Merge branch 'dev' into dev

Author: xwings

examples/rootfs

@@ -0,0 +1,187 @@
+/*
+AUTHOR: Abhijeet Rastogi (http://www.google.com/profiles/abhijeet.1989)
+
+This is a very simple HTTP server. Default port is 10000 and ROOT for the server is your current working directory..
+
+You can provide command line arguments like:- $./a.aout -p [port] -r [path]
+
+for ex. 
+$./a.out -p 50000 -r /home/
+to start a server at port 50000 with root directory as "/home"
+
+$./a.out -r /home/shadyabhi
+starts the server at port 10000 with ROOT as /home/shadyabhi
+
+*/
+
+#include<stdio.h>
+#include<string.h>
+#include<stdlib.h>
+#include<unistd.h>
+#include<sys/types.h>
+#include<sys/stat.h>
+#include<sys/socket.h>
+#include<arpa/inet.h>
+#include<netdb.h>
+#include<signal.h>
+#include<fcntl.h>
+
+#define CONNMAX 1000
+#define BYTES 1024
+
+char *ROOT;
+int listenfd, clients[CONNMAX];
+void error(char *);
+void startServer(char *);
+void respond(int);
+
+int main(int argc, char* argv[])
+{
+	struct sockaddr_in clientaddr;
+	socklen_t addrlen;
+	char c;    
+	
+	//Default Values PATH = ~/ and PORT=10000
+	char PORT[6];
+	ROOT = getenv("PWD");
+	strcpy(PORT,"10000");
+
+	int slot=0;
+
+	//Parsing the command line arguments
+	while ((c = getopt (argc, argv, "p:r:")) != -1)
+		switch (c)
+		{
+			case 'r':
+				ROOT = malloc(strlen(optarg));
+				strcpy(ROOT,optarg);
+				break;
+			case 'p':
+				strcpy(PORT,optarg);
+				break;
+			case '?':
+				fprintf(stderr,"Wrong arguments given!!!\n");
+				exit(1);
+			default:
+				exit(1);
+		}
+	
+	printf("Server started at port no. %s%s%s with root directory as %s%s%s\n","\033[92m",PORT,"\033[0m","\033[92m",ROOT,"\033[0m");
+	// Setting all elements to -1: signifies there is no client connected
+	int i;
+	for (i=0; i<CONNMAX; i++)
+		clients[i]=-1;
+	startServer(PORT);
+
+	// ACCEPT connections
+	while (1)
+	{
+		addrlen = sizeof(clientaddr);
+		clients[slot] = accept (listenfd, (struct sockaddr *) &clientaddr, &addrlen);
+
+		if (clients[slot]<0)
+			error ("accept() error");
+		else
+		{
+			if ( fork()==0 )
+			{
+				respond(slot);
+				exit(0);
+			}
+		}
+
+		while (clients[slot]!=-1) slot = (slot+1)%CONNMAX;
+	}
+
+	return 0;
+}
+
+//start server
+void startServer(char *port)
+{
+	struct addrinfo hints, *res, *p;
+
+	// getaddrinfo for host
+	memset (&hints, 0, sizeof(hints));
+	hints.ai_family = AF_INET;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_PASSIVE;
+	if (getaddrinfo( NULL, port, &hints, &res) != 0)
+	{
+		perror ("getaddrinfo() error");
+		exit(1);
+	}
+	// socket and bind
+	for (p = res; p!=NULL; p=p->ai_next)
+	{
+		listenfd = socket (p->ai_family, p->ai_socktype, 0);
+		if (listenfd == -1) continue;
+		if (bind(listenfd, p->ai_addr, p->ai_addrlen) == 0) break;
+	}
+	if (p==NULL)
+	{
+		perror ("socket() or bind()");
+		exit(1);
+	}
+
+	freeaddrinfo(res);
+
+	// listen for incoming connections
+	if ( listen (listenfd, 1000000) != 0 )
+	{
+		perror("listen() error");
+		exit(1);
+	}
+}
+
+//client connection
+void respond(int n)
+{
+	char mesg[99999], *reqline[3], data_to_send[BYTES], path[99999];
+	int rcvd, fd, bytes_read;
+
+	memset( (void*)mesg, (int)'\0', 99999 );
+
+	rcvd=recv(clients[n], mesg, 99999, 0);
+
+	if (rcvd<0)    // receive error
+		fprintf(stderr,("recv() error\n"));
+	else if (rcvd==0)    // receive socket closed
+		fprintf(stderr,"Client disconnected upexpectedly.\n");
+	else    // message received
+	{
+		printf("%s", mesg);
+		reqline[0] = strtok (mesg, " \t\n");
+		if ( strncmp(reqline[0], "GET\0", 4)==0 )
+		{
+			reqline[1] = strtok (NULL, " \t");
+			reqline[2] = strtok (NULL, " \t\n");
+			if ( strncmp( reqline[2], "HTTP/1.0", 8)!=0 && strncmp( reqline[2], "HTTP/1.1", 8)!=0 )
+			{
+				write(clients[n], "HTTP/1.0 400 Bad Request\n", 25);
+			}
+			else
+			{
+				if ( strncmp(reqline[1], "/\0", 2)==0 )
+					reqline[1] = "/index.html";        //Because if no file is specified, index.html will be opened by default (like it happens in APACHE...
+
+				strcpy(path, ROOT);
+				strcpy(&path[strlen(ROOT)], reqline[1]);
+				printf("file: %s\n", path);
+
+				if ( (fd=open(path, O_RDONLY))!=-1 )    //FILE FOUND
+				{
+					send(clients[n], "HTTP/1.0 200 OK\n\n", 17, 0);
+					while ( (bytes_read=read(fd, data_to_send, BYTES))>0 )
+						write (clients[n], data_to_send, bytes_read);
+				}
+				else    write(clients[n], "HTTP/1.0 404 Not Found\n", 23); //FILE NOT FOUND
+			}
+		}
+	}
+
+	//Closing SOCKET
+	shutdown (clients[n], SHUT_RDWR);         //All further send and recieve operations are DISABLED...
+	close(clients[n]);
+	clients[n]=-1;
+}

