Perl x86 JIT Programming
Upcoming SlideShare
Loading in...5
×
 

Perl x86 JIT Programming

on

  • 3,762 views

Shibuya.pm#11 Technical Talks

Shibuya.pm#11 Technical Talks

Statistics

Views

Total Views
3,762
Views on SlideShare
2,817
Embed Views
945

Actions

Likes
0
Downloads
16
Comments
0

7 Embeds 945

http://developer.cybozu.co.jp 926
http://webcache.googleusercontent.com 9
http://www.slideshare.net 6
http://74.125.155.132 1
http://172.17.0.138 1
http://translate.googleusercontent.com 1
http://www.google.co.jp 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Perl x86 JIT Programming Perl x86 JIT Programming Presentation Transcript

  • Perl で学ぶ x86 アセンブラ⼊⾨ CybozuLabs, Inc. ”TAKESAKO” <takesako@shibuya.pl>
  • MS-DOS 時代の 16bit アセンブラ入門
  • MS-DOS 16bit (int 21H) ; N A S M H e l l o W o r l d ( M S - D O S 1 6 b i t x 8 6 C O M ) ; ; $ n a s m w – f b i n h e l l o 1 6 . a s m - o h e l l o 1 6 . c o m ; $ n d i s a s m w h e l l o 1 6 . c o m > h e l l o 1 6 . t x t o r g 1 0 0 h s e c t i o n . t e x t s t a r t : m o v a x , c s m o v d s , a x ; コードセグメント( c s ) とデータセグメント( d s ) を同一に p r i n t : m o v d x , m s g m o v a h , 0 9 H i n t 2 1 H ; m s g から' $ ' まで標準出力に表示する( a h = 0 9 H ) e x i t : m o v a h , 4 c H m o v a l , 0 0 H i n t 2 1 H ; ステータス( a l = 0 ) で終了する( a h = 4 c H ) s e c t i o n . d a t a m s g d b ' H e l l o , w o r l d ! ' , 0 d H , 0 a H , ' $ ' s e c t i o n . b s s
  • MS-DOS 16bit hello16.com
  • ドットコム バブル時代
  • disasm hello16.com 0 0 0 0 0 0 0 0 8 C C 8 m o v a x , c s 0 0 0 0 0 0 0 2 8 E D 8 m o v d s , a x 0 0 0 0 0 0 0 4 B A 1 4 0 1 m o v d x , 0 x 1 1 4 0 0 0 0 0 0 0 7 B 4 0 9 m o v a h , 0 x 9 0 0 0 0 0 0 0 9 C D 2 1 i n t 0 x 2 1 0 0 0 0 0 0 0 B B 4 4 C m o v a h , 0 x 4 c 0 0 0 0 0 0 0 D B 0 0 0 m o v a l , 0 x 0 0 0 0 0 0 0 0 F C D 2 1 i n t 0 x 2 1 0 0 0 0 0 0 1 1 0 0 0 0 a d d [ b x + s i ] , a l 0 0 0 0 0 0 1 3 0 0 4 8 6 5 H e a d d [ b x + s i + 0 x 6 5 ] , c l 0 0 0 0 0 0 1 6 6 C l i n s b 0 0 0 0 0 0 1 7 6 C l i n s b 0 0 0 0 0 0 1 8 6 F o o u t s w 0 0 0 0 0 0 1 9 2 C 2 0 , s u b a l , 0 x 2 0 0 0 0 0 0 0 1 B 7 7 6 F w o j a 0 x 8 c 0 0 0 0 0 0 1 D 7 2 6 C r l j c 0 x 8 b 0 0 0 0 0 0 1 F 6 4 2 1 0 D d ! ¥ r a n d [ f s : d i ] , c x 0 0 0 0 0 0 2 2 0 A 2 4 ¥ n $ o r a h , [ s i ]
  • Windows PE 32bit Binary
  • Hello, Win32API world ; N A S M H e l l o W o r l d ( W i n 3 2 A P I x 8 6 P E ) u s i n g A L I N K ; ; $ n a s m w - f w i n 3 2 h e l l o 3 2 x . a s m ; $ a l i n k - o P E h e l l o 3 2 x c : ¥ n a s m ¥ w i n 3 2 . l i b - e n t r y m a i n e x t e r n M e s s a g e B o x A s e c t i o n . t e x t g l o b a l m a i n m a i n : p u s h d w o r d 0 p u s h d w o r d t i t l e p u s h d w o r d t e x t p u s h d w o r d 0 c a l l M e s s a g e B o x A r e t s e c t i o n . d a t a t i t l e : d b ' M e s s a g e ' , 0 t e x t : d b ' H e l l o , W o r l d ! ' , 0
  • PE Golf (Win32 x86) - 1/2 B I T S 3 2 ; h t t p : / / f i r e w o o d . t x t - n i f t y . c o m / b b c / f i l e s / h e l l o . a s m O R G 0 ; h t t p : / / d . h a t e n a . n e . j p / f i r e w o o d / 2 0 0 6 1 1 2 0 / 1 1 6 3 9 5 7 0 2 9 W r i t e F i l e e q u 0 x 7 c 8 1 0 d 8 7 ; V a r i e s d e p e n d i n g o n e n v i r o n m e n t s I m a g e B a s e e q u 0 x 0 0 4 0 0 0 0 0 f i l e a l i g n e q u 4 s e c t a l i g n e q u 4 ; m u s t b e 4 b e c a u s e o f e _ l f a n e w % d e f i n e r o u n d ( n , r ) ( ( ( n + ( r - 1 ) ) / r ) * r ) d w quot; M Z quot; d w 0 p e _ h d r d d quot; P E quot; ; S i g n a t u r e d w 0 x 0 1 4 C ; C P U : i 3 8 6 d w 1 ; N u m b e r o f S e c t i o n s h e l l o d b quot; H e l l o , w o r l d quot; h e l l o _ e d b 0 d w 4 ; o f f s e t b e t w e e n s e c t i o n s a n d o p t h d r d w 0 x 0 1 0 3 ; C h a r a c t e r i s t i c s : R E L O C S _ S T R I P P E D | E X E C U T A B L E | 3 2 B I o p t h d r : d w 0 x 0 1 0 B ; M a g i c c o d e 1 : m o v e d x , h e l l o + I m a g e B a s e p u s h e a x p u s h e b x j m p s h o r t c o d e 2 d b 0 ; n o t u s e d d d c o d e s i z e d d c o d e 1 ; d d c o d e s i z e d d c o d e 1 ; E n t r y P o i n t d d I m a g e B a s e ; I m a g e B a s e A d d r e s s
