linuxthor
linuxthor
/ haiku-syscalls-with-numbers.txt
Created
January 9, 2019 17:54
System call table for Haiku operating system
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 extern int _kern_is_computer_on(void); | |
| 1 extern status_t _kern_generic_syscall(const char *subsystem, uint32 function, void *buffer, size_t bufferSize); | |
| 2 extern int _kern_getrlimit(int resource, struct rlimit * rlp); | |
| 3 extern int _kern_setrlimit(int resource, const struct rlimit * rlp); | |
| 4 extern status_t _kern_shutdown(bool reboot); | |
| 5 extern status_t _kern_get_safemode_option(const char *parameter, char *buffer, size_t *_bufferSize); | |
| 6 extern ssize_t _kern_wait_for_objects(object_wait_info* infos, int numInfos, uint32 flags, bigtime_t timeout); | |
| 7 extern status_t _kern_mutex_lock(int32* mutex, const char* name, uint32 flags, bigtime_t timeout); | |
| 8 extern status_t _kern_mutex_unlock(int32* mutex, uint32 flags); | |
| 9 extern status_t _kern_mutex_switch_lock(int32* fromMutex, int32* toMutex, const char* name, uint32 flags, bigtime_t timeout); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/init.h> | |
| #include <linux/kernel.h> | |
| #include <linux/fs.h> | |
| #include <linux/mm.h> | |
| #include <linux/slab.h> | |
| #include <linux/vmalloc.h> | |
| #include <linux/uaccess.h> | |
| unsigned long *amem; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/init.h> | |
| #include <linux/kernel.h> | |
| #include <linux/fs.h> | |
| #include <linux/mm.h> | |
| #include <linux/slab.h> | |
| #include <linux/vmalloc.h> | |
| #include <linux/uaccess.h> | |
| int init_module(void) |
linuxthor
/ kpatchproc.c
Created
September 8, 2020 15:29
Find running userspace processes of some type and patch them
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/init.h> | |
| #include <linux/kernel.h> | |
| #include <linux/fs.h> | |
| #include <linux/mm.h> | |
| #include <linux/uio.h> | |
| #include <linux/slab.h> | |
| #include <linux/vmalloc.h> | |
| #include <linux/kallsyms.h> | |
| #include <linux/uaccess.h> |
linuxthor
/ kprobafunc.c
Created
September 9, 2020 21:16
Attach a kprobe to some function - simple example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/init.h> | |
| #include <linux/kernel.h> | |
| #include <linux/kprobes.h> | |
| char *mota = "__NO__"; | |
| static int kp_pre_handler(struct kprobe *p, struct pt_regs *regs) | |
| { | |
| // kprobe pre 'hook' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/init.h> | |
| #include <linux/kernel.h> | |
| #include <linux/kprobes.h> | |
| int init_module(void) | |
| { | |
| struct module *mahjool; | |
| struct kobject kobj; | |
| unsigned long addy; |
linuxthor
/ kfindsymprobe.c
Created
September 11, 2020 21:55
Use a kprobe to find the address of some kernel symbol
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/init.h> | |
| #include <linux/kernel.h> | |
| #include <linux/kprobes.h> | |
| static struct kprobe kp = { | |
| .symbol_name = "kallsyms_lookup_name" | |
| }; | |
| int init_module(void) |
linuxthor
/ randstruct-notes.txt
Last active
June 9, 2025 15:53
Visualise the effect of the GCC randstruct plugin on some struct layout
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The 'mizers dream | |
| ================= | |
| The GCC randstruct plugin (randomize_layout_plugin.c) by Open Source Security, Inc., Brad Spengler and PaX Team | |
| allows some sensitive structures in the Linux Kernel to have their layout shuffled. The aim is to obfuscate the | |
| location of sensitive data (e.g some function pointers) and make certain types of exploitation more difficult. | |
| It's explained in detail here: https://lwn.net/Articles/722293/ | |
| The randstruct plugin is built with a randomisation seed included (randomize_layout_seed.h) which is generated | |
| at compile time by the gen-random-seed.sh script: |
linuxthor
/ elfdestruct.asm
Last active
October 21, 2020 14:11
ELF overwrites itself in memory while executing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; linuxthor | |
| ; | |
| ; ELF destruct | |
| ; | |
| ; this file, when executed, will overwrite it's own image in memory | |
| ; | |
| ; nasm -f bin -o elfdestruct elfdestruct.asm | |
| BITS 64 | |
| org 0x010000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A couple of thoughts about SFTP & SCP | |
| ===================================== | |
| SCP looks long in the tooth now and people have come to talk about deprecating it entirely. This | |
| is due to SCP being the spiritual successor of RCP and inheriting a bunch of cruft that makes it | |
| vulnerable to stuff like CVE-2019-6111 (the one where the server could overwrite arbitrary files | |
| on the client) and CVE-2020-15778 (the one where shell commands could be put in backticks in | |
| filenames) so SFTP seems to be the replacement.. It's a more flexible protocol for sure but there | |
| can be a gotcha not present with SCP.. | |
OlderNewer