Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hooks, ftrace, reflective symbols extractor, etc. #23

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Hooks, ftrace, reflective symbols extractor, etc. #23

wants to merge 9 commits into from

Conversation

kotee4ko
Copy link

Hi :)

Administrator added 5 commits August 16, 2021 21:02
v1.1.0:
2b283a9 
	Add ftrace support
	Add reflective symbols extractor (work on 5.10+)
	Fix horrible bug which fault on do_exit_group() because of invalid return size (long/int) -- try make it universal (reflective)
	Minimal security fixes like do NOT trying to insert LKM after building...
v1.1.0:
32986b3 
	Add ftrace support
	Add reflective symbols extractor (work on 5.10+)
	Fix horrible bug which fault on do_exit_group() because of invalid return size (long/int) -- try make it universal (reflective)
	Minimal security fixes like do NOT trying to insert LKM after building...
v1.1.0:
bdfad14 
	Add ftrace support
	Add reflective symbols extractor (work on 5.10+)
	Fix horrible bug which fault on do_exit_group() because of invalid return size (long/int) -- try make it universal (reflective)
	Minimal security fixes like do NOT trying to insert LKM after building...
v1.1.0 alpha release
b691deb
v1.1.0 -- alpha release
8ca317f
@kotee4ko
Copy link
Author

kotee4ko commented Aug 16, 2021
edited
Loading

without debug output of LKM I get this values for a bit modificated test-case:
which is a bit faster that other realizations.

time /test1 
1
2
3
4
5
6
7

real	0m0.618s
user	0m0.240s
sys	0m0.372s

But my goal not speed.
I want fuzz network pthread binary server program under qemu-mode.

Can you advice me, please? Push in right direction.
I thinking about modify forkserver soure to allow it trigger roll-back option for child process.
It shouldn't be very hard, just accept targets pid_nr via ioctl and walk to task_struct from like: pid_nr -> struct pid -> task_struct.

Then roll back target. But how to find entry point inside code? It is so huge....

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kotee4ko