wsh.c File Reference

#include <libwitch/wsh.h>
#include <libwitch/wsh_functions.h>
#include <libwitch/sigs.h>
#include <uthash.h>

Go to the source code of this file.

Data Structures
struct	help_t
struct	learn_key_t
struct	learn_t

Macros
#define	REG_RIP   16
#define	Elf_Ehdr   Elf32_Ehdr
#define	Elf_Shdr   Elf32_Shdr
#define	Elf_Sym   Elf32_Sym
#define	Elf_Addr   Elf32_Addr
#define	Elf_Sword   Elf64_Sword
#define	Elf_Section   Elf32_Half
#define	ELF_ST_BIND   ELF32_ST_BIND
#define	ELF_ST_TYPE   ELF32_ST_TYPE
#define	Elf_Rel   Elf32_Rel
#define	Elf_Rela   Elf32_Rela
#define	ELF_R_SYM   ELF32_R_SYM
#define	ELF_R_TYPE   ELF32_R_TYPE
#define	ELF_R_INFO   ELF32_R_INFO
#define	Elf_Phdr   Elf32_Phdr
#define	Elf_Xword   Elf32_Xword
#define	Elf_Word   Elf32_Word
#define	Elf_Off   Elf32_Off
#define	ELFCLASS   ELFCLASS32
#define	ELFMACHINE   EM_386
#define	CS_MODE   CS_MODE_32
#define	RELOC_MODE   RELOC_X86_32

Typedefs
typedef struct help_t	help_t
typedef struct learn_key_t	learn_key_t
typedef struct learn_t	learn_t

