cea-sec
Syscalls linux32
Hi,
I have implemented a few more syscalls for Linux 32 (and some generic for Linux 64b too). I am able to emulate several Linux 32b shellcodes with it, like :
[DEBUG ]: socket(AF_INET, SOCK_STREAM, 0)
[DEBUG ]: -> 3
WARNING: address 0x1240000 is not mapped in virtual memory:
[DEBUG ]: socket_connect(fd, [AF_INET, 1234, 10.2.2.14], 102)
[DEBUG ]: -> 0
Done
What do you think ?
Thank you for you PR @Te-k ! If you really want to be sure we won't break anything in the future, maybe we could add a regression test of one of your shellcode (if you can share them, obvisouly), but put it in the https://github.com/cea-sec/miasm-extended-tests repository. Those tests are currently executed by the Miasm travis file. The reason is simple: Some times ago, we put a shellcode directly in the main repository, and the travis environment has flagged Miasm as malware and refused to run regression tests. Maybe we should definitively not commit any shellcode/malware in the main repo, as it may be flagged as malware by PIP or distributions.
Another reason is to not add too many weight to the main repo.
I have made some fix based on your suggestions, two are still unresolved :
- Whether or not to implement read on sockets
- ~Should it create a socket on
connect? (not sure why it would)~
Just one warning : I have added a change on uid and euid in sys_generic_setreuid and it does not check for privileges to do that, should I implement privileges here ?
Let me know what you think
And I have added a script in the examples to emulate Linux shellcodes, which is needed to add test cases to miasm-extended-tests
And here is the PR for the test https://github.com/cea-sec/miasm-extended-tests/pull/1 along with the update of travis config file (I have not tested it but it should be simple enough to work)