[feat]: merge burstfs syscall_intercept hwk code

.gitignore

+.vscode
\ No newline at end of file

syscall_intercept/CMakeLists.txt

@@ -62,6 +62,27 @@ set(SYSCALL_INTERCEPT_VERSION_PATCH 0)
 set(SYSCALL_INTERCEPT_VERSION
 	${SYSCALL_INTERCEPT_VERSION_MAJOR}.${SYSCALL_INTERCEPT_VERSION_MINOR}.${SYSCALL_INTERCEPT_VERSION_PATCH})
 
+
+find_package(OpenSSL REQUIRED)
+
+if(NOT OpenSSL_FOUND)
+    message("package not find OpenSSL,using pkgConfig find.")
+	find_package(PkgConfig QUIET)
+	if(PKG_CONFIG_FOUND)
+		pkg_search_module(OpenSSL OpenSSL REQUIRED)
+	endif()
+endif()
+
+if(NOT OpenSSL_FOUND)
+	message(FATAL_ERROR
+"Unable to find OpenSSL. Please install pkg-config and OpenSSL development files, e.g.:
+sudo apt-get install pkg-config libssl-dev (on Debian, Ubuntu)
+or
+sudo yum install openssl-devel (on Centos)
+If casptone is installed, but cmake didn't manage to find it, there is a slight chance of fixing things by setting some of the following environment variables:
+PKG_CONFIG_PATH, CMAKE_PREFIX_PATH, CMAKE_MODULE_PATH")
+endif()
+	
 if (NOT DEFINED capstone_LIBRARIES AND NOT DEFINED capstone_INCLUDEDIR AND NOT DEFINED capstone_LIBRARIES_PATH)
 	include(cmake/find_capstone.cmake)
 else()
@@ -90,6 +111,7 @@ set(SOURCES_ASM
 	src/intercept_wrapper.S)
 
 
+
 include_directories(include)
 link_directories(${capstone_LIBRARY_DIRS})
 
@@ -155,10 +177,10 @@ endif()
 target_link_libraries(syscall_intercept_shared
 	PRIVATE ${CMAKE_DL_LIBS}
 	"-Wl,--push-state,${CAPSTONE_LINK_MODE} -lcapstone -Wl,--pop-state"
-	"-Wl,--version-script=${CMAKE_SOURCE_DIR}/version.map")
+	"-Wl,--version-script=${CMAKE_SOURCE_DIR}/version.map" OpenSSL::Crypto )
 
 target_link_libraries(syscall_intercept_static
-	INTERFACE ${CMAKE_DL_LIBS} ${capstone_LIBRARIES})
+	INTERFACE ${CMAKE_DL_LIBS} ${capstone_LIBRARIES} OpenSSL::Crypto)
 
 set_target_properties(syscall_intercept_shared
 	PROPERTIES VERSION ${SYSCALL_INTERCEPT_VERSION}

syscall_intercept/src/disasm_wrapper.h

@@ -48,8 +48,10 @@
 #include <stddef.h>
 #include <stdint.h>
 
+
 struct intercept_disasm_result {
-	const unsigned char *address;
+	const unsigned char *address; // = offset + text_start
+	unsigned long offset; // address referring to text_start
 
 	bool is_set;
 
@@ -106,7 +108,8 @@ struct intercept_disasm_result {
 	 * These are only valid, when has_ip_relative_opr is true.
 	 */
 	int32_t rip_disp;
-	const unsigned char *rip_ref_addr;
+	const unsigned char *rip_ref_addr; // = rip + rip_disp
+						// rip = address + length
 
 #ifndef NDEBUG
 	const char *mnemonic;

syscall_intercept/src/intercept.c

@@ -53,6 +53,7 @@
 #include <stdarg.h>
 #include <sys/auxv.h>
 #include <linux/sched.h>
+#include <time.h>
 
 #include "intercept.h"
 #include "intercept_log.h"
@@ -91,13 +92,69 @@ debug_dump(const char *fmt, ...)
 	if (len <= 0)
 		return;
 
-	char buf[len + 1];
+	// char buf[len + 1];
+
+	// va_start(ap, fmt);
+	// len = vsprintf(buf, fmt, ap);
+	// va_end(ap);
+
+	// syscall_no_intercept(SYS_write, 2, buf, len);
+	int time_len = 22;
+	struct timespec tm;
+	syscall_no_intercept(SYS_clock_gettime, CLOCK_REALTIME, &tm);
+
+	char buf[time_len + len + 1];
 
 	va_start(ap, fmt);
-	len = vsprintf(buf, fmt, ap);
+	len = vsprintf(buf + time_len, fmt, ap);
 	va_end(ap);
 
