1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <uapi/linux/a.out.h>
include <uapi/linux/elf.h>
execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]])
execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]], flags flags[at_flags])
write$binfmt_script(fd fd, data ptr[in, binfmt_script], len bytesize[data])
write$binfmt_misc(fd fd, data ptr[in, binfmt_misc], len bytesize[data])
write$binfmt_aout(fd fd, data ptr[in, binfmt_aout], len bytesize[data])
write$binfmt_elf32(fd fd, data ptr[in, binfmt_elf32], len bytesize[data])
write$binfmt_elf64(fd fd, data ptr[in, binfmt_elf64], len bytesize[data])
binfmt_script {
hdr stringnoz["#! "]
bin stringnoz[filename]
args array[binfmt_script_arg]
nl const[0xa, int8]
data array[int8]
} [packed]
binfmt_script_arg {
sp const[0x20, int8]
arg stringnoz
}
binfmt_misc {
hdr stringnoz[binfmt_misc_headers]
data array[int8]
}
binfmt_misc_headers = "syz0", "syz1"
binfmt_aout {
exec exec
data array[int8]
# Just to make the file of a non-trivial size.
pad array[array[const[0, int64], 32], 0:10]
} [packed]
exec {
magic flags[aouthdr_magics, int16]
machtype int8
flags int8
a_text int32[0:1000]
a_data int32[0:1000]
a_bss int32
a_syms int32[0:1000]
a_entry int32
a_trsize const[0, int32]
a_drsize const[0, int32]
}
aouthdr_magics = OMAGIC, NMAGIC, ZMAGIC, QMAGIC
type binfmt_elf32 binfmt_elf[int32, elf32_phdr, ELF32_PHDR_SIZE]
type binfmt_elf64 binfmt_elf[int64, elf64_phdr, ELF64_PHDR_SIZE]
type binfmt_elf[ADDR, PHDR, PHENTSIZE] {
hdr elf_hdr[ADDR, PHENTSIZE]
phdr array[PHDR, 1:2]
data array[int8]
# Just to make the file of a non-trivial size.
pad array[array[const[0, int64], 32], 0:10]
} [packed]
type elf_hdr[ADDR, PHENTSIZE] {
e_ident0 const[0x7f, int8]
e_ident1 const[0x45, int8]
e_ident2 const[0x4c, int8]
e_ident3 const[0x46, int8]
e_ident_class int8
e_ident_data int8
e_ident_ver int8
e_ident_osabi int8
e_ident_pad int64
e_type flags[elf_types, int16]
e_machine flags[elf_machines, int16]
e_version int32
e_entry ADDR[0:1000]
e_phoff bytesize[parent, ADDR]
e_shoff ADDR[0:1000]
e_flags int32
e_ehsize int16
e_phentsize const[PHENTSIZE, int16]
e_phnum int16[1:2]
e_shentsize int16
e_shnum int16
e_shstrndx int16
}
elf32_phdr {
p_type flags[elf_ptypes, int32]
p_offset int32
p_vaddr int32
p_paddr int32
p_filesz int32
p_memsz int32
p_flags int32
p_align int32
} [size[ELF32_PHDR_SIZE]]
elf64_phdr {
p_type flags[elf_ptypes, int32]
p_flags int32
p_offset int64
p_vaddr int64
p_paddr int64
p_filesz int64
p_memsz int64
p_align int64
} [size[ELF64_PHDR_SIZE]]
elf_types = ET_EXEC, ET_DYN
elf_machines = EM_386, EM_486, EM_X86_64
elf_ptypes = PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_LOOS, PT_LOPROC, PT_GNU_STACK
define ELF32_PHDR_SIZE sizeof(struct elf32_phdr)
define ELF64_PHDR_SIZE sizeof(struct elf64_phdr)
|
