diff options
-rw-r--r-- | .travis.yml | 2 | ||||
-rwxr-xr-x | bfd/load.py | 69 | ||||
-rw-r--r-- | bfd/test/makefile | 4 | ||||
-rw-r--r-- | bfd/test/test.c | 2 | ||||
-rw-r--r-- | bruiser/bruiser.cpp | 4 | ||||
-rw-r--r-- | bruiser/bruisercapstone.c | 247 | ||||
-rw-r--r-- | bruiser/bruisercapstone.h | 49 | ||||
-rw-r--r-- | bruiser/bruiserffi.c | 33 | ||||
-rw-r--r-- | bruiser/bruiserffi.h | 19 | ||||
-rw-r--r-- | bruiser/devi_extra.h | 33 | ||||
-rw-r--r-- | bruiser/lua-scripts/demo1.lua | 3 | ||||
-rwxr-xr-x | extra-tools/capstoneubuntu14.sh | 6 | ||||
-rwxr-xr-x | gource.sh | 32 |
13 files changed, 450 insertions, 53 deletions
diff --git a/.travis.yml b/.travis.yml index 22751d3..70c4499 100644 --- a/.travis.yml +++ b/.travis.yml @@ -48,7 +48,7 @@ before_script: script: - make PY_CONF=python3.5-config CXX=clang-5.0 LLVM_CONF=llvm-config-5.0 BUILD_MODE=COV_NO_CLANG -j2 - #- ./extra-tools/precommitTests.sh + - cd ./extra-tools && ./precommitTests.sh after_failure: - find . -maxdepth 1 -name "core*" diff --git a/bfd/load.py b/bfd/load.py index 865fe91..e8de59a 100755 --- a/bfd/load.py +++ b/bfd/load.py @@ -34,6 +34,7 @@ class CLIArgParser(object): parser.add_argument("--objs", action='store_true', help="dump objects", default=False) parser.add_argument("--dynsym", action='store_true', help="dump dynamic symbol table", default=False) parser.add_argument("--dlpath", action='store_true', help="dump dynamic linker path", default=False) + parser.add_argument("--phdynent", action='store_true', help="dump ph PT_DYNAMIC entries", default=False) parser.add_argument("--section", type=str, help="dump a section") self.args = parser.parse_args() if self.args.obj is None: @@ -142,6 +143,39 @@ def get_ph_type(value): elif value == p_type_e.GNU_RELRO: return "GNU_RELRO" else: return None +class ph_dynamic_entry: + def __init__(self, d_tag, d_un): + self.d_tag = d_tag; + self.d_un = d_un + +class PH_DYN_TAG_TYPE: + DT_NULL = 0 + DT_NEEDED = 1 + DT_PLTRELSZ = 2 + DT_PLTGOT = 3 + DT_HASH = 4 + DT_STRTAB = 5 + DT_SYMTAB = 6 + DT_RELA = 7 + DT_RELASZ = 8 + DT_RELAENT = 9 + DT_STRSZ = 10 + DT_SYMENT = 11 + DT_INIT = 12 + DT_FINI = 13 + DT_SONAME = 14 + DT_RPATH = 15 + DT_SYMBOLIC = 16 + DT_REL = 17 + DT_RELSZ = 18 + DT_RELENT = 19 + DT_PLTREL = 20 + DT_DEBUG = 21 + DT_TEXTREL = 22 + DT_JMPREL = 23 + DT_LOPROC = 24 + DT_HIPROC = 25 + class ELF_ST_BIND: STB_LOCAL = 0 STB_GLOBAL = 1 @@ -308,6 +342,7 @@ class ELF(object): self.data_section = [] self.text_section = [] self.dlpath = str() + self.ph_dyn_ent = [] def init(self, size): self.size = size @@ -340,6 +375,7 @@ class ELF(object): offset += 24 self.pop_data_section() self.pop_text_section() + self.get_ph_dyn_entries() def read_ELF_H(self, size): self.elfhdr.ei_mag = self.so.read(4) @@ -430,6 +466,22 @@ class ELF(object): char = strings[index] return ''.join(name) + def get_ph_dyn_entries(self): + for phdr in self.phdr: + if byte2int(phdr.p_type) == p_type_e.PT_DYNAMIC: + self.so.seek(byte2int(phdr.p_offset), 0) + size = byte2int(phdr.p_memsz) + ph_dyn = self.so.read(size) + for i in range(int(size/8)): + d_tag = byte2int(ph_dyn[8*i:8*i + 4]) + d_un = byte2int(ph_dyn[8*i + 4:8*i + 8]) + self.ph_dyn_ent.append(ph_dynamic_entry(d_tag, d_un)) + + def dump_ph_dyn_entries(self): + for ph_dyn_e in self.ph_dyn_ent: + print(Colors.green + "d_tag: " + Colors.blue + repr(ph_dyn_e.d_tag) + Colors.ENDC, end="\t") + print(Colors.green + "d_un: " + Colors.blue + repr(ph_dyn_e.d_un) + Colors.ENDC) + def dump_funcs(self, dump_b): ret_list = [] dummy = [] @@ -745,6 +797,7 @@ class Call_Rewriter(object): for i in self.md.disasm(self.obj_code, 0x1): if i.mnemonic == "call": print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str)) + print(i.bytes) class