Use bpf programs as filters for seccomp, the one in the example will block all the write syscalls after it's loaded.
Compile it with just
gcc main.c
zyouyowa
/ page_table_walk.c
Last active
October 8, 2021 09:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define PAGE_OFFSET_MASK (~(~0UL << PAGE_SHIFT)) | |
| unsigned long page_table_walk(unsigned long addr, struct mm_struct *mm_str) | |
| { | |
| pgd_t *pgd; | |
| p4d_t *p4d; | |
| pud_t *pud; | |
| pmd_t *pmd; | |
| pte_t *pte; | |
| unsigned long pfn, phys_page_addr, page_offset, phys_addr; |
pryorda
/ dump_memory.sh
Created
October 19, 2019 05:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| grep rw-p /proc/$1/maps \ | |
| | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' \ | |
| | while read start stop; do \ | |
| gdb --batch --pid $1 -ex \ | |
| "dump memory $1-$start-$stop.dump 0x$start 0x$stop"; \ | |
| done | |
| # use strings on file after. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> //for int8_t | |
| #include <string.h> //for memcmp | |
| #include <wmmintrin.h> //for intrinsics for AES-NI | |
| //compile using gcc and following arguments: -g;-O0;-Wall;-msse2;-msse;-march=native;-maes | |
| //internal stuff | |
| //macros | |
| #define DO_ENC_BLOCK(m,k) \ | |
| do{\ |