randasys.c - Android社区 - https://www.androidos.net.cn/

/*
 * Program that makes random system calls with random arguments.
 */

/*
 * Copyright (C) 2003-2006 IBM
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 */

#include <signal.h>
#include <limits.h>
#include <strings.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <stdint.h>
#include <stdlib.h>

unsigned long callnum, args[6];

int seed_random(void)
{
	int fp;
	long seed;

fp = open("/dev/urandom", O_RDONLY);
	if (fp < 0) {
		perror("/dev/urandom");
		return 0;
	}

if (read(fp, &seed, sizeof(seed)) != sizeof(seed)) {
		perror("read random seed");
		return 0;
	}

close(fp);
	srand(seed);

return 1;
}

void get_big_randnum(void *buf, unsigned int size)
{
	uint32_t *x = buf;
	int i;

for (i = 0; i < size; i += 4, x++) {
		*x = (unsigned long)((float)UINT_MAX *
				     (rand() / (RAND_MAX + 1.0)));
	}
}

unsigned long get_randnum(unsigned long min, unsigned long max)
{
	return min + (unsigned long)((float)max * (rand() / (RAND_MAX + 1.0)));
}

int find_syscall(void)
{
	int x;

badcall:
	x = get_randnum(0, 384);

/* poorly implemented blacklist */
	switch (x) {
		/* don't screw with signal handling */
#ifdef SYS_signal
	case SYS_signal:
#endif
#ifdef SYS_sigaction
	case SYS_sigaction:
#endif
#ifdef SYS_sigsuspend
	case SYS_sigsuspend:
#endif
#ifdef SYS_sigpending
	case SYS_sigpending:
#endif
#ifdef SYS_sigreturn
	case SYS_sigreturn:
#endif
#ifdef SYS_sigprocmask
	case SYS_sigprocmask:
#endif
#ifdef SYS_rt_sigreturn
	case SYS_rt_sigreturn:
#endif
#ifdef SYS_rt_sigaction
	case SYS_rt_sigaction:
#endif
#ifdef SYS_rt_sigprocmask
	case SYS_rt_sigprocmask:
#endif
#ifdef SYS_rt_sigpending
	case SYS_rt_sigpending:
#endif
#ifdef SYS_rt_sigtimedwait
	case SYS_rt_sigtimedwait:
#endif
#ifdef SYS_rt_sigqueueinfo
	case SYS_rt_sigqueueinfo:
#endif
#ifdef SYS_rt_sigsuspend
	case SYS_rt_sigsuspend:
#endif
#ifdef SYS_sigaltstack
	case SYS_sigaltstack:
#endif
#ifdef SYS_settimeofday
	case SYS_settimeofday:
#endif

/* don't exit the program :P */
#ifdef SYS_exit
	case SYS_exit:
#endif
#ifdef SYS_exit_group
	case SYS_exit_group:
#endif

/* don't put it to sleep either */
#ifdef SYS_pause
	case SYS_pause:
#endif
#ifdef SYS_select
	case SYS_select:
#endif
#ifdef SYS_read
	case SYS_read:
#endif
#ifdef SYS_write
	case SYS_write:
#endif

/* these can fill the process table */
#ifdef SYS_fork
	case SYS_fork:
#endif
#ifdef SYS_vfork
	case SYS_vfork:
#endif
#ifdef SYS_clone
	case SYS_clone:
#endif

/* This causes OOM conditions */
#if 1
#ifdef SYS_brk
	case SYS_brk:
#endif
#endif

/* these get our program killed */
#ifdef SYS_vm86
	case SYS_vm86:
#endif
#ifdef SYS_vm86old
	case SYS_vm86old:
#endif
		goto badcall;
	}

return x;
}

void bogus_signal_handler(int signum)
{
	fprintf(stderr,
		"                                    Signal %d on syscall(%lu, 0x%lX, 0x%lX, 0x%lX, 0x%lX, 0x%lX, 0x%lX).\n",
		signum, callnum, args[0], args[1], args[2], args[3], args[4],
		args[5]);
}

void real_signal_handler(int signum)
{
	exit(0);
}

void install_signal_handlers(void)
{
	int x;
	struct sigaction zig;

memset(&zig, 0x00, sizeof(zig));
	zig.sa_handler = bogus_signal_handler;
	for (x = 0; x < 64; x++) {
		sigaction(x, &zig, NULL);
	}

zig.sa_handler = real_signal_handler;
	sigaction(SIGINT, &zig, NULL);
	sigaction(SIGTERM, &zig, NULL);
}

int main(int argc, char *argv[])
{
	int i;
	int debug = 0, zero_mode = 0;

if (!seed_random()) {
		return 1;
	}

for (i = 1; i < argc; i++) {
		if (!strcmp(argv[i], "-d"))
			debug = 1;
		else if (!strcmp(argv[i], "-z"))
			zero_mode = 1;
	}

memset(args, 0, sizeof(unsigned long) * 6);

install_signal_handlers();

while (1) {
		callnum = find_syscall();
		if (!zero_mode)
			get_big_randnum(&args[0], sizeof(unsigned long) * 6);

if (debug) {
			printf("syscall(%lu, 0x%lX, 0x%lX, 0x%lX, 0x%lX, "
			       "0x%lX, 0x%lX);       \n",
			       callnum, args[0], args[1], args[2], args[3],
			       args[4], args[5]);
			fflush(stdout);
		}

syscall(callnum, args[0], args[1], args[2],
			args[3], args[4], args[5]);
	}

return 0;
}

C++程序 | 253行 | 4.66 KB

/*
 * Program that makes random system calls with random arguments.
 */

/*
 * Copyright (C) 2003-2006 IBM
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 */