Global_Rewriter(object): def __init__(self): @@ -771,11 +824,23 @@ def main(): elif argparser.args.dlpath: elf.dump_section(".interp") elif argparser.args.section: elf.dump_section(argparser.args.section) elif argparser.args.test: + counter = 0 print(elf.dump_funcs(False)[10]) print(elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False)[10]) - code = elf.dump_funcs(False)[10] - rewriter = Call_Rewriter(code) + for name in elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False): + if name == "glob": + print(counter) + print(elf.dump_funcs(False)[counter]) + print(name) + if name == "quad": + print(counter) + print(elf.dump_funcs(False)[counter]) + print(name) + counter += 1 + obj = elf.dump_funcs(False)[10] + rewriter = Call_Rewriter(obj) rewriter.run() + elif argparser.args.phdynent: elf.dump_ph_dyn_entries() except: signal.signal(signal.SIGINT, SigHandler_SIGINT) variables = globals().copy() diff --git a/bfd/test/makefile b/bfd/test/makefile index 7115100..3512579 100644 --- a/bfd/test/makefile +++ b/bfd/test/makefile @@ -1,7 +1,7 @@ ##################################VARS################################# CC=clang -CC_FLAGS=-fpic +CC_FLAGS=-fpic -O0 LD_FLAGS= -l bfd TARGET=test ##################################RULES################################ @@ -18,7 +18,7 @@ $(TARGET): $(TARGET).o $(CC) $^ $(LD_FLAGS) -o $@ $(TARGET).asm: $(TARGET).o - objdump -d -M intel -S $(TARGET).o > $(TARGET).asm + objdump -r -d -M intel -S $(TARGET).o > $(TARGET).asm $(TARGET).so: $(TARGET).o $(CC) $^ $(LD_FLAGS) -shared -o $@ diff --git a/bfd/test/test.c b/bfd/test/test.c index a62769a..cac61b6 100644 --- a/bfd/test/test.c +++ b/bfd/test/test.c @@ -19,6 +19,8 @@ int myvar2 = 2; int myvar3 = 3; int myvar4 = 4; +int glob(void) {return myvar1+myvar2+myvar3+myvar4;} + int main(int argc, char** argv) { int sum; sum = add2(10, 20); diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp index 053bffc..936bd83 100644 --- a/bruiser/bruiser.cpp +++ b/bruiser/bruiser.cpp @@ -1392,9 +1392,9 @@ class LuaWrapper PRINT_WITH_COLOR_LB(RED, "cant grow lua stack. current size is too small."); } for (auto& iter : xlist) { - std::cout << CYAN << iter.second << NORMAL; + if (Verbose) std::cout << CYAN << iter.second << NORMAL; lua_pushstring(__ls, iter.second.c_str()); - std::cout << " " << MAGENTA << (long int)iter.first << NORMAL <<"\n"; + if (Verbose) std::cout << " " << MAGENTA << (long int)iter.first << NORMAL <<"\n"; lua_pushinteger(__ls, (long int)iter.first); lua_settable(__ls, -3); } diff --git a/bruiser/bruisercapstone.c b/bruiser/bruisercapstone.c new file mode 100644 index 0000000..e65be3b --- /dev/null +++ b/bruiser/bruisercapstone.c @@ -0,0 +1,247 @@ + +/***************************************************Project Mutator****************************************************/ +/*first line intentionally left blank.*/ +/*bruiser's capstone side for rewriting xobjects*/ +/*Copyright (C) 2018 Farzad Sadeghi + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +#include "./bruisercapstone.h" +#include "./devi_extra.h" +#include <capstone/capstone.h> +#include <errno.h> +#include <inttypes.h> +#include <keystone/keystone.h> +#include <stdarg.h> +#include <stdint.h> +#include <stdio.h> +#include <string.h> +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +extern char etext, edata, end; +// quad +#define CODE_1 "\x55\x48\x89\xe5\x48\x83\xec\x20\x89\x7d\xfc\x89\x75\xf8\x89\x55\xf4\x89\x4d\xf0\x8b\x7d\xfc\x8b\x75\xf8\xe8\xd1\xfd\xff\xff\x8b\x7d\xf4\x8b\x75\xf0\x89\x45\xec\xe8\xc3\xfd\xff\xff\x8b\x4d\xec\x1\xc1\x89\xc8\x48\x83\xc4\x20\x5d\xc3" +// glob +#define CODE_2 "\x55\x48\x89\xe5\x48\x8b\x05\x0d\x15\x20\x00\x48\x8b\x0d\xee\x14\x20\x00\x48\x8b\x15\xf7\x14\x20\x00\x48\x8b\x35\xd8\x14\x20\x00\x8b\x3e\x03\x3a\x03\x39\x03\x38\x89\xf8\x5d\xc3" +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +uint32_t