diff --git a/404.html b/404.html index 3972cdd..30b0036 100644 --- a/404.html +++ b/404.html @@ -1 +1,62 @@ -
约 593 个字 49 行代码 预计阅读时间 7 分钟
经常遇到新系统快速配置的环境(wsl、新服务器),特此总结一下
sudo apt update
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 基础配置
环境配置¶
约 593 个字 49 行代码 预计阅读时间 7 分钟
经常遇到新系统快速配置的环境(wsl、新服务器),特此总结一下
Ubuntu更新基本环境¶
安装docker¶
按照https://docs.docker.com/engine/install/ubuntu/的说明安装即可
也可以按curl -fsSL https://get.docker.com -o get-docker.sh
、sudo sh get-docker.sh
来安装。
rust安装与更新¶
rustup update
@@ -55,7 +99,7 @@
apt install fonts-wqy-microhei # 安装一个就行
fc-cache # 刷新缓存
fc-list # 检查列表
-
参考文章¶
约 1216 个字 14 行代码 预计阅读时间 5 分钟
sudo ls -lah /proc/<pid>
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 服务器运维
Ubuntu服务器运维¶
约 1216 个字 14 行代码 预计阅读时间 5 分钟
根据pid查询细节¶
然后根据其中的cwd找到运行目录,exe找到运行程序 在终端向程序输入字节¶
# 输入raw bytes
echo -e '\x31\x32' | program
@@ -75,7 +119,7 @@
# multi-user.target组中的服务都将开机启动
# 常用Target,1. multi-user.target-多用户命令行;2. graphical.target-图形界面模式
WantedBy=[表示该服务所在的Target]
-
- 启动
systemctl start **
- 关闭
systemctl stop **
- 重启
systemctl restart **
- 查看运行状态
systemctl status **
- Loaded行:配置文件的位置,是否设为开机启动;
- Active行:表示正在运行;
- Main行:主进程PID;
- Status行:由应用本身提供的软件当前状态;
- CGroup行:应用的所有子进程
- 日志块:应用的日志
- 设置开机自启
systemctl enable **
enable命令相当于在目录里添加了一个符号链接。开机时,Systemd会执行/etc/systemd/system/目录里面的配置文件 - 结束服务进程
systemctl kill **
- 查看配置文件
systemctl cat **
- 查看multi-user.target 包含的所有服务
systemctl list-dependencies multi-user.target
- 切换到另一个 target
systemctl isolate graphical.target
- 重新加载配置文件
systemctl daemon-reload
定时服务¶
定时程序执行失败的原因是多样的,可能是因为定时服务没启动,需要systemctl restart cron.service
,或者是cron服务坏掉了,先apt install cron --reinstall
强制重新安装下,再重启服务,或者是安装了别的依赖库但是没有重启cron导致运行失败,试试/etc/init.d/cron restart
。
打开文件数¶
https://www.baeldung.com/linux/list-open-file-descriptors
Linux默认最多同时打开1024个文件,可以通过ulimit -n
查看。fuzzing等要注意关闭文件描述符,否则可能导致服务器故障(比如ssh连不上)。/proc//fd里列出了pid锁打开的文件。
参考资料¶
约 1481 个字 49 行代码 预计阅读时间 10 分钟
由于服务器安全设定,只对外开放一个22端口提供ssh连接。那么在此基础上如何提供http、https等多种服务?搜索了下可以根据流量特征用sslh简单转发一下数据包到不同的内部端口。
在root下apt install sslh后修改配置文件/etc/default/sslh
:
# Default options for sslh initscript
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 端口复用
折腾网站¶
约 1481 个字 49 行代码 预计阅读时间 10 分钟
端口复用方法¶
由于服务器安全设定,只对外开放一个22端口提供ssh连接。那么在此基础上如何提供http、https等多种服务?搜索了下可以根据流量特征用sslh简单转发一下数据包到不同的内部端口。
sslh:根据流量特征转发数据包¶
在root下apt install sslh后修改配置文件/etc/default/sslh
:
# Default options for sslh initscript
# sourced by /etc/init.d/sslh
# binary to use: forked (sslh) or single-thread (sslh-select) version
@@ -116,7 +160,7 @@
echo ${CERTBOT_DOMAIN} >> xxx.txt
sleep 120
exit 0
-
然后在两分钟之内,把xxx.txt里CERTBOT_VALIDATION对应的哈希值手动更新在DNS记录里即可。
此外,新找到一个可以方便地在web端配置新证书的网站:https://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html
约 452 个字 9 行代码 预计阅读时间 2 分钟
可以使用zerotier,登录以后创建一个网络。然后需要组局域网的设备下载zerotier以后join上就行了。
可以参考这里或这里,或者这里的一键脚本的链接配置私有planet,既能提高安全性,又能加快连接速度。简单来说,需要用ZeroTier官方代码编译自己的planet文件并替换掉zerotier客户端使用的planet,然后用ztncui这个后台管理界面配置zerotier的许可。
需要公网服务器,可以在阿里云租一个
一种方法是frp
另一种方法是ssh正向连接配合反向连接:
首先内网服务器开个screen运行ssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port
连接到云服务器上。这样的话云服务器访问127.0.0.1:1234就相当于访问内网的127.0.0.1:22。然后需要连接内网的主机也开个screen运行ssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port
,这样的话该主机访问自己127.0.0.1:2345就相当于访问云服务器的127.0.0.1:1234。然后该主机再开一个终端,ssh user@127.0.0.1 -p 2345
即可。
方便起见也可以在.ssh/config文件里用RemoteForward ip1:port1 ip2:port2
和LocalForward ip1:port1 ip2:port2
来简化每次ssh连接都这么搞。
希望将某端口收到的消息转发到其他主机的某一端口,可以试试socat,比如socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80
,可以把4320端口收到的TCP4数据包转发到子网10.244.55.25的80端口,配合zerotier可以实现内网对外开放端口。
即,vi /etc/systemd/system/socat.service
编辑如下的socat,并systemctl enable socat.service
启用开机启动,然后systemctl start socat.service
。为了支持https连接,使用TCP-LISTEN/TCP。需要目标主机那边配置好ssl证书。
[Unit]
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 代理转发
代理转发¶
约 452 个字 9 行代码 预计阅读时间 2 分钟
多台电脑组局域网¶
可以使用zerotier,登录以后创建一个网络。然后需要组局域网的设备下载zerotier以后join上就行了。
可以参考这里或这里,或者这里的一键脚本的链接配置私有planet,既能提高安全性,又能加快连接速度。简单来说,需要用ZeroTier官方代码编译自己的planet文件并替换掉zerotier客户端使用的planet,然后用ztncui这个后台管理界面配置zerotier的许可。
内网穿透¶
需要公网服务器,可以在阿里云租一个
一种方法是frp
另一种方法是ssh正向连接配合反向连接:
首先内网服务器开个screen运行ssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port
连接到云服务器上。这样的话云服务器访问127.0.0.1:1234就相当于访问内网的127.0.0.1:22。然后需要连接内网的主机也开个screen运行ssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port
,这样的话该主机访问自己127.0.0.1:2345就相当于访问云服务器的127.0.0.1:1234。然后该主机再开一个终端,ssh user@127.0.0.1 -p 2345
即可。
方便起见也可以在.ssh/config文件里用RemoteForward ip1:port1 ip2:port2
和LocalForward ip1:port1 ip2:port2
来简化每次ssh连接都这么搞。
子网转发¶
希望将某端口收到的消息转发到其他主机的某一端口,可以试试socat,比如socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80
,可以把4320端口收到的TCP4数据包转发到子网10.244.55.25的80端口,配合zerotier可以实现内网对外开放端口。
即,vi /etc/systemd/system/socat.service
编辑如下的socat,并systemctl enable socat.service
启用开机启动,然后systemctl start socat.service
。为了支持https连接,使用TCP-LISTEN/TCP。需要目标主机那边配置好ssl证书。
约 292 个字 85 行代码 预计阅读时间 9 分钟
自己开发软件时,生成规范的configure等文件。可参考https://www.cnblogs.com/klausage/p/14163844.html等
编写Makefile.am文件,比如:
bin_PROGRAMS=helloworld
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog autoconf
autoconf学习笔记¶
约 292 个字 85 行代码 预计阅读时间 9 分钟
自己开发软件时,生成规范的configure等文件。可参考https://www.cnblogs.com/klausage/p/14163844.html等
不分目录结构¶
编写Makefile.am文件,比如:
bin_PROGRAMS
用于给项目起名,比如X,那么之后的X_SOURCES则用来指定使用的源文件
执行autoscan
,生成configure.scan,并修改其中的AC_INIT、AM_INIT_AUTOMAKE,重命名文件为configure.ac,比如:
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
@@ -87,7 +131,7 @@
AC_CONFIG_FILES([Makefile
src/Makefile])
AC_OUTPUT
-
执行aclocal && autoheader && autoconf
,生成aclocal.m4、config.h.in和configure
运行automake --add-missing
,会根据Makefile.am生成Makefile.in
运行./configure
生成makefile
运行make
,基于makefile编译代码
约 722 个字 11 行代码 预计阅读时间 4 分钟
按照https://docs.docker.com/engine/install/ubuntu/的说明安装即可
也可以按curl -fsSL https://get.docker.com -o get-docker.sh
、sudo sh get-docker.sh
来安装。
docker默认从官网拉取镜像,可能由于墙而拉不到。可以考虑使用阿里提供的镜像服务,参考https://zhuanlan.zhihu.com/p/347643668。
考虑到国内似乎把docker镜像下架了,还是直接修改docker代理吧。
先创建目录mkdir /etc/systemd/system/docker.service.d
,再创建文件/etc/systemd/system/docker.service.d/http-proxy.conf
,再往里面添加代理:
[Service]
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog Docker
Docker使用笔记¶
约 722 个字 11 行代码 预计阅读时间 4 分钟
安装docker¶
按照https://docs.docker.com/engine/install/ubuntu/的说明安装即可
也可以按curl -fsSL https://get.docker.com -o get-docker.sh
、sudo sh get-docker.sh
来安装。
设置docker使用镜像仓库¶
docker默认从官网拉取镜像,可能由于墙而拉不到。可以考虑使用阿里提供的镜像服务,参考https://zhuanlan.zhihu.com/p/347643668。
考虑到国内似乎把docker镜像下架了,还是直接修改docker代理吧。
先创建目录mkdir /etc/systemd/system/docker.service.d
,再创建文件/etc/systemd/system/docker.service.d/http-proxy.conf
,再往里面添加代理:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Environment="HTTPS_PROXY=http://proxy.example.com:80/"
Environment="NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com" #可选。如果使用本地镜像仓库。
@@ -18,7 +62,7 @@
sudo systemctl restart docker
还有一种做法,适用于已经使用过一段时间的docker,关闭docker后mv原来的/var/lib/docker
到新目录(比如/data/docker)然后再ln -s /data/docker /var/lib/docker
建立软链接。
从镜像创建容器并挂载目录¶
会在容器中创建目录,映射宿主机目录。宿主机的目录和容器目录内容是一样的,修改一方,另一方随之改变
docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<宿主机目录>,target=<容器目录> <镜像名>:<tag> /bin/bash
以上命令可以完成对指定镜像创建一个比较完备的容器,指定了容器名称、用户名称和组别、主机名、用户工作目录,并挂载了主机的一些目录。指定passwd和group文件的只读挂载可以避免–user使用用户(组)id进行新建容器时引发的找不到用户名和组名的问题。并且避免了默认root用户导致的主机端无法访问容器新建文件的问题。
注意这样创建的用户没有root权限。如果需要,则不使用user参数,但存在容器创建文件是root,宿主机无法修改的问题。
一个不太聪明的解决方法是user_id设成root的0,group_id设成普通用户,然后在容器里给root的.bashrc加一行umask 0002。就是说让用户组也能修改文件了。
一些其他的办法:docker exec -u
好像可以指定启动容器时的用户,不知道有什么用,可以试试;或者root进去以后把普通用户加到sudoers里
新容器初始化¶
apt-get update
更新一下list,然后才能使用apt-get下载其他包。一些常用的包:apt-get install build-essential
退出初次创建的容器¶
连按Ctrl+P、Ctrl+Q退出容器。否则简单退出后容器就stop了,下次exec的时候还要restart,甚至还会出现restart自动又stop的情况
进入已有的容器¶
可以Ctrl+D退出
约 1937 个字 3 行代码 预计阅读时间 7 分钟
默认以下条件均成立:
git init
+git add .