#include <signal.h>
#include <limits.h>
#include <strings.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <stdint.h>
#include <stdlib.h>

unsigned long callnum, args[6];

int seed_random(void)
{
	int fp;
	long seed;

	fp = open("/dev/urandom", O_RDONLY);
	if (fp < 0) {
		perror("/dev/urandom");
		return 0;
	}

	if (read(fp, &seed, sizeof(seed)) != sizeof(seed)) {
		perror("read random seed");
		return 0;
	}

	close(fp);
	srand(seed);

	return 1;
}

void get_big_randnum(void *buf, unsigned int size)
{
	uint32_t *x = buf;
	int i;

	for (i = 0; i < size; i += 4, x++) {
		*x = (unsigned long)((float)UINT_MAX *
				     (rand() / (RAND_MAX + 1.0)));
	}
}

unsigned long get_randnum(unsigned long min, unsigned long max)
{
	return min + (unsigned long)((float)max * (rand() / (RAND_MAX + 1.0)));
}

int find_syscall(void)
{
	int x;

badcall:
	x = get_randnum(0, 384);

	/* poorly implemented blacklist */
	switch (x) {
		/* don't screw with signal handling */
#ifdef SYS_signal
	case SYS_signal:
#endif
#ifdef SYS_sigaction
	case SYS_sigaction:
#endif
#ifdef SYS_sigsuspend
	case SYS_sigsuspend:
#endif
#ifdef SYS_sigpending
	case SYS_sigpending:
#endif
#ifdef SYS_sigreturn
	case SYS_sigreturn:
#endif
#ifdef SYS_sigprocmask
	case SYS_sigprocmask:
#endif
#ifdef SYS_rt_sigreturn
	case SYS_rt_sigreturn:
#endif
#ifdef SYS_rt_sigaction
	case SYS_rt_sigaction:
#endif
#ifdef SYS_rt_sigprocmask
	case SYS_rt_sigprocmask:
#endif
#ifdef SYS_rt_sigpending
	case SYS_rt_sigpending:
#endif
#ifdef SYS_rt_sigtimedwait
	case SYS_rt_sigtimedwait:
#endif
#ifdef SYS_rt_sigqueueinfo
	case SYS_rt_sigqueueinfo:
#endif
#ifdef SYS_rt_sigsuspend
	case SYS_rt_sigsuspend:
#endif
#ifdef SYS_sigaltstack
	case SYS_sigaltstack:
#endif
#ifdef SYS_settimeofday
	case SYS_settimeofday:
#endif

		/* don't exit the program :P */
#ifdef SYS_exit
	case SYS_exit:
#endif
#ifdef SYS_exit_group
	case SYS_exit_group:
#endif

		/* don't put it to sleep either */
#ifdef SYS_pause
	case SYS_pause:
#endif
#ifdef SYS_select
	case SYS_select:
#endif
#ifdef SYS_read
	case SYS_read:
#endif
#ifdef SYS_write
	case SYS_write:
#endif

		/* these can fill the process table */
#ifdef SYS_fork
	case SYS_fork:
#endif
#ifdef SYS_vfork
	case SYS_vfork:
#endif
#ifdef SYS_clone
	case SYS_clone:
#endif

		/* This causes OOM conditions */
#if 1
#ifdef SYS_brk
	case SYS_brk:
#endif
#endif

		/* these get our program killed */
#ifdef SYS_vm86
	case SYS_vm86:
#endif
#ifdef SYS_vm86old
	case SYS_vm86old:
#endif
		goto badcall;
	}

	return x;
}

void bogus_signal_handler(int signum)
{
	fprintf(stderr,
		"                                    Signal %d on syscall(%lu, 0x%lX, 0x%lX, 0x%lX, 0x%lX, 0x%lX, 0x%lX).\n",
		signum, callnum, args[0], args[1], args[2], args[3], args[4],
		args[5]);
}

void real_signal_handler(int signum)
{
	exit(0);
}

void install_signal_handlers(void)
{
	int x;
	struct sigaction zig;

	memset(&zig, 0x00, sizeof(zig));
	zig.sa_handler = bogus_signal_handler;
	for (x = 0; x < 64; x++) {
		sigaction(x, &zig, NULL);
	}

	zig.sa_handler = real_signal_handler;
	sigaction(SIGINT, &zig, NULL);
	sigaction(SIGTERM, &zig, NULL);
}

int main(int argc, char *argv[])
{
	int i;
	int debug = 0, zero_mode = 0;

	if (!seed_random()) {
		return 1;
	}

	for (i = 1; i < argc; i++) {
		if (!strcmp(argv[i], "-d"))
			debug = 1;
		else if (!strcmp(argv[i], "-z"))
			zero_mode = 1;
	}

	memset(args, 0, sizeof(unsigned long) * 6);

	install_signal_handlers();

	while (1) {
		callnum = find_syscall();
		if (!zero_mode)
			get_big_randnum(&args[0], sizeof(unsigned long) * 6);

		if (debug) {
			printf("syscall(%lu, 0x%lX, 0x%lX, 0x%lX, 0x%lX, "
			       "0x%lX, 0x%lX);       \n",
			       callnum, args[0], args[1], args[2], args[3],
			       args[4], args[5]);
			fflush(stdout);
		}

		syscall(callnum, args[0], args[1], args[2],
			args[3], args[4], args[5]);
	}

	return 0;
}

登录后可以享受更多权益