get_textsection_length(void) {return &edata-&etext;} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +uintptr_t get_symbol_rt_address(const char* symbol_name) {} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +void int2byte(int value, uint8_t* ret_value, size_t size) { + for (int i = 0; i < size; ++i) { + ret_value[i] = (value & (0xff << (8*i))) >> (8*i); + } +} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +void leb128_encode_s(int32_t value, uint8_t* ret_value, size_t size) { + uint8_t dummy; + if (value == 0) {for (int i = 0; i < size; ++i) ret_value[i] = 0;} + for (int i = 0; i < size; ++i) { + dummy = value & 0x7f; + ret_value[i] = dummy | 0x80; + value >>=7; + if (((value == 0) && ((dummy & 0x40) == 0)) || ((value == -1) && (dummy & 0x40))) { + ret_value[size - 1] ^= 0x80; + break; + } + } +} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +void leb128_encode_u(uint32_t value, uint8_t* ret_value, size_t size) { + uint8_t dummy; + if (value == 0) {for (int i = 0; i < size; ++i) ret_value[i] = 0;} + for (int i = 0; i < size; ++i) { + dummy = value & 0x7f; + ret_value[i] = dummy | 0x80; + value >>=7; + } + ret_value[size - 1] ^= 0x80; +} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +void leb128_decode_s(int32_t value, uint8_t* ret_value, size_t size) {} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +void leb128_decode_u(uint32_t value, uint8_t* ret_value, size_t size) {} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +int ks_write(ks_arch arch, int mode, const char* assembly, int syntax, unsigned char* encode) { + ks_engine* ks; + ks_err err = KS_ERR_ARCH; + size_t count; + size_t size; + + err = ks_open(arch, mode, &ks); + if (err != KS_ERR_OK) {printf("failed on ks_open().\n"); return -1;} + if (syntax) ks_option(ks, KS_OPT_SYNTAX, syntax); + + if (ks_asm(ks, assembly, 0, &encode, &size, &count)) {printf("errored out\n"); return -1;} +#if 0 + else { + printf("%s =", assembly); + for (size_t i = 0; i < size; ++i) { + printf("%02x ", encode[i]); + } + printf("\n"); + } +#endif + + ks_close(ks); + return size; +} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +int global_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj) { + csh handle; + cs_insn* insn; + size_t count; + uint8_t code[16]; + size_t size_counter = 0; + unsigned char *encode; + + if (cs_open(CS_ARCH_X86, CS_MODE_64, &handle) != CS_ERR_OK) return -1; + count = cs_disasm(handle, obj, size, 0x0, 0, &insn); + printf("number of instructions: %d.\n\n", count); + cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); + + if (count > 0) { + size_t j; + for (j = 0; j < count; ++j) { + printf(CYAN"%d.\t"NORMAL, j); + printf(GREEN"0x%"PRIx64":\t%s\t\t%s\t"NORMAL, insn[j].address, insn[j].mnemonic, insn[j].op_str); + printf(BLUE"insn size: %d\n"NORMAL, insn[j].size); + //for (int i = 0; i < 16; ++i) {code[i] = insn[j].bytes[i]; printf("%02x ", code[i]);} + //printf("\n"); + + if (strcmp(insn[j].mnemonic, "mov") == 0) { + } + + for (int i = 0; i < insn[j].size; ++i) { + asm_code[size_counter] = insn[j].bytes[i]; + size_counter++; + } + } + + cs_free(insn, count); + } else { + printf("ERROR!!!\n"); + } + cs_close(&handle); + return size_counter; +} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +int call_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj) { + csh handle; + cs_insn* insn; + size_t count; + uint8_t rewritten[16]; + uint8_t code[16]; + size_t size_counter = 0; + + if (cs_open(CS_ARCH_X86, CS_MODE_64, &handle) != CS_ERR_OK) return -1; + count = cs_disasm(handle, obj, size, 0x0, 0, &insn); + printf("number of instructions: %d.