Functions
int	bfmap (lua_State *L)
int	ptoh (int perms, char hperms[])
void	info_function (void *addr)
void	fatal_error (lua_State *L, char *msg)
void	script (char *path)
void	hexdump (uint8_t *data, size_t size, size_t colorstart, size_t color_len)
char *	symbol_tobind (int n)
char *	symbol_totype (int n)
unsigned int	ltrace (void)
int	scan_symbol (char *symbol, char *libname)
void	completion (const char *buf, linenoiseCompletions *lc)
int	disable_aslr (void)
int	enable_aslr (void)
int	detailed_help (char *name)
int	help (lua_State *L)
char *	decode_flags (unsigned int flags)
char *	decode_type (unsigned int type)
int	phdr_callback (struct dl_phdr_info *info, size_t size, void *data)
int	add_symbol (char *symbol, char *libname, char *htype, char *hbind, unsigned long value, unsigned int size, unsigned long int addr)
void	section_add (unsigned long int addr, unsigned long int size, char *libname, char *name, char *perms, int flags)
void	segment_add (unsigned long int addr, unsigned long int size, char *perms, char *fname, char *ptype, int flags)
void	entry_point_add (unsigned long int addr, char *fname)
void	scan_section (Elf_Shdr *shdr, char *strTab, int shnum, char *fname, unsigned long int baseaddr)
int	scan_sections (char *fname, unsigned long int baseaddr)
int	shdr_callback (struct dl_phdr_info *info, size_t size, void *data)
int	phdrs (lua_State *L)
sections_t *	section_from_addr (unsigned long int addr)
segments_t *	segment_from_addr (unsigned long int addr)
sections_t *	symbol_from_addr (unsigned long int addr)
sections_t *	symbol_from_name (char *fname)
int	headers (lua_State *L)
int	empty_symbols (void)
int	empty_phdrs (void)
int	empty_shdrs (void)
int	empty_eps (void)
int	print_phdrs (void)
int	print_symbols (lua_State *L)
int	print_functions (lua_State *L)
int	print_objects (lua_State *L)
int	print_libs (lua_State *L)
int	print_shdrs (void)
int	print_eps (void)
int	shdr_cmp (sections_t *a, sections_t *b)
int	phdr_cmp (segments_t *a, segments_t *b)
int	reload_elfs (void)
int	shdrs (lua_State *L)
int	entrypoints (lua_State *L)
int	man (lua_State *L)
int	info (lua_State *L)
int	alloccharbuf (lua_State *L)
int	setcharbuf (lua_State *L)
int	rdstr (lua_State *L)
int	rdnum (lua_State *L)
int	getcharbuf (lua_State *L)
int	run_shell (lua_State *L)
int	learn_proto (unsigned long *arg, unsigned long int faultaddr, int reason)
int	sort_learnt (learn_t *a, learn_t *b)
int	prototypes (lua_State *L)
int	libcall (lua_State *L)
void	scan_syms (char *dynstr, Elf_Sym *sym, unsigned long int sz, char *libname)
void	parse_dyn (struct link_map *map)
void	parse_link_map_dyn (struct link_map *map)
void	rescan (void)
int	print_procmap (unsigned int pid)
int	procmap_lua (void)
int	execlib (lua_State *L)
int	traceback (lua_State *L)
void	print_backtrace (void)
char *	sicodetoname (int code)
char *	signaltoname (int signal)
void	unset_align_flag (void)
void	set_align_flag (void)
void	unset_trace_flag (void)
void	set_trace_flag (void)
void	affinity (int procnum)
void	btr_enable (int procnum)
void	btr_disable (int procnum)
void	set_branch_flag (void)
void	unset_branch_flag (void)
void	bushandler (int signal, siginfo_t *s, void *ptr)
void	alarmhandler (int signal, siginfo_t *s, void *u)
void	inthandler (int signal, siginfo_t *s, void *u)
int	mk_backtrace (void)
void	restore_exit (void)
void	exit (int status)
void	_exit (int status)
void	exit_group (int status)
int	printarg (unsigned long int val)
void	traphandler (int signal, siginfo_t *s, void *ptr)
char *	sicode_strerror (int signal, siginfo_t *s)
void	sighandler (int signal, siginfo_t *s, void *ptr)
int	set_sighandlers (void)
int	test_stdin (void)
int	verbose (lua_State *L)
int	hollywood (lua_State *L)
int	map (lua_State *L)
int	bsspolute (lua_State *L)
int	ralloc (lua_State *L)
int	xalloc (lua_State *L)
void	xfree (lua_State *L)
void	traceunaligned (lua_State *L)
void	untraceunaligned (lua_State *L)
void	singlestep (lua_State *L)
void	unsinglestep (lua_State *L)
void	systrace (lua_State *L)
void	rtrace (lua_State *L)
void	unsystrace (lua_State *L)
void	unrtrace (lua_State *L)
void	verbosetrace (lua_State *L)
void	unverbosetrace (lua_State *L)
void	singlebranch (lua_State *L)
void	unsinglebranch (lua_State *L)
int	grepptr (lua_State *L)
int	loadbin (lua_State *L)
int	grep (lua_State *L)
int	priv_memcpy (lua_State *L)
int	priv_strcpy (lua_State *L)
int	priv_strcat (lua_State *L)
int	breakpoint (lua_State *L)
void	declare_func (void *addr, char *name)
void	declare_num (int val, char *name)
void	declare_internals (void)
struct link_map *	loadlibrary (char *libname)
int	set_alloc_opt (void)
int	gencore (lua_State *L)
int	disable_core (lua_State *L)
int	enable_core (lua_State *L)
int	wsh_init (void)
int	lua_strerror (int err)
int	run_script (char *name)
unsigned int	read_elf_sig (char *fname, struct stat *sb)
int	wsh_run (void)
int	add_script_arguments (int argc, char **argv, unsigned int i)
int	add_script_exec (char *name)
int	add_binary_preload (char *name)
int	do_loadlib (char *libname)
int	wsh_loadlibs (void)
int	wsh_getopt (wsh_t *wsh1, int argc, char **argv)
int	wsh_print_version (void)
int	wsh_usage (char *name)
int	rawmemread (lua_State *L)
int	rawmemwrite (lua_State *L)
int	rawmemstr (lua_State *L)
int	rawmemusage (lua_State *L)
int	rawmemaddr (lua_State *L)
int	rawmemstrlen (lua_State *L)

Variables
wsh_t *	wsh
help_t	cmdhelp []
help_t	fcnhelp []
learn_t *	protorecords = NULL

Macro Definition Documentation

#define CS_MODE   CS_MODE_32

Definition at line 88 of file wsh.c.

#define Elf_Addr   Elf32_Addr

Definition at line 72 of file wsh.c.

#define Elf_Ehdr   Elf32_Ehdr

Definition at line 69 of file wsh.c.

#define Elf_Off   Elf32_Off

Definition at line 85 of file wsh.c.

#define Elf_Phdr   Elf32_Phdr

Definition at line 82 of file wsh.c.

#define ELF_R_INFO   ELF32_R_INFO

Definition at line 81 of file wsh.c.

#define ELF_R_SYM   ELF32_R_SYM

Definition at line 79 of file wsh.c.

