Implement eventfd2 and releated inux syscall.

Question

Implement eventfd2 and releated inux syscall.

ppey opened this issue 7 years ago · comments

I plan to use usercorn (Instead of angr) for a research project where I want analyze real world GUI based applications in order to improve their security. Ui frameworks like gtk use eventfd2 and related syscalls. I would like to implement them but I'm not quite sure if I'm skilled enough for doing that. Might it be possible, to make some kind of wiki for or another form of documentation explaining the existing syscall code?

Ryan Hileman · Answer 1 · Thu Apr 27 2017 23:23:48 GMT+0800 (China Standard Time)

What sort of analysis? Eventfd will be very easy to implement for now on linux hosts, because the syscall can just be passed through. There's more missing (like threads and mmap, which will require more architecturally than a syscall), but much of the rest will be easier. Syscalls are implemented right now like this: 1. Define a function on the appropriate Kernel (like go/kernel/linux/*.go). The arguments are filled from registers automatically using metaprogramming. 2. Decode the syscall arguments in a way that works with all architectures/bit widths (go/native/* types are used for this right now, as well as go/kernel/<kernel>/pack,unpack hooks). 3. Issue the syscall to the host. Right now this is supported on OS X and Linux for most syscalls using a <file>_darwin.go or <file>_linux.go suffix. If you want to implement syscalls like eventfd easily on just x86_64 linux guest/host, you can go ahead and use Go's syscall package/structs and put the syscalls in go/kernel/linux/*_linux_amd64.go for now, and someone will port them to universal linux eventually. If you're planning to do Usercorn development, you can join the @lunixbochs slack here http://lunixbochs.herokuapp.com/ to have discussions as well.

yepp · Answer 2 · Fri Apr 28 2017 14:10:01 GMT+0800 (China Standard Time)

Thanks for your explanation! Our idea is to use unicorn as part of our testing suit to detect issues like heap or stack based buffer overflows and ensure a test coverage based on basic blocks. However, most of the tools building on top of unicorn are well for CTF binaries, but are not well suited for real world applications.
I think usercorn is different due to its good support for dynamic linking, support for the important syscalls and its performance.
I'll continue my tests and plan implement at least the simple syscalls. Once they are working, i'll submit some PRs.