  • PE Golf (Win32 x86) - 2/2 s e c t b l : d d 4 ; P E h d r / S e c t i o n A l i g n m e n t d d 4 ; F i l e A l i g n m e n t c o d e 2 : p u s h b y t e h e l l o _ e - h e l l o p u s h e d x p u s h b y t e 7 ; s t d o u t h a n d l e j m p s h o r t c o d e 3 d b 0 ; n o t u s e d d w 4 ; S u b s y s M a j o r V e r c o d e 3 : c a l l W r i t e F i l e - I m a g e B a s e r e t d d r o u n d ( h d r s i z e , s e c t a l i g n ) + r o u n d ( c o d e s i z e , s e c t a l i g n ) ; S i z e O f I m a g e d d r o u n d ( h d r s i z e , f i l e a l i g n ) ; S i z e O f H e a d e r s d d 0 d b 3 ; S u b s y s t e m : c o n s o l e c o d e s i z e e q u $ - c o d e 1 h d r s i z e e q u $ - $ $ f i l e s i z e e q u $ - $ $ Tiny PE - Creating the smallest possible PE executable http://www.phreedom.org/solar/code/tinype/
  • hello32.exe 97byte executable binary
  • N o B i n a r y ; u s e P e r l ;
  • Win32::API u s e P e r l ;
  • use Win32::API; # ! / u s r / b i n / p e r l u s e W i n 3 2 : : A P I ; m y $ M e s s a g e B o x = W i n 3 2 : : A P I - > n e w ( quot; u s e r 3 2 quot; , quot; M e s s a g e B o x A quot; , quot; N P P N quot; , quot; N quot; ) ; $ M e s s a g e B o x - > C a l l ( 0 , quot; H e l l o , W o r l d ! ¥ n quot; , quot; M e s s a g e quot; , 0 ) ;
  • DynaLoader u s e x 8 6 ;
  • no Win32::API; # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; s u b G e t P r o c A d d r e s s { m y ( $ D L L , $ A P I ) = @ _ ; m y $ p a t h = quot; $ E N V { S y s t e m R o o t } ¥ ¥ s y s t e m 3 2 ¥ ¥ $ D L L quot; ; m y $ l i b r e f = D y n a L o a d e r : : d l _ l o a d _ f i l e ( $ p a t h ) ; p a c k quot; L quot; , D y n a L o a d e r : : d l _ f i n d _ s y m b o l ( $ l i b r e f , $ A P I ) ; } m y $ x 8 6 = quot; quot; . quot; h quot; . quot; ¥ 0 ¥ 0 ¥ 0 ¥ 0 quot; # p u s h 0 ( ' h ' = = ' ¥ x 6 8 ' ) . quot; h quot; . p a c k ( quot; P quot; , quot; M e s s a g e quot; ) # p u s h $ t i t l e . quot; h quot; . p a c k ( quot; P quot; , quot; H e l l o , W o r l d ! ¥ n quot; ) # p u s h $ m e s s a g e . quot; h quot; . p a c k ( quot; L quot; , 0 ) # p u s h 0 . quot; ¥ x b 8 quot; . G e t P r o c A d d r e s s ( quot; u s e r 3 2 . d l l quot; , quot; M e s s a g e B o x A quot; ) # m o v e a x . quot; ¥ x f f ¥ x d 0 quot; # c a l l e a x . quot; ¥ x c 3 quot; # r e t ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ( ) ;
  • Security Issue
  • DEP (Data Execution Prevention) on Windows
  • Linux x86 E L F G o l f
  • Linux system call (int 80H) ; N A S M H e l l o W o r l d ( L i n u x x 8 6 E L F ) u s i n g g c c ; ; $ n a s m w h e l l o . a s m – f e l f – o h e l l o . o ; $ g c c h e l l o . o – o h e l l o s e c t i o n . d a t a m s g d b ' H e l l o , w o r l d ! ' , 0 x 0 A l e n e q u $ - m s g ; m a i n : m o v e a x , 4 ; s y s t e m c a l l n u m b e r ( s y s _ w r i t e ) m o v e b x , 1 ; f i l e d e s c r i p t o r ( s t d o u t ) m o v e c x , m s g ; m e s s a g e t o w r i t e m o v e d x , l e n ; m e s s a g e l e n g t h i n t 0 x 8 0 ; c a l l k e r n e l m o v e a x , 1 ; s y s t e m c a l l n u m b e r ( s y s _ e x i t ) i n t 0 x 8 0 ; c a l l k e r n e l ; s y s _ w r i t e ( s t d o u t , m s g , l e n ) ; ; s y s _ e x i t ; s e c t i o n . t e x t
  • * l i n u x - 2 . 6 . 1 4 / a r c h / i 3 8 6 / k e r n e l / s y s c a l l _ t a b l e . S ( 0 - 9 9 / 2 9 3 ) 0 s y s _ r e s t a r t _ s y s c a l l 2 5 s y s _ s t i m e 5 0 s y s _ g e t e g i d 1 6 7 5 s y s _ s e t r l i m i t 1 s y s _ e x i t 2 6 s y s _ p t r a c e 5 1 s y s _ a c c t 7 6 s y s _ o l d _ g e t r l i m i t 2 s y s _ f o r k 2 7 s y s _ a l a r m 5 2 s y s _ u m o u n t 7 7 s y s _ g e t r u s a g e 3 s y s _ r e a d 2 8 s y s _ f s t a t 5 3 s y s _ n i _ s y s c a l l 7 8 s y s _ g e t t i m e o f d a y 4 s y s _ w r i t e 2 9 s y s _ p a u s e 5 4 s y s _ i o c t l 7 9 s y s _ s e t t i m e o f d a y 5 s y s _ o p e n 3 0 s y s _ u t i m e 5 5 s y s _ f c n t l 8 0 s y s _ g e t g r o u p s 1 6 6 s y s _ c l o s e 3 1 s y s _ n i _ s y s c a l l 5 6 s y s _ n i _ s y s c a l l 8 1 s y s _ s e t g r o u p s 1 6 7 s y s _ w a i t p i d 3 2 s y s _ n i _ s y s c a l l 5 7 s y s _ s e t p g i d 8 2 o l d _ s e l e c t 8 s y s _ c r e a t 3 3 s y s _ a c c e s s 5 8 s y s _ n i _ s y s c a l l 8 3 s y s _ s y m l i n k 9 s y s _ l i n k 3 4 s y s _ n i c e 5 9 s y s _ o l d u n a m e 8 4 s y s _ l s t a t 1 0 s y s _ u n l i n k 3 5 s y s _ n i _ s y s c a l l 6 0 s y s _ u m a s k 8 5 s y s _ r e a d l i n k 1 1 s y s _ e x e c v e 3 6 s y s _ s y n c 6 1 s y s _ c h r o o t 8 6 s y s _ u s e l i b 1 2 s y s _ c h d i r 3 7 s y s _ k i l l 6 2 s y s _ u s t a t 8 7 s y s _ s w a p o n 1 3 s y s _ t i m e 3 8 s y s _ r e n a m e 6 3 s y s _ d u p 2 8 8 s y s _ r e b o o t 1 4 s y s _ m k n o d 3 9 s y s _ m k d i r 6 4 s y s _ g e t p p i d 8 9 o l d _ r e a d d i r 1 5 s y s _ c h m o d 4 0 s y s _ r m d i r 6 5 s y s _ g e t p g r p 9 0 o l d _ m m a p 1 6 s y s _ l c h o w n 1 6 4 1 s y s _ d u p 6 6 s y s _ s e t s i d 9 1 s y s _ m u n m a p 1 7 s y s _ n i _ s y s c a l l 4 2 s y s _ p i p e 6 7 s y s _ s i g a c t i o n 9 2 s y s _ t r u n c a t e 1 8 s y s _ s t a t 4 3 s y s _ t i m e s 6 8 s y s _ s g e t m a s k 9 3 s y s _ f t r u n c a t e 1 9 s y s _ l s e e k 4 4 s y s _ n i _ s y s c a l l 6 9 s y s _ s s e t m a s k 9 4 s y s _ f c h m o d 2 0 s y s _ g e t p i d 4 5 s y s _ b r k 7 0 s y s _ s e t r e u i d 1 6 9 5 s y s _ f c h o w n 1 6 2 1 s y s _ m o u n t 4 6 s y s _ s e t g i d 1 6 7 1 s y s _ s e t r e g i d 1 6 9 6 s y s _ g e t p r i o r i t y 2 2 s y s _ o l d u m o u n t 4 7 s y s _ g e t g i d 1 6 7 2 s y s _ s i g s u s p e n d 9 7 s y s _ s e t p r i o r i t y 2 3 s y s _ s e t u i d 1 6 4 8 s y s _ s i g n a l 7 3 s y s _ s i g p e n d i n g 9 8 s y s _ n i _ s y s c a l l 2 4 s y s _ g e t u i d 1 6 4 9 s y s _ g e t e u i d 1 6 7 4 s y s _ s e t h o s t n a m e 9 9 s y s _ s t a t f s
  • * l i n u x - 2 . 6 . 1 4 / a r c h / i 3 8 6 / k e r n e l / s y s c a l l _ t a b l e . S ( 1 0 0 - 1 9 9 / 2 9 3 ) 1 0 0 s y s _ f s t a t f s 1 2 5 s y s _ m p r o t e c t 1 5 0 s y s _ m l o c k 1 7 5 s y s _ r t _ s i g p r o c m a s k 1 0 1 s y s _ i o p e r m 1 2 6 s y s _ s i g p r o c m a s k 1 5 1 s y s _ m u n l o c k 1 7 6 s y s _ r t _ s i g p e n d i n g 1 0 2 s y s _ s o c k e t c a l l 1 2 7 s y s _ n i _ s y s c a l l 1 5 2 s y s _ m l o c k a l l 1 7 7 s y s _ r t _ s i g t i m e d w a i t 1 0 3 s y s _ s y s l o g 1 2 8 s y s _ i n i t _ m o d u l e 1 5 3 s y s _ m u n l o c k a l l 1 7 8 s y s _ r t _ s i g q u e u e i n f o 1 0 4 s y s _ s e t i t i m e r 1 2 9 s y s _ d e l e t e _ m o d u l e 1 5 4 s y s _ s c h e d _ s e t p a r a m 1 7 9 s y s _ r t _ s i g s u s p e n d 1 0 5 s y s _ g e t i t i m e r 1 3 0 s y s _ n i _ s y s c a l l 1 5 5 s y s _ s c h e d _ g e t p a r a m 1 8 0 s y s _ p r e a d 6 4 1 0 6 s y s _ n e w s t a t 1 3 1 s y s _ q u o t a c t l 1 5 6 s y s _ s c h e d _ s e t s c h e d u l e r 1 8 1 s y s _ p w r i t e 6 4 1 0 7 s y s _ n e w l s t a t 1 3 2 s y s _ g e t p g i d 1 5 7 s y s _ s c h e d _ g e t s c h e d u l e r 1 8 2 s y s _ c h o w n 1 6 1 0 8 s y s _ n e w f s t a t 1 3 3 s y s _ f c h d i r 1 5 8 s y s _ s c h e d _ y i e l d 1 8 3 s y s _ g e t c w d 1 0 9 s y s _ u n a m e 1 3 4 s y s _ b d f l u s h 1 5 9 s y s _ s c h e d _ g e t _ p r i o r i t y _ m a x 1 8 4 s y s _ c a p g e t 1 1 0 s y s _ i o p l 1 3 5 s y s _ s y s f s 1 6 0 s y s _ s c h e d _ g e t _ p r i o r i t y _ m i n 1 8 5 s y s _ c a p s e t 1 1 1 s y s _ v h a n g u p 1 3 6 s y s _ p e r s o n a l i t y 1 6 1 s y s _ s c h e d _ r r _ g e t _ i n t e r v a l 1 8 6 s y s _ s i g a l t s t a c k 1 1 2 s y s _ n i _ s y s c a l l 1 3 7 s y s _ n i _ s y s c a l l 1 6 2 s y s _ n a n o s l e e p 1 8 7 s y s _ s e n d f i l e 1 1 3 s y s _ v m 8 6 o l d 1 3 8 s y s _ s e t f s u i d 1 6 1 6 3 s y s _ m r e m a p 1 8 8 s y s _ n i _ s y s c a l l 1 1 4 s y s _ w a i t 4 1 3 9 s y s _ s e t f s g i d 1 6 1 6 4 s y s _ s e t r e s u i d 1 6 1 8 9 s y s _ n i _ s y s c a l l 1 1 5 s y s _ s w a p o f f 1 4 0 s y s _ l l s e e k 1 6 5 s y s _ g e t r e s u i d 1 6 1 9 0 s y s _ v f o r k 1 1 6 s y s _ s y s i n f o 1 4 1 s y s _ g e t d e n t s 1 6 6 s y s _ v m 8 6 1 9 1 s y s _ g e t r l i m i t 1 1 7 s y s _ i p c 1 4 2 s y s _ s e l e c t 1 6 7 s y s _ n i _ s y s c a l l 1 9 2 s y s _ m m a p 2 1 1 8 s y s _ f s y n c 1 4 3 s y s _ f l o c k 1 6 8 s y s _ p o l l 1 9 3 s y s _ t r u n c a t e 6 4 1 1 9 s y s _ s i g r e t u r n 1 4 4 s y s _ m s y n c 1 6 9 s y s _ n f s s e r v c t l 1 9 4 s y s _ f t r u n c a t e 6 4 1 2 0 s y s _ c l o n e 1 4 5 s y s _ r e a d v 1 7 0 s y s _ s e t r e s g i d 1 6 1 9 5 s y s _ s t a t 6 4 1 2 1 s y s _ s e t d o m a i n n a m e 1 4 6 s y s _ w r i t e v 1 7 1 s y s _ g e t r e s g i d 1 6 1 9 6 s y s _ l s t a t 6 4 1 2 2 s y s _ n e w u n a m e 1 4 7 s y s _ g e t s i d 1 7 2 s y s _ p r c t l 1 9 7 s y s _ f s t a t 6 4 1 2 3 s y s _ m o d i f y _ l d t 1 4 8 s y s _ f d a t a s y n c 1 7 3 s y s _ r t _ s i g r e t u r n 1 9 8 s y s _ l c h o w n 1 2 4 s y s _ a d j t i m e x 1 4 9 s y s _ s y s c t l 1 7 4 s y s _ r t _ s i g a c t i o n 1 9 9 s y s _ g e t u i d
  • * l i n u x - 2 . 6 . 1 4 / a r c h / i 3 8 6 / k e r n e l / s y s c a l l _ t a b l e . S ( 2 0 0 - 2 9 3 / 2 9 3 ) 2 0 0 s y s _ g e t g i d 2 2 5 s y s _ r e a d a h e a d 2 5 0 s y s _ f a d v i s e 6 4 2 7 5 s y s _ g e t _ m e m p o l i c y 2 0 1 s y s _ g e t e u i d 2 2 6 s y s _ s e t x a t t r 2 5 1 s y s _ n i _ s y s c a l l 2 7 6 s y s _ s e t _ m e m p o l i c y 2 0 2 s y s _ g e t e g i d 2 2 7 s y s _ l s e t x a t t r 2 5 2 s y s _ e x i t _ g r o u p 2 7 7 s y s _ m q _ o p e n 2 0 3 s y s _ s e t r e u i d 2 2 8 s y s _ f s e t x a t t r 2 5 3 s y s _ l o o k u p _ d c o o k i e 2 7 8 s y s _ m q _ u n l i n k 2 0 4 s y s _ s e t r e g i d 2 2 9 s y s _ g e t x a t t r 2 5 4 s y s _ e p o l l _ c r e a t e 2 7 9 s y s _ m q _ t i m e d s e n d 2 0 5 s y s _ g e t g r o u p s 2 3 0 s y s _ l g e t x a t t r 2 5 5 s y s _ e p o l l _ c t l 2 8 0 s y s _ m q _ t i m e d r e c e i v e 2 0 6 s y s _ s e t g r o u p s 2 3 1 s y s _ f g e t x a t t r 2 5 6 s y s _ e p o l l _ w a i t 2 8 1 s y s _ m q _ n o t i f y 2 0 7 s y s _ f c h o w n 2 3 2 s y s _ l i s t x a t t r 2 5 7 s y s _ r e m a p _ f i l e _ p a g e s 2 8 2 s y s _ m q _ g e t s e t a t t r 2 0 8 s y s _ s e t r e s u i d 2 3 3 s y s _ l l i s t x a t t r 2 5 8 s y s _ s e t _ t i d _ a d d r e s s 2 8 3 s y s _ k e x e c _ l o a d 2 0 9 s y s _ g e t r e s u i d 2 3 4 s y s _ f l i s t x a t t r 2 5 9 s y s _ t i m e r _ c r e a t e 2 8 4 s y s _ w a i t i d 2 1 0 s y s _ s e t r e s g i d 2 3 5 s y s _ r e m o v e x a t t r 2 6 0 s y s _ t i m e r _ s e t t i m e 2 8 5 s y s _ n i _ s y s c a l l 2 1 1 s y s _ g e t r e s g i d 2 3 6 s y s _ l r e m o v e x a t t r 2 6 1 s y s _ t i m e r _ g e t t i m e 2 8 6 s y s _ a d d _ k e y 2 1 2 s y s _ c h o w n 2 3 7 s y s _ f r e m o v e x a t t r 2 6 2 s y s _ t i m e r _ g e t o v e r r u n 2 8 7 s y s _ r e q u e s t _ k e y 2 1 3 s y s _ s e t u i d 2 3 8 s y s _ t k i l l 2 6 3 s y s _ t i m e r _ d e l e t e 2 8 8 s y s _ k e y c t l 2 1 4 s y s _ s e t g i d 2 3 9 s y s _ s e n d f i l e 6 4 2 6 4 s y s _ c l o c k _ s e t t i m e 2 8 9 s y s _ i o p r i o _ s e t 2 1 5 s y s _ s e t f s u i d 2 4 0 s y s _ f u t e x 2 6 5 s y s _ c l o c k _ g e t t i m e 2 9 0 s y s _ i o p r i o _ g e t 2 1 6 s y s _ s e t f s g i d 2 4 1 s y s _ s c h e d _ s e t a f f i n i t y 2 6 6 s y s _ c l o c k _ g e t r e s 2 9 1 s y s _ i n o t i f y _ i n i t 2 1 7 s y s _ p i v o t _ r o o t 2 4 2 s y s _ s c h e d _ g e t a f f i n i t y 2 6 7 s y s _ c l o c k _ n a n o s l e e p 2 9 2 s y s _ i n o t i f y _ a d d _ w a t c h 2 1 8 s y s _ m i n c o r e 2 4 3 s y s _ s e t _ t h r e a d _ a r e a 2 6 8 s y s _ s t a t f s 6 4 2 9 3 s y s _ i n o t i f y _ r m _ w a t c h 2 1 9 s y s _ m a d v i s e 2 4 4 s y s _ g e t _ t h r e a d _ a r e a 2 6 9 s y s _ f s t a t f s 6 4 2 2 0 s y s _ g e t d e n t s 6 4 2 4 5 s y s _ i o _ s e t u p 2 7 0 s y s _ t g k i l l 2 2 1 s y s _ f c n t l 6 4 2 4 6 s y s _ i o _ d e s t r o y 2 7 1 s y s _ u t i m e s 2 2 2 s y s _ n i _ s y s c a l l 2 4 7 s y s _ i o _ g e t e v e n t s 2 7 2 s y s _ f a d v i s e 6 4 _ 6 4 2 2 3 s y s _ n i _ s y s c a l l 2 4 8 s y s _ i o _ s u b m i t 2 7 3 s y s _ n i _ s y s c a l l 2 2 4 s y s _ g e t t i d 2 4 9 s y s _ i o _ c a n c e l 2 7 4 s y s _ m b i n d
  • How to make P e r l - r e g e x - b a s e d J I T x 8 6 C o m p i l e r
  • 0x90 = nop (no operation) # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; m y $ x 8 6 = quot; ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 quot; ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % p e r l i n t 3 j i t . p l z s h : s e g m e n t a t i o n f a u l t p e r l i n t 3 j i t . p l
  • 0xc3 = ret (return) # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; m y $ x 8 6 = quot; ¥ x 9 0 ¥ x 9 0 ¥ x c 3 quot; ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % p e r l i n t 3 j i t . p l o k
  • Perl regex x86 JIT compiler (INT 3) # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; m y $ x 8 6 = quot; ¥ x c d ¥ x 0 3 ¥ x 9 0 quot; ; $ S I G { T R A P } = s u b { $ x 8 6 = ~ s / ¥ x 9 0 / ¥ x c 3 / ; w a r n quot; J I T quot; } ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % e n v P E R L _ S I G N A L S = u n s a f e p e r l i n t 3 j i t . p l zsh: segmentation fault perl int3jit.pl
  • $SIG{TRAP} = sub {…}; # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; m y $ x 8 6 = quot; ¥ x c d ¥ x 0 3 ¥ x 9 0 quot; ; $ S I G { T R A P } = s u b { $ x 8 6 = ~ s / ¥ x 9 0 / ¥ x c 3 / ; w a r n quot; J I T quot; } ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % e n v P E R L _ S I G N A L S = u n s a f e p e r l i n t 3 j i t . p l JIT at int3jit.pl line 4. ok
  • $ENV{PERL_SIGNALS}=“unsafe”; # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; $ E N V { P E R L _ S I G N A L S } | | ( $ E N V { P E R L _ S I G N A L S } = quot; u n s a f e quot; , e x e c $ ^ X , $ 0 , @ A R G V ) ; m y $ x 8 6 = quot; ¥ x c d ¥ x 0 3 ¥ x 9 0 quot; ; $ S I G { T R A P } = s u b { $ x 8 6 = ~ s / ¥ x 9 0 / ¥ x c 3 / ; w a r n quot; J I T quot; } ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % p e r l i n t 3 j i t . p l JIT at int3jit.pl line 4. ok
  • Perl regex x86 JIT compiler (INT 3 == 0xcc) # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; $ E N V { P E R L _ S I G N A L S } | | ( $ E N V { P E R L _ S I G N A L S } = quot; u n s a f e quot; , e x e c $ ^ X , $ 0 , @ A R G V ) ; m y $ x 8 6 = quot; ¥ x c c ¥ x 9 0 quot; ; $ S I G { T R A P } = s u b { $ x 8 6 = ~ s / ¥ x 9 0 / ¥ x c 3 / ; w a r n quot; J I T quot; } ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % p e r l i n t 3 j i t . p l JIT at int3jit.pl line 4. ok