+git commit -m "comments"
)git status
查看)git remote add origin git@github.com:xxx(仓库网站比如github提供的ssh地址)
git push -u origin master
向远程仓库提交代码(后来听说github默认名改成main了?)强制推送可以再加个--force
参数
初次向github提交代码前,在本地工作目录下创建.gitignore文件,里面直接写上不想追踪的文件名和文件夹名即可。(文件名不需要补全路径)
使用git add .
可以直接把当前目录都add进暂存区,对于不慎添加的内容可以使用git rm --cached <file>
来撤回add。可以使用git rm -r --cached .
来撤回git add .
。(使用git status
可以查看暂存区,里面也有提示怎么撤回)
git config --global user.name "<yourname>"
设置用户名git config --global user.email "<email>"
设置邮箱ssh-keygen -t rsa -C "<comments>"
生成密钥对,然后一路回车直到生成结束(也可以提示添加passwd phrase,这样的话如果使用ssh-add添加时会要求输入这个密码防止被别人滥用。注意相同的passwd phrase不会生成相同的密钥对)ed25519似乎比默认的rsa更安全、计算更快、密钥更短,可以使用
有时需要指定密钥,比如不使用默认的密钥文件名。此时可以先eval $(ssh-agent -s)
启用agent,然后ssh-add <private keyfile>
来添加密钥。ssh-add -l
可以查看添加的密钥。
或者可以把密钥在~/.ssh/config
文件里指定一下,就可以省去ssh-agent的操作,比如
Host github.com
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog Git
Git学习笔记¶
约 1937 个字 3 行代码 预计阅读时间 7 分钟
将本地已有仓库推送至Github的新建仓库中¶
默认以下条件均成立:
- 已在github上创建同名空仓库(不同名也行)
- 已配置好ssh密钥
- 已建立好本地仓库(
git init
+git add .
+git commit -m "comments"
) - 本地仓库为clean状态(使用
git status
查看)
- 进入本地git仓库,使用
git remote add origin git@github.com:xxx(仓库网站比如github提供的ssh地址)
- 使用
git push -u origin master
向远程仓库提交代码(后来听说github默认名改成main了?)
强制推送可以再加个--force
参数
添加.gitignore文件以不追踪文件¶
初次向github提交代码前,在本地工作目录下创建.gitignore文件,里面直接写上不想追踪的文件名和文件夹名即可。(文件名不需要补全路径)
撤回add¶
使用git add .
可以直接把当前目录都add进暂存区,对于不慎添加的内容可以使用git rm --cached <file>
来撤回add。可以使用git rm -r --cached .
来撤回git add .
。(使用git status
可以查看暂存区,里面也有提示怎么撤回)
配置git账号并加入github项目¶
- 使用
git config --global user.name "<yourname>"
设置用户名 - 使用
git config --global user.email "<email>"
设置邮箱 - 使用
ssh-keygen -t rsa -C "<comments>"
生成密钥对,然后一路回车直到生成结束(也可以提示添加passwd phrase,这样的话如果使用ssh-add添加时会要求输入这个密码防止被别人滥用。注意相同的passwd phrase不会生成相同的密钥对) - 在上一步过程中默认的路径(比如~/.ssh)找到id_rsa.pub文件,拷贝其全部内容
- 打开github,右上角头像,settings,左侧的SSH and GPG keys,然后给SSH添加这个公钥即可
ed25519似乎比默认的rsa更安全、计算更快、密钥更短,可以使用
有时需要指定密钥,比如不使用默认的密钥文件名。此时可以先eval $(ssh-agent -s)
启用agent,然后ssh-add <private keyfile>
来添加密钥。ssh-add -l
可以查看添加的密钥。
或者可以把密钥在~/.ssh/config
文件里指定一下,就可以省去ssh-agent的操作,比如
有的时候git进行push到私仓时会出现卡机的问题,不确定是什么原因,如果remote repo使用的是git@xxx的url的话,可以试试改成https的链接;还不行的话可以试试git config的proxy,设置或清空。
放弃对文件的跟踪¶
与他人合作项目时,有时需要做一些本地适配,但是不想妨碍其他人,可以添加到.gitignore。但对于已经处于跟踪状态的文件来说后添进.gitignore是无效的。因此可以先将文件移出跟踪态,然后再加进.gitignore里。如下:git rm -r --cached <file/dir>
其中-r表示递归。也可以加-n表示伪放弃跟踪(用于预览会放弃对哪些文件的追踪)
更换远程仓库¶
有的时候从官方仓库git clone下代码,本地拷贝一份、各种魔改并上传到自己的私仓。又由于windows、linux环境不同,想把原来的代码更新成自己的私仓,所以需要换一下远程仓库。
- 首先取消原来的远程分支跟踪
git remote rm <remote repo name>
- 然后添加自己的仓库作为远程
git remote add <remote repo name> <repo url>
好像也可以直接更换远程仓库:git remote set-url <remote repro name> <repo url>
这里的<remote repo name>
是自己取的仓库名,之后的操作可以用它来指定对象。可以随便取,比如常见的origin。
子模块的下载¶
有的时候一个代码仓库拿其他仓库来当做子模块,在github上这些模块是图中的表示形式。git仓库里也会有.gitmodules文件来说明这些子模块。当clone主仓库时,这些子模块不会跟着下载下来。
初次部署时,在主仓库目录下里使用git submodule update --init --recursive
来从.gitmodules字clone子模块。
如果子模块被别的开发者更新了,可以进到子模块中然后git pull
。
如果希望添加某个仓库作为子模块,使用git submodule add <repo url>
来下载子模块并更新.gitmodules文件
自己的项目需要对其他项目进行修改¶
如果自己的项目用到别的项目,需要对其中一些代码进行修改,而不需要把在上传github时把整个项目全部放到自己的项目下,可以先用submodule添加子模块,然后直接修改代码,并在其项目下用git diff <commit id> > <file.patch>
生成一个diff文件。把diff文件放到自己的项目里,再上传到github上。其中commit id是第三方项目的commit,也就是这个submodule下载时的commit id,可以通过git log
找到。
如果直接用git diff > <file.patch>
,会输出未加入暂存的修改和最近一次暂存/commit的diff文件。
其他人使用时,就先把第三方项目获取下来,然后git apply <file.patch>
即可。撤回补丁使用git apply -R <file.patch>
不同版本多人合作与分支使用¶
最近在跑fuzzer,合作时有时需要切换不同的测试目标,每个测试目标都有自己的一大堆配套设置。大家都在主分支删改太麻烦而且很乱,所以需要针对每个测试目标设置不同的branch。
可以使用git branch -a
查看所有分支。其中前面带*
的是当前branch。
新建分支时使用 git checkout -b <branch name>
相当于先git branch <branch name>
创建了一个新的分支,然后git checkout <branch name>
切换到那个分支。
在新的分支commit后,使用git push -u <remote repo name> <local branch name>:<remote branch name>
可以将自己的这个分支推送到远程仓库。其中:
-u
表示记住当前设定,之后在这一分支上push时,简单使用git push
就会推送,不需要再敲这么长了。 - origin 是之前
git remote add origin
设定的远程主机名称,需要和实际设定一样。因为大家使用origin是在太普遍了,所以这里没有用<remote host name>
来表示,意会即可。 - local branch name和remote branch name一般情况是相同的。会在远程新建remote branch name
如果需要删除远程分支,可以简单地推送空分支:git push origin :<remote branch name>
。这里本地分支名留空了。也可以使用专门的删除方式:git push origin --delete <remote branch name>
如果需要删除本地分支,使用git branch -d <local branch name>
合并分支时,先切换到需要接收改动的分支上,然后git merge <new branch name>
,即可将new branch的改动更新到当前分支上。new branch的内容是不变的。
拉取远程分支到本地,而不影响本地分支:git fetch <remote repo name> <remote branch name>:<local branch name>
会将远程仓库的分支保存在本地对应分支下。
可以用git fetch --all
拉取所有远程分支,如果没有效果,注意检查remote.origin.fetch的设置:git config --get remote.origin.fetch
,如果是+refs/heads/master:refs/remotes/origin/master
,则表示只拉master分支。可以修改成拉取所有分支:git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"
。
Github debug合集¶
某种东西真的神烦,科研需要下载的仓库代码经常莫名其妙下载不了,写的代码上传补上去,build个docker慢的要死,第三方包拉取不到……浪费很多时间在因为网络连接不了导致的各种bug上,有效科研时间白白被消耗,真的很xx。
Git clone报错gnutls_handshake() failed: The TLS connection was non-properly terminated.¶
一种做法是设置或者取消设置http.proxy和https.proxy
另一种做法是直接取消SSL校验,虽然粗暴了点:git config http.sslVerify false
约 164 个字 5 行代码 预计阅读时间 1 分钟
(以下均在wsl的root用户) ubuntu系统,先预装下环境:
apt install build-essential autoconf zlib1g-dev libssl-dev
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog openssh
OpenSSH阅读笔记¶
约 164 个字 5 行代码 预计阅读时间 1 分钟
准备工作¶
(以下均在wsl的root用户) ubuntu系统,先预装下环境:
下载源码,直接从Github链接下载zip到本地解压,也可以用git clone:
为了防止之后make install出的文件覆盖系统自己的ssh,这里指定configure将之后编译出的文件放到项目的/output文件夹下。按readme的Building from git的方法,进入openssh所在目录后,运行:
此时相关可执行文件已经编译完毕。为了进一步清晰显示,可以运行make install
,则在当前目录的output文件夹下会生成对应的结构。
约 1131 个字 99 行代码 预计阅读时间 14 分钟
最近在读sslh的源码,感觉还是比较有意思的。之前在端口复用里面简单提了下sslh的用法,但是在实践中踩了不少坑,所以把源码拿来读一读,看看内部的结构。
sslh似乎是使用第一个数据包保存的协议信息,为客户端与服务器对应服务建立连接。后续数据包不再需要检查协议了。
apt install sslh # 但最好还是从源码make install,用最新版本;参考仓库的INSTALL安装对应的C库
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog sslh
sslh 阅读笔记¶
约 1131 个字 99 行代码 预计阅读时间 14 分钟
最近在读sslh的源码,感觉还是比较有意思的。之前在端口复用里面简单提了下sslh的用法,但是在实践中踩了不少坑,所以把源码拿来读一读,看看内部的结构。
sslh似乎是使用第一个数据包保存的协议信息,为客户端与服务器对应服务建立连接。后续数据包不再需要检查协议了。
便捷上手¶
apt install sslh # 但最好还是从源码make install,用最新版本;参考仓库的INSTALL安装对应的C库
vi /etc/default/sslh
systemctl start sslh
似乎cfg文件里和command line会有冲突。所以commandline用-F /etc/sslh/sslh.cfg
(没有则新建一个)指定的配置文件中,不要有和command重复的内容。只放protocols差不多就得了。比较好用的是正则和tls中根据alpn和sni来匹配。
下面是完整的配置文件的一个例子,如果数据包包含”OK1”或者”OK2”,则会被转发到127.0.0.1:1234。其中的name字段表示这条协议在sslh启动后怎么配置,常见的比如regex
、ssh
、tls
、http
。
注意,最后一条协议的分号后面不加逗号。
protocols:
@@ -106,7 +150,7 @@
# catch anything else TLS
{ name: "tls"; host: "localhost"; port: "443"; tfo_ok: true },
-
alpn_protocols即使用应用层协议协商编号:TLS Application-Layer Protocol Negotiation (ALPN) Protocol ID。可以在这里看到完整的格式。打个比方,如果说数据包是饺子,tls是饺子皮,ALPN就是表示里面是什么馅的。
sni_hostnames即使用服务器名称指示:Server Name Indication(SNI),类似于服务器端的域名。打个比方,虽然在学校快递(数据包)都会送到菜鸟驿站(服务器),但这些包裹最终是流向不同的宿舍的(SNI)。SNI帮助在tls握手期间就确定ssl证书,而不是在http建立连接后。FQDN指的是Fully Qualified Domain Name,即完整域名,可以看这里的介绍。
sni_hostname和alpn_protocols,属于tls扩展内容,并非强制保留其中。发包的时候注意添加,不然sslh可能识别不到。
约 1574 个字 3 行代码 预计阅读时间 6 分钟
linux用哪个命令可以把一个网址以及其所依赖的js和css等等文件自动下载下来?
在Linux中,你可以使用 wget 命令来自动下载一个网站及其依赖的资源文件(如JS和CSS等)。
下面是一个示例命令:
wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog ChatGPT
ChatGPT来帮忙¶
约 1574 个字 3 行代码 预计阅读时间 6 分钟
网络站点打包下载¶
linux用哪个命令可以把一个网址以及其所依赖的js和css等等文件自动下载下来?
在Linux中,你可以使用 wget 命令来自动下载一个网站及其依赖的资源文件(如JS和CSS等)。
下面是一个示例命令:
wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com
该命令使用了多个选项,其中一些选项的含义如下: –recursive: 下载网站的所有链接。 –no-clobber: 不会重复下载已经存在的文件。 –page-requisites: 下载所有页面的资源(如图像,音频和视频)。 –html-extension: 将所有HTML文件扩展名添加为 .html。 –convert-links: 将所有链接转换为本地链接。 –restrict-file-names=windows: 避免使用 Linux 不支持的文件名字符。 –domains website.com: 限制下载的域名范围。 –no-parent: 不会下载父级链接(有助于防止无限递归)。
你可以根据自己的需要修改这些选项以满足特定的要求。
用这条命令被服务器发现恶意下载,被给403 forbidden了怎么办?
如果你使用的命令被服务器认为是恶意下载,并且被服务器拒绝访问,那么你可以考虑以下一些方法来解决这个问题:
修改下载速度:有些服务器可能会限制下载速度,如果你下载的太快,就会被认为是攻击。你可以尝试使用 –limit-rate 选项来限制下载速度,例如:
修改下载并发数:类似于速度限制,一些服务器也会限制同时进行的下载数。你可以尝试使用 –tries 和 –wait 选项来限制并发下载数,例如:
添加 User-Agent:有些服务器可能会检查 User-Agent,如果 User-Agent 被认为是恶意的,那么你的请求也会被拒绝。你可以尝试使用 –user-agent 选项来设置 User-Agent,例如: wget --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" http://example.com
-
与服务器管理员联系:如果以上方法都不能解决问题,你可以联系服务器管理员,说明你的下载请求是合法的,请求他们放行你的请求。 需要注意的是,不要使用非法的方式下载文件,以免侵犯他人的合法权益,并有可能导致法律纠纷。
比较Go、Python、Rust的关系¶
go、rust、python三种编程语言在语言特性方面有什么区别?各自有什么优势?适用场景有什么区别?
这三种编程语言各有不同的特点和优势,以下是它们的主要区别和适用场景:
Python Python 是一种高级的动态解释型语言,具有简单易学、易读易写的特点。它的语法简单、代码可读性高、支持多种编程范式和丰富的第三方库,适用于各种类型的应用程序开发,尤其擅长数据分析、人工智能和科学计算领域。由于它的开发效率高,常被用于快速原型设计和敏捷开发。
Go Go 是一种开源的编译型语言,由 Google 开发。它的设计目标是为了解决多核、网络、大规模程序开发等问题,具有高效、可靠、简洁等特点。Go 语言在并发编程和网络编程方面表现突出,有着非常高效的 Goroutine 和 Channel 机制,适合于高并发、分布式系统、云计算等领域的开发。
Rust Rust 是一种系统级的编程语言,由 Mozilla 开发。它结合了高效性能、内存安全和并发安全,提供了一个可靠和安全的编程环境。Rust 的主要优势在于其内存安全性和并发性,它具有高效的编译器、丰富的类型系统和高级的模式匹配功能,适用于需要高性能和安全性的系统级编程、网络编程、操作系统和嵌入式开发等领域。
总的来说,Python 适合快速原型设计和敏捷开发,Go 适合高并发、分布式系统和云计算,Rust 适合需要高性能和安全性的系统级编程、网络编程、操作系统和嵌入式开发。选择哪种编程语言取决于具体的应用场景和需求。
计算机安全资源学习¶
我想学习工业界实用的计算机安全领域的知识,请推荐一些网站
以下是一些可以帮助您学习工业界实用的计算机安全领域的知识的网站:
OWASP (开放式网络安全项目):这个网站提供了大量有关网络应用程序安全的资料和工具。您可以在这里找到安全标准、漏洞检测工具、攻击模拟器等等。
NIST (美国国家标准与技术研究所):这个网站为计算机安全和信息技术提供标准和指南。您可以在这里找到有关安全控制、密码学、风险评估等方面的资料。
SANS (安全培训和认证机构):这个网站提供有关各种计算机安全主题的培训和课程。它还提供了一个博客,其中包含各种有关网络安全的文章和提示。
Dark Reading:这是一家在线出版商,提供了有关网络安全的最新新闻、分析和评论。它还提供了各种资源,包括网络安全白皮书、研究报告和演示文稿。
SecurityFocus:这个网站是一个安全新闻聚合站点,收集了来自各种来源的安全新闻和漏洞报告。它还提供了安全论坛、安全工具等。
Reddit:Reddit上有许多与计算机安全相关的社区,如r/netsec、r/hacking、r/AskNetsec等。这些社区可以让您向其他安全专业人员提问,并与他们分享有用的资源和工具。
GitHub:GitHub是一个软件开发平台,也是许多安全工具和脚本的来源。通过搜索GitHub,您可以找到很多有用的工具,如渗透测试工具、漏洞扫描器等等。
希望这些网站能对您有所帮助!
约 386 个字 30 行代码 预计阅读时间 4 分钟
member_address - &(((TYPE *)0)->member);
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog C
C语言¶
约 386 个字 30 行代码 预计阅读时间 4 分钟
根据结构体成员取结构体首地址¶
后半部分看似会解引用0地址而crash,但编译器会优化为直接计算member的offset。参见kernel代码常用的container_of。
动态链接库¶
编译动态链接库本身
使用gcc编译出动态链接库:
编译原项目时指定动态链接库
使用-l指定加载链接库,注意去掉库文件的lib开头和.so结尾。编译时,注意把库放在整个命令的结尾,否则可能提示库函数未定义。
比如gcc main.c -lcapstone
不会报错,gcc -lcapstone main.c
会提示报错。(假设这里main.c调用了capstone的库函数)
如果动态链接库不在默认的系统库中,可以添加-L
来指定动态链接库的保存位置。
运行项目时加载动态链接库
即便编译成功,运行可能报错。搜索顺序为:
- 在编译时添加
-Wl,-rpath=xxx
来指定运行时所需的动态库文件 - 在环境变量
LD_LIBRARY_PATH
指定的目录中搜索 - 在
/etc/ld.so.conf
给出的目录中搜索 - 在默认的搜索路径
/lib
、/lib64
、/usrlib
、/usrlib64
等搜索
赋值¶
初始化数组,可以连续赋值
约 1414 个字 预计阅读时间 5 分钟
优化需要通过大量测试来验证一致性、性能,因为并非所有优化都是正确或必要的。从重构程序执行流的角度来讲,优化并不是灵丹妙药,并在不同语言、不同编译器、不同环境、不同任务中表现出巨大的差异。以下的优化方法均仅供参考。
使用大量if-else的坏处:
使用查表法的好处:
用法:将要判断的各个参数作为表的维度,将判断结果作为表索引后的结果。
稀疏的数据表在存储对齐的情况下会浪费大量空间。与之相比,采用索引表可以降低空间浪费量(仍然会产生浪费)。为了进一步减少索引表空间,可以使用阶梯索引表,根据数据的范围(而不是具体的数据值)进行建索引,比如根据百分制成绩计算绩点,建立相应的data-to-key函数,放在数组中。
考虑到系统函数的精确性,计算速度可能较慢。可以预先手动算出一些数据并建表,计算时直接查表即可,大大提高程序性能。
约 1414 个字 预计阅读时间 5 分钟
优化需要通过大量测试来验证一致性、性能,因为并非所有优化都是正确或必要的。从重构程序执行流的角度来讲,优化并不是灵丹妙药,并在不同语言、不同编译器、不同环境、不同任务中表现出巨大的差异。以下的优化方法均仅供参考。
使用大量if-else的坏处:
使用查表法的好处:
用法:将要判断的各个参数作为表的维度,将判断结果作为表索引后的结果。
稀疏的数据表在存储对齐的情况下会浪费大量空间。与之相比,采用索引表可以降低空间浪费量(仍然会产生浪费)。为了进一步减少索引表空间,可以使用阶梯索引表,根据数据的范围(而不是具体的数据值)进行建索引,比如根据百分制成绩计算绩点,建立相应的data-to-key函数,放在数组中。
考虑到系统函数的精确性,计算速度可能较慢。可以预先手动算出一些数据并建表,计算时直接查表即可,大大提高程序性能。
约 1253 个字 196 行代码 预计阅读时间 24 分钟
可以直接使用==
判断string字符串是否相等、+
来进行字符串拼接。
vector
动态数组可以随机访问,其大小由系统自动管理。
#include<vector>
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog C++
C++¶
约 1253 个字 196 行代码 预计阅读时间 24 分钟
STL与常用数据类型¶
string¶
可以直接使用==
判断string字符串是否相等、+
来进行字符串拼接。
vector动态数组¶
vector
动态数组可以随机访问,其大小由系统自动管理。
#include<vector>
// 声明与初始化
std::vector<int> vec1;
@@ -202,7 +246,7 @@
using Vec = std::vector<T>;
Vec<int> myVec; // 等价于 std::vector<int>
-
C++14新特性¶
C++17新特性¶
C++20新特性¶
约 66 个字 14 行代码 预计阅读时间 2 分钟
go env -w GO111MODULE=on
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog Go
go¶
约 66 个字 14 行代码 预计阅读时间 2 分钟
go环境配置¶
- 从https://go.dev/dl/下载Archive的包,解压缩(比如到~/.local),添加其中的bin目录到PATH路径
- 国内使用时设置代理
创建工程¶
工程保存在xxx/go/src/xxx下,并将GOPATH=xxx/go加到环境变量中
快速入门¶
约 108 个字 预计阅读时间不到 1 分钟
在https://www.oracle.com/java/technologies/downloads/下载对应系统的包。Linux选择Compressed Archive,解压缩以后配置下path;Windows可以用MSI Installer。对应的源码在lib/src.zip中。
核心代码、主要功能在java.base/java目录下,其中包含了io、lang、util等多个关键模块。
Java中常见的数据类型比如Set、Array、
约 108 个字 预计阅读时间不到 1 分钟
在https://www.oracle.com/java/technologies/downloads/下载对应系统的包。Linux选择Compressed Archive,解压缩以后配置下path;Windows可以用MSI Installer。对应的源码在lib/src.zip中。
核心代码、主要功能在java.base/java目录下,其中包含了io、lang、util等多个关键模块。
Java中常见的数据类型比如Set、Array、
约 786 个字 242 行代码 预计阅读时间 27 分钟
obj.__dir__() 或者dir(obj)
根据用户传参而执行不同的功能,又分多个层次。比如pip3命令,可以有pip3 install和pip3 freeze等等,对于每一个子解析又有进一步的参数,比如pip3 install –upgrade, pip3 install –force-reinstall等等。
import argparse
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 编程技巧
Python¶
约 786 个字 242 行代码 预计阅读时间 27 分钟
一些小点¶
- 对字符串去除空白符时,用split()不加参数。注意split(’ ‘)按空格分隔时,如果存在连续的空格,那么结果里会有空字符串’‘。
获取未知对象的所有属性¶
obj.__dir__() 或者dir(obj)
- 解析命令行参数:argparse
- 日志输出:logging
- 处理配置文件:yaml、json
- 进度条输出:tqdm
- python调用C库:ctypes.cdll.LoadLibrary
- 设定计时信号:signal.alarm
参数解析:argparse¶
根据用户传参而执行不同的功能,又分多个层次。比如pip3命令,可以有pip3 install和pip3 freeze等等,对于每一个子解析又有进一步的参数,比如pip3 install –upgrade, pip3 install –force-reinstall等等。
import argparse
def populate_parser(parser):
parser.add_argument('input_file', type=str, help="Path to the file containing the mutated input to load")
@@ -239,7 +283,7 @@
# 输出还原后的data字典
print(restored_data)
# {536879104: b'\x04\x05\x06\x07', 805306368: b'\x00\x01\x02\x03\x04'}
-
参考资料¶
约 179 个字 预计阅读时间 1 分钟
约 179 个字 预计阅读时间 1 分钟
约 311 个字 预计阅读时间 1 分钟
约 311 个字 预计阅读时间 1 分钟
约 21 个字 190 行代码 预计阅读时间 19 分钟
使用Table Generator绘制表格
\documentclass[conference,11pt]{IEEEtran}
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog latex基础
latex基础¶
约 21 个字 190 行代码 预计阅读时间 19 分钟
推荐工具¶
使用Table Generator绘制表格
英文latex¶
约 1043 个字 预计阅读时间 3 分钟
Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)
RR: A Fault Model for Efficient TEE Replication (NDSS 2023)
No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)
FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)
Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer
A Survey on Adversarial Attacks for Malware Analysis
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)
A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)
Structural Attack against Graph Based Android Malware Detection (CCS 2021)
Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)
Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)
P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)
Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)
REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)
Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)
POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis
A Survey on Software Fault Localization (TSE 2016)
约 1043 个字 预计阅读时间 3 分钟
Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)
RR: A Fault Model for Efficient TEE Replication (NDSS 2023)
No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)
FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)
Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer
A Survey on Adversarial Attacks for Malware Analysis
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)
A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)
Structural Attack against Graph Based Android Malware Detection (CCS 2021)
Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)
Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)
P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)
Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)
REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)
Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)
POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis
A Survey on Software Fault Localization (TSE 2016)
约 156 个字 预计阅读时间 1 分钟
约 156 个字 预计阅读时间 1 分钟
约 508 个字 预计阅读时间 2 分钟
时间过得总是非常快的。忙着做一个课题,可能每天感觉不到有什么进展呢,半年一年就过去了。如果有这种想法,多半是没做好规划,像个无头苍蝇一样东闯西撞。
感觉有两个习惯是必须养成的,一是读论文要思考问题与意义:看到题目和摘要,思考这篇文章希望解决什么问题、这个问题有什么价值、解决这个问题有什么思路、会遇到哪些普遍与特殊的挑战,以及文章基于哪些假设并且会试图避而不谈的缺陷;二是每天进行总结与归纳,思考一天到底有什么进展,凝练总结成文字或ppt讲稿。每天光看不总结,等于白看!平时对各种问题就要有所准备与思考,不要别人问起的时候就敷衍地给一个回答,没有意义。
早上写todo list,晚上写done list,看看这一天进展如何。是否有没做完的事情,是否有分心做了别的事情,明天如何规划时间……对自己每天、每周、每月能做的事情有清楚的认识,不盲目自大也不妄自菲薄。
做任何事都要给一个清晰的ddl,督促尽快完成不要拖沓。另一方面是为了限制思考,要集中、快速,不要漫无目的地发散。比如读论文前思考这篇文章需要解决的挑战时,限定在3min之内,超时以后无论是否想到多少都要停下来。也可以有效避免分心。
科研写作需要系统的训练。每天愉快地读、写一小时,长期坚持,叫做“read and write”。
写文章要弄清楚读者都是同专业的人,因此要体现出专业性与科学性、精确性、简洁性、逻辑性。
约 508 个字 预计阅读时间 2 分钟
时间过得总是非常快的。忙着做一个课题,可能每天感觉不到有什么进展呢,半年一年就过去了。如果有这种想法,多半是没做好规划,像个无头苍蝇一样东闯西撞。
感觉有两个习惯是必须养成的,一是读论文要思考问题与意义:看到题目和摘要,思考这篇文章希望解决什么问题、这个问题有什么价值、解决这个问题有什么思路、会遇到哪些普遍与特殊的挑战,以及文章基于哪些假设并且会试图避而不谈的缺陷;二是每天进行总结与归纳,思考一天到底有什么进展,凝练总结成文字或ppt讲稿。每天光看不总结,等于白看!平时对各种问题就要有所准备与思考,不要别人问起的时候就敷衍地给一个回答,没有意义。
早上写todo list,晚上写done list,看看这一天进展如何。是否有没做完的事情,是否有分心做了别的事情,明天如何规划时间……对自己每天、每周、每月能做的事情有清楚的认识,不盲目自大也不妄自菲薄。
做任何事都要给一个清晰的ddl,督促尽快完成不要拖沓。另一方面是为了限制思考,要集中、快速,不要漫无目的地发散。比如读论文前思考这篇文章需要解决的挑战时,限定在3min之内,超时以后无论是否想到多少都要停下来。也可以有效避免分心。
科研写作需要系统的训练。每天愉快地读、写一小时,长期坚持,叫做“read and write”。
写文章要弄清楚读者都是同专业的人,因此要体现出专业性与科学性、精确性、简洁性、逻辑性。
约 468 个字 预计阅读时间 2 分钟
提出本文工作:
介绍某一流程在整体系统中的作用:
说明某一步骤并非简单的:
凝练本文实验效果:
提出本文novelty:
提出本文insight:
准备开始介绍技术细节:
说目前的工作研究的主要内容受限、别的方法存在问题:
一些工作细节:
约 468 个字 预计阅读时间 2 分钟
提出本文工作:
介绍某一流程在整体系统中的作用:
说明某一步骤并非简单的:
凝练本文实验效果:
提出本文novelty:
提出本文insight:
准备开始介绍技术细节:
说目前的工作研究的主要内容受限、别的方法存在问题:
一些工作细节:
约 943 个字 预计阅读时间 3 分钟
约 943 个字 预计阅读时间 3 分钟
约 1699 个字 2 行代码 预计阅读时间 6 分钟
覆盖率指引的模糊测试方法获得覆盖率的四种追踪方式1:
侵入式与非侵入式追踪2:
Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.
The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.
Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.
Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.
Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.
网络协议的特点是一般有明确的状态信息,相同的input在不同的状态可能得到不同的output。针对网络协议的模糊测试一般具有stateful的特点。这类模糊测试有几个难点: 1. 生成格式正确的信息,满足对特定状态的fuzz 2. 扩展到不同的协议中 3. 测试样例有效性,需要通过格式校验比如长度、协议认证、校验和等
首次提出针对有状态协议的灰盒模糊测试。AFLNET从响应信息中提取响应码来表示状态信息,并用响应码序列来推断协议实现的状态模型,并进一步使用这一模型来指导fuzz。
一些不足: 1. 状态表示能力:AFLNET要求响应信息中包含状态码,这并不是协议必须实现的。而且状态码表示能力有限,且可能产生冗余状态。 2. 测试效率:没有明确的信号反映待测程序是否处理完消息,因此设置固定的计时器来控制消息发送,时间窗口可能过小或过大。
使用程序内存状态来表示服务状态,通过对被测程序插桩来收集状态信息并推测状态模型。在每一轮网络交互中,STATEAFL将程序变量值转储给分析队列,并进行post-execution的分析,来更新状态模型。
一些不足: 1. 面对和AFLNET相同的测试效率问题,而且因为后执行分析,产生额外的开销,会降低测试吞吐量。
使用基于变量的状态表示方法推断状态模型来指导模糊测试,使用基于网络事件循环的同步机制来提高吞吐量。
启发式的变量判断方法:静态分析中只在事件循环代码中分辨状态变量,且关注被读与写、被赋予枚举类型的数据或是数据结构体里的整型成员。
表示状态的方法:使用两条语句维护shared_state数组,当状态变量值被更新时同步更新shared_state;当fuzzer在通信管道收到消息处理结果时,对这个数组进行hash,作为当前程序所处的state。
shared_state[hash(var_id) ^ cur_store_val] = 1;
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 模糊测试
模糊测试基本介绍¶
约 1699 个字 2 行代码 预计阅读时间 6 分钟
覆盖率指引的模糊测试方法获得覆盖率的四种追踪方式1:
- 使用编译器向基本块边缘插桩,可以准确地插桩并易于优化,但需要源码已知。
- 静态二进制重写,不需要源码,仍在研究,因为静态代码插桩准确性难以保证,并且优化能力有限。这些限制条件会影响代码率信息的质量与准确性,以及二进制重写的表现。
- 动态二进制插桩,不需要源码,可以容易、准确插入代码,但是动态翻译二进制的开销可能大到不能接受。
- 硬件辅助追踪,不需要源码,利用内置的硬件追踪扩展,在运行时直接获取控制执行流信息。
侵入式与非侵入式追踪2:
Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.
The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.
Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.
Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.
Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.
针对网络协议的模糊测试¶
网络协议的特点是一般有明确的状态信息,相同的input在不同的状态可能得到不同的output。针对网络协议的模糊测试一般具有stateful的特点。这类模糊测试有几个难点: 1. 生成格式正确的信息,满足对特定状态的fuzz 2. 扩展到不同的协议中 3. 测试样例有效性,需要通过格式校验比如长度、协议认证、校验和等
AFLNET¶
首次提出针对有状态协议的灰盒模糊测试。AFLNET从响应信息中提取响应码来表示状态信息,并用响应码序列来推断协议实现的状态模型,并进一步使用这一模型来指导fuzz。
一些不足: 1. 状态表示能力:AFLNET要求响应信息中包含状态码,这并不是协议必须实现的。而且状态码表示能力有限,且可能产生冗余状态。 2. 测试效率:没有明确的信号反映待测程序是否处理完消息,因此设置固定的计时器来控制消息发送,时间窗口可能过小或过大。
STATEAFL¶
使用程序内存状态来表示服务状态,通过对被测程序插桩来收集状态信息并推测状态模型。在每一轮网络交互中,STATEAFL将程序变量值转储给分析队列,并进行post-execution的分析,来更新状态模型。
一些不足: 1. 面对和AFLNET相同的测试效率问题,而且因为后执行分析,产生额外的开销,会降低测试吞吐量。
NSFuzz¶
使用基于变量的状态表示方法推断状态模型来指导模糊测试,使用基于网络事件循环的同步机制来提高吞吐量。
启发式的变量判断方法:静态分析中只在事件循环代码中分辨状态变量,且关注被读与写、被赋予枚举类型的数据或是数据结构体里的整型成员。
表示状态的方法:使用两条语句维护shared_state数组,当状态变量值被更新时同步更新shared_state;当fuzzer在通信管道收到消息处理结果时,对这个数组进行hash,作为当前程序所处的state。
IoTHunter¶
提出多阶段信息生成方法来对IoT固件中的有状态网络协议进行fuzz。分为对已知状态的模糊测试与未知状态的探索。基于整数变异的方法改变包类型,并对包格式(比如长度、校验和)做检查等。
数据流指导的模糊测试¶
控制流指导的模糊测试侧重程序操作的执行顺序(比如分支与循环),数据流指导的模糊测试侧重变量如何定义与使用。变量的定义与使用位置可以不存在控制上的依赖关系。在模糊测试中,数据流主要使用动态污点分析(DTA)技术,即将目标程序的输入数据在定义处视为污点,并在运行时追踪它是如何被访问与使用的。
在实践中,难以做到准确的DTA,开销会很大。并且部分真实程序无法在应用DTA技术的情况下成功编译。因此大部分灰盒模糊测试不使用DTA,以期获得更高的吞吐量。
有一些轻量级的DTA代替方案(比如REDQUEUE、GREYONE),而基于控制流与数据流的模糊测试器的覆盖率指标还没有被完全探索。
DATAFLOW¶
在程序执行时并行使用数据流分析来指导模糊测试,使用不精确的推断来降低开销并提高吞吐量。对数据流有效性进行了简单的评估,认为对大部分测试目标而言,数据流并不比控制流优越,但是在部分特定场景(比如控制流和语义解耦,如parser)下,数据流可能会有用。
约 164 个字 2 行代码 预计阅读时间 1 分钟
下载源码,可以从清华源pull一个:git clone https://mirrors.tuna.tsinghua.edu.cn/git/linux.git
。随后编译源码,参考CSDN教程。核心逻辑是下载好必要的依赖包(比如apt install build-essential flex bison libssl-dev libelf-dev
)之后,在根目录运行make menuconfig
,然后Exit保存文件,最后直接多线程编译make -j8
。
随后是漫长的编译过程。以Linux 6.12-rc6为例可能出现的报错:
证书问题:
make[3]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog linux内核编译
linux内核学习¶
约 164 个字 2 行代码 预计阅读时间 1 分钟
编译¶
下载源码,可以从清华源pull一个:git clone https://mirrors.tuna.tsinghua.edu.cn/git/linux.git
。随后编译源码,参考CSDN教程。核心逻辑是下载好必要的依赖包(比如apt install build-essential flex bison libssl-dev libelf-dev
)之后,在根目录运行make menuconfig
,然后Exit保存文件,最后直接多线程编译make -j8
。
随后是漫长的编译过程。以Linux 6.12-rc6为例可能出现的报错:
证书问题:
make[3]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
make[2]: *** [scripts/Makefile.build:478: certs] Error 2
make[2]: *** Waiting for unfinished jobs....
