-
-
Save Mr-Bossman/38352d47849f83696789748313241a02 to your computer and use it in GitHub Desktop.
`open(0,0)` cases page fault...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LINUX=$1 | |
| if [ ! -f "init" ]; then | |
| if [ -d "tmps" ]; then | |
| sudo umount tmps | |
| rmdir tmps | |
| fi | |
| dd if=/dev/zero of=init bs=4k count=400 | |
| mkfs.ext4 init | |
| mkdir tmps | |
| sudo mount -o loop init tmps | |
| sudo mkdir tmps/sbin | |
| cat << EOF > example.c | |
| #include <fcntl.h> | |
| int main(){ | |
| while(1) open(0,0); | |
| } | |
| EOF | |
| gcc -static example.c -o example | |
| sudo mv example tmps/sbin/init | |
| rm example.c | |
| sudo umount tmps | |
| rmdir tmps | |
| fi | |
| qemu-system-x86_64 -s -m 128 --enable-kvm -nographic -kernel $LINUX/arch/x86_64/boot/bzImage -append "nokaslr root=/dev/sda rw" -drive file=init,format=raw &>/dev/null & | |
| echo -e "To kill run:\n$ kill -9 $!" | |
| cat << EOF > gdb.script | |
| cd $LINUX | |
| file vmlinux | |
| add-auto-load-safe-path $LINUX | |
| source vmlinux-gdb.py | |
| target remote :1234 | |
| b do_strncpy_from_user | |
| c | |
| b asm_exc_page_fault | |
| si 6 | |
| EOF | |
| echo -e "Run:\n$ gdb --command=gdb.script\nThen in gdb run:\n(gdb) si" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment