Merge branch 'dev' into stm32f4

Author: cla7aye15I4nd

.github/workflows/build-ci.yml

@@ -78,9 +78,6 @@ jobs:
         wget https://github.com/qilingframework/rootfs/archive/refs/heads/master.zip
         unzip master.zip && mv rootfs-master rootfs
         cd ../qiling
-        rm -rf engine
-        wget https://github.com/qilingframework/engine/archive/refs/heads/main.zip
-        unzip main.zip && mv engine-main engine
         cd ../examples/rootfs/x86_linux/kernel && unzip -P infected m0hamed_rootkit.ko.zip
         cd ../../../../
         pip3 install -e .[evm]

ChangeLog

@@ -1,7 +1,24 @@
 This file details the changelog of Qiling Framework.
 
+
+------------------------------------
+[Version 1.4.2]: Jan 29th, 2022
+
+New features:
+-
+-
+
+Improvements:
+-
+-
+
+Contributors:
+-
+-
+
+
 ------------------------------------
-[Version 1.4.1]: Nov 15th, 2021
+[Version 1.4.1]: Dec 29th, 2021
 
 New features:
 - Introduced riscv, both 32 and 64 (#980)
@@ -15,6 +32,7 @@ Improvements:
 - More update in MCU modules (#971)
 - Fix getpeername and getsockname syscalls (#986)
 - Qdb improvements (#999)
+- QNX improvements (#1054)
 
 Contributors:
 - cq674350529

examples/hello_arm_qnx_customapi.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+#
+# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
+#
+
+import sys
+sys.path.append("..")
+
+from qiling import Qiling
+from qiling.const import QL_INTERCEPT, QL_CALL_BLOCK, QL_VERBOSE
+from qiling.os.const import STRING
+
+def my_puts_onenter(ql: Qiling):
+    params = ql.os.resolve_fcall_params({'s': STRING})
+
+    print(f'puts("{params["s"]}")')
+    return QL_CALL_BLOCK
+
+def my_printf_onenter(ql: Qiling):
+    params = ql.os.resolve_fcall_params({'s': STRING})
+
+    print(f'printf("{params["s"]}")')
+    return QL_CALL_BLOCK
+
+def my_puts_onexit(ql: Qiling):
+    print(f'after puts')
+    return QL_CALL_BLOCK
+
+if __name__ == "__main__":
+    ql = Qiling(["rootfs/arm_qnx/bin/hello_static"], "rootfs/arm_qnx")
+    ql.set_api('puts', my_puts_onenter, QL_INTERCEPT.ENTER)
+    ql.set_api('printf', my_printf_onenter, QL_INTERCEPT.ENTER)
+    ql.set_api('puts', my_puts_onexit, QL_INTERCEPT.EXIT)
+    ql.run()

examples/mem_invalid_access.py

@@ -11,8 +11,8 @@
 def mem_crash(ql: Qiling, access: int, address: int, size: int, value: int):
     print(f'got crash')
 
-    PAGE_SIZE = 0x1000
-    aligned = address & ~(PAGE_SIZE - 1)
+    PAGE_SIZE = ql.mem.pagesize
+    aligned = ql.mem.align(address)
 
