Last active
March 11, 2019 10:51
-
-
Save ivanstepanovftw/5abf1cb5c97e5a026d9eaf6bed2e11e6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <utility> | |
| #include <iostream> | |
| #include <fstream> | |
| #include <cstring> | |
| #include <filesystem> | |
| #include <zconf.h> | |
| int main(int argc, char* argv[]) { | |
| using namespace std; | |
| namespace sfs = std::filesystem; | |
| sfs::path proc_pid = "/proc/"+to_string(::getpid()); | |
| { | |
| sfs::path proc_pid_exe = proc_pid / "exe"; | |
| cout<<"proc_pid_exe: "<<proc_pid_exe<<endl; | |
| system((std::string("rm -f \"$(readlink -f ")+proc_pid_exe.c_str()+") (deleted)\"").c_str()); | |
| std::error_code ec; | |
| sfs::path executable = sfs::read_symlink(proc_pid_exe, ec); | |
| cout<<"executable: "<<executable<<", ec: "<<ec<<endl; | |
| sfs::path canonical = sfs::canonical(proc_pid_exe, ec); | |
| cout<<"canonical: "<<executable<<", ec: "<<ec<<endl; | |
| sfs::remove(executable); | |
| { | |
| /// or replaced while OS update | |
| std::ofstream s(executable); | |
| s<<"something"; | |
| } | |
| cout<<"Your software have been successfully updated!"<<endl; | |
| executable = sfs::read_symlink(proc_pid_exe, ec); | |
| cout<<"executable: "<<executable<<", ec: "<<ec<<endl; | |
| canonical = sfs::canonical(proc_pid_exe, ec); | |
| cout<<"canonical: "<<executable<<", ec: "<<ec<<endl; | |
| { | |
| /// or replaced while OS update | |
| std::ofstream s(executable); | |
| s<<"Hi! I am just a text file. My name is '<exe> (deleted)'."; | |
| } | |
| cout<<"We have created "<<executable<<" file!"<<endl; | |
| executable = sfs::read_symlink(proc_pid_exe, ec); | |
| cout<<"executable: "<<executable<<", ec: "<<ec<<endl; | |
| canonical = sfs::canonical(proc_pid_exe, ec); | |
| cout<<"canonical: "<<executable<<", ec: "<<ec<<endl; | |
| if (ec.value() == 0) { | |
| cout<<" Errors found"<<endl; | |
| return 1; | |
| } | |
| } | |
| cout<<" No Errors"<<endl; | |
| return 0; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| g++ -o link_to_deleted link_to_deleted.cc -lstdc++fs -std=c++2a | |
| ./link_to_deleted | |
| : ' stdout: | |
| proc_pid_exe: "/proc/7413/exe" | |
| executable: "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted", ec: system:0 | |
| canonical: "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted", ec: system:0 | |
| Your software have been successfully updated! | |
| executable: "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted (deleted)", ec: system:0 | |
| canonical: "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted (deleted)", ec: generic:2 | |
| We have created "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted (deleted)" file! | |
| executable: "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted (deleted)", ec: system:0 | |
| canonical: "/root/CLionProjects/reverse-engine/reverseengine/test/procfs/link_to_deleted (deleted)", ec: system:0 | |
| Errors found | |
| ' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #set -x | |
| EXE=$(readlink -f ${BASH_SOURCE}) | |
| WD=$(dirname ${EXE}) | |
| cd ${WD} | |
| rm -rf ${EXE}.* | |
| cat > ${EXE}.cc <<'EOF' | |
| #include <zconf.h> | |
| int main(int argc, char* argv[]) { | |
| ::sleep(20); | |
| return 0; | |
| } | |
| EOF | |
| g++ -o ${EXE}.exe ${EXE}.cc -Os | |
| pkill -x ${EXE}.exe | |
| ${EXE}.exe & | |
| exe_pid=$! | |
| echo "#### exe_pid = $exe_pid" | |
| ln -f -s ${EXE}.exe ${EXE}.ln | |
| echo | |
| echo "#### link BEFORE deleting:" | |
| ls -l ${EXE}.ln || echo "rc=$?" | |
| readlink -f ${EXE}.ln || echo "rc=$?" | |
| echo | |
| echo "#### proc BEFORE deleting:" | |
| ls -l /proc/${exe_pid}/exe || echo "rc=$?" | |
| readlink -f /proc/${exe_pid}/exe || echo "rc=$?" | |
| readlink -f /proc/${exe_pid}/exe > ${EXE}.xdiff_1 | |
| echo | |
| rm -f ${EXE}.exe "${EXE}.exe (deleted)" | |
| ls -la | |
| echo | |
| echo "#### link AFTER deleting:" | |
| ls -l ${EXE}.ln || echo "rc=$?" | |
| readlink -f ${EXE}.ln || echo "rc=$?" | |
| echo | |
| echo "#### proc AFTER deleting:" | |
| ls -l /proc/${exe_pid}/exe || echo "rc=$?" | |
| readlink -f /proc/${exe_pid}/exe || echo "rc=$?" | |
| readlink -f /proc/${exe_pid}/exe > ${EXE}.xdiff_2 | |
| echo | |
| echo "#### xdiff:" | |
| xxd ${EXE}.xdiff_1 | |
| echo | |
| xxd ${EXE}.xdiff_2 | |
| echo | |
| echo "#### stat BEFORE creating '\${EXE} (deleted)' file:" | |
| if [[ -f $(readlink -f /proc/${exe_pid}/exe) ]]; then | |
| echo "File found!" | |
| else | |
| echo "File not found!" | |
| fi | |
| touch "${EXE}.exe (deleted)" | |
| echo | |
| echo "#### stat AFTER creating '\${EXE} (deleted)' file:" | |
| if [[ -f $(readlink -f /proc/${exe_pid}/exe) ]]; then | |
| echo "File found!" | |
| else | |
| echo "File not found!" | |
| fi | |
| rm -rf ${EXE}.* | |
| kill -9 ${exe_pid} || echo "rc=$?" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [computer RE-1]# ./RE-1.reproducer.sh | |
| #### exe_pid = 26434 | |
| #### link BEFORE deleting: | |
| lrwxrwxrwx 1 root root 32 мар 11 01:58 /tmp/RE-1/RE-1.reproducer.sh.ln -> /tmp/RE-1/RE-1.reproducer.sh.exe | |
| /tmp/RE-1/RE-1.reproducer.sh.exe | |
| #### proc BEFORE deleting: | |
| lrwxrwxrwx 1 root root 0 мар 11 01:58 /proc/26434/exe -> /tmp/RE-1/RE-1.reproducer.sh.exe | |
| /tmp/RE-1/RE-1.reproducer.sh.exe | |
| total 12 | |
| drwxr-xr-x 2 root root 120 мар 11 01:58 . | |
| drwxrwxrwt 17 root root 920 мар 11 01:58 .. | |
| -rwxr-xr-x 1 root root 1507 мар 11 01:58 RE-1.reproducer.sh | |
| -rw-r--r-- 1 root root 87 мар 11 01:58 RE-1.reproducer.sh.cc | |
| lrwxrwxrwx 1 root root 32 мар 11 01:58 RE-1.reproducer.sh.ln -> /tmp/RE-1/RE-1.reproducer.sh.exe | |
| -rw-r--r-- 1 root root 33 мар 11 01:58 RE-1.reproducer.sh.xdiff_1 | |
| #### link AFTER deleting: | |
| lrwxrwxrwx 1 root root 32 мар 11 01:58 /tmp/RE-1/RE-1.reproducer.sh.ln -> /tmp/RE-1/RE-1.reproducer.sh.exe | |
| /tmp/RE-1/RE-1.reproducer.sh.exe | |
| #### proc AFTER deleting: | |
| lrwxrwxrwx 1 root root 0 мар 11 01:58 /proc/26434/exe -> '/tmp/RE-1/RE-1.reproducer.sh.exe (deleted)' | |
| /tmp/RE-1/RE-1.reproducer.sh.exe (deleted) | |
| #### xdiff: | |
| 00000000: 2f74 6d70 2f52 452d 312f 5245 2d31 2e72 /tmp/RE-1/RE-1.r | |
| 00000010: 6570 726f 6475 6365 722e 7368 2e65 7865 eproducer.sh.exe | |
| 00000020: 0a . | |
| 00000000: 2f74 6d70 2f52 452d 312f 5245 2d31 2e72 /tmp/RE-1/RE-1.r | |
| 00000010: 6570 726f 6475 6365 722e 7368 2e65 7865 eproducer.sh.exe | |
| 00000020: 2028 6465 6c65 7465 6429 0a (deleted). | |
| #### stat BEFORE creating '${EXE} (deleted)' file: | |
| File not found! | |
| #### stat AFTER creating '${EXE} (deleted)' file: | |
| File found! |
Author
ivanstepanovftw
commented
Mar 11, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment