--- /dev/null
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+
+/* 32-bit syscall numbers */
+#define __NR_exit 1
+#define __NR_fork 2
+#define __NR_write 4
+#define __NR_open 5
+#define __NR_close 6
+#define __NR_waitpid 7
+#define __NR_execve 11
+
+/* 32-bit system call conventions
+ *
+ * eax = syscall nr
+ * ebx = arg 1
+ * ecx = arg 2
+ * edx = arg 3
+ * esi = arg 4
+ * edi = arg 5
+ * ebp = arg 6
+ */
+int _start() {
+
+ int FD, bytes_written, status, exec_ret;
+ int flags = O_RDWR|O_CREAT;
+ int mode = S_IRUSR|S_IWUSR|S_IXUSR;
+ pid_t pid, ret;
+ char * env[1];
+
+ env[0] = 0;
+
+#include "generated.h"
+
+#ifdef DO_WRITE
+ /* open("FILENAME, O_RDWR | O_CREAT, */
+ asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx"
+ : "=a" (FD)
+ : "0" (__NR_open), "r" (FILE_NAME), "c" (flags), "d" (mode));
+
+ if (!FD)
+ goto die;
+
+
+ /* write(FD, INJECT_FILE, FILE_LENGTH) */
+ asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx"
+ : "=a" (bytes_written)
+ : "0" (__NR_write), "r" (FD), "c" (inject_file), "d" (FILE_LENGTH));
+
+ if (!bytes_written)
+ goto die;
+
+
+ /* close(FD) */
+ asm volatile ("pushl %%ebx; movl %1,%%ebx; int $0x80; popl %%ebx"
+ : : "a" (__NR_close), "r" (FD));
+#endif
+
+
+#ifdef DO_FORKEXEC
+ /* pid = fork() */
+ asm volatile ("int $0x80" : "=a" (pid) : "0" (__NR_fork));
+
+
+ if (pid < 0) {
+ goto die;
+ } else if (pid > 0) {
+
+ do {
+ /* ret = waitpid(pid, &status, 0) */
+ asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx"
+ : "=a" (ret)
+ : "0" (__NR_waitpid), "r" (pid), "c" (&status), "d" (0));
+
+ } while (ret == -1);
+
+ } else {
+
+ /* execve("command", "arg0" , ..., "argN" , env) */
+ asm volatile ("pushl %%ebx; movl %2,%%ebx; int $0x80; popl %%ebx"
+ : "=a" (exec_ret)
+ : "0" (__NR_execve), "r" (CMD), "c" (args), "d" (env));
+
+ if (exec_ret < 0)
+ /* exit(127) */
+ asm volatile ("pushl %%ebx; movl %1,%%ebx; int $0x80; popl %%ebx"
+ : : "a" (__NR_exit), "r" (127));
+ }
+#endif
+
+ die:
+ /* hypercall(f001) <=> exit(0) */
+ asm volatile ("movl $0xf001, %eax");
+ asm volatile ("vmmcall");
+ /* exit(1) */
+ asm volatile ("pushl %%ebx; movl %1,%%ebx; int $0x80; popl %%ebx"
+ : : "a" (__NR_exit), "r" (1));
+}
--- /dev/null
+#! /usr/bin/perl -w
+
+use Getopt::Long;
+
+sub usage() {
+ die "\n\nusage: prepare_inject.pl [-w output_file_name inject_object] [-e command {arg_list} ]\n\n".
+ "You must either indicate to write out an injected file with -w or to execute a command,".
+ " with -e, or both.\n\n".
+ "\t'output_file_name' is what the name of the inject_object will be when it is written out to the guest.\n\n".
+ "\t'inject_object' is the file that will be written out to the guest. This could be a text file, program, or ".
+ "really anything.\n\n".
+ "\t'command' is the fully qualified path name for a file within the guest to execute, either by itself, ".
+ "or after a specified inject_object is written out.\n\n";
+}
+
+&GetOptions("w:s{2}" => \@write_opts, "e:s{,}" => \@exec_opts, "output:s" => \$out_name) or usage();
+
+usage() unless (@exec_opts || @write_opts);
+
+$hfile = <<END;
+#ifndef _GENERATED_H_
+#define _GENERATED_H_
+
+END
+
+
+if (@exec_opts) {
+ $cmd = $exec_opts[0];
+ $hfile .= "#define DO_FORKEXEC\n";
+ $hfile .= "#define CMD \"$cmd\"\n";
+
+ $numargs = scalar(@exec_opts);
+ $hfile .= "char * const args[".$numargs."] = {\"".join('","', @exec_opts)."\"};\n";
+}
+
+
+if (@write_opts) {
+ $out_file = $write_opts[0];
+ $inject_file = $write_opts[1];
+
+ $hfile .= "#define DO_WRITE\n";
+ $hfile .= "#define FILE_NAME \"$out_file\"\n";
+
+
+ $size = `ls -l $inject_file | cut -f5 -d ' '`;
+ $hfile .= "#define FILE_LENGTH $size\n";
+
+ # generate a string from the file, char * inject_file = string
+ open FILE, $inject_file or die $!;
+ binmode FILE;
+ my ($buf, $data, $n);
+ while (($n = read FILE, $data, 1) != 0) {
+ $buf .= "\\x" . unpack("H8", $data);
+ }
+
+ close(FILE);
+ $hfile .= "char * inject_file = \"$buf\";\n\n\n";
+}
+
+$hfile .= "#endif\n";
+
+# write out the h file
+open (W, ">generated.h") or die $!;
+print W $hfile;
+close(W);
+
+print "running special inject code compilation and linking...\n";
+# compile with generated h file and inject_code_template.c with peter's script
+$compile_cmd = "perl compile-for-static-user-level-injection.pl -32 ";
+$compile_cmd .= "--output=$out_name " if defined($out_name);
+$compile_cmd .= "inject_code_template.c";
+system($compile_cmd);
+
+unlink "generated.h";
+
+
+print "All done.\n";
+