-	syscall_no_intercept(SYS_write, 2, buf, len);
+	sprintf(buf, "%ld.%09ld ", tm.tv_sec, tm.tv_nsec);
+
+	syscall_no_intercept(SYS_write, 2, buf, time_len + len);
+}
+
+/*
+ * get_real_path
+ * Obtain the real path of the object.
+ *
+ * The paths resolved are stored in BSS, in the paths variable. The
+ * returned pointer points into this variable. The next_path
+ * pointer keeps track of the already "allocated" space inside
+ * the paths array.
+ */
+static const char *
+get_real_path(const char *path)
+{
+	static char paths[0x10000];
+	static char *next_path = paths;
+	static const int path_max = 4096;
+
+	if ((next_path >= paths + sizeof(paths) - path_max))
+		return NULL; /* No more space left */
+
+	while (true) {
+		ssize_t read_size = syscall_no_intercept(SYS_readlink,
+						path, next_path, path_max - 1);
+		if (read_size < 0) {
+			debug_dump("error readlink of %s\n", path);
+			return NULL;
+		}
+
+		next_path[read_size] = '\0';
+
+		if (read_size < path_max - 1) {
+			// reach the actual file path
+			break;
+		}
+
+		path = next_path;
+	}
+
+	path = next_path;
+	next_path += strlen(next_path) + 1;
+
+	return path;
 }
 
 static void log_header(void);
@@ -155,6 +212,10 @@ static bool libc_found;
 /* address of [vdso] */
 static void *vdso_addr;
 
+/* the dir to save text desc */
+char *text_desc_save_dir = NULL;
+/* save text desc to file or not */
+bool text_desc_save_file = false;
 /*
  * allocate_next_obj_desc
  * Handles the dynamic allocation of the struct intercept_desc array.
@@ -427,6 +488,7 @@ analyze_object(struct dl_phdr_info *info, size_t size, void *data)
 
 	patches->base_addr = (unsigned char *)info->dlpi_addr;
 	patches->path = path;
+	patches->real_path = get_real_path(path);
 	find_syscalls(patches);
 
 	return 0;

syscall_intercept/src/intercept.h

@@ -62,10 +62,12 @@ struct syscall_desc {
 };
 
 struct range {
-	unsigned char *address;
+	unsigned char *address; // = offset + text_start
+	unsigned long offset; // address referring to text_start
 	size_t size;
 };
 
+
 /*
  * The patch_list array stores some information on
  * whereabouts of patches made to glibc.
@@ -147,6 +149,9 @@ struct intercept_desc {
 	/* where the object is in fs */
 	const char *path;
 
+	/* the real path of the object */
+	const char *real_path;
+
 	/*
 	 * Some sections of the library from which information
 	 * needs to be extracted.
@@ -175,6 +180,8 @@ struct intercept_desc {
 
 	struct patch_desc *items;
 	unsigned count;
+
+	size_t jump_table_size;
 	unsigned char *jump_table;
 
 	size_t nop_count;

syscall_intercept/src/intercept_util.c

@@ -521,3 +521,38 @@ strerror_no_intercept(long errnum)
 
 	return error_strings[errnum];
 }
+void
+xwrite(long fd, void *buffer, size_t size)
+{
+	long result = syscall_no_intercept(SYS_write, fd, buffer, size);
+
+	if (result != (long)size)
+		xabort_errno(syscall_error_code(result), __func__);
+}
+
+void *
+xmmap_file(int fd, size_t size, bool share)
+{
+	int prot = PROT_READ;
+	int flags = MAP_PRIVATE;
+
+	if (share) {
+		prot |= PROT_WRITE;
+		flags = MAP_SHARED;
+	}
+
+	long addr = syscall_no_intercept(SYS_mmap,
+				NULL, size, prot, flags, fd, (off_t)0);
+
+	xabort_on_syserror(addr, __func__);
+
+	return (void *) addr;
+}
+
+void
+xmsync(void *addr, size_t len)
+{
+	long result = syscall_no_intercept(SYS_msync, addr, len, MS_SYNC);
+
+	xabort_on_syserror(result, __func__);
+}

syscall_intercept/src/intercept_util.h

@@ -34,6 +34,7 @@
 #define INTERCEPT_UTIL_H
 
 #include <stddef.h>
+#include <stdbool.h>
 
 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
 
@@ -67,6 +68,15 @@ void *xmremap(void *addr, size_t old, size_t new);
  */
 void xmunmap(void *addr, size_t len);
 
+/*
+ * xmmap_file - mapping a file
+ *
+ * Not intercepted - does not call libc.
+ * Always succeeds if returns - aborts the process on failure.
+ */
+void *xmmap_file(int fd, size_t size, bool share);
+
+
 /*
  * xlseek - no fail lseek
  *
@@ -83,6 +93,20 @@ long xlseek(long fd, unsigned long off, int whence);
  */
 void xread(long fd, void *buffer, size_t size);
 
+/*
+ * xwrite - no fail write
+ *
+ * Not intercepted - does not call libc.
+ * Always succeeds writing size bytes returns - aborts the process on failure.
+ */
+void xwrite(long fd, void *buffer, size_t size);
+
+/*
+ * xmsync - no fail xmsync
+ */
+void xmsync(void *addr, size_t len);
+
+
 /*
  * strerror_no_intercept - returns a pointer to a C string associated with
  * an errno value.

syscall_intercept/test/CMakeLists.txt

@@ -46,7 +46,7 @@ add_executable(asm_pattern asm_pattern.c
 		$<TARGET_OBJECTS:syscall_intercept_base_asm>)
 
 target_link_libraries(asm_pattern
-	PRIVATE ${CMAKE_DL_LIBS} ${capstone_LDFLAGS} ${capstone_LIBRARIES})
+	PRIVATE ${CMAKE_DL_LIBS} ${capstone_LDFLAGS} ${capstone_LIBRARIES}  OpenSSL::Crypto)
 
 set(asm_patterns
 	nosyscall