From: Kyle Hale <kh@u.northwestern.edu>
Date: Fri, 13 Apr 2012 21:31:00 +0000 (-0500)
Subject: Gears Restructuring plus code injection preparation and template
X-Git-Url: http://v3vee.org/palacios/gitweb/gitweb.cgi?a=commitdiff_plain;h=13b3ec929f6862a41c4b7b0b39cf444251d5e886;hp=7229981629c6baa0afb61cc99cfcf6dd029c9c93;p=palacios.git

Gears Restructuring plus code injection preparation and template
---

diff --git a/gears/service_setup/inject_code_template.c b/gears/service_setup/inject_code_template.c
new file mode 100644
index 0000000..c43fe68
--- /dev/null
+++ b/gears/service_setup/inject_code_template.c
@@ -0,0 +1,100 @@
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+
+/* 32-bit syscall numbers */
+#define __NR_exit          1
+#define __NR_fork          2
+#define __NR_write         4
+#define __NR_open          5
+#define __NR_close         6
+#define __NR_waitpid       7
+#define __NR_execve       11
+
+/* 32-bit system call conventions 
+ *
+ * eax = syscall nr
+ * ebx = arg 1
+ * ecx = arg 2
+ * edx = arg 3
+ * esi = arg 4
+ * edi = arg 5
+ * ebp = arg 6
+ */
+int _start() {
+
+    int FD, bytes_written, status, exec_ret;
+    int flags = O_RDWR|O_CREAT; 
+    int mode = S_IRUSR|S_IWUSR|S_IXUSR;
+    pid_t pid, ret;
+    char * env[1];
+
+    env[0] = 0;
+
+#include "generated.h"
+
+#ifdef DO_WRITE
+    /* open("FILENAME, O_RDWR | O_CREAT,  */
+    asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx" 
+                : "=a" (FD)
+                : "0" (__NR_open), "r" (FILE_NAME), "c" (flags), "d" (mode)); 
+
+    if (!FD)
+        goto die;
+
+
+    /* write(FD, INJECT_FILE, FILE_LENGTH) */
+    asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx" 
+		        : "=a" (bytes_written)
+		        : "0" (__NR_write), "r" (FD), "c" (inject_file), "d" (FILE_LENGTH));
+
+    if (!bytes_written)
+        goto die;
+
+
+    /* close(FD) */
+    asm volatile ("pushl %%ebx; movl %1,%%ebx; int $0x80; popl %%ebx" 
+		      : : "a" (__NR_close), "r" (FD));
+#endif 
+
+
+#ifdef DO_FORKEXEC
+    /* pid = fork() */
+    asm volatile ("int $0x80" : "=a" (pid) : "0" (__NR_fork));
+
+
+    if (pid < 0) {
+        goto die;
+    } else if (pid > 0) {
+
+        do {
+            /* ret = waitpid(pid, &status, 0) */
+            asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx"
+                        : "=a" (ret)
+                        : "0" (__NR_waitpid), "r" (pid), "c" (&status), "d" (0));
+
+        } while (ret == -1);
+
+    } else {
+
+        /* execve("command", "arg0" , ..., "argN" , env) */
+        asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx"
+                    : "=a" (exec_ret)
+                    : "0" (__NR_execve), "r" (CMD), "c" (args), "d" (env));
+        
+        if (exec_ret < 0)
+            /* exit(127) */
+            asm volatile ("pushl %%ebx; movl %1,%%ebx; int $0x80; popl %%ebx"
+                          : : "a" (__NR_exit), "r" (127));
+    }
+#endif
+
+    die:
+        /* hypercall(f001) <=> exit(0) */
+        asm volatile ("movl $0xf001, %eax");
+        asm volatile ("vmmcall");
+        /* exit(1) */
+        asm volatile ("pushl %%ebx; movl %1,%%ebx; int $0x80; popl %%ebx"
+                      : : "a" (__NR_exit), "r" (1));
+}
diff --git a/gears/service_setup/prepare_inject.pl b/gears/service_setup/prepare_inject.pl
new file mode 100755
index 0000000..e67f097
--- /dev/null
+++ b/gears/service_setup/prepare_inject.pl
@@ -0,0 +1,78 @@
+#! /usr/bin/perl -w
+
+use Getopt::Long;
+
+sub usage() {
+	die "\n\nusage: prepare_inject.pl [-w output_file_name inject_object] [-e command {arg_list} ]\n\n".
+	    "You must either indicate to write out an injected file with -w or to execute a command,".
+	    " with -e, or both.\n\n".
+	    "\t'output_file_name' is what the name of the inject_object will be when it is written out to the guest.\n\n".
+   	    "\t'inject_object' is the file that will be written out to the guest. This could be a text file, program, or ".
+	    "really anything.\n\n".
+	    "\t'command' is the fully qualified path name for a file within the guest to execute, either by itself, ".
+	    "or after a specified inject_object is written out.\n\n";
+}
+
+&GetOptions("w:s{2}" => \@write_opts, "e:s{,}" => \@exec_opts, "output:s" => \$out_name) or usage();
+
+usage() unless (@exec_opts || @write_opts);
+
+$hfile = <<END;
+#ifndef _GENERATED_H_
+#define _GENERATED_H_
+
+END
+
+
+if (@exec_opts) {
+	$cmd = $exec_opts[0];
+	$hfile .= "#define DO_FORKEXEC\n"; 
+	$hfile .= "#define CMD \"$cmd\"\n";
+
+	$numargs = scalar(@exec_opts);
+	$hfile .= "char * const args[".$numargs."] = {\"".join('","', @exec_opts)."\"};\n";
+}
+
+
+if (@write_opts) {
+	$out_file = $write_opts[0];
+	$inject_file = $write_opts[1];
+	
+	$hfile .= "#define DO_WRITE\n";
+	$hfile .= "#define FILE_NAME \"$out_file\"\n";
+	
+
+	$size = `ls -l $inject_file | cut -f5 -d ' '`;
+	$hfile .= "#define FILE_LENGTH $size\n";
+
+	# generate a string from the file, char * inject_file = string
+	open FILE, $inject_file or die $!;
+	binmode FILE;
+	my ($buf, $data, $n);
+	while (($n = read FILE, $data, 1) != 0) {
+	  $buf .= "\\x" . unpack("H8", $data);
+	}
+	
+	close(FILE);
+	$hfile .= "char * inject_file = \"$buf\";\n\n\n";
+}
+
+$hfile .= "#endif\n";
+
+# write out the h file
+open (W, ">generated.h") or die $!;
+print W $hfile;
+close(W);
+
+print "running special inject code compilation and linking...\n";
+# compile with generated h file and inject_code_template.c with peter's script
+$compile_cmd = "perl compile-for-static-user-level-injection.pl -32 ";
+$compile_cmd .= "--output=$out_name " if defined($out_name);
+$compile_cmd .= "inject_code_template.c";
+system($compile_cmd);
+
+unlink "generated.h";
+
+
+print "All done.\n";
+