From 9586c77174bea63e25159b52848be87918966b03 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Sep 2021 19:07:05 +0100 Subject: Fixes to build on Ubuntu 18.04 --- frida_mode/src/seccomp/seccomp_callback.c | 120 ++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 frida_mode/src/seccomp/seccomp_callback.c (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c new file mode 100644 index 00000000..ef069805 --- /dev/null +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -0,0 +1,120 @@ +#include +#include + +#include "seccomp.h" + +#include "debug.h" + +#ifndef __APPLE__ + +static void seccomp_callback_filter(struct seccomp_notif * req, + struct seccomp_notif_resp *resp, + GumReturnAddressArray * frames) { + + GumDebugSymbolDetails details = {0}; + if (req->data.nr == SYS_OPENAT) { + + seccomp_print("SYS_OPENAT: (%s)\n", (char *)req->data.args[1]); + + } + + seccomp_print( + "\nID (%#llx) for PID %d - %d (%s) [0x%llx 0x%llx 0x%llx 0x%llx 0x%llx " + "0x%llx ]\n", + req->id, req->pid, req->data.nr, seccomp_syscall_lookup(req->data.nr), + req->data.args[0], req->data.args[1], req->data.args[2], + req->data.args[3], req->data.args[4], req->data.args[5]); + + seccomp_print("FRAMES: (%u)\n", frames->len); + char **syms = backtrace_symbols(frames->items, frames->len); + if (syms == NULL) { FATAL("Failed to get symbols"); } + + for (guint i = 0; i < frames->len; i++) { + + if (gum_symbol_details_from_address(frames->items[i], &details)) { + + seccomp_print("\t%3d. %s!%s\n", i, details.module_name, + details.symbol_name); + + } else { + + seccomp_print("\t%3d. %s\n", i, syms[i]); + + } + + } + + free(syms); + + resp->error = 0; + resp->val = 0; + resp->id = req->id; + resp->flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE; + +} + +static void seccomp_callback_child(int signal_parent, void *ctx) { + + int sock_fd = *((int *)ctx); + int fd = seccomp_socket_recv(sock_fd); + + if (close(sock_fd) < 0) { FATAL("child - close"); } + + seccomp_event_signal(signal_parent); + seccomp_filter_child_install(); + seccomp_filter_run(fd, seccomp_callback_filter); + +} + +void seccomp_callback_parent(void) { + + int sock[2] = {-1, -1}; + pid_t child = -1; + int child_fd = -1; + + seccomp_socket_create(sock); + seccomp_child_run(seccomp_callback_child, sock, &child, &child_fd); + + if (dup2(child_fd, SECCOMP_PARENT_EVENT_FD) < 0) { FATAL("dup2"); } + + if (close(child_fd) < 0) { FATAL("seccomp_on_fork - close (1)"); } + + if (close(sock[STDIN_FILENO]) < 0) { FATAL("grandparent - close (2)"); } + + int fd = seccomp_filter_install(child); + seccomp_socket_send(sock[STDOUT_FILENO], fd); + + if (close(sock[STDOUT_FILENO]) < 0) { FATAL("grandparent - close (3)"); } + + if (close(fd) < 0) { FATAL("grandparent - close (4)"); } + + seccomp_child_wait(SECCOMP_PARENT_EVENT_FD); + +} + +void seccomp_callback_initialize(void) { + + char *path = NULL; + int fd; + + path = g_canonicalize_filename(seccomp_filename, g_get_current_dir()); + + OKF("Seccomp - path [%s]", path); + + fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + if (dup2(fd, SECCOMP_OUTPUT_FILE_FD) < 0) { + + FATAL("Failed to duplicate seccomp output file"); + + } + + if (close(fd) < 0) { FATAL("Failed to close seccomp output file fd"); } + + g_free(path); + +} + +#endif + -- cgit v1.2.3 From 5485ea3cc785866d6589987ad99f885bb1521047 Mon Sep 17 00:00:00 2001 From: jon Date: Wed, 1 Sep 2021 20:22:32 +0100 Subject: Fixes to make seccomp compile on OSX --- frida_mode/src/seccomp/seccomp_callback.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index ef069805..4af2ed0c 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -1,11 +1,11 @@ -#include -#include +#ifndef __APPLE__ -#include "seccomp.h" + #include + #include -#include "debug.h" + #include "seccomp.h" -#ifndef __APPLE__ + #include "debug.h" static void seccomp_callback_filter(struct seccomp_notif * req, struct seccomp_notif_resp *resp, -- cgit v1.2.3 From 1a79a36762ccb5cac6da8ce09fd681166d02352b Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 3 Oct 2021 00:32:59 +0200 Subject: fix compiler warning in 32-Bit --- frida_mode/src/seccomp/seccomp_callback.