examples/src/linux/vshttpd.c

@@ -104,3 +104,24 @@ def enable_vfp(self) -> None:
 
     def check_thumb(self):
         return UC_MODE_THUMB if self.__is_thumb() else UC_MODE_ARM
+
+    """
+    set_tls
+    """
+    def init_get_tls(self):
+        self.ql.mem.map(0xFFFF0000, 0x1000, info="[arm_tls]")
+        """
+        'adr r0, data; ldr r0, [r0]; mov pc, lr; data:.ascii "\x00\x00"'
+        """
+        sc = b'\x04\x00\x8f\xe2\x00\x00\x90\xe5\x0e\xf0\xa0\xe1\x00\x00\x00\x00'
+
+        # if ql.archendian == QL_ENDIAN.EB:
+        #    sc = swap_endianess(sc)
+
+        self.ql.mem.write(self.ql.arch.arm_get_tls_addr, sc)
+        self.ql.log.debug("Set init_kernel_get_tls")    
+
+    def swap_endianess(self, s: bytes, blksize=4) -> bytes:
+        blocks = (s[i:i + blksize] for i in range(0, len(s), blksize))
+
+        return b''.join(bytes(reversed(b)) for b in blocks)

qiling/arch/arm.py

@@ -16,7 +16,6 @@
 from qiling.os.posix.const import NR_OPEN
 from qiling.os.posix.posix import QlOsPosix
 
-from . import utils
 from . import futex
 from . import thread
 
@@ -56,7 +55,7 @@ def load(self):
             self.ql.arch.enable_vfp()
             self.ql.hook_intno(self.hook_syscall, 2)
             self.thread_class = thread.QlLinuxARMThread
-            utils.ql_arm_init_get_tls(self.ql)
+            self.ql.arch.init_get_tls()
 
         # MIPS32
         elif self.ql.archtype == QL_ARCH.MIPS:

qiling/os/linux/linux.py

@@ -5,19 +5,46 @@
 
 from typing import Callable
 import os
+
+from typing import Callable
 from unicorn import UcError
 
+from qiling import Qiling
 from qiling.os.posix.posix import QlOsPosix
 from qiling.os.qnx.const import NTO_SIDE_CHANNEL, SYSMGR_PID, SYSMGR_CHID, SYSMGR_COID
 from qiling.os.qnx.helpers import QnxConn
 from qiling.os.qnx.structs import _thread_local_storage
-from qiling.os.fcall import QlFunctionCall
+
 from qiling.cc import QlCC, intel, arm, mips, riscv
 from qiling.const import QL_ARCH, QL_INTERCEPT
+from qiling.os.fcall import QlFunctionCall
+from qiling.os.const import *
+from qiling.os.posix.const import NR_OPEN
+from qiling.os.posix.posix import QlOsPosix
 
 class QlOsQnx(QlOsPosix):
-    def __init__(self, ql):
+    def __init__(self, ql: Qiling):
         super(QlOsQnx, self).__init__(ql)
+
+        self.ql = ql
+
+        cc: QlCC = {
+            QL_ARCH.X86   : intel.cdecl,
+            QL_ARCH.X8664 : intel.amd64,
+            QL_ARCH.ARM   : arm.aarch32,
+            QL_ARCH.ARM64 : arm.aarch64,
+            QL_ARCH.MIPS  : mips.mipso32,
+            QL_ARCH.RISCV : riscv.riscv,
+            QL_ARCH.RISCV64: riscv.riscv,
+        }[ql.archtype](ql)
+
+        self.fcall = QlFunctionCall(ql, cc)
+
+        self.thread_class = None
+        self.futexm = None
+        self.fh = None
+        self.function_after_load_list = []
+        self.elf_mem_start = 0x0
         self.load()
 
         cc: QlCC = {
@@ -48,11 +75,12 @@ def load(self):
         if self.ql.code:
             return
 