  • INT 3 doesnʼt work on Windows system.
  • UD2 (x86 Official UnDefined) => $SIG{ILL} # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; $ E N V { P E R L _ S I G N A L S } | | ( $ E N V { P E R L _ S I G N A L S } = quot; u n s a f e quot; , e x e c $ ^ X , $ 0 , @ A R G V ) ; m y $ x 8 6 = quot; ¥ x 0 f ¥ x 0 b quot; ; $ S I G { I L L } = s u b { $ x 8 6 = ~ s / ¥ x 0 f ¥ x 0 b / ¥ x c 3 ¥ x 9 0 / ; w a r n quot; J I T quot; } ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; p r i n t quot; o k ¥ n quot; ; % p e r l u d 2 j i t . p l J I T a t u d 2 j i t . p l l i n e 4 . o k
  • 64bit OS u s e x 8 6 _ 6 4 ;
  • Hello, Linux/x86_64 world! # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; m y $ s = quot; quot; . quot; ¥ x 4 8 ¥ x b 8 quot; . ( quot; 1 2 3 4 5 6 7 8 quot; ) # m o v $ 0 x 3 8 3 7 3 6 3 5 3 4 3 3 3 2 3 1 , % r a x . quot; ¥ x 5 0 quot; # p u s h % r a x . quot; ¥ x 4 8 ¥ x 8 9 ¥ x e 6 quot; # m o v % r s p , % r s i . quot; ¥ x 4 8 ¥ x c 7 ¥ x c 7 ¥ x 0 1 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; # m o v $ 0 x 1 , % r d i . quot; ¥ x 4 8 ¥ x c 7 ¥ x c 2 ¥ x 0 8 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; # m o v $ 0 x 8 , % r d x . quot; ¥ x 4 8 ¥ x c 7 ¥ x c 0 ¥ x 0 1 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; # m o v $ 0 x 1 , % r a x . quot; ¥ x 0 f ¥ x 0 5 quot; # s y s c a l l . quot; ¥ x 5 8 quot; # p o p % r a x . quot; ¥ x c 3 quot; # r e t ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k ( quot; L quot; , p a c k ( quot; P * quot; , $ s ) ) ) ; & X ( ) ; p r i n t quot; o k ¥ n quot; ; % p e r l x 8 6 _ 6 4 . p l 1 2 3 4 5 6 7 8 o k
  • syscall (AMD64 ABI) # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; m y $ x = quot; quot; . quot; ¥ x 4 8 ¥ x b 8 quot; . quot; H e l l o 6 4 ! quot; # m o v ' H e l l o 6 4 ! ' , % r a x . quot; ¥ x 5 0 quot; # p u s h % r a x . quot; ¥ x 4 8 ¥ x 8 9 ¥ x e 6 quot; # m o v % r s p , % r s i . quot; ¥ x 4 8 ¥ x c 7 ¥ x c 7 ¥ x 0 1 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; # m o v $ 0 x 1 , % r d i . quot; ¥ x 4 8 ¥ x c 7 ¥ x c 2 ¥ x 0 8 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; # m o v $ 0 x 8 , % r d x . quot; ¥ x 4 8 ¥ x c 7 ¥ x c 0 ¥ x 0 1 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; # m o v $ 0 x 1 , % r a x . quot; ¥ x 0 f ¥ x 0 5 quot; # s y s c a l l . quot; ¥ x 4 8 ¥ x 8 9 ¥ x f 8 quot; # m o v % r d i , % r a x . quot; ¥ x 0 f ¥ x 0 5 quot; # s y s c a l l . quot; ¥ x 5 8 quot; # p o p % r a x . quot; ¥ x c 3 quot; # r e t ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k ( quot; L quot; , p a c k ( quot; P * quot; , $ x ) ) ) ; X ( ) ; p r i n t quot; o k ¥ n quot; ; % p e r l x 8 6 _ 6 4 . p l H e l l o 6 4 ! H e l l o 6 4 ! o k
  • CPUID (get your cpu processor name) # ! / u s r / b i n / p e r l u s e D y n a L o a d e r ; s u b P r o c e s s o r B r a n d S t r i n g { m y $ c p u = quot; ¥ 0 quot; x 4 8 ; m y $ x 8 6 = quot; quot; . quot; S ¥ x b f quot; . p a c k ( quot; P quot; , $ c p u ) . quot; ¥ x b 8 ¥ x 0 2 ¥ x 0 0 ¥ x 0 0 ¥ x 8 0 quot; . ( quot; P ¥ x 0 f ¥ x a 2 ¥ x 8 9 ¥ x 0 7 ¥ x 8 9 _ ¥ x 0 4 ¥ x 8 9 O ¥ x 0 8 ¥ x 8 9 W ¥ x 0 c ¥ x 8 d ¥ x 7 f ¥ x 1 0 X ¥ x 8 d ¥ @ ¥ x 0 1 quot; x 3 ) . quot; [ ¥ x c 3 quot; ; D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( quot; X quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; & X ; $ c p u = ~ s / ¥ 0 + / / g ; $ c p u = ~ s / ^ + / / ; $ c p u ; } p r i n t P r o c e s s o r B r a n d S t r i n g , quot; ¥ n quot; ; %p e r l c p u i d . p l AMD Opteron(tm) Processor 240 EE
  • $> perl ./cpuid.pl 1 . W i n d o w s X P ( 3 2 b i t ) - D E L L I n t e l ( R ) P e n t i u m ( R ) 4 C P U 3 . 4 0 G H z 2 . C e n t O S 5 . 2 ( i 3 8 6 ) - w a f f u l . o r g I n t e l ( R ) X e o n ( R ) C P U E 5 4 3 0 @ 2 . 6 6 G H z 3 . C e n t O S 4 . 4 ( x 8 6 _ 6 4 ) - L i n u x / A M D 6 4 A M D O p t e r o n ( t m ) P r o c e s s o r 2 4 0 E E 4 . F r e e B S D ( i 3 8 6 ) + j a i l I n t e l ( R ) P e n t i u m ( R ) 4 C P U 3 . 2 0 G H z
  • CPUID (eax = 0x80000002) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 0 0 0 0 0 0 0 5 3 p u s h e b x 0 0 0 0 0 0 0 1 B F x x x x x x x x m o v e d i , 0 x X X X X X X X X 0 0 0 0 0 0 0 6 B 8 0 2 0 0 0 0 8 0 m o v e a x , 0 x 8 0 0 0 0 0 0 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 0 0 0 0 0 0 B 5 0 p u s h e a x 0 0 0 0 0 0 0 C 0 F A 2 c p u i d 0 0 0 0 0 0 0 E 8 9 0 7 m o v [ e d i ] , e a x 0 0 0 0 0 0 1 0 8 9 5 F 0 4 m o v [ e d i + 0 x 4 ] , e b x 0 0 0 0 0 0 1 3 8 9 4 F 0 8 m o v [ e d i + 0 x 8 ] , e c x 0 0 0 0 0 0 1 6 8 9 5 7 0 C m o v [ e d i + 0 x c ] , e d x 0 0 0 0 0 0 1 9 8 D 7 F 1 0 l e a e d i , [ e d i + 0 x 1 0 ] 0 0 0 0 0 0 1 C 5 8 p o p e a x 0 0 0 0 0 0 1 D 8 D 4 0 0 1 l e a e a x , [ e a x + 0 x 1 ] - - - - - - - - - - - - - - - - - 3 回繰り返し - - - - - - - - - - - - - - - - - 0 0 0 0 0 0 4 A 5 B p o p e b x 0 0 0 0 0 0 4 B C 3 r e t - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Inline/x86.pm p a c k a g e I n l i n e : : x 8 6 ; u s e D y n a L o a d e r ( ) ; u s e E x p o r t e r ; o u r @ I S A = q w ( E x p o r t e r ) ; o u r @ E X P O R T = q w ( x 8 6 _ s u b ) ; s u b x 8 6 _ s u b { m y ( $ f u n c , $ x 8 6 ) = @ _ ; i f ( $ ^ O e q quot; l i n u x quot; ) { r e q u i r e ' s y s c a l l . p h ' ; m y $ s i z e = i n t ( 2 + l e n g t h ( $ x 8 6 ) / 4 0 9 6 ) * 4 0 9 6 ; s y s c a l l ( & S Y S _ m p r o t e c t , ( u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) & ~ 4 0 9 5 , $ s i z e , 7 ) ; } D y n a L o a d e r : : d l _ i n s t a l l _ x s u b ( c a l l e r ( 0 ) . quot; : : $ f u n c quot; , u n p a c k quot; L quot; , p a c k quot; P quot; , $ x 8 6 ) ; } u s e I n l i n e : : x 8 6 ; x 8 6 _ s u b f u n c t i o n 1 = > d o { quot; ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 ¥ x c 3 quot; } ;
  • man 2 mprotect M P R O T E C T ( 2 ) L i n u x P r o g r a m m e r ’ s M a n u a l M P R O T E C T ( 2 ) N A M E m p r o t e c t - c o n t r o l a l l o w a b l e a c c e s s e s t o a r e g i o n o f m e m o r y S Y N O P S I S # i n c l u d e < s y s / m m a n . h > i n t m p r o t e c t ( c o n s t v o i d * a d d r , s i z e _ t l e n , i n t p r o t ) ; D E S C R I P T I O N T h e f u n c t i o n m p r o t e c t ( ) s p e c i f i e s t h e d e s i r e d p r o t e c t i o n f o r t h e m e m o r y p a g e ( s ) c o n t a i n i n g p a r t o r a l l o f t h e i n t e r v a l [ a d d r , a d d r + l e n - 1 ] . I f a n a c c e s s i s d i s a l l o w e d b y t h e p r o t e c t i o n g i v e n i t , t h e p r o g r a m r e c e i v e s a S I G S E G V . p r o t i s a b i t w i s e - o r o f t h e f o l l o w i n g v a l u e s : P R O T _ N O N E T h e m e m o r y c a n n o t b e a c c e s s e d a t a l l . P R O T _ R E A D T h e m e m o r y c a n b e r e a d . P R O T _ W R I T E T h e m e m o r y c a n b e w r i t t e n t o . P R O T _ E X E C T h e m e m o r y c a n c o n t a i n e x e c u t i n g c o d e . T h e n e w p r o t e c t i o n r e p l a c e s a n y e x i s t i n g p r o t e c t i o n . F o r e x a m p l e , i f t h e m e m o r y h a d p r e v i o u s l y b e e n m a r k e d P R O T _ R E A D , a n d m p r o t e c t ( ) i s t h e n c a l l e d w i t h p r o t P R O T _ W R I T E , i t w i l l n o l o n g e r b e r e a d a b l e . R E T U R N V A L U E O n s u c c e s s , m p r o t e c t ( ) r e t u r n s z e r o . O n e r r o r , - 1 i s r e t u r n e d , a n d e r r n o i s s e t a p p r o p r i a t e l y .
