3rd-party/linux-kernel-module-cheat
1
0
Fork 0
mirror of https://github.com/cirosantilli/linux-kernel-module-cheat.git synced 2026-01-23 02:05:57 +01:00
Code Issues Releases Wiki Activity

run: create -F option to run base64 encoded command after busybox init

Browse Source 
Fix ./run -h which was showing the build help instead.
This commit is contained in:
Ciro Santilli
2018-04-19 08:57:35 +01:00
parent 9805d333ea
commit 2c084f5fb2
4 changed files with 40 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
README.adoc
View File

@@ -896,7 +896,7 @@ It is kind of random: if you just `insmod` manually and then immediately `./rung
But this fails most of the time: shell 1:
....
./run -a arm -f 'lkmc_eval="insmod /hello.ko"'
./run -a arm -F 'insmod /hello.ko'
....
shell 2:
@@ -983,7 +983,7 @@ So once we find the address the first time, we can just reuse it afterwards, as
Do a fresh boot and get the module:
....
./run -f 'lkmc_eval="/pr_debug.sh;insmod /fops.ko;/poweroff.out"'
./run -F '/pr_debug.sh;insmod /fops.ko;/poweroff.out'
....
The boot must be fresh, because the load address changes every time we insert, even after removing previous modules.
@@ -1747,7 +1747,20 @@ although `-E` is smarter:
so you should almost always use it, unless you are really counting each cycle ;-)
This method prevents the BusyBox' init from launching a shell, so you cannot interact with the system afterwards. If you also want that, use: <<init-busybox>>.
This method replaces BusyBox' init completely, which makes things more minimal, but also has has the following consequences:
* `/etc/fstab` mounts are not done, notably `/proc` and `/sys`, test it out with:
+
....
./run -E 'echo asdf;ls /proc;ls /sys;echo qwer'
....
* no shell is launched at the end of boot for you to interact with the system. You could explicitly add a `sh` at the end of your commands however:
+
....
./run -E 'echo hello;sh'
....
The best way to overcome those limitations is to use: <<init-busybox>>
If the script is large, you can add it to a gitignored file and pass that to `-E` as in:
@@ -1799,13 +1812,23 @@ but why not just use your super simple and effective `/poweroff.out` and be done
[[init-busybox]]
=== Run command at the end of BusyBox init
If you rely on something that BusyBox' init set up for you like networking, you could do:
If you rely on something that BusyBox' init set up for you like `/etc/fstab`, this is the method you should use:
....
./run -f 'lkmc_eval="insmod /hello.ko;wget -S google.com;poweroff.out;"'
./run -F 'echo asdf;ls /proc;ls /sys;echo qwer'
....
The `lkmc_eval` option gets evaled by our default `S98` startup script if present.
After the commands run, you are left on an interactive shell.
The above command is basically equivalent to:
....
./run -f 'lkmc_eval="insmod /hello.ko;poweroff.out;"'
....
where the `lkmc_eval` option gets evaled by our default `S98` startup script if present.
However, `-F` is smarter and uses `base64` encoding, much like `-E` vs `-e`, so you will just use `-F` most of the time.
Alternatively, add them to a new `init.d` entry to run at the end o the BusyBox init:

3
rootfs_overlay/etc/init.d/S98
View File

@@ -1,7 +1,8 @@
#!/bin/sh
echo "hello S98"
if [ -n "$lkmc_eval" ]; then
echo "$lkmc_eval"
eval "$lkmc_eval"
elif [ -n "$lkmc_eval_base64" ]; then
eval "$(printf "$lkmc_eval_base64" | base64 -d)"
fi
exit 0

11
run
View File

@@ -31,7 +31,7 @@ tmux_args=
# just to prevent QEMU from emitting a warning that '' is not valid.
trace_enable=pr_manager_run
vnc=
while getopts a:c:DdE:e:f:G:ghIiKkm:T:U:uVx OPT; do
while getopts a:c:DdE:e:F:f:G:ghIiKkm:T:U:uVx OPT; do
case "$OPT" in
a)
arch="$OPTARG"
@@ -52,10 +52,13 @@ while getopts a:c:DdE:e:f:G:ghIiKkm:T:U:uVx OPT; do
lkmc_eval="$OPTARG"
;;
e)
extra_append="$extra_append $OPTARG"
extra_append="${extra_append} ${OPTARG}"
;;
F)
extra_append_after_dash="${extra_append_after_dash} lkmc_eval_base64=\"$(printf "${OPTARG}" | base64)\""
;;
f)
extra_append_after_dash="$extra_append_after_dash $OPTARG"
extra_append_after_dash="${extra_append_after_dash} ${OPTARG}"
;;
G)
gem5opts="$OPTARG \\
@@ -65,7 +68,7 @@ while getopts a:c:DdE:e:f:G:ghIiKkm:T:U:uVx OPT; do
gem5=true
;;
h)
cat build-usage.adoc 1>&2
cat run-usage.adoc 1>&2
exit
;;
I)

2
run-usage.adoc
View File

@@ -19,6 +19,8 @@
Only options that come before the `-`, i.e. "standard"
options, should be passed with this option.
Example: `./run -a arm -e 'init=/poweroff.out'`
|`-F` |`CMDSTR` |Much like `-f`, but base64 encods the string.
Mnemonic: `-F` is to `-f` what `-E` is to `-e`.
|`-f` |`CLI_OPTIONS` |Pass an extra Linux kernel command line options,
add a dash `-` separator, and place the options after the dash.
Intended for custom options understood by our `init` scripts,