@ +title:X11 prototype GUI +keywords:x11,gui + +# X11 prototype GUI +I always whanged to write some GUI to try how its is. +This is X11 based GUI based on Xlib it has not "modern" but +in object oriented style. Planning to use it for small +projects. Successfully compiled it on Linux,OpenBSD,FreeBSD and MacOS. +Should work also on AIX. + +## COMPILE: +```bash +make +``` + +or try: +```bash +./compile.sh +``` + +## TODO: +fix flickering +support other compilers not only gcc +add some non-compilable configuration +try to port on SDL,OpenGL,curses +use some cool Wayland stuff +try to make some fancy/modern style + + +## Links +http://www.x.org/wiki/ProgrammingDocumentation/ + +## Downloads + +http://archive.main.lv/files/writeup/x11_prototype_gui/xlib_proto_gui.tar.gz + + +![GUI](/img/x11_gui/gui.png) + + + |