参考StackOverflow上的解答,可以修改conf文件,也可以简单地运行 重新make后一路回车。
约 2291 个字 预计阅读时间 8 分钟
什么是根因分析? 根因分析(Root Cause Analysis)或者说缺陷定位(Fault Localization)是程序开发人员或安全分析人员在确认程序存在异常行为后,通过手动或自动的方法来定位异常行为的根本原因的过程。根因分析是程序安全分析流程中比较重要的一环。
为什么需要设计一些根因分析方法? 在当下各类自动化漏洞挖掘工具(比如各类fuzzer)的辅助下,每日发现的bug数量已经远超开发人员确认并修复的数量。设计一种自动化发现漏洞的工具并不难,难在如何根据这些工具报出的crash信息来准确地分析出漏洞的根本原因。对于大型程序而言,崩溃测试样例(crashing testcase)执行下来可能经历了几百万条汇编指令,手工确认稍微有点不现实了。因此需要设计一些(自动化)的根因分析工具。
怎么进行根因分析?目前有哪些工作? 最朴素而直观的思想就是消耗安全分析人员的精力,从程序的入口点(entry)或者崩溃点(crash site)出发,看看程序是怎么执行的,哪些元素(program entity)会导致最后的crash,然后再进行对应的修复。根据定位元素的粒度不同,根因分析可以定位到函数级(function level)、语句级(statement level)、汇编指令级(instruction level)。由于在汇编指令上进行分析可以更普适地适应多种编程语言、不需要获取源码,所以下文的讨论都是围绕汇编指令级展开。
目前一些自动化根因分析研究思路有:
这些研究思路都解决了什么问题?有什么独特的优点?存在哪些独有的不足? 基于程序谱的分析方法直观上似乎有点道理。它仅考虑汇编指令本身,而但仅仅从统计结果上去分析,可能并不能准确分析出逻辑上的root cause。这类方法一般会设计一种排名策略(ranking),对选择出的可疑指令进行top1-topn的排名,来试图提高准确性。这类方法一般需要根据一个崩溃样例以及和它相似的崩溃样例和非崩溃样例进行分析,因此时空开销都比较大。
事后分析方法相比程序谱分析方法考虑了指令语义,比如在逆向执行的时候会设计一些汇编指令handler,对于内存的分析也会更精确些。但污点分析方法毕竟存在过度污染(over-tainting)的问题,导致结果冗余比较严重。
基于模型的分析方法利用AI的优势,可以给出更有语义信息的root cause,在一定程度上帮助开发人员去分析。不过模型的训练依赖训练集的质量,并且受程序语义影响很大。在不同领域之间可能迁移性不是很好,比如没法处理一些特定的密码学函数。且为待测程序建立模型来描述其结构与行为是非常复杂、耗时的事情
现有的这些方法有没有什么普遍存在的问题? 在最后评估阶段(evaluation),一般先通过手工分析确定哪些汇编指令,如果方法输出的汇编指令集合里包含这些指令,那么就认为是发现了root cause。但自动化方法毕竟缺少人工参与,给出的结果一定是不准确的。现有的工作的一个主流思想在于“方法给出的集合可以包含无关指令,但不能缺少相关指令”,旨在提高召回率(recall)。因此往往给出与root cause不相关的指令。但实际上,在最后的修复端,如果给出不相关指令过多,那么仍然需要开发者去分析,依旧耗时耗力。
据ISSTA 2016一篇调研(Practitioners’ expectations on automated fault localization),9.43%希望root cause在分析结果的Top1,73.58%容许在Top5,15.09%容许在Top10。所以约98%的情况下需要在Top10内给出结果。就分析准确度与开发人员满意度而言,如果RCA工具准确度达90%,满意度几乎达到100%了。准确度低于20%时只有12%接受,如果满意度达50%、75%、90%,准确度需要分别达到50%、75%、85%(但是原文说90%)。
目前的绝大部分RCA分析的工作的输出是两类:ranked list和suspicious set。但两者都存在的问题是仅仅高亮了可能存在bug的元素,而缺乏一些rational的分析。
基于文件粒度的RCA工作(比如Scaffle)希望找到包含百万级同质代码库中哪些文件和crash有关。在此基础上让对应的工程师团队去处理bug,有利于大型组织管理。
据ISSTA 2016一篇调研(Practitioners’ expectations on automated fault localization),开发者对粒度的top3期望依次是方法级别、语句级别、基本块级别,不过对这三种粒度的倾向之间没有明显差异。而当时比较多的方法是语句级别的
根据采用的策略不同,RCA之间的时间开销差异可能达两个数量级。(秒级-分钟级-小时级)。
据ISSTA 2016一篇调研(Practitioners’ expectations on automated fault localization),90%开发者接受1min以内的分析,不到9%开发者接受超过1h的分析。50%开发者大概在30min以内。
以上内容仅代表个人观点,不定期更新,欢迎讨论
约 2291 个字 预计阅读时间 8 分钟
什么是根因分析? 根因分析(Root Cause Analysis)或者说缺陷定位(Fault Localization)是程序开发人员或安全分析人员在确认程序存在异常行为后,通过手动或自动的方法来定位异常行为的根本原因的过程。根因分析是程序安全分析流程中比较重要的一环。
为什么需要设计一些根因分析方法? 在当下各类自动化漏洞挖掘工具(比如各类fuzzer)的辅助下,每日发现的bug数量已经远超开发人员确认并修复的数量。设计一种自动化发现漏洞的工具并不难,难在如何根据这些工具报出的crash信息来准确地分析出漏洞的根本原因。对于大型程序而言,崩溃测试样例(crashing testcase)执行下来可能经历了几百万条汇编指令,手工确认稍微有点不现实了。因此需要设计一些(自动化)的根因分析工具。
怎么进行根因分析?目前有哪些工作? 最朴素而直观的思想就是消耗安全分析人员的精力,从程序的入口点(entry)或者崩溃点(crash site)出发,看看程序是怎么执行的,哪些元素(program entity)会导致最后的crash,然后再进行对应的修复。根据定位元素的粒度不同,根因分析可以定位到函数级(function level)、语句级(statement level)、汇编指令级(instruction level)。由于在汇编指令上进行分析可以更普适地适应多种编程语言、不需要获取源码,所以下文的讨论都是围绕汇编指令级展开。
目前一些自动化根因分析研究思路有:
这些研究思路都解决了什么问题?有什么独特的优点?存在哪些独有的不足? 基于程序谱的分析方法直观上似乎有点道理。它仅考虑汇编指令本身,而但仅仅从统计结果上去分析,可能并不能准确分析出逻辑上的root cause。这类方法一般会设计一种排名策略(ranking),对选择出的可疑指令进行top1-topn的排名,来试图提高准确性。这类方法一般需要根据一个崩溃样例以及和它相似的崩溃样例和非崩溃样例进行分析,因此时空开销都比较大。
事后分析方法相比程序谱分析方法考虑了指令语义,比如在逆向执行的时候会设计一些汇编指令handler,对于内存的分析也会更精确些。但污点分析方法毕竟存在过度污染(over-tainting)的问题,导致结果冗余比较严重。
基于模型的分析方法利用AI的优势,可以给出更有语义信息的root cause,在一定程度上帮助开发人员去分析。不过模型的训练依赖训练集的质量,并且受程序语义影响很大。在不同领域之间可能迁移性不是很好,比如没法处理一些特定的密码学函数。且为待测程序建立模型来描述其结构与行为是非常复杂、耗时的事情
现有的这些方法有没有什么普遍存在的问题? 在最后评估阶段(evaluation),一般先通过手工分析确定哪些汇编指令,如果方法输出的汇编指令集合里包含这些指令,那么就认为是发现了root cause。但自动化方法毕竟缺少人工参与,给出的结果一定是不准确的。现有的工作的一个主流思想在于“方法给出的集合可以包含无关指令,但不能缺少相关指令”,旨在提高召回率(recall)。因此往往给出与root cause不相关的指令。但实际上,在最后的修复端,如果给出不相关指令过多,那么仍然需要开发者去分析,依旧耗时耗力。
据ISSTA 2016一篇调研(Practitioners’ expectations on automated fault localization),9.43%希望root cause在分析结果的Top1,73.58%容许在Top5,15.09%容许在Top10。所以约98%的情况下需要在Top10内给出结果。就分析准确度与开发人员满意度而言,如果RCA工具准确度达90%,满意度几乎达到100%了。准确度低于20%时只有12%接受,如果满意度达50%、75%、90%,准确度需要分别达到50%、75%、85%(但是原文说90%)。
目前的绝大部分RCA分析的工作的输出是两类:ranked list和suspicious set。但两者都存在的问题是仅仅高亮了可能存在bug的元素,而缺乏一些rational的分析。
基于文件粒度的RCA工作(比如Scaffle)希望找到包含百万级同质代码库中哪些文件和crash有关。在此基础上让对应的工程师团队去处理bug,有利于大型组织管理。
据ISSTA 2016一篇调研(Practitioners’ expectations on automated fault localization),开发者对粒度的top3期望依次是方法级别、语句级别、基本块级别,不过对这三种粒度的倾向之间没有明显差异。而当时比较多的方法是语句级别的
根据采用的策略不同,RCA之间的时间开销差异可能达两个数量级。(秒级-分钟级-小时级)。
据ISSTA 2016一篇调研(Practitioners’ expectations on automated fault localization),90%开发者接受1min以内的分析,不到9%开发者接受超过1h的分析。50%开发者大概在30min以内。
以上内容仅代表个人观点,不定期更新,欢迎讨论
\u7ea6 100 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
\u81f4\u8f9e
\u535a\u5ba2\u603b\u89c8
\u63a8\u8350\u9605\u8bfb
\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/","title":"Index","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
he!
"},{"location":"algorithm-and-data-structure/algorithm/branch-and-bound-algo/","title":"\u5206\u652f\u5b9a\u754c\u7b97\u6cd5","text":"\u7ea6 6 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/dynamic-algo/","title":"\u52a8\u6001\u89c4\u5212\u7b97\u6cd5","text":"\u7ea6 6 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/graph-algo/","title":"\u56fe\u7b97\u6cd5","text":"\u7ea6 3 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/greedy-algo/","title":"\u8d2a\u5fc3\u7b97\u6cd5","text":"\u7ea6 4 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/array/","title":"\u6570\u7ec4","text":"\u7ea6 2 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/graph/","title":"\u56fe","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/linkedlist/","title":"\u94fe\u8868","text":"\u7ea6 2 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/queue/","title":"\u961f\u5217","text":"\u7ea6 2 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/stack/","title":"\u6808","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/tree/","title":"\u6811","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"misc-notes/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"misc-notes/environments/envs/","title":"\u73af\u5883\u914d\u7f6e","text":"\u7ea6 593 \u4e2a\u5b57 49 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 7 \u5206\u949f
\u7ecf\u5e38\u9047\u5230\u65b0\u7cfb\u7edf\u5feb\u901f\u914d\u7f6e\u7684\u73af\u5883\uff08wsl\u3001\u65b0\u670d\u52a1\u5668\uff09\uff0c\u7279\u6b64\u603b\u7ed3\u4e00\u4e0b
"},{"location":"misc-notes/environments/envs/#ubuntu\u66f4\u65b0\u57fa\u672c\u73af\u5883","title":"Ubuntu\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"sudo apt update\nsudo apt install curl build-essential gcc make -y\n
"},{"location":"misc-notes/environments/envs/#\u5b89\u88c5docker","title":"\u5b89\u88c5docker","text":"\u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef
\u4e5f\u53ef\u4ee5\u6309curl -fsSL https://get.docker.com -o get-docker.sh
\u3001sudo sh get-docker.sh
\u6765\u5b89\u88c5\u3002
curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n
rustup update\n
\u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)
[source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
"},{"location":"misc-notes/environments/envs/#\u8bbe\u7f6egolang\u4ee3\u7406","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"go env -w GOPROXY=https://goproxy.cn\n
"},{"location":"misc-notes/environments/envs/#\u5b89\u88c5ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"sudo apt install zsh\n
curl\u548cwget\u4e8c\u9009\u4e00
sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
\u4e2a\u4eba\u89c9\u5f97jonathan\u7684\u4e3b\u9898\u6bd4\u8f83\u597d\u770b\uff0c\u53ef\u4ee5\u914d\u7f6e\u4e0b~/.zshrc\u7684ZSH_THEME\u3002
"},{"location":"misc-notes/environments/envs/#git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"\u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3
git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
"},{"location":"misc-notes/environments/envs/#perf-\u5b89\u88c5ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"sudo apt-get install linux-tools-`uname -r`\n
"},{"location":"misc-notes/environments/envs/#\u9009\u62e9ssh\u5bc6\u94a5","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"\u4f1a\u5728\u5f53\u524dterminal\u521b\u5efa\u4e00\u4e2aagent\uff0c\u540e\u7eed\u9ed8\u8ba4\u4f7f\u7528\u8fd9\u4e2aagent\u8fdb\u884cssh\u64cd\u4f5c\u3002\u5bf9\u4e8e\u6709\u5bc6\u7801\u7684\u79c1\u94a5\u6216\u8005\u81ea\u5b9a\u4e49\u547d\u540d\u79c1\u94a5\u6765\u8bf4\u6bd4\u8f83\u597d\u7528\u3002
evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
"},{"location":"misc-notes/environments/envs/#windows\u4e0b\u5b89\u88c5make","title":"Windows\u4e0b\u5b89\u88c5make","text":"\u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make
wsl -l --all -v
wsl --shutdown <\u955c\u50cf\u540d>
wsl --export <\u955c\u50cf\u540d> <\u5907\u4efd\u4fdd\u5b58\u4f4d\u7f6e.tar>
wsl --unregister <\u955c\u50cf\u540d>
wsl --import <\u955c\u50cf\u540d> <\u5bfc\u51fa\u8def\u5f84> <\u5907\u4efd\u4fdd\u5b58\u4f4d\u7f6e.tar> --version 2
\u4e0b\u8f7dhttps://nodejs.org/en/download/
npm\u8bbe\u7f6e\u56fd\u5185\u6e90\uff1a npm config set registry=\"http://r.cnpmjs.org\"
\u5728\u8981\u4fdd\u5b58\u9879\u76ee\u76ee\u5f55\u7684\u76ee\u5f55\u91cc\uff0c\u8fd0\u884cnpm create vue@latest
\uff0c\u968f\u540e\u4f1a\u5f15\u5bfc\u521b\u5efa\u9879\u76ee\u540d\u7b49\u3002\u8fdb\u5165\u9879\u76ee\u540e\uff0c\u5148npm install
\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528npm run dev
\u548cnpm run build
\u6765\u751f\u6210\u7f51\u7ad9\u3002
\u4f7f\u7528docker pull nginx
\u76f4\u63a5\u62c9\u53d6\u65b0\u7684nginx\u955c\u50cf\uff0c\u7136\u540edocker run -itd --name=<\u5bb9\u5668\u540d\u5b57> -p 4000:80 -v /vue\u9879\u76ee\u8def\u5f84/dist:/usr/share/nginx/html nginx
\u6765\u76f4\u63a5\u63d0\u4f9b\u7f51\u7ad9\u670d\u52a1\u3002\u6ce8\u610f\u8fd9\u91cc\u662f\u5c06\u4e3b\u673a4000\u7aef\u53e3\u6620\u5c04\u523080\u7aef\u53e3\uff0c\u540c\u65f6\u5c06npm run build
\u751f\u6210\u7684\u7f51\u7ad9\u6302\u8f7d\u5230nginx\u7684\u9ed8\u8ba4\u7ad9\u70b9\u76ee\u5f55\u4e2d\uff08nginx\u7248\u672c1.25\uff09\u3002
\u53ef\u4ee5\u5728\u5916\u90e8\u8bbf\u95ee\u4e00\u4e0b\uff0c\u5982\u679c\u770b\u5230\u7684\u7f51\u7ad9\u662fnginx\u9ed8\u8ba4\u9875\u9762\uff0c\u53ef\u4ee5docker exec\u5230nginx\u5bb9\u5668\u91cc\u68c0\u67e5\u4e0b/etc/nginx/conf.d/default.conf
\uff08\u6216\u76f8\u4f3c\u7684\u5176\u4ed6conf\u8def\u5f84\uff0c\u6839\u636enginx\u7248\u672c\u6709\u6240\u533a\u522b\uff09\uff0c\u770b\u770broot\u5230\u5e95\u662f\u7528\u54ea\u4e2a\u76ee\u5f55\u4f5c\u4e3a\u7ad9\u70b9\u7684\u3002
\u6709\u65f6\u5019\u9700\u8981\u7528ssh\u7684X11 Forward\u529f\u80fd\uff0c\u8fde\u63a5\u670d\u52a1\u5668\u4e0a\u7684\u6d4f\u89c8\u5668\u3002
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -\n\necho 'deb http://dl.google.com/linux/chrome/deb/ stable main' >> /etc/apt/sources.list\nsudo apt-get update \nsudo apt-get install google-chrome-stable\n
\u5b89\u88c5\u597d\u540e\uff0c\u7528\u975eroot\u7528\u6237\uff0cssh -X\u8fde\u63a5\u670d\u52a1\u5668\uff0c\u518d\u8fd0\u884cchrome-google\u5373\u53ef\u6253\u5f00\u6d4f\u89c8\u5668\u3002
"},{"location":"misc-notes/environments/envs/#\u5b89\u88c5\u7b80\u4e2d\u5b57\u4f53","title":"\u5b89\u88c5\u7b80\u4e2d\u5b57\u4f53","text":"apt install ttf-wqy-zenhei\napt install fonts-wqy-microhei # \u5b89\u88c5\u4e00\u4e2a\u5c31\u884c\nfc-cache # \u5237\u65b0\u7f13\u5b58\nfc-list # \u68c0\u67e5\u5217\u8868\n
"},{"location":"misc-notes/environments/envs/#\u53c2\u8003\u6587\u7ae0","title":"\u53c2\u8003\u6587\u7ae0","text":"\u7ea6 1216 \u4e2a\u5b57 14 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 5 \u5206\u949f
"},{"location":"misc-notes/environments/linux-server/#\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"sudo ls -lah /proc/<pid>\n
\u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f"},{"location":"misc-notes/environments/linux-server/#\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","title":"\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"# \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u4e0d\u5e26echo\u81ea\u52a8\u52a0\u7684\u6362\u884c\necho -en '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program \n
"},{"location":"misc-notes/environments/linux-server/#\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"\u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5
lspci | grep VGA\n
\u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09
nvidia-smi\n
"},{"location":"misc-notes/environments/linux-server/#\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
"},{"location":"misc-notes/environments/linux-server/#\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
"},{"location":"misc-notes/environments/linux-server/#\u4fee\u6539dns","title":"\u4fee\u6539DNS","text":"\u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf
\u9632\u6b62\u4fee\u6539\u3002
systemctl status xxx
\u68c0\u67e5\u67d0\u4e9b\u670d\u52a1\u8fd0\u884c\u72b6\u6001\uff0c\u53ef\u4ee5ls -lah /etc/systemd/system
\u3001ls -lah /lib/systemd/system
\u67e5\u8be2\u6709\u54ea\u4e9b\u670d\u52a1\u3002\u8b66\u60d5\u5947\u602a\u7684\u6570\u5b57service\uff0c\u53ef\u80fd\u662f\u75c5\u6bd2\u3002
\u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1\u65f6\uff0c\u521b\u5efa/etc/systemd/system/xxx.service
\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u5185\u5bb9\uff0c\u6bd4\u5982\u4e0b\u9762\u7684socat.service\uff1a
[Unit]\nDescription=port forward 4320\n# \u542f\u52a8\u987a\u5e8f\uff08\u591a\u4e2a\u670d\u52a1\u4e2d\u95f4\u7528\u7a7a\u683c\u9694\u5f00\uff09\nAfter=network.target[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u540e\u542f\u52a8]\nBefore=[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u524d\u542f\u52a8]\n\n# \u4f9d\u8d56\u5173\u7cfb\nWants=[\u5f31\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\u4e0d\u5f71\u54cd\u5f53\u524d\u670d\u52a1]\nRequires=[\u5f3a\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\uff0c\u5f53\u524d\u670d\u52a1\u5fc5\u987b\u9000\u51fa]\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\nExecReload=[\u91cd\u542f\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStop=[\u505c\u6b62\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPre=[\u542f\u52a8\u670d\u52a1\u4e4b\u524d\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPost=[\u542f\u52a8\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\nExecStopPost=[\u505c\u6b62\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\n\n# \u542f\u52a8\u7c7b\u578b\n# simple\uff08\u9ed8\u8ba4\u503c\uff09\uff1aExecStart\u5b57\u6bb5\u542f\u52a8\u7684\u8fdb\u7a0b\u4e3a\u4e3b\u8fdb\u7a0b\n# forking\uff1aExecStart\u5b57\u6bb5\u5c06\u4ee5fork()\u65b9\u5f0f\u542f\u52a8\uff0c\u6b64\u65f6\u7236\u8fdb\u7a0b\u5c06\u4f1a\u9000\u51fa\uff0c\u5b50\u8fdb\u7a0b\u5c06\u6210\u4e3a\u4e3b\u8fdb\u7a0b\n# oneshot\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u53ea\u6267\u884c\u4e00\u6b21\uff0cSystemd \u4f1a\u7b49\u5b83\u6267\u884c\u5b8c\uff0c\u624d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# dbus\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u4f1a\u7b49\u5f85 D-Bus \u4fe1\u53f7\u540e\u542f\u52a8\n# notify\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u542f\u52a8\u7ed3\u675f\u540e\u4f1a\u53d1\u51fa\u901a\u77e5\u4fe1\u53f7\uff0c\u7136\u540e Systemd \u518d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# idle\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u662f\u8981\u7b49\u5230\u5176\u4ed6\u4efb\u52a1\u90fd\u6267\u884c\u5b8c\uff0c\u624d\u4f1a\u542f\u52a8\u8be5\u670d\u52a1\u3002\u4e00\u79cd\u4f7f\u7528\u573a\u5408\u662f\u4e3a\u8ba9\u8be5\u670d\u52a1\u7684\u8f93\u51fa\uff0c\u4e0d\u4e0e\u5176\u4ed6\u670d\u52a1\u7684\u8f93\u51fa\u76f8\u6df7\u5408\nType=[\u542f\u52a8\u7c7b\u578b]\n\n# \u5982\u4f55\u505c\u6b62\u670d\u52a1\n# control-group\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u5f53\u524d\u63a7\u5236\u7ec4\u91cc\u9762\u7684\u6240\u6709\u5b50\u8fdb\u7a0b\uff0c\u90fd\u4f1a\u88ab\u6740\u6389\n# process\uff1a\u53ea\u6740\u4e3b\u8fdb\u7a0b\n# mixed\uff1a\u4e3b\u8fdb\u7a0b\u5c06\u6536\u5230 SIGTERM \u4fe1\u53f7\uff0c\u5b50\u8fdb\u7a0b\u6536\u5230 SIGKILL \u4fe1\u53f7\n# none\uff1a\u6ca1\u6709\u8fdb\u7a0b\u4f1a\u88ab\u6740\u6389\uff0c\u53ea\u662f\u6267\u884c\u670d\u52a1\u7684 stop \u547d\u4ee4\u3002\nKillMode=[\u5982\u4f55\u505c\u6b62\u670d\u52a1]\n\n# \u91cd\u542f\u65b9\u5f0f\n# no\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u9000\u51fa\u540e\u4e0d\u4f1a\u91cd\u542f\n# on-success\uff1a\u53ea\u6709\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u4e3a0\uff09\uff0c\u624d\u4f1a\u91cd\u542f\n# on-failure\uff1a\u975e\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u975e0\uff09\uff0c\u5305\u62ec\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abnormal\uff1a\u53ea\u6709\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abort\uff1a\u53ea\u6709\u5728\u6536\u5230\u6ca1\u6709\u6355\u6349\u5230\u7684\u4fe1\u53f7\u7ec8\u6b62\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-watchdog\uff1a\u8d85\u65f6\u9000\u51fa\uff0c\u624d\u4f1a\u91cd\u542f\n# always\uff1a\u4e0d\u7ba1\u662f\u4ec0\u4e48\u9000\u51fa\u539f\u56e0\uff0c\u603b\u662f\u91cd\u542f\nRestart=[\u670d\u52a1\u9000\u51fa\u540e\uff0cSystemd \u7684\u91cd\u542f\u65b9\u5f0f]\n\nRestartSec=[\u8868\u793a Systemd \u91cd\u542f\u670d\u52a1\u4e4b\u524d\uff0c\u9700\u8981\u7b49\u5f85\u7684\u79d2\u6570]\n\n[Install]\nWantedBy=multi-user.target\n# \u6267\u884c sytemctl enable **.service\u547d\u4ee4\u65f6\uff0c**.service\u7684\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\uff0c\u5c31\u4f1a\u653e\u5728/etc/systemd/system/multi-user.target.wants\u5b50\u76ee\u5f55\u4e2d\n# \u6267\u884csystemctl get-default\u547d\u4ee4\uff0c\u83b7\u53d6\u9ed8\u8ba4\u542f\u52a8Target\n# multi-user.target\u7ec4\u4e2d\u7684\u670d\u52a1\u90fd\u5c06\u5f00\u673a\u542f\u52a8\n# \u5e38\u7528Target\uff0c1. multi-user.target-\u591a\u7528\u6237\u547d\u4ee4\u884c\uff1b2. graphical.target-\u56fe\u5f62\u754c\u9762\u6a21\u5f0f\nWantedBy=[\u8868\u793a\u8be5\u670d\u52a1\u6240\u5728\u7684Target]\n
