mirror of https://gitlab.com/PoroCYon/vondehi
fix argv passing to execveat
use -DWANT_ARGV to enable this fix (I really should make these fix flags on by default. Also vondehi really needs a cleanup now.)
This commit is contained in:
parent
13f7ed75d8
commit
243908254c
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
Copyright 2018-2019 PoroCYon and contributors.
|
||||
Copyright 2018-2020 PoroCYon and contributors.
|
||||
|
||||
This software is provided "as is", without any express or implied warranties,
|
||||
including but not limited to the implied warranties of merchantability and
|
||||
|
|
9
Makefile
9
Makefile
|
@ -1,8 +1,9 @@
|
|||
|
||||
default: test
|
||||
|
||||
testbin: hello.c #test.c
|
||||
$(CC) -O3 -s -o "$@" "$<" #-static -nostdlib -nostartfiles
|
||||
testbin: test.c
|
||||
cat `which env` > "$@"
|
||||
# $(CC) -O3 -s -o "$@" "$<" #-static -nostdlib -nostartfiles
|
||||
|
||||
%.gz: %
|
||||
< "$<" gzip -cnk9 > "$@"
|
||||
|
@ -10,11 +11,11 @@ testbin: hello.c #test.c
|
|||
< "$<" lzma --format=lzma -9 --extreme --lzma1=preset=9,lc=1,lp=0,pb=0 --keep --stdout > "$@"
|
||||
|
||||
vondehi: vondehi.asm
|
||||
nasm -fbin -DNO_CHEATING -o"$@" "$<"
|
||||
nasm -fbin -DNO_CHEATING -DWANT_ARGV -o"$@" "$<"
|
||||
chmod +x "$@"
|
||||
|
||||
test: vondehi testbin.lzma
|
||||
-cat $^ > test && chmod +x test && strace -f ./test
|
||||
-cat $^ > test && chmod +x test && strace -f ./test foo bar
|
||||
wc -c "$<"
|
||||
|
||||
.PHONY: default test
|
||||
|
|
|
@ -38,7 +38,7 @@ kernel is 64-bit and supports the 32-bit emulation layer.
|
|||
|
||||
```
|
||||
nasm -fbin -o$out vondehi.asm [-DUSE_GZIP] [-DTAG="j0!"] [-DNO_UBUNTU_COMPAT] \
|
||||
[-DUSE_VFORK] [-DNO_CHEATING]
|
||||
[-DUSE_VFORK] [-DNO_CHEATING] [-DWANT_ARGV]
|
||||
cat $out $intro_compressed > $final
|
||||
```
|
||||
|
||||
|
@ -63,6 +63,8 @@ brute-forces all compression parameters to find the optimal binary.
|
|||
* `NO_CHEATING` (default off): don't assume file descriptor numbers and
|
||||
properly pass arguments and environment variable to the payload. You need
|
||||
this if you're running on Wayland. Costs 5 bytes.
|
||||
* `WANT_ARGV` (default off): properly pass argv to the payload binary if
|
||||
`NO_CHEATING` is enabled. Costs 3 or so bytes.
|
||||
|
||||
## How to debug it if it doesn't work
|
||||
|
||||
|
|
|
@ -108,7 +108,11 @@ _parent.2:
|
|||
phdr.endm2:
|
||||
phdr.end equ phdr.endm2 + 2
|
||||
lea ecx, [ebp+__strempty-__self+EBP_bias] ; p_align2..3, ...
|
||||
%ifdef WANT_ARGV
|
||||
lea edx, [esp+0x18]
|
||||
%else
|
||||
xchg edx, esp
|
||||
%endif
|
||||
%else
|
||||
mov bl, 3 ; p_align1..2
|
||||
phdr.endm1:
|
||||
|
|
Loading…
Reference in New Issue