fix argv passing to execveat

use -DWANT_ARGV to enable this fix

(I really should make these fix flags on by default. Also vondehi really
 needs a cleanup now.)
This commit is contained in:
PoroCYon 2020-04-09 08:34:07 +02:00
parent 13f7ed75d8
commit 243908254c
4 changed files with 13 additions and 6 deletions

View File

@ -1,4 +1,4 @@
Copyright 2018-2019 PoroCYon and contributors.
Copyright 2018-2020 PoroCYon and contributors.
This software is provided "as is", without any express or implied warranties,
including but not limited to the implied warranties of merchantability and

View File

@ -1,8 +1,9 @@
default: test
testbin: hello.c #test.c
$(CC) -O3 -s -o "$@" "$<" #-static -nostdlib -nostartfiles
testbin: test.c
cat `which env` > "$@"
# $(CC) -O3 -s -o "$@" "$<" #-static -nostdlib -nostartfiles
%.gz: %
< "$<" gzip -cnk9 > "$@"
@ -10,11 +11,11 @@ testbin: hello.c #test.c
< "$<" lzma --format=lzma -9 --extreme --lzma1=preset=9,lc=1,lp=0,pb=0 --keep --stdout > "$@"
vondehi: vondehi.asm
nasm -fbin -DNO_CHEATING -o"$@" "$<"
nasm -fbin -DNO_CHEATING -DWANT_ARGV -o"$@" "$<"
chmod +x "$@"
test: vondehi testbin.lzma
-cat $^ > test && chmod +x test && strace -f ./test
-cat $^ > test && chmod +x test && strace -f ./test foo bar
wc -c "$<"
.PHONY: default test

View File

@ -38,7 +38,7 @@ kernel is 64-bit and supports the 32-bit emulation layer.
```
nasm -fbin -o$out vondehi.asm [-DUSE_GZIP] [-DTAG="j0!"] [-DNO_UBUNTU_COMPAT] \
[-DUSE_VFORK] [-DNO_CHEATING]
[-DUSE_VFORK] [-DNO_CHEATING] [-DWANT_ARGV]
cat $out $intro_compressed > $final
```
@ -63,6 +63,8 @@ brute-forces all compression parameters to find the optimal binary.
* `NO_CHEATING` (default off): don't assume file descriptor numbers and
properly pass arguments and environment variable to the payload. You need
this if you're running on Wayland. Costs 5 bytes.
* `WANT_ARGV` (default off): properly pass argv to the payload binary if
`NO_CHEATING` is enabled. Costs 3 or so bytes.
## How to debug it if it doesn't work

View File

@ -108,7 +108,11 @@ _parent.2:
phdr.endm2:
phdr.end equ phdr.endm2 + 2
lea ecx, [ebp+__strempty-__self+EBP_bias] ; p_align2..3, ...
%ifdef WANT_ARGV
lea edx, [esp+0x18]
%else
xchg edx, esp
%endif
%else
mov bl, 3 ; p_align1..2
phdr.endm1: