Mass commit.

Author: lmajor91

README.md

@@ -0,0 +1 @@
+based on https://github.com/k-stz/cl-ptrace

a.out

@@ -0,0 +1,15 @@
+;;;; This file contains the system definition for ASDF
+
+(in-package :asdf-user)
+
+(defsystem #:cl-ptrace
+  :description "My own take at a lisp process hacking"
+  :version "0.3.0"
+  :author "liamm91"
+  :licence "MIT"
+  :depends-on ("cffi" "cl-ppcre")
+  :serial t
+  :components
+  ((:file "src/package")
+   (:file "src/utils")
+   (:file "src/memmappings")))

cl-ptrace.asd

@@ -0,0 +1,54 @@
+	.file	"prog.c"
+	.text
+	.globl	flag
+	.data
+	.align 4
+	.type	flag, @object
+	.size	flag, 4
+flag:
+	.long	43981
+	.globl	x
+	.bss
+	.align 8
+	.type	x, @object
+	.size	x, 8
+x:
+	.zero	8
+	.section	.rodata
+	.align 8
+.LC0:
+	.string	"Modified flag variable! Flag now: %x"
+	.text
+	.globl	main
+	.type	main, @function
+main:
+.LFB0:
+	.cfi_startproc
+	pushq	%rbp
+	.cfi_def_cfa_offset 16
+	.cfi_offset 6, -16
+	movq	%rsp, %rbp
+	.cfi_def_cfa_register 6
+	jmp	.L2
+.L3:
+	movq	x(%rip), %rax
+	addq	$1, %rax
+	movq	%rax, x(%rip)
+.L2:
+	movl	flag(%rip), %eax
+	cmpl	$43981, %eax
+	je	.L3
+	movl	flag(%rip), %eax
+	movl	%eax, %esi
+	leaq	.LC0(%rip), %rdi
+	movl	$0, %eax
+	call	printf@PLT
+	movl	$0, %eax
+	popq	%rbp
+	.cfi_def_cfa 7, 8
+	ret
+	.cfi_endproc
+.LFE0:
+	.size	main, .-main
+	.ident	"GCC: (GNU) 10.2.0"
+	.section	.note.GNU-stack,"",@progbits

debug.asm

@@ -0,0 +1,7 @@
+SCRIPT_NAME := cl-ptrace.asd
+PACKAGE_NAME := :cl-ptrace
+
+target:
+	@echo "Run (load-short) to run load the package into the REPL, then (in-package ${PACKAGE_NAME})"
+	@sbcl --load ${SCRIPT_NAME} --eval "(asdf:load-system ${PACKAGE_NAME})" --eval "(in-package ${PACKAGE_NAME})"
+

makefile

@@ -0,0 +1,12 @@
+#include <stdio.h>
+
+int flag = 0xABCD;
+unsigned long long x = 0;
+
+int main () {
+	while (flag == 0xABCD) {
+		++x;
+	}
+	printf("Modified flag variable! Flag now: %x", flag);
+	return 0;
+}

prog.c

@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/ptrace.h>
+#include <sys/reg.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/user.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+
+// literally just so I can look through all of the header files with
+// their definition so I can learn from it
+int main () {
+    return 0;
+}

source.c

@@ -0,0 +1,110 @@
+;;;; This file is to organize all the functions which access the memory mappings of the current process
+
+;; Make a standardized format to remember functions by:
+;; -- a range of addresses is called a region. e.g., (- 111222333 777888999) is a region
+;; -- search functions will return a list of addresses (1111 2222 3333 4444 5555 6666)
+;; -- get functions return region(s)
+;; -- snapshot macros return an address value pair
+
+;; [X] removed comparison and parsing function from get-memory-regions function
+;; [X] made a macro to specifically target the heap from a process
+;; [X] make a function to search memory regions for a specific value
+;; [ ] make a function to COMPLETELY stop multi-threaded processes
+
+;; -- Aside/Rants --
+
+;; I was erroring because my guess is that I was reading too small of address ranges
+;; and when the REPL was trying to convert it to an unsigned bytes it was crashing. Why? great question.
+;; The fix was fixing the value of +CHAR+ from 4 bits to 8 bits. Which it what it was supposed to be but
+;; I can't understand how many bits are in a byte.
+
+;; -- Future --
+
+;; Actually use this library on a simple program like an emulator
+
+;; Make a function to calculate the displacement of a certain address from the start of the program
+;;   and save it to a file
+;; e.g., calculate the displacement for a health variable
+
+(in-package :cl-ptrace)
+
+;; We are counting in bits, not bytes
+(defconstant +CHAR+ (* 8 1))    ; 1 byte
+(defconstant +SHORT+ (* 8 2))   ; 2 bytes
+(defconstant +INTEGER+ (* 8 4)) ; 4 bytes
+(defconstant +LONG+ (* 8 8))    ; 8 bytes
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Snapshot Functions
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defmacro heap-snapshot (&optional (pid *pid*) (read-size +CHAR+))
+  "This function is a short-hand to read and take the snapshot of the heap."
+  `(let ((heap-range (get-heap-region ,pid)))
+     (if (null heap-range)
+	 nil
+	 (collect-address-value-pairs heap-range ,read-size ,pid))))
+
+(defmacro memory-snapshot (&optional (pid *pid*) (read-size +CHAR+))
+  "This function takes a list of address ranges and then calls collect-address-value-pairs on them."
+  `(apply #'append (loop for region in (get-memory-regions ,pid)
+	collect (collect-address-value-pairs region ,pid ,read-size))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Get Functions
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defmacro get-heap-region (&optional (pid *pid*))
+  "Parses the memory regions of the process and returns the memory region of the heap"
+  `(car (get-memory-regions ,pid #'parse-memory-regions "(heap)")))
+
+(defun get-memory-regions (&optional (pid *pid*) (parser #'parse-memory-regions) (match-query "([r\-][w\-][x\-]p)"))
+  "Reads the /proc/id/maps file and returns all the memory addresses associated with the process"
+  (with-open-file (stream (concatenate 'string "/proc/" (write-to-string pid) "/maps"))
+    (loop for line = (read-line stream nil)
+	  while line
+	  if (cl-ppcre:scan match-query line) ; this is to make sure I'm reading the memory regions that are private and not shared
+	  collect (funcall parser line))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Search Functions
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defmacro search-all-regions (target-value &optional (pid *pid*) (read-size +CHAR+))
+  "This macro is a short-hands to search every memory region for the target-value"
+  `(apply #'append (loop for range in (get-memory-regions ,pid)
+	      collect (search-region ,target-value range ,pid ,read-size))))
+
+(defun search-region (target-value region &optional (pid *pid*) (read-size +CHAR+))
+  "This function searches for the target-value in a region of memory addresses and returns a list of addresses who's value matches the target-value."
+  (loop for n from 0 to (/ (- (cadr region) (car region)) read-size)
+	for mem-value = (peekdata (+ (car region) (* n read-size)) pid nil nil)
+	if (= target-value mem-value)
+	  collect (+ (car region) (* n read-size))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Miscellaneous Functions
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defun collect-address-value-pairs (region &optional (pid *pid*) (read-size +CHAR+))
+  "This function searches each memory address and returns it and its corresponding value."
+  (loop for n from 0 to (/ (- (cadr region) (car region)) read-size)
+	collect (list (+ (car region) (* n read-size)) (peekdata (+ (car region) (* n read-size)) pid nil nil))))
+
+(defmacro print-memory-regions (&optional (pid *pid*) (read-size +CHAR+))
+  "This function prints the number of addresses in each address range: [a, b]. Including a proper (- a b) form"
+  `(let ((list-regions (get-memory-regions ,pid)))
+     (format t "Read size: ~D bits~%" ,read-size)
+     (loop for region in list-regions
+	   do (format t "(- ~D ~D) >> ~D Addrs~%" (car region) (cadr region) (/ (- (cadr region) (car region)) ,read-size)))
+     t))
+
+(defun num-addresses (&optional (pid *pid*) (read-size +CHAR+))
+  "Sums the amount of addresses used by the process"
+  (let ((mappings (get-memory-regions pid)))
+    (apply #'+ (loop for region in mappings
+		     collect (/ (- (cadr region) (car region)) read-size)))))
+
+(defun parse-memory-regions (string)
+  "Function built to parse the /proc/id/maps file"
+  (mapcar #'(lambda (x) (parse-integer x :radix 16)) (cl-ppcre:split "\-" (car (cl-ppcre:split "\\s+" string)))))

src/memmappings.lisp

@@ -0,0 +1,36 @@
+;;;; This file is to organize all the functions which access the memory mappings of the current process
+
+;; [X] removed comparison and parsing function from get-memory-regions function
+;; --- made a macro to specifically target the heap from a process
+
+;; Make function to iterate over each address and scan for a target value,
+;; any result will be a signed
+
+;; Make a function to calculate the displacement of a certain address from the start of the program
+;;   and save it to a file
+;; e.g., calculate the displacement for a health variable
+
+(in-package :cl-ptrace)
+
+(defun num-addresses (&optional (pid *pid*))
+  "Sums the amount of addresses used by the process"
+  (let ((mappings (get-memory-regions pid)))
+    (apply #'+ (loop for range in mappings
+	  collect (- (second range) (first range))))))
+
+(defmacro get-heap-region (&optional (pid *pid*))
+  "Parses the memory regions of the process and returns the memory region of the heap"
+  `(car (get-memory-regions ,pid #'parse-memory-regions "(heap)")))
+
+(defun parse-memory-regions (string)
+  "Parses the memory regions from the /proc/id/maps file"
+  (mapcar #'(lambda (x) (parse-integer x :radix 16)) (cl-ppcre:split "\-" (car (cl-ppcre:split "\\s+" string)))))
+
+(defun get-memory-regions (&optional (pid *pid*) (parser #'parse-memory-regions) (read-if "([r\-][w\-][x\-]p)"))
+  "Reads the /proc/id/maps file and returns all the memory addresses associated with the process"
+  (with-open-file (stream (concatenate 'string "/proc/" (write-to-string pid) "/maps"))
+    (loop for line = (read-line stream nil)
+	  while line
+	  if (cl-ppcre:scan read-if line) ; this is to make sure I'm reading the memory regions that are private and not shared
+	  collect (funcall parser line))))
+

src/memmappings.lisp~

@@ -0,0 +1,6 @@
+;;;; This file is to setup the package for the lisp system
+
+(in-package "COMMON-LISP-USER")
+
+(defpackage :cl-ptrace
+    (:use :common-lisp :sb-ext :cffi))