duangsuse::Echo
咸鱼了又没有PV成...原因我就不说了,现在我把之前欠生存战争吧的几行代码写了就去玩游戏..玩腻了就去把ls的server写了.,还要搞开发板...🙈
估计彻底结束放假前ls还能发布第一个版本,如果能再做到#![no_std],使用libc来进行文件IO的话就可以做PV了,不然算了
Forwarded from dnaugsuz
#![feature(lang_items)]
#![no_std]
extern crate libc;
use libc::abs;
use libc::mkdir;
use libc::printf;
#[no_mangle]
pub extern "C" fn c_abs(input: i32) -> i32 {
unsafe { abs(input) }
}
#[no_mangle]
pub extern "C" fn c_mkdir() -> i32 {
unsafe { mkdir(12 as *const i8, 755) }
}
#[no_mangle]
pub extern "C" fn c_print() -> i32 {
unsafe { printf(12 as *const i8) }
}
#[lang = "eh_personality"]
extern "C" fn eh_personality() {}
#[lang = "panic_fmt"]
fn panic_fmt() -> ! {
loop {}
}
/* Cargo.toml
[package]
name = "ex"
version = "0.1.0"
authors = ["duangsuse <fedora-opensuse@outlook.com>"]
[dependencies]
libc = { version = "0.2", default-features = false }
[lib]
name = "ex"
crate-type = ["cdylib"]
*/
玩libc玩炸中...🙈
#![no_std]
extern crate libc;
use libc::abs;
use libc::mkdir;
use libc::printf;
#[no_mangle]
pub extern "C" fn c_abs(input: i32) -> i32 {
unsafe { abs(input) }
}
#[no_mangle]
pub extern "C" fn c_mkdir() -> i32 {
unsafe { mkdir(12 as *const i8, 755) }
}
#[no_mangle]
pub extern "C" fn c_print() -> i32 {
unsafe { printf(12 as *const i8) }
}
#[lang = "eh_personality"]
extern "C" fn eh_personality() {}
#[lang = "panic_fmt"]
fn panic_fmt() -> ! {
loop {}
}
/* Cargo.toml
[package]
name = "ex"
version = "0.1.0"
authors = ["duangsuse <fedora-opensuse@outlook.com>"]
[dependencies]
libc = { version = "0.2", default-features = false }
[lib]
name = "ex"
crate-type = ["cdylib"]
*/
玩libc玩炸中...🙈
Forwarded from dnaugsuz
Forwarded from dnaugsuz
nm target/debug/libex.so
U abs@@GLIBC_2.2.5
0000000000201008 b bss_start
0000000000000600 T c_abs
0000000000000630 T c_mkdir
0000000000201008 b completed.6991
0000000000000660 T c_print
w __cxa_finalize@@GLIBC_2.2.5
0000000000000520 t deregister_tm_clones
00000000000005b0 t __do_global_dtors_aux
0000000000200df8 t __do_global_dtors_aux_fini_array_entry
0000000000201000 d __dso_handle
0000000000200e00 d _DYNAMIC
0000000000201008 d _edata
0000000000201010 b _end
0000000000000684 t _fini
00000000000005f0 t frame_dummy
0000000000200df0 t __frame_dummy_init_array_entry
0000000000000780 r __FRAME_END
0000000000200fb0 d _GLOBAL_OFFSET_TABLE_
w gmon_start
0000000000000690 r GNU_EH_FRAME_HDR
00000000000004d8 t _init
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
U mkdir@@GLIBC_2.2.5
U printf@@GLIBC_2.2.5
0000000000000560 t register_tm_clones
0000000000201008 d __TMC_END
🌚拿去Python的ctypes玩会,没有libstd好轻巧(
U abs@@GLIBC_2.2.5
0000000000201008 b bss_start
0000000000000600 T c_abs
0000000000000630 T c_mkdir