\n\n", count); + cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); + + if (count > 0) { + size_t j; + for (j = 0; j < count; ++j) { + printf(CYAN"%d.\t"NORMAL, j); + printf(GREEN"0x%"PRIx64":\t%s""\t\t%s\t"NORMAL, insn[j].address, insn[j].mnemonic, insn[j].op_str); + for (int i = 0; i < 16; ++i) {code[i] = insn[j].bytes[i]; printf(BLUE"%02x "NORMAL, code[i]);} + printf("\n"); + + if (strcmp(insn[j].mnemonic, "call") == 0) { + char* endptr; + intmax_t address = strtoimax(insn[j].op_str, &endptr, 0); + uintmax_t uaddress = strtoumax(insn[j].op_str, &endptr, 0); + // rewriting + asm_code[size_counter] = 0xe8, size_counter++; + uint8_t temp[4]; + //@DEVI-call cant be the last instructino in a function + int2byte(offset + insn[j].address, temp, 4); + for (int i = 0; i < 4; ++i) {asm_code[size_counter] = temp[i]; size_counter++;} + continue; + } + for (int i = 0; i < insn[j].size; ++i) { + asm_code[size_counter] = insn[j].bytes[i]; + size_counter++; + } + } + + cs_free(insn, count); + } else { + printf("ERROR!!!\n"); + } + cs_close(&handle); + return size_counter; +} +/**********************************************************************************************************************/ +/**********************************************************************************************************************/ +// @DEVI-the following lines are only meant for testing. +#pragma weak main +int main(int argc, char** argv) { + uint8_t asm_code[58]; + uint8_t asm_code2[44]; + printf("----------------------------------------------------------\n"); + printf("call_rewriter:\n"); + int new_size = call_rewriter(-528, 58, asm_code, CODE_1); + printf("new size is %d.\n", new_size); + for (int i = new_size; i < 58; ++i) {asm_code[i] = 0;} + for (int i = 0; i < 58; ++i) {printf("%02x ", asm_code[i]);} + + printf("\n----------------------------------------------------------\n"); + printf("global_rewriter:\n"); + new_size = global_rewriter(-528, 44, asm_code2, CODE_2); + printf("new size is %d.\n", new_size); + for (int i = new_size; i < 44; ++i) {asm_code2[i] = 0;} + for (int i = 0; i < 44; ++i) {printf("%02x ", asm_code2[i]);} + + printf("\n----------------------------------------------------------\n"); + printf("etext: %10p\n", &etext); + printf("edata: %10p\n", &edata); + printf("end: %10p\n", &end); + printf("text section length: %d\n", get_textsection_length()); + + printf("----------------------------------------------------------\n"); + uint8_t value[4]; + int2byte(-528, value, 4); + for (int i = 0; i < 4; ++i) {printf("%02x ", value[i]);} + printf("\n"); + leb128_encode_u(528, value, 4); + for (int i = 0; i < 4; ++i) {printf("%02x ", value[i]);} + printf("\n"); + leb128_encode_s(-528, value, 4); + for (int i = 0; i < 4; ++i) {printf("%02x ", value[i]);} + printf("\n"); + printf("----------------------------------------------------------\n"); + + unsigned char* encode; + ks_write(KS_ARCH_X86, KS_MODE_64, "add rax, rcx", 0, encode); + ks_free(encode); + + return 0; +} +/**********************************************************************************************************************/ +/*last line intentionally left blank.*/ + diff --git a/bruiser/bruisercapstone.h b/bruiser/bruisercapstone.h new file mode 100644 index 0000000..054eb19 --- /dev/null +++ b/bruiser/bruisercapstone.h @@ -0,0 +1,49 @@ + +/***************************************************Project Mutator****************************************************/ +/*first line intentionally left blank.