systemctl start **
systemctl stop **
systemctl restart **
systemctl status **
systemctl enable **
enable\u547d\u4ee4\u76f8\u5f53\u4e8e\u5728\u76ee\u5f55\u91cc\u6dfb\u52a0\u4e86\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\u3002\u5f00\u673a\u65f6\uff0cSystemd\u4f1a\u6267\u884c/etc/systemd/system/\u76ee\u5f55\u91cc\u9762\u7684\u914d\u7f6e\u6587\u4ef6systemctl kill **
systemctl cat **
systemctl list-dependencies multi-user.target
systemctl isolate graphical.target
systemctl daemon-reload
\u5b9a\u65f6\u7a0b\u5e8f\u6267\u884c\u5931\u8d25\u7684\u539f\u56e0\u662f\u591a\u6837\u7684\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b9a\u65f6\u670d\u52a1\u6ca1\u542f\u52a8\uff0c\u9700\u8981systemctl restart cron.service
\uff0c\u6216\u8005\u662fcron\u670d\u52a1\u574f\u6389\u4e86\uff0c\u5148apt install cron --reinstall
\u5f3a\u5236\u91cd\u65b0\u5b89\u88c5\u4e0b\uff0c\u518d\u91cd\u542f\u670d\u52a1\uff0c\u6216\u8005\u662f\u5b89\u88c5\u4e86\u522b\u7684\u4f9d\u8d56\u5e93\u4f46\u662f\u6ca1\u6709\u91cd\u542fcron\u5bfc\u81f4\u8fd0\u884c\u5931\u8d25\uff0c\u8bd5\u8bd5/etc/init.d/cron restart
\u3002
https://www.baeldung.com/linux/list-open-file-descriptors
Linux\u9ed8\u8ba4\u6700\u591a\u540c\u65f6\u6253\u5f001024\u4e2a\u6587\u4ef6\uff0c\u53ef\u4ee5\u901a\u8fc7ulimit -n
\u67e5\u770b\u3002fuzzing\u7b49\u8981\u6ce8\u610f\u5173\u95ed\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5426\u5219\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u6545\u969c\uff08\u6bd4\u5982ssh\u8fde\u4e0d\u4e0a\uff09\u3002/proc//fd\u91cc\u5217\u51fa\u4e86pid\u9501\u6253\u5f00\u7684\u6587\u4ef6\u3002"},{"location":"misc-notes/environments/linux-server/#\u53c2\u8003\u8d44\u6599","title":"\u53c2\u8003\u8d44\u6599","text":"
\u7ea6 1481 \u4e2a\u5b57 49 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 10 \u5206\u949f
"},{"location":"misc-notes/environments/porting/#\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"\u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002
"},{"location":"misc-notes/environments/porting/#sslh\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"\u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh
\uff1a
# Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --anyprot 127.0.0.1:2008 -F /etc/sslh/sslh.cfg --pidfile /var/run/sslh/sslh.pid\"\n
\u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service
\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS
\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002
\u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a
--listen 0.0.0.0:4684
\u8868\u793asslh\u8fd0\u884c\u57284684\u7aef\u53e3\uff0c\u5c06\u8fd9\u4e2a\u7aef\u53e3\u6536\u5230\u7684\u6570\u636e\u5305\u6309\u89c4\u5219\u8f6c\u53d1\u5230\u5176\u4ed6\u7aef\u53e3\u4e0a--ssh 127.0.0.1:5752
\u8868\u793a\u5c06\u6536\u5230\u7684ssh\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u57305752\u7aef\u53e3--tls 127.0.0.1:443
\u8868\u793a\u5c06\u6536\u5230\u7684tls\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u5730443\u7aef\u53e3--http 127.0.0.1:1284
\u8868\u793a\u5c06\u6536\u5230\u7684http\u8bf7\u6c42\u8f6c\u53d1\u5230\u672c\u57301284\u7aef\u53e3--anyprot 127.0.0.1:2008
\u8868\u793a\u5c06\u5339\u914d\u90fd\u4e0d\u7b26\u5408\u7684\u5305\u53d1\u9001\u5230\u672c\u57302008\u7aef\u53e3-F /etc/sslh/sslh.cfg
\u8868\u793a\u4f7f\u7528sslh.cfg\u8fd9\u4e2a\u6587\u4ef6\u4e2d\u7684\u8bbe\u5b9a\u8fdb\u884c\u66f4\u4e30\u5bcc\u7684\u914d\u7f6e\u7136\u540esystemctl enable sslh
\u3001systemctl start sslh
\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002
\u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot
\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk
\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F
\uff08\u6216--config
\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002
\u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002
config\u6587\u4ef6\u6307\u5b9a\u5339\u914d\u89c4\u5219\u7684\u4f8b\u5b50\u5982\u4e0b\u6240\u793a\uff08\u7247\u6bb5\uff09
protocols:\n(\n { name: \"http\"; host: \"127.0.0.1\"; port: \"808\"; },\n { name: \"tls\"; host: \"127.0.0.1\"; port: \"443\"; sni_hostnames: [ \"remote.c01dkit.com\" ]; tfo_ok: true },\n { name: \"tls\"; host: \"127.0.0.1\"; port: \"7000\"; sni_hostnames: [ \"project-frp\" ]; tfo_ok: true },\n { name: \"regex\"; host: \"127.0.0.1\"; port: \"60000\"; regex_patterns: [ \"^SSH-2.0-Go\\x0d$\", \"^SSH-2.0-OpenSSH\\x0d$\" ]; },\n);\n
"},{"location":"misc-notes/environments/porting/#ssh\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"\u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config
\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002
Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
"},{"location":"misc-notes/environments/porting/#nginx\u63d0\u4f9bhttphttps\u670d\u52a1","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"\u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a
user c01dkit;\nworker_processes 1;\n\nevents {\n worker_connections 1024;\n}\n\nhttp {\n include mime.types;\n default_type application/octet-stream;\n sendfile on;\n keepalive_timeout 65;\n server_tokens off;\n server {\n listen 1284;\n\t\tlisten 127.0.0.1:1284;\n charset utf-8;\n server_name xxxx.c01dkit.com;\n\t\tif ($scheme = http ) {\n\t\t\treturn 301 https://$host:xxxx$request_uri;\t\n\t\t}\n error_page 404 /404.html;\n }\n\n server {\n\t\tlisten 127.0.0.1:443 ssl ;\n listen 443 ssl ;\n\t\tlisten [::]:443 ssl ;\n server_name xxxx.c01dkit.com;\n charset utf-8;\n ssl_certificate xxxx/fullchain.pem;\n ssl_certificate_key xxxx/privkey.pem;\n\n ssl_session_cache shared:SSL:1m;\n ssl_session_timeout 5m;\n\n ssl_ciphers HIGH:!aNULL:!MD5;\n ssl_prefer_server_ciphers on;\n\n location / {\n root xxxxx;\n index index.html index.htm;\n error_page 404 /404.html;\n\n }\n location ~ \\.php$ {\n fastcgi_pass unix:/run/php/php8.1-fpm.sock;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME xxxx/www$fastcgi_script_name;\n include fastcgi_params;\n error_page 404 /404.html;\n }\n }\n\n}\n
\u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66
\u7ae0\u8282\u3002
\u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a
nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n
\u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063
"},{"location":"misc-notes/environments/porting/#iptables\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"\u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002
\u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a
# Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h dom mon dow command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002
"},{"location":"misc-notes/environments/porting/#https\u8bc1\u4e66","title":"https\u8bc1\u4e66","text":"\u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot
\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot
\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx
\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns
\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002
\u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh
\u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a
echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n
\u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002
\u6b64\u5916\uff0c\u65b0\u627e\u5230\u4e00\u4e2a\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728web\u7aef\u914d\u7f6e\u65b0\u8bc1\u4e66\u7684\u7f51\u7ad9\uff1ahttps://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html
"},{"location":"misc-notes/environments/proxy/","title":"\u4ee3\u7406\u8f6c\u53d1","text":"\u7ea6 452 \u4e2a\u5b57 9 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
"},{"location":"misc-notes/environments/proxy/#\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","title":"\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","text":"\u53ef\u4ee5\u4f7f\u7528zerotier\uff0c\u767b\u5f55\u4ee5\u540e\u521b\u5efa\u4e00\u4e2a\u7f51\u7edc\u3002\u7136\u540e\u9700\u8981\u7ec4\u5c40\u57df\u7f51\u7684\u8bbe\u5907\u4e0b\u8f7dzerotier\u4ee5\u540ejoin\u4e0a\u5c31\u884c\u4e86\u3002
\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc\u6216\u8fd9\u91cc\uff0c\u6216\u8005\u8fd9\u91cc\u7684\u4e00\u952e\u811a\u672c\u7684\u94fe\u63a5\u914d\u7f6e\u79c1\u6709planet\uff0c\u65e2\u80fd\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u53c8\u80fd\u52a0\u5feb\u8fde\u63a5\u901f\u5ea6\u3002\u7b80\u5355\u6765\u8bf4\uff0c\u9700\u8981\u7528ZeroTier\u5b98\u65b9\u4ee3\u7801\u7f16\u8bd1\u81ea\u5df1\u7684planet\u6587\u4ef6\u5e76\u66ff\u6362\u6389zerotier\u5ba2\u6237\u7aef\u4f7f\u7528\u7684planet\uff0c\u7136\u540e\u7528ztncui\u8fd9\u4e2a\u540e\u53f0\u7ba1\u7406\u754c\u9762\u914d\u7f6ezerotier\u7684\u8bb8\u53ef\u3002
"},{"location":"misc-notes/environments/proxy/#\u5185\u7f51\u7a7f\u900f","title":"\u5185\u7f51\u7a7f\u900f","text":"\u9700\u8981\u516c\u7f51\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u5728\u963f\u91cc\u4e91\u79df\u4e00\u4e2a
\u4e00\u79cd\u65b9\u6cd5\u662ffrp
\u53e6\u4e00\u79cd\u65b9\u6cd5\u662fssh\u6b63\u5411\u8fde\u63a5\u914d\u5408\u53cd\u5411\u8fde\u63a5\uff1a
\u9996\u5148\u5185\u7f51\u670d\u52a1\u5668\u5f00\u4e2ascreen\u8fd0\u884cssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port
\u8fde\u63a5\u5230\u4e91\u670d\u52a1\u5668\u4e0a\u3002\u8fd9\u6837\u7684\u8bdd\u4e91\u670d\u52a1\u5668\u8bbf\u95ee127.0.0.1:1234\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u5185\u7f51\u7684127.0.0.1:22\u3002\u7136\u540e\u9700\u8981\u8fde\u63a5\u5185\u7f51\u7684\u4e3b\u673a\u4e5f\u5f00\u4e2ascreen\u8fd0\u884cssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port
\uff0c\u8fd9\u6837\u7684\u8bdd\u8be5\u4e3b\u673a\u8bbf\u95ee\u81ea\u5df1127.0.0.1:2345\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u4e91\u670d\u52a1\u5668\u7684127.0.0.1:1234\u3002\u7136\u540e\u8be5\u4e3b\u673a\u518d\u5f00\u4e00\u4e2a\u7ec8\u7aef\uff0cssh user@127.0.0.1 -p 2345
\u5373\u53ef\u3002
