Linux查找glibc死机方法
来源:互联网 发布:淘宝漏洞q币充值 编辑:程序博客网 时间:2024/05/31 18:42
LDFLAGS += -Wl,--gc-sections -Wl,--wrap,malloc -Wl,--wrap,realloc -Wl,--wrap,calloc -Wl,--wrap,free
#if 1
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/mman.h>
#include <stdio.h>
#include <memory.h>
#define MEM_HDR_MAGIC (0x4D4D4150)
#define MEM_PAGE_SIZE (0x1000)
#define MEM_DEF_ALIGN_SIZE (0x4)
#define MEM_FILL_PATTERN (0x4D)
typedef struct mem_hdr_s
{
unsigned int size;
unsigned int aligned_size;
unsigned int real_size;
void *p;
void *real_p;
void *caller;
unsigned int magic;
} mem_hdr_t;
#define DIE(caller) \
do \
{ \
printf("DIE AT %s %d %p\n", __FUNCTION__, __LINE__, (caller)); \
fflush(stdout); \
*(int *)0 = 0; \
} while (0)
void *mmap_malloc(unsigned int size)
{
unsigned int real_size;
unsigned char *real_p;
mem_hdr_t *hdr;
unsigned int aligned_size;
void *caller = __builtin_return_address(0);
aligned_size = (size + (MEM_DEF_ALIGN_SIZE - 1)) & (~(MEM_DEF_ALIGN_SIZE - 1));
real_size = (((aligned_size + sizeof(mem_hdr_t)) + (MEM_PAGE_SIZE - 1)) & (~(MEM_PAGE_SIZE - 1))) + MEM_PAGE_SIZE;
real_p = (unsigned char *)mmap (NULL, real_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (real_p == NULL)
{
DIE(caller);
}
if (mprotect (real_p + real_size - MEM_PAGE_SIZE, MEM_PAGE_SIZE, PROT_READ) != 0)
{
DIE(caller);
}
hdr = (mem_hdr_t *)(real_p + real_size - MEM_PAGE_SIZE - aligned_size - sizeof(mem_hdr_t));
hdr->magic = MEM_HDR_MAGIC;
hdr->real_size = real_size;
hdr->real_p = real_p;
hdr->size = size;
hdr->aligned_size = aligned_size;
hdr->p = (void *)(hdr + 1);
hdr->caller = caller;
if (aligned_size != size)
{
memset((unsigned char *)hdr->p + size, MEM_FILL_PATTERN, aligned_size - size);
}
return hdr->p;
}
void *mmap_realloc(void *p, unsigned int size)
{
void *new_mem;
mem_hdr_t *hdr;
hdr = ((mem_hdr_t *)p) - 1;
if (hdr->magic != MEM_HDR_MAGIC)
{
DIE((void *)0);
}
new_mem = mmap_malloc(size);
if (new_mem != NULL)
{
memcpy(new_mem, p, hdr->size > size ? size : hdr->size);
mmap_free(p);
}
return new_mem;
}
void mmap_free(void *p)
{
unsigned int i;
mem_hdr_t *hdr;
hdr = ((mem_hdr_t *)p) - 1;
if (hdr->magic != MEM_HDR_MAGIC)
{
DIE((void *)0);
}
if (hdr->p != p)
{
DIE((void *)0);
}
for (i=0; i<(hdr->aligned_size - hdr->size); i++)
{
if (*(((unsigned char *)p) + hdr->size + i) != MEM_FILL_PATTERN)
{
DIE(hdr->caller);
}
}
munmap(hdr->real_p, hdr->real_size);
}
void *__wrap_malloc(int size)
{
return mmap_malloc(size);
}
void *__wrap_realloc(void *p, int size)
{
return mmap_realloc(p, size);
}
void *__wrap_calloc(int n, int size)
{
return mmap_malloc(n * size);
}
void __wrap_free(void *p)
{
mmap_free(p);
}
#else
void *mmap_malloc(unsigned int size)
{
return malloc(size);
}
void *mmap_realloc(void *p, unsigned int size)
{
return realloc(p,size);
}
void mmap_free(void *p)
{
free(p);
}
#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/mman.h>
#include <stdio.h>
#include <memory.h>
#define MEM_HDR_MAGIC (0x4D4D4150)
#define MEM_PAGE_SIZE (0x1000)
#define MEM_DEF_ALIGN_SIZE (0x4)
#define MEM_FILL_PATTERN (0x4D)