#define ELF_R_TYPE   ELF32_R_TYPE

Definition at line 80 of file wsh.c.

#define Elf_Rel   Elf32_Rel

Definition at line 77 of file wsh.c.

#define Elf_Rela   Elf32_Rela

Definition at line 78 of file wsh.c.

#define Elf_Section   Elf32_Half

Definition at line 74 of file wsh.c.

#define Elf_Shdr   Elf32_Shdr

Definition at line 70 of file wsh.c.

#define ELF_ST_BIND   ELF32_ST_BIND

Definition at line 75 of file wsh.c.

#define ELF_ST_TYPE   ELF32_ST_TYPE

Definition at line 76 of file wsh.c.

#define Elf_Sword   Elf64_Sword

Definition at line 73 of file wsh.c.

#define Elf_Sym   Elf32_Sym

Definition at line 71 of file wsh.c.

#define Elf_Word   Elf32_Word

Definition at line 84 of file wsh.c.

#define Elf_Xword   Elf32_Xword

Definition at line 83 of file wsh.c.

#define ELFCLASS   ELFCLASS32

Definition at line 86 of file wsh.c.

#define ELFMACHINE   EM_386

Definition at line 87 of file wsh.c.

#define REG_RIP   16

Witchcraft Compiler Collection

Author: Jonathan Brossard - endra.nosp@m.zine.nosp@m.@gmai.nosp@m.l.co.nosp@m.m

The MIT License (MIT) Copyright (c) 2016 Jonathan Brossard

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Definition at line 38 of file wsh.c.

#define RELOC_MODE   RELOC_X86_32

Definition at line 89 of file wsh.c.

Typedef Documentation

typedef struct help_t help_t

typedef struct learn_key_t learn_key_t

typedef struct learn_t learn_t

Function Documentation

void _exit

(

int

status

)

Definition at line 3143 of file wsh.c.

int add_binary_preload

(

char *

name

)

Add a binary to the list of binaries to preload

Definition at line 4566 of file wsh.c.

int add_script_arguments	(	int	argc,
		char **	argv,
		unsigned int	i
	)

Definition at line 4530 of file wsh.c.

int add_script_exec

(

char *

name

)

Add a script to the execution queue

Definition at line 4552 of file wsh.c.

int add_symbol	(	char *	symbol,
		char *	libname,
		char *	htype,
		char *	hbind,
		unsigned long	value,
		unsigned int	size,
		unsigned long int	addr
	)

Add a symbol to linked list

Definition at line 719 of file wsh.c.

void affinity

(

int

procnum

)

Set affinity of a thread to a given CPU

Definition at line 2947 of file wsh.c.

void alarmhandler	(	int	signal,
		siginfo_t *	s,
		void *	u
	)

Definition at line 3083 of file wsh.c.

int alloccharbuf

(

lua_State *

L

)

Buffer management subroutines

Definition at line 1590 of file wsh.c.

int bfmap

(

lua_State *

L

)

Bruteforce valid memory mapping ranges

Definition at line 100 of file wsh.c.

int breakpoint

(

lua_State *

L

)

Set a breakpoint

Make sure destination address is mapped

Change memory protections to RWX on destionation's page

Backup byte at destination

Write Breakpoint

Save breakpoint informations

Definition at line 4218 of file wsh.c.

int bsspolute

(

lua_State *

L

)

Pollute .bss sections

Definition at line 3712 of file wsh.c.

void btr_disable

(

int

procnum

)

Disable Branch Tracing

Definition at line 2981 of file wsh.c.

void btr_enable

(

int

procnum

)

Enable Branch Tracing

Definition at line 2961 of file wsh.c.

void bushandler	(	int	signal,
		siginfo_t *	s,
		void *	ptr
	)

SIGBUS handler

Definition at line 3031 of file wsh.c.

void completion	(	const char *	buf,
		linenoiseCompletions *	lc
	)

Shell autocompletion routine

We want to add the next word uppon 'tab' completion, exposing all the internally available keywords dynamically

Definition at line 377 of file wsh.c.

void declare_func	(	void *	addr,
		char *	name
	)

Definition at line 4269 of file wsh.c.

void declare_internals

(

void

)

Export functions to lua

Create definitions for internal functions

Create a wrapper functions for other internal functions

Definition at line 4282 of file wsh.c.

void declare_num	(	int	val,
		char *	name
	)

Definition at line 4274 of file wsh.c.

char* decode_flags

(

unsigned int

flags

)

