mykola/blackjack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
58 commits 1 branch 0 tags 282 KiB
Commit graph

58 commits

This branch
This branch
All branches
Author SHA1 Message Date
mykola2312
bc2f89b039 working on ELF identification 2024-08-25 08:08:52 +03:00
mykola2312
8a3ea5b2b2 add 32-bit dummy shared object target 2024-08-25 06:16:31 +03:00
mykola2312
b2015a0d8a begin working on relf component 2024-08-24 14:32:50 +03:00
mykola2312
a39999e134 OVERHAUL: migrate to recursive make, because such way I can establish proper project structure for future make install AND have unclogged makefiles 2024-08-24 11:19:59 +03:00
mykola2312
9bc3007a7f add dlsym print to dummy 2024-08-24 01:25:29 +03:00
mykola2312
635cf023c7 turns out you have to offset the syscall instruction to rip, because PTRACE_CONT continue process by "returning" from syscall 2024-08-22 16:26:22 +03:00
mykola2312
0ae068762f function names refactor 2024-08-22 12:08:21 +03:00
mykola2312
f21453236f implement function to calculate proper patch size for future jmp hooks 2024-08-22 07:59:08 +03:00
mykola2312
f312bc09e9 test VEX decoding, rename "size" to "limit" 2024-08-22 07:26:33 +03:00
mykola2312
74e6ce1322 update readme 2024-08-19 12:04:38 +03:00
mykola2312
ae99c186e4 update readme and add endbr32 2024-08-19 12:03:49 +03:00
mykola2312
261961999c add separate group for custom instructions like endbr64 to be able to implement their logic separate. also bug fixes 2024-08-19 11:47:03 +03:00
mykola2312
c612e66833 well yea first major bug - we didnt parsed AMD specs so no endbr64 in LUT table is present. gonna fix that 2024-08-19 09:27:34 +03:00
mykola2312
9de814e66a rtdisasm_find_target works very well 2024-08-19 09:12:55 +03:00
mykola2312
bd6682a61d fix bug when 1-byte opcode will trigger size-limit because of unnecessary bounds check 2024-08-19 08:48:30 +03:00
mykola2312
97c8476d2a better instruction trace 2024-08-19 08:35:53 +03:00
mykola2312
b5dd5c455a begin working on rt_target search - we need that for syscall trampolines 2024-08-19 07:49:30 +03:00
mykola2312
60ded0d85b encorporate rt_target - unique identifier for instructions we will be looking for 2024-08-19 07:11:45 +03:00
mykola2312
4ae333513e fix typo which led to bug with opreg decoding 2024-08-19 01:32:50 +03:00
mykola2312
eb4b5767ee move process specific debug definitions to its own header file, thus fixing compiler warnings 2024-08-19 00:59:26 +03:00
mykola2312
ce5b3ee705 add debug traces to rtdisasm 2024-08-19 00:55:53 +03:00
mykola2312
89e6057fe4 add shared objs and deps 2024-08-19 00:06:46 +03:00
mykola2312
a4593e8564 move test data code to .text section for ease of objdump use 2024-08-16 14:43:04 +03:00
mykola2312
b4b468ec51 fix makefile to actually link static library 2024-08-16 14:41:38 +03:00
mykola2312
8181aa5623 fix warnings, add test code 2024-08-16 14:34:09 +03:00
mykola2312
5d23c4e695 implement instruction analyze 2024-08-16 14:25:15 +03:00
mykola2312
35e6628ec7 implement analyze of ModRM 2024-08-16 13:31:58 +03:00
mykola2312
64f44d9a44 implement opcode matching as well as opreg 2024-08-16 12:21:58 +03:00
mykola2312
b636bc8891 begin working on instruction matching 2024-08-16 09:41:41 +03:00
mykola2312
4bfa581481 begin working on rex prefix testing 2024-08-16 09:10:28 +03:00
mykola2312
c7735c0ddc begin working on prefixes 2024-08-16 06:26:37 +03:00
mykola2312
da43f4d8bf add test code for rtdisasm 2024-08-16 06:16:24 +03:00
mykola2312
d13505b2f9 encode VEX and EVEX params 2024-08-14 19:24:54 +03:00
mykola2312
3443dbccc7 encode std instructions parameters, fix another intel L regarding incosistent ib/imm8 notation 2024-08-14 19:11:15 +03:00
mykola2312
9f90139d05 fix instruction struct so it now has place for actual values from parsed documentation 2024-08-14 17:57:21 +03:00
mykola2312
b0e89a263c merge Parsable-Instructions into this project for integrity. rtdisasm needs lookup tables of instruction opcodes 2024-08-14 17:24:34 +03:00
mykola2312
585d940ece add x86 instruction set lookup table, compressed in gzip to avoid diff clogging 2024-08-14 01:27:40 +03:00
mykola2312
3965e0b773 add rtdisasm test target 2024-07-25 02:48:44 +03:00
mykola2312
359e745370 add rtdisasm target to makefile since I'm gonna implement runtime disassembler 2024-07-25 02:18:56 +03:00
mykola2312
a1b815415e add assembly targets and rules 2024-07-23 04:51:04 +03:00
mykola2312
654f083f60 add debug function to print all registers 2024-07-23 03:34:31 +03:00
mykola2312
a7fc495381 implement thread register read and write. needs more testing 2024-07-23 03:07:45 +03:00
mykola2312
0196d39a4b implement attaching and detaching to process threads 2024-07-23 02:28:48 +03:00
mykola2312
57c74b1abb add hijack destination function to dummy for thread hijacking testing 2024-07-23 01:58:30 +03:00
mykola2312
0d57997a19 implement caps check for ptrace 2024-07-21 00:20:37 +03:00
mykola2312
abe4af91e4 implement function to obtain active thread of a process 2024-07-20 23:53:50 +03:00
mykola2312
0e018fc6c8 implement thread enumeration 2024-07-20 22:56:45 +03:00
mykola2312
1f8d733548 make function to determine parent process, since that process should contain all juicy threads 2024-07-20 22:28:48 +03:00
mykola2312
8650359177 implement process enumeration by executable name 2024-07-20 22:05:29 +03:00
mykola2312
924a3fafe5 ignore vscode nonsense 2024-07-20 21:57:54 +03:00