RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-04 15:17:35 +00:00
Code Issues Activity Actions
14148 commits 1 branch 0 tags 230 MiB
Commit graph

256 commits

Author SHA1 Message Date
Andreas Kling
a49c794725 UserspaceEmulator: Add the get_dir_entries() syscall + an ioctl() stub 2020-07-18 17:57:40 +02:00
Andreas Kling
e4b068aec5 UserspaceEmulator: Fix buggy IDIV instructions 
These were not doing mashing together the signed double-size results
correctly and lost bits in the signed/unsigned casting process.
 2020-07-18 17:57:40 +02:00
Andreas Kling
9e6d002660 UserspaceEmulator: Fix buggy IMUL instructions 
These were not recording the higher part of the result correctly.
Since the flags are much less complicated than the inline assembly
here, just implement IMUL in C++ instead.
 2020-07-18 17:57:40 +02:00
Andreas Kling
02882d5345 UserspaceEmulator: Add single-operand MUL and DIV instructions 
These are the unsigned variants. Signed variants sold separately.
 2020-07-18 17:57:40 +02:00
Andreas Kling
30d512144e UserspaceEmulator: Implement the BSF and BSF instructions 
BSF maps nicely to __builtin_ctz(), but for BSR we have to bust out
some inline assembly to get exactly what we want.
 2020-07-18 17:57:40 +02:00
Andreas Kling
becbf36711 UserspaceEmulator: Fix XCHG_AX_reg16 overwriting entire EAX 
This instruction should only write to the lower 16 bits (AX)
 2020-07-18 00:25:02 +02:00
Andreas Kling
8959f9950a UserspaceEmulator: Simplify the STOSB/STOSW/STOSD instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
79290696cf UserspaceEmulator: Simplify MOVSB/MOVSW/MOVSD instructions 
Use the new loop instruction helpers.
 2020-07-18 00:25:02 +02:00
Andreas Kling
f70f530722 UserspaceEmulator: Implement the SCASB/SCASW/SCASD instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
41bbedc41d UserspaceEmulator: Implement the LODSB/LODSW/LODSD instructions 
Look how nice they look with the new loop instruction helpers. :^)
 2020-07-18 00:25:02 +02:00
Andreas Kling
c3441719ea UserspaceEmulator: Implement the JCXZ instruction 2020-07-18 00:25:02 +02:00
Andreas Kling
d321dc0a74 UserspaceEmulator: Fix too-wide accumulator used in 8/16 bit CMPXCHG 2020-07-18 00:25:02 +02:00
Andreas Kling
485d1faf09 UserspaceEmulator: Add helpers for making loop instructions generic 
Use them to implement CMPSB/CMPSW/CMPSD.
 2020-07-18 00:25:02 +02:00
Andreas Kling
28b6ba56aa UserspaceEmulator: Add the LOOP/LOOPZ/LOOPNZ instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
af7a1eca0b UserspaceEmulator: Implement the XLAT instruction :^) 2020-07-18 00:25:02 +02:00
Andreas Kling
86a7820ad7 UserspaceEmulator: Add 16-bit PUSH/POP instructions 2020-07-18 00:25:02 +02:00
Andreas Kling
75500b449c UserspaceEmulator: Fix every line in backtraces showing EIP 
Oops, we're supposed to show the return address for each frame, not the
current EIP every time. :^)
 2020-07-18 00:25:02 +02:00
Andreas Kling
d153fbf44e UserspaceEmulator: Implement the BT/BTS/BTR/BTC instruction set 2020-07-18 00:25:02 +02:00
Andreas Kling
06669f3f0f UserspaceEmulator: Implement IMUL_RM8 and IMUL_RM32 
These are both a little tricky since they produce a result wider than
the inputs.
 2020-07-18 00:25:02 +02:00
Andreas Kling
df58ea808e UserspaceEmulator: Skip freed mallocations in reachability scan 
Something being reachable from a freed mallocation doesn't make it
actually reachable.

Thanks to Jonas Bengtsson for spotting this! :^)
 2020-07-17 00:24:23 +02:00
Andreas Kling
b17d175379 UserspaceEmulator: Add the usleep() syscall 2020-07-16 21:38:01 +02:00
Andreas Kling
27aa2e5841 UserspaceEmulator: Reset malloc backtrace on mallocation reuse 
If a previously-freed malloc chunk is reused, forget any old backtraces
and save a new malloc backtrace.
 2020-07-16 20:55:41 +02:00
Andreas Kling
e50874621a UserspaceEmulator: Don't scan text segment for malloc leaks 
There will be no (true positive) malloc addresses in the text segment.
 2020-07-16 19:27:03 +02:00
Andreas Kling
3dc1c80958 UserspaceEmulator: Print the number of bytes leaked on exit :^) 2020-07-16 19:21:45 +02:00
Andreas Kling
c13da77e85 UserspaceEmulator: Add TLS regions to reachability checking 2020-07-16 19:21:45 +02:00
Andreas Kling
1dcc21d32e UserspaceEmulator: Include malloc/free backtraces in UAF logs :^) 
When catching a use-after-free, we now also print out the backtraces
for where the memory was allocated, and for where it was freed.