typedef struct mem_hdr_s
{
unsigned int size;
unsigned int aligned_size;
unsigned int real_size;
void *p;
void *real_p;
void *caller;
unsigned int magic;
} mem_hdr_t;
#define DIE(caller) \
do \
{ \
printf("DIE AT %s %d %p\n", __FUNCTION__, __LINE__, (caller)); \
fflush(stdout); \
*(int *)0 = 0; \
} while (0)
void *mmap_malloc(unsigned int size)
{
unsigned int real_size;
unsigned char *real_p;
mem_hdr_t *hdr;
unsigned int aligned_size;
void *caller = __builtin_return_address(0);
aligned_size = (size + (MEM_DEF_ALIGN_SIZE - 1)) & (~(MEM_DEF_ALIGN_SIZE - 1));
real_size = (((aligned_size + sizeof(mem_hdr_t)) + (MEM_PAGE_SIZE - 1)) & (~(MEM_PAGE_SIZE - 1))) + MEM_PAGE_SIZE;
real_p = (unsigned char *)mmap (NULL, real_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (real_p == NULL)
{
DIE(caller);
}
if (mprotect (real_p + real_size - MEM_PAGE_SIZE, MEM_PAGE_SIZE, PROT_READ) != 0)
{
DIE(caller);
}
hdr = (mem_hdr_t *)(real_p + real_size - MEM_PAGE_SIZE - aligned_size - sizeof(mem_hdr_t));
hdr->magic = MEM_HDR_MAGIC;
hdr->real_size = real_size;
hdr->real_p = real_p;
hdr->size = size;
hdr->aligned_size = aligned_size;
hdr->p = (void *)(hdr + 1);
hdr->caller = caller;
if (aligned_size != size)
{
memset((unsigned char *)hdr->p + size, MEM_FILL_PATTERN, aligned_size - size);
}
return hdr->p;
}
void *mmap_realloc(void *p, unsigned int size)
{
void *new_mem;
mem_hdr_t *hdr;
hdr = ((mem_hdr_t *)p) - 1;
if (hdr->magic != MEM_HDR_MAGIC)
{
DIE((void *)0);
}
new_mem = mmap_malloc(size);
if (new_mem != NULL)
{
memcpy(new_mem, p, hdr->size > size ? size : hdr->size);
mmap_free(p);
}
return new_mem;
}
void mmap_free(void *p)
{
unsigned int i;
mem_hdr_t *hdr;
hdr = ((mem_hdr_t *)p) - 1;
if (hdr->magic != MEM_HDR_MAGIC)
{
DIE((void *)0);
}
if (hdr->p != p)
{
DIE((void *)0);
}
for (i=0; i<(hdr->aligned_size - hdr->size); i++)
{
if (*(((unsigned char *)p) + hdr->size + i) != MEM_FILL_PATTERN)
{
DIE(hdr->caller);
}
}
munmap(hdr->real_p, hdr->real_size);
}
void *__wrap_malloc(int size)
{
return mmap_malloc(size);
}
void *__wrap_realloc(void *p, int size)
{
return mmap_realloc(p, size);
}
void *__wrap_calloc(int n, int size)
{
return mmap_malloc(n * size);
}
void __wrap_free(void *p)
{
mmap_free(p);
}
#else
void *mmap_malloc(unsigned int size)
{
return malloc(size);
}
void *mmap_realloc(void *p, unsigned int size)
{
return realloc(p,size);
}
void mmap_free(void *p)
{
free(p);
}
#endif
阅读全文
0 0
- Linux查找glibc死机方法
- 单片机程序死机原因查找方法
- linux查看glibc版本方法
- linux下死机处理方法
- linux 死机的应对方法
- Linux glibc幽灵漏洞修复方法
- Linux 操作系统死机故障处理方法总结
- Linux内核死机调试方法总结
- LInux死机
- linux 死机
- android 死机原因查找
- 故障排除 Linux操作系统死机处理方法总结
- 故障排除 Linux操作系统死机处理方法总结
- linux死机处理(我仅仅会使用一种方法)
- Linux查找方法
- linux 查找 方法
- linux glibc rootfs 制作
- linux glibc rootfs 制作
- SLAM学习资料整理
- require() 源码解读
- MediaStore.Images.Media.insertImage
- 欢迎使用CSDN-markdown编辑器
- C语言读书笔记
- Linux查找glibc死机方法
- xUtils(一)-ViewUtils基础用法
- Intellj IDEA光标变成了insert光标状态
- LeetCode编程练习
- 阅读joomla --- php函数使用记录
- 【Swift】UITextField 输入小数点和位数限制
- 设计模式--原型模式(Prototye)
- ZSBK
- 后台请求保证session不失效