  • use Inline::x86 qw(x86_sub); u s e I n l i n e : : x 8 6 ; x 8 6 _ s u b ( quot; f u n c t i o n 1 quot; , quot; ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 ¥ x c 3 quot; ) ; x 8 6 _ s u b quot; f u n c t i o n 2 quot; , q q | ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 ¥ x c 3 | ; x 8 6 _ s u b f u n c t i o n 3 = > q q { ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 ¥ x c 3 } ; x 8 6 _ s u b f u n c t i o n 4 = > d o { quot; ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 ¥ x c 3 quot; ; } ; x 8 6 _ s u b f u n c t i o n 5 = > d o { quot; ¥ x 9 0 ¥ x 9 0 ¥ x 9 0 quot; . # n o p x 3 quot; ¥ x c 3 quot; ; # r e t } ;
  • Debug Hacks#66: how to check 64bit mode u s e I n l i n e : : x 8 6 ; x 8 6 _ s u b c h e c k _ x 8 6 _ 6 4 = > d o { u s e v a r s q w ( $ x 8 6 _ 6 4 ) ; # O U T P U T : $ x 8 6 _ 6 4 B E G I N { $ x 8 6 _ 6 4 = quot; ? quot; } # quot; 0 quot; = > 3 2 b i t , quot; 1 quot; = > 6 4 b i t quot; ¥ x b 8 ¥ x 3 1 ¥ x 0 0 ¥ x 0 0 ¥ x 0 0 quot; . # m o v e a x , 0 x 3 1 quot; ¥ x 4 8 quot; . # d e c e a x / / 6 4 b i t R E X P R E F I X quot; ¥ x a 2 quot; . p a c k ( quot; P quot; , $ x 8 6 _ 6 4 ) . # m o v [ $ x 8 6 _ 6 4 ] , a l quot; ¥ x c 3 quot; ; # r e t } ; c h e c k _ x 8 6 _ 6 4 ( ) ; w a r n $ x 8 6 _ 6 4 ; # quot; 0 quot; = > 3 2 b i t , quot; 1 quot; = > 6 4 b i t
  • sub parse_objdump {…} m y ( $ c a l l b a c k , $ o b j d u m p ) = @ _ ; m y ( $ b a s e a d d r , $ m a n g l e d ) ; m y $ r e t = quot; quot; ; f o r e a c h m y $ l i n e ( s p l i t / ¥ n / , $ o b j d u m p ) { n e x t i f ( $ l i n e = ~ / ^ ¥ s * $ / ) ; n e x t i f ( $ l i n e = ~ / ^ ¥ s * ; / ) ; n e x t i f ( $ l i n e = ~ / ^ ¥ s * ¥ . + s * $ / ) ; i f ( $ l i n e = ~ / ^ ¥ s * 0 * ( [ 0 - 9 a - f A - F ] * ) ¥ s * < ( . * ) > : / ) { $ b a s e a d d r = $ 1 ; $ m a n g l e d = $ 2 ; n e x t ; } i f ( $ l i n e = ~ / ^ ¥ s * 0 * ( . * ? ) : ¥ s + ( ( ? : [ 0 - 9 a - f A - F ] { 2 } ¥ s ) + ) ( ¥ s * ) ( . * ) $ / ) { m y ( $ a d d r , $ b i n , $ s p a c e , $ a s m ) = ( $ 1 , $ 2 , $ 3 , $ 4 ) ; m y $ d b = j o i n ( quot; , quot; , m a p { quot; 0 x $ _ quot; } s p l i t / ¥ s + / , $ b i n ) ; ( m y $ h = $ b i n ) = ~ s / ¥ s / / g ; m y $ x = q u o t e p a c k quot; H * quot; , $ h ; $ r e t . = $ c a l l b a c k - > ( $ a d d r , $ b i n , $ s p a c e , $ a s m , $ d b , $ x , $ b a s e a d d r , $ m a n g l e d ) ; } e l s e { p r i n t S T D E R R quot; E R R O R : $ l i n e ¥ n quot; ; } } r e t u r n $ r e t ;
  • n o P e r l ; u s e x 8 6 ;
  • thank you!