Decode Segment flags

Definition at line 602 of file wsh.c.

char* decode_type

(

unsigned int

type

)

Decode Segment type

Definition at line 631 of file wsh.c.

int detailed_help

(

char *

name

)

Display detailed help

Search command

Search function

Definition at line 541 of file wsh.c.

int disable_aslr

(

void

)

Disable ASLR

Definition at line 455 of file wsh.c.

int disable_core

(

lua_State *

L

)

Disable core files generation

Definition at line 4351 of file wsh.c.

int do_loadlib

(

char *

libname

)

Do load a shared binary into the address space

Definition at line 4581 of file wsh.c.

int empty_eps

(

void

)

Empty linked list of entry points

Definition at line 1036 of file wsh.c.

int empty_phdrs

(

void

)

Empty linked list of segments

Definition at line 999 of file wsh.c.

int empty_shdrs

(

void

)

Empty linked list of sections

Definition at line 1018 of file wsh.c.

int empty_symbols

(

void

)

Empty linked list of symbols

Definition at line 980 of file wsh.c.

int enable_aslr

(

void

)

Enable ASLR

Definition at line 473 of file wsh.c.

int enable_core

(

lua_State *

L

)

Enable core files generation

Definition at line 4359 of file wsh.c.

void entry_point_add	(	unsigned long int	addr,
		char *	fname
	)

Add an entry point to linked list

Definition at line 789 of file wsh.c.

int entrypoints

(

lua_State *

L

)

Display ELF Entry points

Definition at line 1469 of file wsh.c.

int execlib

(

lua_State *

L

)

Definition at line 2792 of file wsh.c.

void exit

(

int

status

)

Definition at line 3137 of file wsh.c.

void exit_group

(

int

status

)

Definition at line 3149 of file wsh.c.

void fatal_error	(	lua_State *	L,
		char *	msg
	)

Fatal error : print an error message and exit with error

Definition at line 157 of file wsh.c.

int gencore

(

lua_State *

L

)

Generate a core file

Definition at line 4340 of file wsh.c.

int getcharbuf

(

lua_State *

L

)

Definition at line 1657 of file wsh.c.

int grep

(

lua_State *

L

)

search a pattern over all sections mapped in memory

Definition at line 4069 of file wsh.c.

int grepptr

(

lua_State *

L

)

Search a given value in memory

grepptr(Pattern, patternlen, hexadumplen, nbytesbeforematch)

Definition at line 3979 of file wsh.c.

int headers

(

lua_State *

L

)

Generate headers

generate headers for imported objects

generate forward prototypes for imported functions

Definition at line 931 of file wsh.c.

int help

(

lua_State *

L

)

Display help

Definition at line 574 of file wsh.c.

void hexdump	(	uint8_t *	data,
		size_t	size,
		size_t	colorstart,
		size_t	color_len
	)

Simple hexdump routine

Definition at line 184 of file wsh.c.

int hollywood

(

lua_State *

L

)

Definition at line 3632 of file wsh.c.

int info

(

lua_State *

L

)

Display information on an object/memory address

Address is mapped

Search corresponding symbols

Search corresponding section

Search corresponding segment

Search corresponding symbols

Resolve symbol...

Definition at line 1495 of file wsh.c.

void info_function

(

void *

addr

)

Print information on a given function

Definition at line 147 of file wsh.c.

void inthandler	(	int	signal,
		siginfo_t *	s,
		void *	u
	)

Definition at line 3094 of file wsh.c.

int learn_proto	(	unsigned long *	arg,
		unsigned long int	faultaddr,
		int	reason
	)

Definition at line 1801 of file wsh.c.

int libcall

(

lua_State *

L

)

Main wrapper around a library call. This function returns 9 values: ret (returned by library call), errno, firstsignal, total number of signals, firstsicode, firsterrno, faultaddr, reason, context

Handle (reverse-) system calls tracing

Make the library call

Analyse return value

Learn prototypes

Create output execution context table

Push errno to lua table

Push strerror(errno) to lua table

Push first signal

Push first signal name

Push total of signals emmited during this libcall

Push first errno

Push first sicode

Push first sicode name

Address of last caller in backtrace

Push fault address

Push reason

Push mode

Push errctx

Push pointer to ucontext

Push arguments as a new table

Push number of non NULL arguments

Push retval

Push libcall/libname

Invoke store running function on context

Definition at line 2087 of file wsh.c.

int loadbin

(

lua_State *

L

)