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index 4af2ed0c..7e1e2070 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -14,8 +14,12 @@ static void seccomp_callback_filter(struct seccomp_notif * req, GumDebugSymbolDetails details = {0}; if (req->data.nr == SYS_OPENAT) { +#if UINTPTR_MAX == 0xffffffffffffffffu seccomp_print("SYS_OPENAT: (%s)\n", (char *)req->data.args[1]); - +#endif +#if UINTPTR_MAX == 0xffffffff + seccomp_print("SYS_OPENAT: (%s)\n", (char *)(__u32)req->data.args[1]); +#endif } seccomp_print( -- cgit v1.2.3 From c96fdfac01829a5f6a9e98968817d6b6588389b8 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 16 Oct 2021 12:44:25 +0100 Subject: frida mode android build fix proposal. also protecting seccomp the other way around in case it is ported in another platform supported by frida. --- frida_mode/src/seccomp/seccomp_callback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index 7e1e2070..a88196ac 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -1,4 +1,4 @@ -#ifndef __APPLE__ +#if defined(__linux__) && !defined(__ANDROID__) #include #include -- cgit v1.2.3 From 85ca0df98988cdb235e1d0cb9b156affc5afc80e Mon Sep 17 00:00:00 2001 From: David Carlier Date: Mon, 25 Oct 2021 06:53:45 +0100 Subject: frida mode musl build fix --- frida_mode/src/seccomp/seccomp_callback.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index a88196ac..bc488489 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -1,6 +1,8 @@ #if defined(__linux__) && !defined(__ANDROID__) +#if !defined(__MUSL__) #include +#endif #include #include "seccomp.h" @@ -29,6 +31,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req, req->data.args[0], req->data.args[1], req->data.args[2], req->data.args[3], req->data.args[4], req->data.args[5]); +#if !defined(__MUSL__) seccomp_print("FRAMES: (%u)\n", frames->len); char **syms = backtrace_symbols(frames->items, frames->len); if (syms == NULL) { FATAL("Failed to get symbols"); } @@ -49,6 +52,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req, } free(syms); +#endif resp->error = 0; resp->val = 0; -- cgit v1.2.3 From 7407e2fb11675261173c625c3010ce9571a7d6f6 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Mon, 25 Oct 2021 09:37:51 +0100 Subject: frida mode musl further changes display stack trace --- frida_mode/src/seccomp/seccomp_callback.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index bc488489..4232d842 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -52,6 +52,22 @@ static void seccomp_callback_filter(struct seccomp_notif * req, } free(syms); +#else + void **syms = (void **)__builtin_frame_address(0); + void *framep = __builtin_frame_address(1); + int i = 0; + + syms = framep; + while (syms) { + + framep = *syms; + syms = framep; + + if (!syms) break; + + seccomp_print("\%3d. %s\n", i ++, (char *)framep); + + } #endif resp->error = 0; -- cgit v1.2.3 From 6ce3d7fede6b32b522b6cc4403f7c0101cf4a4bc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 4 Nov 2021 15:53:17 +0100 Subject: add AFL_USE_TSAN --- frida_mode/src/seccomp/seccomp_callback.c | 32 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index 4232d842..ac0fb8bb 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -1,8 +1,8 @@ #if defined(__linux__) && !defined(__ANDROID__) -#if !defined(__MUSL__) - #include -#endif + #if !defined(__MUSL__) + #include + #endif #include #include "seccomp.h" @@ -16,12 +16,13 @@ static void seccomp_callback_filter(struct seccomp_notif * req, GumDebugSymbolDetails details = {0}; if (req->data.nr == SYS_OPENAT) { -#if UINTPTR_MAX == 0xffffffffffffffffu + #if UINTPTR_MAX == 0xffffffffffffffffu seccomp_print("SYS_OPENAT: (%s)\n", (char *)req->data.args[1]); -#endif -#if UINTPTR_MAX == 0xffffffff + #endif + #if UINTPTR_MAX == 0xffffffff