This will be extremely helpful for debugging.
 2020-07-16 19:21:45 +02:00
Andreas Kling
dd68370efc UserspaceEmulator: Put the memory reachability logging behind a macro 2020-07-16 19:21:45 +02:00
Andreas Kling
441918be7e UserspaceEmulator: Capture backtraces of malloc/free events 
This lets us show backtraces for each leaked mallocation in the leak
report at the end. :^)
 2020-07-16 19:21:45 +02:00
Andreas Kling
f6584bfc36 UserspaceEmulator: Implement very basic leak checking :^) 
Upon exit, the emulator will now print a leak report of any malloc
allocations that are still live and don't have pointers to their base
address anywhere in either another live mallocation, or in one of the
non-malloc-block memory regions.

Note that the malloc-block memory region check is not fully functional
and this will work even better once we get that fixed.

This is pretty cool. :^)
 2020-07-16 19:21:45 +02:00
Andreas Kling
7e13244238 UserspaceEmulator: Add ways to check if a Region is stack/mmap 2020-07-16 19:21:45 +02:00
Andreas Kling
9f1221c785 UserspaceEmulator: Implement the ROL/ROR/RCL/RCR instructions 2020-07-16 19:21:45 +02:00
Andreas Kling
897af8b4f7 UserspaceEmulator: Implement more SHLD/SHRD variants 2020-07-16 19:21:45 +02:00
Andreas Kling
db1929e3ff UserspaceEmulator: Make the shift/rotate instructions more generic 2020-07-16 19:21:45 +02:00
Andreas Kling
acfae91032 UserspaceEmulator: Fix incorrect SALC behavior 
As @tzoz pointed out, SALC should set AL to 0xff when CF=1, not 0x01.

Fixes #2819.
 2020-07-16 00:50:55 +02:00
Andreas Kling
323ec4c2ca UserspaceEmulator: Let's say "Use-after-free" instead of "UAF" 
I don't know why I went with the compact format here.
 2020-07-16 00:50:55 +02:00
Andreas Kling
67cdbe1925 UserspaceEmulator: Cache the location and size of "malloc" and "free" 
This allows us to quickly skip some auditing checks while we're inside
malloc/free themselves.
 2020-07-16 00:24:11 +02:00
Andreas Kling
c7cf87c9f8 UserspaceEmulator: Don't complain about free(nullptr) 2020-07-15 23:53:58 +02:00
Andreas Kling
33e3e8d63d UserspaceEmulator: Add the getrandom() syscall 2020-07-15 23:44:51 +02:00
Andreas Kling
1873b8f3e4 UserspaceEmulator: Fix bogus use of "errno" in shbuf related syscalls 
When we're making direct syscalls, there's no "errno" involved.
Thanks to Sergey for spotting these.
 2020-07-15 23:43:38 +02:00
Andreas Kling
092f643119 UserspaceEmulator: Log invalid and double free() calls :^) 
We can easily catch free() on never-malloced addresses, as well as
double calls to free() on the same address, so let's do it!
 2020-07-15 23:25:20 +02:00
Andreas Kling
c314292319 UserspaceEmulator: Catch use-after-frees by tracking malloc/free :^) 
This patch introduces a "MallocTracer" to the UserspaceEmulator.
If this object is present on the Emulator, it can be notified whenever
the emulated program does a malloc() or free().

The notifications come in via a magic instruction sequence that we
embed in the LibC malloc() and free() functions. The sequence is:

    "salc x2, push reg32 x2, pop reg32 x3"

The data about the malloc/free operation is in the three pushes.
We make sure the sequence is harmless when running natively.

Memory accesses on MmapRegion are then audited to see if they fall
inside a known-to-be-freed malloc chunk. If so, we complain loud
and red in the debugger output. :^)

This is very, very cool! :^)

It's also a whole lot slower than before, since now we're auditing
memory accesses against a new set of metadata. This will need to be
optimized (and running in this mode should be opt-in, perhaps even
a separate program, etc.)
 2020-07-15 23:25:20 +02:00
Andreas Kling
c8b496162d UserspaceEmulator: Add some more syscalls :^) 
Here's set_process_icon(), gettimeofday() and clock_gettime().
 2020-07-15 18:47:45 +02:00
Andreas Kling
feebe3f42e UserspaceEmulator: Add partial support for the SHLD/SHRD instructions 
We don't support all the addressing modes yet, but it won't be very
hard to add the rest of them when needed.
 2020-07-15 18:47:45 +02:00
Andreas Kling
2da44dba44 UserspaceEmulator: Add support for shared buffers (shbuf) 
We track these separately from regular mmap() regions, as they have
slightly different behaviors.
 2020-07-15 18:47:45 +02:00
Andreas Kling
0ce4d3e942 UserspaceEmulator: Dump backtrace on FPU instruction 2020-07-15 18:47:45 +02:00
Andreas Kling
76b2a2789b UserspaceEmulator: Implement MUL_RM32 2020-07-15 18:47:45 +02:00
Andreas Kling
029fe56d69 UserspaceEmulator: Implement the 32-bit BSWAP instruction :^) 2020-07-15 18:47:45 +02:00
Andreas Kling
339f12e8a2 UserspaceEmulator: Implement an assortment of system calls 
Here goes mkdir(), unlink(), socket(), getsockopt(), fchmod()
bind(), connect(), listen(), select() and recvfrom().

They're not perfect but they seem to work. :^)
 2020-07-15 18:47:45 +02:00
Andreas Kling
0781868092 UserspaceEmulator: Implement IDIV_RM32 2020-07-15 13:42:15 +02:00
Andreas Kling
400a252720 UserspaceEmulator: Implement the CBW/CDQ/CWD/CWDE instructions 2020-07-15 13:42:15 +02:00