Load a binary into the address space

Definition at line 4054 of file wsh.c.

struct link_map* loadlibrary

(

char *

libname

)

Definition at line 4311 of file wsh.c.

unsigned int ltrace

(

void

)

Definition at line 328 of file wsh.c.

int lua_strerror

(

int

err

)

Definition at line 4395 of file wsh.c.

int man

(

lua_State *

L

)

Open a manual page

Definition at line 1478 of file wsh.c.

int map

(

lua_State *

L

)

Display mapped sections

Definition at line 3658 of file wsh.c.

int mk_backtrace

(

void

)

Definition at line 3110 of file wsh.c.

void parse_dyn

(

struct link_map *

map

)

Walk the array of ELF_Dyn once looking for critical sections

Definition at line 2625 of file wsh.c.

void parse_link_map_dyn

(

struct link_map *

map

)

Definition at line 2724 of file wsh.c.

int phdr_callback	(	struct dl_phdr_info *	info,
		size_t	size,
		void *	data
	)

Callback function to parse Program headers (ELF Segments)

Definition at line 683 of file wsh.c.

int phdr_cmp	(	segments_t *	a,
		segments_t *	b
	)

Sort function helper for segments

Definition at line 1434 of file wsh.c.

int phdrs

(

lua_State *

L

)

Display Program headers (ELF Segments)

Definition at line 859 of file wsh.c.

void print_backtrace

(

void

)

Definition at line 2847 of file wsh.c.

int print_eps

(

void

)

Display Entry points

Definition at line 1409 of file wsh.c.

int print_functions

(

lua_State *

L

)

Display functions

Definition at line 1176 of file wsh.c.

int print_libs

(

lua_State *

L

)

Display mapped librairies, return a list of library names

Definition at line 1308 of file wsh.c.

int print_objects

(

lua_State *

L

)

Display objects (typically globals)

Definition at line 1255 of file wsh.c.

int print_phdrs

(

void

)

Display program headers (ELF Segments)

Definition at line 1052 of file wsh.c.

int print_procmap

(

unsigned int

pid

)

Display content of /proc/self/maps

Definition at line 2765 of file wsh.c.

int print_shdrs

(

void

)

Display ELF sections

Definition at line 1344 of file wsh.c.

int print_symbols

(

lua_State *

L

)

Display symbols

Definition at line 1108 of file wsh.c.

int printarg

(

unsigned long int

val

)

Definition at line 3155 of file wsh.c.

int priv_memcpy

(

lua_State *

L

)

Our own version of memcpy callable from LUA

Definition at line 4154 of file wsh.c.

int priv_strcat

(

lua_State *

L

)

Our own version of strcat callable from LUA

Definition at line 4197 of file wsh.c.

int priv_strcpy

(

lua_State *

L

)

Our own version of strcpy callable from LUA

Definition at line 4176 of file wsh.c.

int procmap_lua

(

void

)

Definition at line 2787 of file wsh.c.

int prototypes

(

lua_State *

L

)

Display learned prototypes

Read all the lines to learnt data structure

Sort learnt data structures

Definition at line 1885 of file wsh.c.

int ptoh	(	int	perms,
		char	hperms[]
	)

Get permissions in human readable format

Definition at line 138 of file wsh.c.

int ralloc

(

lua_State *

L

)

ralloc(unsigned int size, unsigned char poison); allocate 1 page set to 0x00, set size bytes to poison, remap the page R only

Definition at line 3755 of file wsh.c.

int rawmemaddr

(

lua_State *

L

)

int addr rawmemaddr(obj)

Return the address in memory of the object passed as argument. Or returns an address itself if an address is given as argument.

Definition at line 4833 of file wsh.c.

int rawmemread

(

lua_State *

L

)

string res rawmemread(addr, len)

Read len bytes at address addr and return them as a lua string.

Definition at line 4759 of file wsh.c.

int rawmemstr

(

lua_State *

L

)

Returns a string, from an address passed as argument.

Definition at line 4797 of file wsh.c.

int rawmemstrlen

(

lua_State *

L

)

int rawmemstrlen(addr) Returns the length of a string passed as argument

Definition at line 4845 of file wsh.c.

int rawmemusage

(

lua_State *

L

)

Display memory usage.

Definition at line 4811 of file wsh.c.

int rawmemwrite

(

lua_State *

L

)

int written rawmemwrite(addr, data, len)

Raw write to addr of len bytes of data returns number of bytes written.

