_yrp
_yrp
Yep, this is a good idea and I'd like to implement it eventually. I'm unlikely to do it in the near future just due to time constraints, but it's definitely...
I'll definitely keep you updated. If I add Unicorn support I'll likely create a new project for it and repurpose some rappel UI and ELF gen code, then keep the...
Hm, what is kernel.grsecurity.harden_ptrace? Alternatively if you run it as root, does it work? According to the docs that sysctl shouldn't affect ptrace in this case (because the tracee is...
Hm, can you try a patch for me? ``` diff --git a/elf_amd64.c b/elf_amd64.c index 546841c..52ef9f1 100644 --- a/elf_amd64.c +++ b/elf_amd64.c @@ -74,7 +74,7 @@ const size_t gen_elf_amd64( Elf64_Phdr *const phdr...
Ok, I think I know whats happening. Rappel creates an elf runs it, and rewrites it at runtime to include the result of assembled instructions. The text segment of the...
Man, I really need to test with grsec. Thanks for the report, and sorry it's been such a hassle. Will let you know when I understand a bit more whats...
So two months later I finally got around to figuring this out. This is controlled by PAX_MPROTECT (https://pax.grsecurity.net/docs/mprotect.txt). Honestly, having PAX_MPROTECT is probably better than running rappel in interactive mode....
Awesome, thanks. CFG recovery is definitely hard, but for most of my purposes lsweep is great. The reason I ask about PLT entries is I'm interested in pulling xrefs out...
Awesome, thanks for the PLT info. Will look into that too. x64 semantics stuff looks good in my small test cases. Will let you know if I find any other...
There is a workaround that is probably preferable here: ``` class NopCallingConvention(CallingConvention): pass bv.arch.register_calling_convention(NopCallingConvention(bv.arch, 'nop')) ``` the set the type of __fentry__ to `void __convention("nop") __fentry(void)`. Because of #2661, you...