*/ +/*bruiser's capstone side for rewriting xobjects*/ +/*Copyright (C) 2018 Farzad Sadeghi + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ +/**********************************************************************************************************************/ +#include <capstone/capstone.h> +#include <keystone/keystone.h> +#include <stdint.h> +/**********************************************************************************************************************/ +#ifndef BRUISER_CAPSTONE_H +#define BRUISER_CAPSTONE_H + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t get_textsection_length(void); +uintptr_t get_symbol_rt_address(const char* symbol_name); +void int2byte(int value, uint8_t* ret_value, size_t size); +void leb128_encode_s(int32_t value, uint8_t* ret_value, size_t size); +void leb128_encode_u(uint32_t value, uint8_t* ret_value, size_t size); +void leb128_decode_s(int32_t value, uint8_t* ret_value, size_t size); +void leb128_decode_u(uint32_t value, uint8_t* ret_value, size_t size); +int ks_write(ks_arch arch, int mode, const char* assembly, int syntax, unsigned char* encode); +int global_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj); +int call_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj); + +#ifdef __cplusplus +} +#endif +#endif +/**********************************************************************************************************************/ +/*last line intentionally left blank.*/ + diff --git a/bruiser/bruiserffi.c b/bruiser/bruiserffi.c index c847d10..fee9dfe 100644 --- a/bruiser/bruiserffi.c +++ b/bruiser/bruiserffi.c @@ -22,7 +22,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* // @TODO-vararg xobjs are not supported /**********************************************************************************************************************/ #include "bruiserffi.h" -//#include <capstone/capstone.h> #include <errno.h> #include <ffi.h> #include <inttypes.h> @@ -169,34 +168,6 @@ void* ffi_callX(int argc, const char** arg_string, ffi_type rtype, void* x_ptr, void* ffi_callX_var(int argc, const char** arg_string, ffi_type rtype, void* x_ptr, void** values) {return NULL;} /**********************************************************************************************************************/ -#if 0 -#define CODE_1 "\x55\x48\x89\xe5\x48\x83\xec\x20\x89\x7d\xfc\x89\x75\xf8\x89\x55\xf4\x89\x4d\xf0\x8b\x7d\xfc\x8b\x75\xf8\xe8\xd1\xfd\xff\xff\x8b\x7d\xf4\x8b\x75\xf0\x89\x45\xec\xe8\xc3\xfd\xff\xff\x8b\x4d\xec\x1\xc1\x89\xc8\x48\x83\xc4\x20\x5d\xc3" -int capstone_test(void) { - csh handle; - cs_insn* insn; - size_t count; - if (cs_open(CS_ARCH_X86, CS_MODE_64, &handle) != CS_ERR_OK) return -1; - count = cs_disasm(handle, CODE_1, sizeof(CODE_1) - 1, 0x0, 0, &insn); - if (count > 0) { - size_t j; - for (j = 0; j <count; ++j) { - if (strcmp(insn[j].mnemonic, "call") == 0) { - printf("0x%"PRIx64":\t%s\t\t%s\n", insn[j].address, insn[j].mnemonic, insn[j].op_str); - char* endptr; - intmax_t address = strtoimax(insn[j].op_str, &endptr, 0); - uintmax_t uaddress = strtoumax(insn[j].op_str, &endptr, 0); - printf("address: %ld\n", address); - printf("uaddress: %ld\n", uaddress); - } - } - cs_free(insn, count); - } else { - printf("ERROR!!!\n"); - } - cs_close(&handle); - return 0; -} -#endif /**********************************************************************************************************************/ // @DEVI-the following lines are only meant for testing. uint32_t add2(uint32_t a, uint32_t b) {return a+b;} @@ -236,10 +207,6 @@ int main(int argc, char** argv) { result = ffi_callX(1, args3, ffi_type_pointer, pstring, values3); fprintf(stdout, "result of calling passthrough is %s\n", ffi_reinterpret_string(result)); - /*capstone tests*/ - printf("\n"); - //capstone_test(); - return 0; } /**********************************************************************************************************************/ diff --git a/bruiser/bruiserffi.h b/bruiser/bruiserffi.h index 567a6f6..c06ecda 100644 --- a/bruiser/bruiserffi.h +++ b/bruiser/bruiserffi.h @@ -18,7 +18,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ /**********************************************************************************************************************/ -//#include <capstone/capstone.h> #include <ffi.h> #include <stdint.h> /**********************************************************************************************************************/ @@ -33,15 +32,15 @@ extern "C" { X ffi_reinterpret_##X(void* result); #define X_LIST_GEN \ - X(uint8_t, "uint8_t")\ - X(uint16_t, "uint8_t")\ - X(uint32_t, "uint8_t")\ - X(uint64_t, "uint8_t")\ - X(int8_t, "uint8_t")\ - X(int16_t, "uint8_t")\ - X(int32_t, "uint8_t")\ - X(int64_t, "uint8_t")\ - X(uintptr_t, "uint8_t")\ + X(uint8_t, "for uint8_t")\ + X(uint16_t, "for uint16_t")\ + X(uint32_t, "for uint32_t")\ + X(uint64_t, "for uint64_t")\ + X(int8_t, "for int8_t")\ + X(int16_t, "for int16_t")\ + X(int32_t, "for int32_t")\ + X(int64_t, "for int64_t")\ + X(uintptr_t, "for pointers")\ #define X(X1,X2) REINTERPRET_GENERATOR(X1) X_LIST_GEN diff --git a/bruiser/devi_extra.h b/bruiser/devi_extra.h new file mode 100644 index 0000000..9ef66b3 --- /dev/null +++ b/bruiser/devi_extra.h @@ -0,0 +1,33 @@ + +/*first line intentionally left blank.*/ +/**********************************************************************************************************************/ +#include <inttypes.h> +#include <stdint.h> +/**********************************************************************************************************************/ +#ifndef DEVI_EXTRA_H +#define DEVI_EXTRA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define RED "\033[1;31m" +#define CYAN "\033[1;36m" +#define GREEN "\033[1;32m" +#define BLUE "\033[1;34m" +#define BLACK "\033[1;30m" +#define BROWN "\033[1;33m" +#define MAGENTA "\033[1;35m" +#define GRAY "\033[1;37m" +#define DARKGRAY "\033[1;30m" +#define YELLOW "\033[1;33m" +#define NORMAL "\033[0m" +#define CLEAR "\033[2J" + +#ifdef __cplusplus +} +#endif +#endif +/**********************************************************************************************************************/ +/*last line intentionally left blank.*/ + diff --git a/bruiser/lua-scripts/demo1.lua b/bruiser/lua-scripts/demo1.lua index 6645098..efbc7c5 100644 --- a/bruiser/lua-scripts/demo1.lua +++ b/bruiser/lua-scripts/demo1.lua @@ -192,6 +192,9 @@ function main() --print("xcall returned:",a) --if a ~= 100 then print("test failed") end + a = xobjlist() + print("the offset of quad and add2 is : ", a["quad"] - a["add2"]) + end main() diff --git a/extra-tools/capstoneubuntu14.sh b/extra-tools/capstoneubuntu14.sh index 85caab5..4c895e4 100755 --- a/extra-tools/capstoneubuntu14.sh +++ b/extra-tools/capstoneubuntu14.sh @@ -2,9 +2,9 @@ cd $(dirname $0) -"wget" https://github.com/aquynh/capstone/archive/3.0.5-rc2.tar.gz -"tar" -xvzf capstone-3.0.5-rc2.tar.gz -"cd" capstone-3.0.5-rc2.tar.gz +"wget" https://github.com/aquynh/capstone/archive/3.0.5-rc2.tar.gz -o capstone.tar.gz +"tar" -xvzf capstone.tar.gz +"cd" capstone* "make" sudo make install "cd" .. diff --git a/gource.sh b/gource.sh new file mode 100755 index 0000000..703b1c7 --- /dev/null +++ b/gource.sh @@ -0,0 +1,32 @@ +#!/bin/bash +"gource" \ +--path ./ \ +--seconds-per-day 0.15 \ +--title "mutator" \ +-1280x720 \ +--file-idle-time 0 \ +--auto-skip-seconds 0.75 \ +--multi-sampling \ +--stop-at-end \ +--highlight-users \ +--hide filenames,mouse,progress \ +--max-files 0 \ +--background-colour 000000 \ +--disable-bloom \ +--font-size 24 \ +--output-ppm-stream - \ +--output-framerate 30 \ +-o - \ +| ffmpeg \ +-y \ +-r 60 \ +-f image2pipe \ +-vcodec ppm \ +-i - \ +-vcodec libx264 \ +-preset ultrafast \ +-pix_fmt yuv420p \ +-crf 1 \ +-threads 0 \ +-bf 0 \ +./mutator.mp4 |