     # map the entire page containing the invalid address and fill it with 'Q's
     ql.mem.map(aligned, PAGE_SIZE)

examples/src/linux/vshttpd.c

@@ -0,0 +1,187 @@
+/*
+AUTHOR: Abhijeet Rastogi (http://www.google.com/profiles/abhijeet.1989)
+
+This is a very simple HTTP server. Default port is 10000 and ROOT for the server is your current working directory..
+
+You can provide command line arguments like:- $./a.aout -p [port] -r [path]
+
+for ex. 
+$./a.out -p 50000 -r /home/
+to start a server at port 50000 with root directory as "/home"
+
+$./a.out -r /home/shadyabhi
+starts the server at port 10000 with ROOT as /home/shadyabhi
+
+*/
+
+#include<stdio.h>
+#include<string.h>
+#include<stdlib.h>
+#include<unistd.h>
+#include<sys/types.h>
+#include<sys/stat.h>
+#include<sys/socket.h>
+#include<arpa/inet.h>
+#include<netdb.h>
+#include<signal.h>
+#include<fcntl.h>
+
+#define CONNMAX 1000
+#define BYTES 1024
+
+char *ROOT;
+int listenfd, clients[CONNMAX];
+void error(char *);
+void startServer(char *);
+void respond(int);
+
+int main(int argc, char* argv[])
+{
+	struct sockaddr_in clientaddr;
+	socklen_t addrlen;
+	char c;    
+	
+	//Default Values PATH = ~/ and PORT=10000
+	char PORT[6];
+	ROOT = getenv("PWD");
+	strcpy(PORT,"10000");
+
+	int slot=0;
+
+	//Parsing the command line arguments
+	while ((c = getopt (argc, argv, "p:r:")) != -1)
+		switch (c)
+		{
+			case 'r':
+				ROOT = malloc(strlen(optarg));
+				strcpy(ROOT,optarg);
+				break;
+			case 'p':
+				strcpy(PORT,optarg);
+				break;
+			case '?':
+				fprintf(stderr,"Wrong arguments given!!!\n");
+				exit(1);
+			default:
+				exit(1);
+		}
+	
+	printf("Server started at port no. %s%s%s with root directory as %s%s%s\n","\033[92m",PORT,"\033[0m","\033[92m",ROOT,"\033[0m");
+	// Setting all elements to -1: signifies there is no client connected
+	int i;
+	for (i=0; i<CONNMAX; i++)
+		clients[i]=-1;
+	startServer(PORT);
+
+	// ACCEPT connections
+	while (1)
+	{
+		addrlen = sizeof(clientaddr);
+		clients[slot] = accept (listenfd, (struct sockaddr *) &clientaddr, &addrlen);
+
+		if (clients[slot]<0)
+			error ("accept() error");
+		else
+		{
+			if ( fork()==0 )
+			{
+				respond(slot);
+				exit(0);
+			}
+		}
+
+		while (clients[slot]!=-1) slot = (slot+1)%CONNMAX;
+	}
+
+	return 0;
+}
+
+//start server
+void startServer(char *port)
+{
+	struct addrinfo hints, *res, *p;
+
+	// getaddrinfo for host
+	memset (&hints, 0, sizeof(hints));
+	hints.ai_family = AF_INET;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_flags = AI_PASSIVE;
+	if (getaddrinfo( NULL, port, &hints, &res) != 0)
+	{
+		perror ("getaddrinfo() error");
+		exit(1);
+	}
+	// socket and bind
+	for (p = res; p!=NULL; p=p->ai_next)
+	{
+		listenfd = socket (p->ai_family, p->ai_socktype, 0);
+		if (listenfd == -1) continue;
+		if (bind(listenfd, p->ai_addr, p->ai_addrlen) == 0) break;
+	}
+	if (p==NULL)
+	{
+		perror ("socket() or bind()");
+		exit(1);
+	}
+
+	freeaddrinfo(res);
+
+	// listen for incoming connections
+	if ( listen (listenfd, 1000000) != 0 )
+	{
+		perror("listen() error");
+		exit(1);
+	}
+}
+
+//client connection
+void respond(int n)
+{
+	char mesg[99999], *reqline[3], data_to_send[BYTES], path[99999];
+	int rcvd, fd, bytes_read;
+
+	memset( (void*)mesg, (int)'\0', 99999 );
+
+	rcvd=recv(clients[n], mesg, 99999, 0);
+
+	if (rcvd<0)    // receive error
+		fprintf(stderr,("recv() error\n"));
+	else if (rcvd==0)    // receive socket closed
+		fprintf(stderr,"Client disconnected upexpectedly.\n");
+	else    // message received
+	{
+		printf("%s", mesg);
+		reqline[0] = strtok (mesg, " \t\n");
+		if ( strncmp(reqline[0], "GET\0", 4)==0 )
+		{
+			reqline[1] = strtok (NULL, " \t");
+			reqline[2] = strtok (NULL, " \t\n");
+			if ( strncmp( reqline[2], "HTTP/1.0", 8)!=0 && strncmp( reqline[2], "HTTP/1.1", 8)!=0 )
+			{
+				write(clients[n], "HTTP/1.0 400 Bad Request\n", 25);
+			}
+			else
+			{
+				if ( strncmp(reqline[1], "/\0", 2)==0 )
+					reqline[1] = "/index.html";        //Because if no file is specified, index.html will be opened by default (like it happens in APACHE...
+
+				strcpy(path, ROOT);
+				strcpy(&path[strlen(ROOT)], reqline[1]);
+				printf("file: %s\n", path);
+
+				if ( (fd=open(path, O_RDONLY))!=-1 )    //FILE FOUND
+				{
+					send(clients[n], "HTTP/1.0 200 OK\n\n", 17, 0);
+					while ( (bytes_read=read(fd, data_to_send, BYTES))>0 )
+						write (clients[n], data_to_send, bytes_read);
+				}
+				else    write(clients[n], "HTTP/1.0 404 Not Found\n", 23); //FILE NOT FOUND
+			}
+		}
+	}
+
+	//Closing SOCKET
+	shutdown (clients[n], SHUT_RDWR);         //All further send and recieve operations are DISABLED...
+	close(clients[n]);
+	clients[n]=-1;
+}

qiling/__version__.py

@@ -1,3 +1,3 @@
 # NOTE: use "-dev" for dev branch
-__version__ = "1.4.1" + "-dev"
-#__version__ = "1.4.0"
+#__version__ = "1.4.1"
+__version__ = "1.4.2" + "-dev"

qiling/arch/arm.py

@@ -104,3 +104,24 @@ def enable_vfp(self) -> None:
 
     def check_thumb(self):
         return UC_MODE_THUMB if self.__is_thumb() else UC_MODE_ARM
+
+    """
+    set_tls
+    """
+    def init_get_tls(self):
+        self.ql.mem.map(0xFFFF0000, 0x1000, info="[arm_tls]")
+        """
+        'adr r0, data; ldr r0, [r0]; mov pc, lr; data:.ascii "\x00\x00"'
+        """
+        sc = b'\x04\x00\x8f\xe2\x00\x00\x90\xe5\x0e\xf0\xa0\xe1\x00\x00\x00\x00'
+
+        # if ql.archendian == QL_ENDIAN.EB:
+        #    sc = swap_endianess(sc)
+
+        self.ql.mem.write(self.ql.arch.arm_get_tls_addr, sc)
+        self.ql.log.debug("Set init_kernel_get_tls")    
+
+    def swap_endianess(self, s: bytes, blksize=4) -> bytes:
+        blocks = (s[i:i + blksize] for i in range(0, len(s), blksize))
+
+        return b''.join(bytes(reversed(b)) for b in blocks)

qiling/debugger/qdb/qdb.py

@@ -123,7 +123,6 @@ def _run(self: Qldbg, address: int = 0, end: int = 0, count: int = 0) -> None:
                     else:
                         print(f"{color.CYAN}[+] hit breakpoint at 0x{self.cur_addr:08x}{color.END}")
 
-                    self.do_context()
                     break
 
                 self.ql.arch.step()