0000000000201008 b completed.6991
0000000000000660 T c_print
w __cxa_finalize@@GLIBC_2.2.5
0000000000000520 t deregister_tm_clones
00000000000005b0 t __do_global_dtors_aux
0000000000200df8 t __do_global_dtors_aux_fini_array_entry
0000000000201000 d __dso_handle
0000000000200e00 d _DYNAMIC
0000000000201008 d _edata
0000000000201010 b _end
0000000000000684 t _fini
00000000000005f0 t frame_dummy
0000000000200df0 t __frame_dummy_init_array_entry
0000000000000780 r __FRAME_END
0000000000200fb0 d _GLOBAL_OFFSET_TABLE_
w gmon_start
0000000000000690 r GNU_EH_FRAME_HDR
00000000000004d8 t _init
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
U mkdir@@GLIBC_2.2.5
U printf@@GLIBC_2.2.5
0000000000000560 t register_tm_clones
0000000000201008 d __TMC_END
🌚拿去Python的ctypes玩会,没有libstd好轻巧(
Forwarded from dnaugsuz
llvm-objdump -d target/release/libex.so
c_abs:
5d0: 89 f8 movl %edi, %eax
5d2: f7 d8 negl %eax
5d4: 0f 4c c7 cmovll %edi, %eax
5d7: c3 retq
5d8: 0f 1f 84 00 00 00 00 00 nopl (%rax,%rax)
c_mkdir:
5e0: bf 0c 00 00 00 movl $12, %edi
5e5: be f3 02 00 00 movl $755, %esi
5ea: e9 e1 fe ff ff jmp -287 <.plt.got>
5ef: 90 nop
c_print:
5f0: bf 0c 00 00 00 movl $12, %edi
5f5: 31 c0 xorl %eax, %eax
5f7: e9 dc fe ff ff jmp -292 <.plt.got+0x8>
c_abs:
5d0: 89 f8 movl %edi, %eax
5d2: f7 d8 negl %eax
5d4: 0f 4c c7 cmovll %edi, %eax
5d7: c3 retq
5d8: 0f 1f 84 00 00 00 00 00 nopl (%rax,%rax)
c_mkdir:
5e0: bf 0c 00 00 00 movl $12, %edi
5e5: be f3 02 00 00 movl $755, %esi
5ea: e9 e1 fe ff ff jmp -287 <.plt.got>
5ef: 90 nop
c_print:
5f0: bf 0c 00 00 00 movl $12, %edi
5f5: 31 c0 xorl %eax, %eax
5f7: e9 dc fe ff ff jmp -292 <.plt.got+0x8>
Forwarded from dnaugsuz
这时候我发现snowman给出的反编译结果🌚
int64_t printf = 0;
int32_t fun_510(int64_t rdi) {
goto printf;
}
int64_t c_print() {
int32_t eax1;
int64_t rax2;
eax1 = fun_510(12);
*reinterpret_cast<int32_t*\>\(&rax2) = eax1;
*reinterpret_cast<int32_t*\>\(reinterpret_cast<int64_t\>\(&rax2) + 4) = 0;
return rax2;
}
虽然垃圾的不知道到那里去了,但的确比反汇编的好...
int64_t printf = 0;
int32_t fun_510(int64_t rdi) {
goto printf;
}
int64_t c_print() {
int32_t eax1;
int64_t rax2;
eax1 = fun_510(12);
*reinterpret_cast<int32_t*\>\(&rax2) = eax1;
*reinterpret_cast<int32_t*\>\(reinterpret_cast<int64_t\>\(&rax2) + 4) = 0;
return rax2;
}
虽然垃圾的不知道到那里去了,但的确比反汇编的好...
Forwarded from dnaugsuz
»> c.c_print()
[1] 29596 segmentation fault (core dumped) python
»> c.c_mkdir()
-1
ls .
Cargo.lock Cargo.toml src target
»> c.c_abs(1)
1
»> c.c_abs(-1)
1
»> c.c_abs()
11
[1] 29596 segmentation fault (core dumped) python
»> c.c_mkdir()
-1
ls .
Cargo.lock Cargo.toml src target
»> c.c_abs(1)
1
»> c.c_abs(-1)
1
»> c.c_abs()
11
Forwarded from dnaugsuz
Forwarded from dnaugsuz