Definition at line 4778 of file wsh.c.

int rdnum

(

lua_State *

L

)

Read a number (to a LUA number)

Definition at line 1642 of file wsh.c.

int rdstr

(

lua_State *

L

)

Read a string (to a LUA string)

Definition at line 1621 of file wsh.c.

unsigned int read_elf_sig	(	char *	fname,
		struct stat *	sb
	)

Verify ELF signature in a binary

Definition at line 4452 of file wsh.c.

int reload_elfs

(

void

)

Reload linked lists from ELFs binaries

Definition at line 1441 of file wsh.c.

void rescan

(

void

)

Rescan address space

Definition at line 2752 of file wsh.c.

void restore_exit

(

void

)

generic function to restore from exit()

Definition at line 3132 of file wsh.c.

void rtrace

(

lua_State *

L

)

Definition at line 3921 of file wsh.c.

int run_script

(

char *

name

)

Run a lua script

Definition at line 4418 of file wsh.c.

int run_shell

(

lua_State *

L

)

Run minimal LUA shell

Set handlers for tab completion

Prepare history full log name

Load shell history

Main loop

Command analysis/execution

Definition at line 1689 of file wsh.c.

void scan_section	(	Elf_Shdr *	shdr,
		char *	strTab,
		int	shnum,
		char *	fname,
		unsigned long int	baseaddr
	)

Parse a section from an ELF

Definition at line 803 of file wsh.c.

int scan_sections	(	char *	fname,
		unsigned long int	baseaddr
	)

Parse all sections from an ELF

Definition at line 821 of file wsh.c.

int scan_symbol	(	char *	symbol,
		char *	libname
	)

Scan a symbol, save it to linked list

Definition at line 338 of file wsh.c.

void scan_syms	(	char *	dynstr,
		Elf_Sym *	sym,
		unsigned long int	sz,
		char *	libname
	)

Walk symbol table

If function name is blackslisted, skip...

Add function/object to linked list

Add function/object to linked list

Definition at line 2507 of file wsh.c.

void script

(

char *

path

)

Run a script

Definition at line 166 of file wsh.c.

void section_add	(	unsigned long int	addr,
		unsigned long int	size,
		char *	libname,
		char *	name,
		char *	perms,
		int	flags
	)

Add a section to linked list

Definition at line 751 of file wsh.c.

sections_t* section_from_addr

(

unsigned long int

addr

)

Find section from address

Definition at line 869 of file wsh.c.

void segment_add	(	unsigned long int	addr,
		unsigned long int	size,
		char *	perms,
		char *	fname,
		char *	ptype,
		int	flags
	)

Add a segment to linked list

Definition at line 769 of file wsh.c.

segments_t* segment_from_addr

(

unsigned long int

addr

)

Find segment from address

Definition at line 884 of file wsh.c.

void set_align_flag ( void  )

inline

Definition at line 2904 of file wsh.c.

int set_alloc_opt

(

void

)

Definition at line 4331 of file wsh.c.

void set_branch_flag ( void  )

inline

Definition at line 2999 of file wsh.c.

int set_sighandlers

(

void

)

Set all signal handlers

Definition at line 3542 of file wsh.c.

void set_trace_flag ( void  )

inline

Definition at line 2931 of file wsh.c.

int setcharbuf

(

lua_State *

L

)

Definition at line 1603 of file wsh.c.

int shdr_callback	(	struct dl_phdr_info *	info,
		size_t	size,
		void *	data
	)

Callback function to parse Section headers (ELF Sections)

Definition at line 846 of file wsh.c.

int shdr_cmp	(	sections_t *	a,
		sections_t *	b
	)

Sort function helper for sections

Definition at line 1427 of file wsh.c.

int shdrs

(

lua_State *

L

)

Display section headers (ELF Sections)

Definition at line 1459 of file wsh.c.

char* sicode_strerror	(	int	signal,
		siginfo_t *	s
	)

Definition at line 3340 of file wsh.c.

char* sicodetoname

(

int

code

)

Definition at line 2872 of file wsh.c.

void sighandler	(	int	signal,
		siginfo_t *	s,
		void *	ptr
	)

Get access type

Get signal name

Get signal code

Restore execution from known good point

Definition at line 3454 of file wsh.c.

char* signaltoname

(

int

signal

)

Definition at line 2878 of file wsh.c.

void singlebranch

(

lua_State *

L

)

Definition at line 3945 of file wsh.c.

void singlestep

(

lua_State *

L

)