-        if self.ql.archtype!= QL_ARCH.ARM:
-            return
-
-        self.ql.arch.enable_vfp()
-        self.ql.hook_intno(self.hook_syscall, 2)
+        # ARM
+        if self.ql.archtype == QL_ARCH.ARM:
+            self.ql.arch.enable_vfp()
+            self.ql.hook_intno(self.hook_syscall, 2)
+            #self.thread_class = thread.QlLinuxARMThread
+            self.ql.arch.init_get_tls()
 
 
     def hook_syscall(self, intno= None, int = None):
@@ -63,7 +91,17 @@ def add_function_hook(self, fn: str, cb: Callable, intercept: QL_INTERCEPT):
         self.ql.os.function_hook.add_function_hook(fn, cb, intercept)
 
 
-    def hook_sigtrap(self, intno= None, int = None):
+    def register_function_after_load(self, function):
+        if function not in self.function_after_load_list:
+            self.function_after_load_list.append(function)
+
+
+    def run_function_after_load(self):
+        for f in self.function_after_load_list:
+            f()
+
+
+            def hook_sigtrap(self, intno= None, int = None):
         self.ql.log.info("Trap Found")
         self.emu_error()
         exit(1)
@@ -76,15 +114,15 @@ def run(self):
         if  self.ql.entry_point is not None:
             self.ql.loader.elf_entry = self.ql.entry_point
 
-        self.cpupage_addr = int(self.ql.os.profile.get("OS32", "cpupage_address"), 16)
-        self.cpupage_tls_addr = int(self.ql.os.profile.get("OS32", "cpupage_tls_address"), 16)
-        self.tls_data_addr = int(self.ql.os.profile.get("OS32", "tls_data_address"), 16)
-
-        self.syspage_addr = int(self.ql.os.profile.get("OS32", "syspage_address"), 16)
+        self.cpupage_addr        = int(self.ql.os.profile.get("OS32", "cpupage_address"), 16)
+        self.cpupage_tls_addr    = int(self.ql.os.profile.get("OS32", "cpupage_tls_address"), 16)
+        self.tls_data_addr       = int(self.ql.os.profile.get("OS32", "tls_data_address"), 16)
+        self.syspage_addr        = int(self.ql.os.profile.get("OS32", "syspage_address"), 16)
+        syspage_path        = os.path.join(self.ql.rootfs, "syspage.bin")
 
         self.ql.mem.map(self.syspage_addr, 0x4000, info="[syspage_mem]")
 
-        syspage_path = os.path.join(self.ql.rootfs, "syspage.bin")
+        
         with open(syspage_path, "rb") as sp:
             self.ql.mem.write(self.syspage_addr, sp.read())
 
@@ -108,8 +146,13 @@ def run(self):
                 self.ql.emu_start(self.entry_point, (self.entry_point + len(self.ql.code)), self.ql.timeout, self.ql.count)
             else:
                 if self.ql.loader.elf_entry != self.ql.loader.entry_point:
-                    self.ql.emu_start(self.ql.loader.entry_point, self.ql.loader.elf_entry, self.ql.timeout)
-                    self.ql.enable_lib_patch()
+                    entry_address = self.ql.loader.elf_entry
+                    if self.ql.archtype == QL_ARCH.ARM and entry_address & 1 == 1:
+                        entry_address -= 1
+                    self.ql.emu_start(self.ql.loader.entry_point, entry_address, self.ql.timeout)
+                    self.run_function_after_load()
+                    self.ql.loader.skip_exit_check = False
+                    self.ql.write_exit_trap()
 
                 self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
 

qiling/os/qnx/qnx.py

@@ -13,16 +13,19 @@
 from qiling.os.const import STRING
 
 class QNXTest(unittest.TestCase):
+  
     def test_arm_qnx_static(self):
         env = {
             "FOO": "bar"
         }
         ql = Qiling(["../examples/rootfs/arm_qnx/bin/hello_static", "foo", "bar"], "../examples/rootfs/arm_qnx", env=env, verbose=QL_VERBOSE.DEBUG)
         ql.run()
 
+        
     def test_arm_qnx_sqrt(self):
         ql = Qiling(["../examples/rootfs/arm_qnx/bin/hello_sqrt"], "../examples/rootfs/arm_qnx", verbose=QL_VERBOSE.DEBUG)
         ql.run()
+    
 
     def test_set_api_arm_qnx_sqrt(self):
         self.set_api_puts_onenter = False