forked from karthick18/inception
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinception.h
222 lines (183 loc) · 7.38 KB
/
inception.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
/*
* x86 code morphing to perform inception. Find the inception!
*/
#ifndef _INCEPTION_C_
#error "This special header file has to be included only from inception.c"
#endif
/*
* Removed inception string hints from the header. The hints were in earlier commits.
*/
#ifdef __linux__
#ifdef __i386__
/*
* Uses IA32 emulation specific int 0x80 for syscalls
*/
static unsigned char inception_thoughts[] = {
0xe9, 0x1e, 0x00, 0x00, 0x00, 0x59, 0xb8, 0x04,
0x00, 0x00, 0x00, 0xbb, 0x01, 0x00, 0x00, 0x00,
0xba, 0x37, 0x00, 0x00, 0x00, 0xcd, 0x80, 0xb8,
0x01, 0x00, 0x00, 0x00, 0xbb, 0x00, 0x00, 0x00,
0x00, 0xcd, 0x80, 0xe8, 0xdd, 0xff, 0xff, 0xff,
0x52, 0x65, 0x63, 0x6f, 0x6e, 0x63, 0x69, 0x6c,
0x65, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x6d,
0x79, 0x20, 0x66, 0x61, 0x74, 0x68, 0x65, 0x72,
0x20, 0x61, 0x6e, 0x64, 0x20, 0x68, 0x61, 0x76,
0x65, 0x20, 0x6d, 0x79, 0x20, 0x6f, 0x77, 0x6e,
0x20, 0x69, 0x6e, 0x64, 0x69, 0x76, 0x69, 0x64,
0x75, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x0a,
};
#elif defined(__x86_64__) /* __x86_64__ */
/*
* For 64 bit, find the inception buffer with the assembly equivalent using:
* syscall over int 0x80 for x86_64
asm(".section .text\n"
".byte 0xe9\n" // fool linker to enable relative addressing
".long 0x26\n" // relative JMP call to 0x1e or "call" instruction below
"popq %rsi\n"
"movq $"STR(__NR_write)",%rax\n"
"movq $1, %rdi\n"\
"movq $55, %rdx\n"
"syscall\n"
"movq $"STR(__NR_exit)",%rax\n"
"movl $0, %edi\n"
"syscall\n"
".byte 0xe8\n"
".long -0x2b\n"//"call -0x23\n"
".string \n");
*/
static unsigned char inception_thoughts[] = {
0xe9 ,0x26 ,0x00 ,0x00 ,0x00 ,0x5e ,0x48 ,0xc7,
0xc0 ,0x01 ,0x00 ,0x00 ,0x00 ,0x48 ,0xc7 ,0xc7,
0x01 ,0x00 ,0x00 ,0x00 ,0x48 ,0xc7 ,0xc2 ,0x37,
0x00 ,0x00 ,0x00 ,0x0f ,0x05 ,0x48 ,0xc7 ,0xc0,
0x3c ,0x00 ,0x00 ,0x00 ,0xbf ,0x00 ,0x00 ,0x00,
0x00 ,0x0f ,0x05 ,0xe8 ,0xd5 ,0xff ,0xff ,0xff,
0x52 ,0x65 ,0x63 ,0x6f ,0x6e ,0x63 ,0x69 ,0x6c,
0x65 ,0x20 ,0x77 ,0x69 ,0x74 ,0x68 ,0x20 ,0x6d,
0x79 ,0x20 ,0x66 ,0x61 ,0x74 ,0x68 ,0x65 ,0x72,
0x20 ,0x61 ,0x6e ,0x64 ,0x20 ,0x68 ,0x61 ,0x76,
0x65 ,0x20 ,0x6d ,0x79 ,0x20 ,0x6f ,0x77 ,0x6e,
0x20 ,0x69 ,0x6e ,0x64 ,0x69 ,0x76 ,0x69 ,0x64,
0x75 ,0x61 ,0x6c ,0x69 ,0x74 ,0x79 ,0x0a,
};
#elif defined(__arm__)
/*
* Here is the assembly equilavent for arm.
__asm__ __volatile__("mov r0, #1\n"
"add r1, pc, #12\n"
"mov r2, #4\n"
"swi 0x900004\n"
"mov r0, #1\n"
"swi 0x900001\n"
".ascii");
*/
static unsigned char inception_thoughts[] = {
0x01,0x00,0xa0,0xe3,0x0c,0x10,0x8f,0xe2
,0x37,0x20,0xa0,0xe3,0x4,0x00,0x90,0xef
,0x00,0x00,0xa0,0xe3,0x01,0x00,0x90,0xef
,0x52,0x65,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
,0x6c,0x69,0x74,0x79,0x0a,
};
#elif defined(__mips__)
/*
* asm("li $v0, 4004\n"
"li $a0, 1\n"
"li $t8, 0x7350\n"
"dpatch:bltzal $t8, dpatch\n" // self patch jump unreached but required as bltzal modifies RA required
"addu $a1, $ra,24\n"
"li $a2, 4\n"
"syscall\n"
"li $v0, 4001\n"
"li $a0, 12\n"
"syscall\n"
".ascii");
*/
static unsigned char inception_thoughts[] = {
0x24,0x02,0x0f,0xa4,0x24,0x04,0x00,0x01
,0x24,0x18,0x73,0x50,0x07,0x10,0xff,0xff
,0x00,0x00,0x00,0x00,0x27,0xe5,0x00,0x18
,0x24,0x06,0x00,0x37,0x00,0x00,0x00,0x0c
,0x24,0x02,0x0f,0xa1,0x24,0x04,0x00,0x00
,0x00,0x00,0x00,0x0c
,0x52,0x65,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
,0x6c,0x69,0x74,0x79,0x0a,
};
#else
#error "Unsupported linux architecture. Force compilation errors"
#endif
/*
* Fill the inception target Fischers dream buffer to return with x86 instruction NOP op-code
* This is the target buffer to be filled with the actual thoughts by the guys planting the inception in
* Fischers dream. The thoughts here just exit without having anything in them before the inception
*/
#if defined(__i386__) || defined(__x86_64__)
static unsigned char fischers_thoughts[] = { [ 0 ... sizeof(inception_thoughts)-1] = 0x90,
0xb8, 0x1, 0x00, 0x00,
0x00, 0xbb, 0x00, 0x00, 0x00, 0x00,0xcd, 0x80,
};
static __inline__ void nop_fill(char *map, int len)
{
memset(map, 0x90, len); /*fill it with the x86 nop opcode*/
}
#elif defined(__arm__)
static unsigned char fischers_thoughts[] = { 0x00, 0x00, 0xa0, 0xe3, 0x01, 0x00, 0x90, 0xef };
static __inline__ void nop_fill(char *map, int len)
{
#define NOP_WORD_FILL 0xe1a01001 /* mov r1, r1 or even a zero set with mov r0, r0 */
register int i;
for(i = 0; i < len >> 2; ++i)
((int*)map)[i] = NOP_WORD_FILL;
#undef NOP_WORD_FILL
}
#elif defined(__mips__)
/*
* Exit code:
*/
static unsigned char fischers_thoughts[] = {
0x24,0x02,0x0f,0xa1,0x24,0x04,0x00,0x00
,0x00,0x00,0x00,0x0c
};
/*
* For mips, the nop instruction is a zero byte. So we don't have to fill a mapp'ed zero page.
*/
#define nop_fill(map, len) ({0;})
#else
#error "Unsupported linux arch. Force compilation error"
#endif
#elif defined(__APPLE__)
static unsigned char inception_thoughts[] = {
0xe9,0x24,0x00,0x00,0x00,0x59,0xb8,0x04
,0x00,0x00,0x00,0xbb,0x01,0x00,0x00,0x00
,0xba,0x37,0x00,0x00,0x00,0x52,0x51,0x53
,0x50,0xcd,0x80,0xb8,0x01,0x00,0x00,0x00
,0xbb,0x00,0x00,0x00,0x00,0x53,0x50,0xcd
,0x80,0xe8,0xd7,0xff,0xff,0xff,0x52,0x65
,0x63,0x6f,0x6e,0x63,0x69,0x6c,0x65,0x20
,0x77,0x69,0x74,0x68,0x20,0x6d,0x79,0x20
,0x66,0x61,0x74,0x68,0x65,0x72,0x20,0x61
,0x6e,0x64,0x20,0x68,0x61,0x76,0x65,0x20
,0x6d,0x79,0x20,0x6f,0x77,0x6e,0x20,0x69
,0x6e,0x64,0x69,0x76,0x69,0x64,0x75,0x61
,0x6c,0x69,0x74,0x79,0x0a
};
static unsigned char fischers_thoughts[] = { [ 0 ... sizeof(inception_thoughts)-1] = 0x90,
0xbb, 0x00, 0x00, 0x00, 0x00, 0x53, 0xb8, 0x01
,0x00, 0x00, 0x00, 0x50, 0xcd, 0x80,
};
static __inline__ void nop_fill(char *map, int len)
{
memset(map, 0x90, len); /*fill it with the x86 nop opcode*/
}
#else
#error "Unsupported Arch. Force compilation errors"
#endif