Definition at line 3903 of file wsh.c.

int sort_learnt	(	learn_t *	a,
		learn_t *	b
	)

Definition at line 1878 of file wsh.c.

sections_t* symbol_from_addr

(

unsigned long int

addr

)

Return a symbol from an address

Definition at line 899 of file wsh.c.

sections_t* symbol_from_name

(

char *

fname

)

Return a symbol from its name

Definition at line 914 of file wsh.c.

char* symbol_tobind

(

int

n

)

Return symbol binding type in human readable format

Definition at line 279 of file wsh.c.

char* symbol_totype

(

int

n

)

Return symbol type in human readable format

Definition at line 303 of file wsh.c.

void systrace

(

lua_State *

L

)

Definition at line 3916 of file wsh.c.

int test_stdin

(

void

)

Set global variable is_stdinscript to 1 if there is data on stdin

Definition at line 3599 of file wsh.c.

int traceback

(

lua_State *

L

)

Definition at line 2836 of file wsh.c.

void traceunaligned

(

lua_State *

L

)

Resize a xallocated memory zone

Definition at line 3891 of file wsh.c.

void traphandler	(	int	signal,
		siginfo_t *	s,
		void *	ptr
	)

Search corresponding Breakpoint

This is a breakpoint

We are single branching

We are single stepping

We are tracing unaligned access via SIGBUS, single step once

This is an unhandled exception : exit

Definition at line 3175 of file wsh.c.

void unrtrace

(

lua_State *

L

)

Definition at line 3931 of file wsh.c.

void unset_align_flag ( void  )

inline

Definition at line 2890 of file wsh.c.

void unset_branch_flag ( void  )

inline

Definition at line 3022 of file wsh.c.

void unset_trace_flag ( void  )

inline

Definition at line 2917 of file wsh.c.

void unsinglebranch

(

lua_State *

L

)

Definition at line 3967 of file wsh.c.

void unsinglestep

(

lua_State *

L

)

Definition at line 3909 of file wsh.c.

void unsystrace

(

lua_State *

L

)

Definition at line 3926 of file wsh.c.

void untraceunaligned

(

lua_State *

L

)

Definition at line 3897 of file wsh.c.

void unverbosetrace

(

lua_State *

L

)

Definition at line 3941 of file wsh.c.

int verbose

(

lua_State *

L

)

Definition at line 3618 of file wsh.c.

void verbosetrace

(

lua_State *

L

)

Definition at line 3937 of file wsh.c.

int wsh_getopt	(	wsh_t *	wsh1,
		int	argc,
		char **	argv
	)

Parse command line

Definition at line 4629 of file wsh.c.

int wsh_init

(

void

)

Definition at line 4364 of file wsh.c.

int wsh_loadlibs

(

void

)

Load all preload libraries

Definition at line 4608 of file wsh.c.

int wsh_print_version

(

void

)

Print software version

Definition at line 4720 of file wsh.c.

int wsh_run

(

void

)

Run a lua shell/script

Run all the scripts specified in the command line

Run a lua shell

Definition at line 4475 of file wsh.c.

int wsh_usage

(

char *

name

)

Print usage

Definition at line 4729 of file wsh.c.

int xalloc

(

lua_State *

L

)

xalloc(unsigned int size, unsigned char poison, unsigned int perms); Allocate size bytes (% getpagesize())

The mapping auto-references itself, unless a poison byte is given

[page unmaped] [mapped][OURPTR, size] [page unmaped]

Definition at line 3807 of file wsh.c.

void xfree

(

lua_State *

L

)

Release a bloc allocated via xalloc()

Definition at line 3868 of file wsh.c.

Variable Documentation

help_t cmdhelp[]

Initial value:

={

        {"quit", "", "Exit wsh.", "", "Does not return : exit wsh\n"},
        {"exit", "", "Exit wsh.", "", "Does not return : exit wsh\n"},
        {"shell", "[command]", "Run a /bin/sh shell.", "", "None. Returns uppon shell termination."},
        {"exec", "<command>", "Run <command> via the system() library call.", "", "None. Returns uppon <command> termination."},
        {"clear", "", "Clear terminal.", "", "None."},
}

Definition at line 497 of file wsh.c.

help_t fcnhelp[]

Initial value:

={
        {"help", "[topic]","Display help on [topic]. If [topic] is ommitted, display general help.", "", "None"},
        {"man", "[page]", "Display system manual page for [page].", "", "None"},
        {"hexdump", "<address>, <num>", "Display <num> bytes from memory <address> in enhanced hexadecimal form.", "", "None"},
        {"hex", "<object>", "Display lua <object> in enhanced hexadecimal form.", "", "None"},
        {"phdrs", "", "Display ELF program headers from all binaries loaded in address space.", "", "None"},
        {"shdrs", "", "Display ELF section headers from all binaries loaded in address space.", "", "None"},
        {"map", "", "Display a table of all the memory ranges mapped in memory in the address space.", "", "None"},
        {"procmap", "", "Display a table of all the memory ranges mapped in memory in the address space as displayed in /proc/<pid>/maps.", "", "None"},
        {"bfmap", "", "Bruteforce valid mapped memory ranges in address space.", "", "None"},
        {"symbols", "[sympattern], [libpattern], [mode]", "Display all the symbols in memory matching [sympattern], from library [libpattern]. If [mode] is set to 1 or 2, do not wait user input between pagers. [mode] = 2 provides a shorter output.", "", "None"},
        {"functions","[sympattern], [libpattern], [mode]", "Display all the functions in memory matching [sympattern], from library [libpattern]. If [mode] is set to 1 or 2, do not wait user input between pagers. [mode] = 2 provides a shorter output.", "table func = ", "Return 1 lua table _func_ whose keys are valid function names in address space, and values are pointers to them in memory."},
        {"objects","[pattern]", "Display all the functions in memory matching [sympattern]", "", "None"},
        {"info", "[address] | [name]", "Display various informations about the [address] or [name] provided : if it is mapped, and if so from which library and in which section if available.", "", "None"},
        {"search", "<pattern>", "Search all object names matching <pattern> in address space.", "", "None"},
        {"headers", "", "Display C headers suitable for linking against the API loaded in address space.", "", "None"},
        {"grep", "<pattern>, [patternlen], [dumplen], [before]","Search <pattern> in all ELF sections in memory. Match [patternlen] bytes, then display [dumplen] bytes, optionally including [before] bytes before the match. Results are displayed in enhanced decimal form", "table match = ", "Returns 1 lua table containing matching memory addresses."},
        {"grepptr", "<pattern>, [patternlen], [dumplen], [before]","Search pointer <pattern> in all ELF sections in memory. Match [patternlen] bytes, then display [dumplen] bytes, optionally including [before] bytes before the match. Results are displayed in enhanced decimal form", "table match = ", "Returns 1 lua table containing matching memory addresses."},
        {"loadbin","<pathname>","Load binary to memory from <pathname>.", "", "None"},
        {"libs", "", "Display all libraries loaded in address space.", "table libraries = ", "Returns 1 value: a lua table _libraries_ whose values contain valid binary names (executable/libraries) mapped in memory."},
        {"entrypoints", "", "Display entry points for each binary loaded in address space.", "", "None"},
        {"rescan", "", "Re-perform address space scan.", "", "None"},
        {"libcall", "<function>, [arg1], [arg2], ... arg[6]", "Call binary <function> with provided arguments.", "void *ret, table ctx = ", "Returns 2 return values: _ret_ is the return value of the binary function (nill if none), _ctx_ a lua table representing the execution context of the library call.\n"},
        {"enableaslr", "", "Enable Address Space Layout Randomization (requires root privileges).", "", "None"},
        {"disableaslr", "", "Disable Address Space Layout Randomization (requires root privileges).", "", "None"},
        {"verbose", "<verbosity>", "Change verbosity setting to <verbosity>.", "", "None"},
        {"breakpoint", "<address>, [weight]", "Set a breakpoint at memory <address>. Optionally add a <weight> to breakpoint score if hit.", "", "None"},
        {"bp", "<address>, [weight]", "Set a breakpoint at memory <address>. Optionally add a <weight> to breakpoint score if hit. Alias for breakpoint() function.", "", "None"},
        {"hollywood", "<level>", "Change hollywood (fun) display setting to <level>, impacting color display (enable/disable).", "", "None"},
}

Definition at line 506 of file wsh.c.

learn_t* protorecords = NULL

Definition at line 1876 of file wsh.c.

wsh_t* wsh

Main wsh context

Witchcraft Compiler Collection

Author: Jonathan Brossard - endra.nosp@m.zine.nosp@m.@gmai.nosp@m.l.co.nosp@m.m

The MIT License (MIT) Copyright (c) 2016 Jonathan Brossard

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Main wsh context

Definition at line 37 of file wshmain.c.