seccomp_print("SYS_OPENAT: (%s)\n", (char *)(__u32)req->data.args[1]); -#endif + #endif + } seccomp_print( @@ -31,7 +32,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req, req->data.args[0], req->data.args[1], req->data.args[2], req->data.args[3], req->data.args[4], req->data.args[5]); -#if !defined(__MUSL__) + #if !defined(__MUSL__) seccomp_print("FRAMES: (%u)\n", frames->len); char **syms = backtrace_symbols(frames->items, frames->len); if (syms == NULL) { FATAL("Failed to get symbols"); } @@ -52,23 +53,24 @@ static void seccomp_callback_filter(struct seccomp_notif * req, } free(syms); -#else + #else void **syms = (void **)__builtin_frame_address(0); - void *framep = __builtin_frame_address(1); - int i = 0; + void * framep = __builtin_frame_address(1); + int i = 0; syms = framep; while (syms) { - - framep = *syms; + + framep = *syms; syms = framep; if (!syms) break; - seccomp_print("\%3d. %s\n", i ++, (char *)framep); + seccomp_print("\%3d. %s\n", i++, (char *)framep); } -#endif + + #endif resp->error = 0; resp->val = 0; -- cgit v1.2.3 From 02e8919cbc744064510f6cd99539f7662343073f Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 9 Nov 2021 18:29:25 +0000 Subject: Suppress spurious output --- frida_mode/src/seccomp/seccomp_callback.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'frida_mode/src/seccomp/seccomp_callback.c') diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index ac0fb8bb..f7aaf78b 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -6,8 +6,7 @@ #include #include "seccomp.h" - - #include "debug.h" + #include "util.h" static void seccomp_callback_filter(struct seccomp_notif * req, struct seccomp_notif_resp *resp, @@ -35,7 +34,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req, #if !defined(__MUSL__) seccomp_print("FRAMES: (%u)\n", frames->len); char **syms = backtrace_symbols(frames->items, frames->len); - if (syms == NULL) { FATAL("Failed to get symbols"); } + if (syms == NULL) { FFATAL("Failed to get symbols"); } for (guint i = 0; i < frames->len; i++) { @@ -84,7 +83,7 @@ static void seccomp_callback_child(int signal_parent, void *ctx) { int sock_fd = *((int *)ctx); int fd = seccomp_socket_recv(sock_fd); - if (close(sock_fd) < 0) { FATAL("child - close"); } + if (close(sock_fd) < 0) { FFATAL("child - close"); } seccomp_event_signal(signal_parent); seccomp_filter_child_install(); @@ -101,18 +100,18 @@ void seccomp_callback_parent(void) { seccomp_socket_create(sock); seccomp_child_run(seccomp_callback_child, sock, &child, &child_fd); - if (dup2(child_fd, SECCOMP_PARENT_EVENT_FD) < 0) { FATAL("dup2"); } + if (dup2(child_fd, SECCOMP_PARENT_EVENT_FD) < 0) { FFATAL("dup2"); } - if (close(child_fd) < 0) { FATAL("seccomp_on_fork - close (1)"); } + if (close(child_fd) < 0) { FFATAL("seccomp_on_fork - close (1)"); } - if (close(sock[STDIN_FILENO]) < 0) { FATAL("grandparent - close (2)"); } + if (close(sock[STDIN_FILENO]) < 0) { FFATAL("grandparent - close (2)"); } int fd = seccomp_filter_install(child); seccomp_socket_send(sock[STDOUT_FILENO], fd); - if (close(sock[STDOUT_FILENO]) < 0) { FATAL("grandparent - close (3)"); } + if (close(sock[STDOUT_FILENO]) < 0) { FFATAL("grandparent - close (3)"); } - if (close(fd) < 0) { FATAL("grandparent - close (4)"); } + if (close(fd) < 0) { FFATAL("grandparent - close (4)"); } seccomp_child_wait(SECCOMP_PARENT_EVENT_FD); @@ -125,18 +124,18 @@ void seccomp_callback_initialize(void) { path = g_canonicalize_filename(seccomp_filename, g_get_current_dir()); - OKF("Seccomp - path [%s]", path); + FOKF("Seccomp - path [%s]", path); fd = open(path, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); if (dup2(fd, SECCOMP_OUTPUT_FILE_FD) < 0) { - FATAL("Failed to duplicate seccomp output file"); + FFATAL("Failed to duplicate seccomp output file"); } - if (close(fd) < 0) { FATAL("Failed to close seccomp output file fd"); } + if (close(fd) < 0) { FFATAL("Failed to close seccomp output file fd"); } g_free(path); -- cgit v1.2.3