Follow-up Comment #2, bug #31436 (project screen):
I'm using the line numbers as given in the blog. The asm code does this:
15: that's just a marker for me to be able to find the function later more
easy
16: decrease the stack pointer to put a struct sigaction in there
17: put SIG_IGN in there - SIG_IGN is just the number 1
18: first argument for the rt_sigaction syscall is on which signal you want
to operate; we want to ignore signal SIGHUP - SIGHUP has the value 1
19: second argument for the rt_sigaction syscall is the pointer to the
sigaction struct
20: in case you want to store the old signal behaviour you could set the
third argument to non-NULL; we don't do this here and set it to null
21: the fourth argument is size_t sigsetsize; that's 8
22: so, as specified in /usr/include/asm/unistd_64.h the syscall number for
rt_sigaction is 13; so we just put that into rax
23: syscall: just execute the syscall
that's how easy it is to ignore a signal ;)
24: now, we want to open a file; the syscall number for open is 2
25: move " l" into rbx
26: push that on the stack
27: move "/dev/nul" into rbx
28: push that on the stack
29: first argument for open is which file you want to open; filename is
stored on the stack at rsp
30: we open the file in mode O_WRONLY; thats a symbol for 1
31: execute that syscall
that's how easy it is to open the file /dev/null in mode O_WRONLY
I put "/dev/null " on the stack, because it would be to complicated to put it
into the data segment and adjust the address correctly.
32: the open syscall returned in eax the filedescriptor number; we want to
use that number as second argument for dup2; so we put it into rdi
33: first argument of dup2 is which filedescriptor should be moved; that's
stdout (number 1)
34: syscall number for dup2 is 33 or 0x21
35: execute the syscall
that's how easy it is to move the stdout to /dev/null
37: 0x2 is the syscall for the open syscall
38: we want to open the file "/dev/null "
39: second argument for open is how we want to open that file; we want to
open it O_RDONLY (=0)
40: just syscall
now we have opened "/dev/null " twice; first WRONLY, second RDONLY
41: same as in line 32
42: we want to move stdin (=0)
43: same as in line 34
44: syscall
now we have connected stdin to RDONLY opened /dev/null
lines 45 and following do the same for stderr and WRONLY /dev/null
No, I don't think it could be written in C.
To make that portable I have only ideas:
- write a loader (in asm) -> loader is not portable
- parse the glibc, klibc and find the right opcodes :(
- perhaps it's possible to write llvm-asm and get out opcodes for several
architectures
I should add, that this is only a proof of concept what is possible!
Perhaps it would be easier to code this in kernel-mode; but I'm not a kernel
hacker :(
If you have more questions, don't hesitate to ask me.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?31436>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