\u65b9\u4fbf\u8d77\u89c1\u4e5f\u53ef\u4ee5\u5728.ssh/config\u6587\u4ef6\u91cc\u7528RemoteForward ip1:port1 ip2:port2
\u548cLocalForward ip1:port1 ip2:port2
\u6765\u7b80\u5316\u6bcf\u6b21ssh\u8fde\u63a5\u90fd\u8fd9\u4e48\u641e\u3002
\u5e0c\u671b\u5c06\u67d0\u7aef\u53e3\u6536\u5230\u7684\u6d88\u606f\u8f6c\u53d1\u5230\u5176\u4ed6\u4e3b\u673a\u7684\u67d0\u4e00\u7aef\u53e3\uff0c\u53ef\u4ee5\u8bd5\u8bd5socat\uff0c\u6bd4\u5982socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80
\uff0c\u53ef\u4ee5\u628a4320\u7aef\u53e3\u6536\u5230\u7684TCP4\u6570\u636e\u5305\u8f6c\u53d1\u5230\u5b50\u7f5110.244.55.25\u768480\u7aef\u53e3\uff0c\u914d\u5408zerotier\u53ef\u4ee5\u5b9e\u73b0\u5185\u7f51\u5bf9\u5916\u5f00\u653e\u7aef\u53e3\u3002
\u5373\uff0cvi /etc/systemd/system/socat.service
\u7f16\u8f91\u5982\u4e0b\u7684socat\uff0c\u5e76systemctl enable socat.service
\u542f\u7528\u5f00\u673a\u542f\u52a8\uff0c\u7136\u540esystemctl start socat.service
\u3002\u4e3a\u4e86\u652f\u6301https\u8fde\u63a5\uff0c\u4f7f\u7528TCP-LISTEN/TCP\u3002\u9700\u8981\u76ee\u6807\u4e3b\u673a\u90a3\u8fb9\u914d\u7f6e\u597dssl\u8bc1\u4e66\u3002
[Unit]\nDescription=port forward 4320\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP-LISTEN:4320,reuseaddr,fork TCP:<\u76ee\u6807\u57df\u540d>:443\n\n[Install]\nWantedBy=multi-user.target\n
"},{"location":"misc-notes/software-kits/autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"\u7ea6 292 \u4e2a\u5b57 85 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 9 \u5206\u949f
\u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49
"},{"location":"misc-notes/software-kits/autoconf/#\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"\u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a
bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n
bin_PROGRAMS
\u7528\u4e8e\u7ed9\u9879\u76ee\u8d77\u540d\uff0c\u6bd4\u5982X\uff0c\u90a3\u4e48\u4e4b\u540e\u7684X_SOURCES\u5219\u7528\u6765\u6307\u5b9a\u4f7f\u7528\u7684\u6e90\u6587\u4ef6\u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
\u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002
\u7f16\u5199Makefile.am\u6587\u4ef6
\u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a
bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n
AM_CFLAGS
\u7528\u4e8e\u6dfb\u52a0\u7f16\u8bd1\u9009\u9879\u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939
POMP\u7684\u4f8b\u5b50\uff1a
SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n\t$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n\t$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n
\u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\n src/Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
\u7ea6 722 \u4e2a\u5b57 11 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 4 \u5206\u949f
"},{"location":"misc-notes/software-kits/docker/#\u5b89\u88c5docker","title":"\u5b89\u88c5docker","text":"\u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef
\u4e5f\u53ef\u4ee5\u6309curl -fsSL https://get.docker.com -o get-docker.sh
\u3001sudo sh get-docker.sh
\u6765\u5b89\u88c5\u3002
docker\u9ed8\u8ba4\u4ece\u5b98\u7f51\u62c9\u53d6\u955c\u50cf\uff0c\u53ef\u80fd\u7531\u4e8e\u5899\u800c\u62c9\u4e0d\u5230\u3002\u53ef\u4ee5\u8003\u8651\u4f7f\u7528\u963f\u91cc\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u53c2\u8003https://zhuanlan.zhihu.com/p/347643668\u3002
\u8003\u8651\u5230\u56fd\u5185\u4f3c\u4e4e\u628adocker\u955c\u50cf\u4e0b\u67b6\u4e86\uff0c\u8fd8\u662f\u76f4\u63a5\u4fee\u6539docker\u4ee3\u7406\u5427\u3002
\u5148\u521b\u5efa\u76ee\u5f55mkdir /etc/systemd/system/docker.service.d
\uff0c\u518d\u521b\u5efa\u6587\u4ef6/etc/systemd/system/docker.service.d/http-proxy.conf
\uff0c\u518d\u5f80\u91cc\u9762\u6dfb\u52a0\u4ee3\u7406\uff1a
[Service]\nEnvironment=\"HTTP_PROXY=http://proxy.example.com:80/\"\nEnvironment=\"HTTPS_PROXY=http://proxy.example.com:80/\"\nEnvironment=\"NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com\" #\u53ef\u9009\u3002\u5982\u679c\u4f7f\u7528\u672c\u5730\u955c\u50cf\u4ed3\u5e93\u3002\n
\u7136\u540e\u66f4\u65b0\u914d\u7f6esudo systemctl daemon-reload
\uff0c\u5e76\u91cd\u542fdocker\uff1asudo systemctl restart docker
\u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker
\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7docker info
\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002
\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker
\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002
\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a
{\n \"data-root\": \"/home/docker\"\n}\n
\u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a
sudo systemctl daemon-reload\nsudo systemctl restart docker\n
\u8fd8\u6709\u4e00\u79cd\u505a\u6cd5\uff0c\u9002\u7528\u4e8e\u5df2\u7ecf\u4f7f\u7528\u8fc7\u4e00\u6bb5\u65f6\u95f4\u7684docker\uff0c\u5173\u95eddocker\u540emv\u539f\u6765\u7684/var/lib/docker
\u5230\u65b0\u76ee\u5f55\uff08\u6bd4\u5982/data/docker\uff09\u7136\u540e\u518dln -s /data/docker /var/lib/docker
\u5efa\u7acb\u8f6f\u94fe\u63a5\u3002
\u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8
docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
\u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d\u2013user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002
\u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002
\u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002
\u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u
\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc
apt-get update
\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential
\u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5
"},{"location":"misc-notes/software-kits/docker/#\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"docker exec -it <\u5bb9\u5668id> /bin/bash\n
\u53ef\u4ee5Ctrl+D\u9000\u51fa
"},{"location":"misc-notes/software-kits/git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":"\u7ea6 1937 \u4e2a\u5b57 3 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 7 \u5206\u949f
"},{"location":"misc-notes/software-kits/git/#\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"\u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a
git init
+git add .
+git commit -m \"comments\"
)git status
\u67e5\u770b\uff09git remote add origin git@github.com:xxx(\u4ed3\u5e93\u7f51\u7ad9\u6bd4\u5982github\u63d0\u4f9b\u7684ssh\u5730\u5740)
git push -u origin master
\u5411\u8fdc\u7a0b\u4ed3\u5e93\u63d0\u4ea4\u4ee3\u7801\uff08\u540e\u6765\u542c\u8bf4github\u9ed8\u8ba4\u540d\u6539\u6210main\u4e86\uff1f\uff09\u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force
\u53c2\u6570
\u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09
"},{"location":"misc-notes/software-kits/git/#\u64a4\u56deadd","title":"\u64a4\u56deadd","text":"\u4f7f\u7528git add .
\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>
\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .
\u6765\u64a4\u56degit add .
\u3002\uff08\u4f7f\u7528git status
\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09
git config --global user.name \"<yourname>\"
\u8bbe\u7f6e\u7528\u6237\u540dgit config --global user.email \"<email>\"
\u8bbe\u7f6e\u90ae\u7bb1ssh-keygen -t rsa -C \"<comments>\"
\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528
\u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)
\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile>
\u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l
\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002
\u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config
\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982
Host github.com\n HostName github.com\n IdentityFile ~/.ssh/id_ed25519_user_github\n
\u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002
"},{"location":"misc-notes/software-kits/git/#\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"\u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>
\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09
\u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002
git remote rm <remote repo name>
git remote add <remote repo name> <repo url>
\u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>
\u8fd9\u91cc\u7684<remote repo name>
\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002
\u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002
\u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive
\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002
\u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull
\u3002
\u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>
\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6
\u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>
\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log
\u627e\u5230\u3002
\u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>
\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002
\u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>
\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>
\u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002
\u53ef\u4ee5\u4f7f\u7528git branch -a
\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*
\u7684\u662f\u5f53\u524dbranch\u3002
\u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name>
\u76f8\u5f53\u4e8e\u5148git branch <branch name>
\u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>
\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002
\u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>
\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a
-u
\u8868\u793a\u8bb0\u4f4f\u5f53\u524d\u8bbe\u5b9a\uff0c\u4e4b\u540e\u5728\u8fd9\u4e00\u5206\u652f\u4e0apush\u65f6\uff0c\u7b80\u5355\u4f7f\u7528git push
\u5c31\u4f1a\u63a8\u9001\uff0c\u4e0d\u9700\u8981\u518d\u6572\u8fd9\u4e48\u957f\u4e86\u3002git remote add origin
\u8bbe\u5b9a\u7684\u8fdc\u7a0b\u4e3b\u673a\u540d\u79f0\uff0c\u9700\u8981\u548c\u5b9e\u9645\u8bbe\u5b9a\u4e00\u6837\u3002\u56e0\u4e3a\u5927\u5bb6\u4f7f\u7528origin\u662f\u5728\u592a\u666e\u904d\u4e86\uff0c\u6240\u4ee5\u8fd9\u91cc\u6ca1\u6709\u7528<remote host name>
\u6765\u8868\u793a\uff0c\u610f\u4f1a\u5373\u53ef\u3002\u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>
\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>
\u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>
\u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>
\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002
\u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>
\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002
\u53ef\u4ee5\u7528git fetch --all
\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch
\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master
\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"
\u3002
\u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002
"},{"location":"misc-notes/software-kits/git/#git-clone\u62a5\u9519gnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"\u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy
\u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false
\u7ea6 164 \u4e2a\u5b57 5 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
"},{"location":"misc-notes/software-kits/openssh/#\u51c6\u5907\u5de5\u4f5c","title":"\u51c6\u5907\u5de5\u4f5c","text":"(\u4ee5\u4e0b\u5747\u5728wsl\u7684root\u7528\u6237) ubuntu\u7cfb\u7edf\uff0c\u5148\u9884\u88c5\u4e0b\u73af\u5883\uff1a
apt install build-essential autoconf zlib1g-dev libssl-dev\n
\u4e0b\u8f7d\u6e90\u7801\uff0c\u76f4\u63a5\u4eceGithub\u94fe\u63a5\u4e0b\u8f7dzip\u5230\u672c\u5730\u89e3\u538b\uff0c\u4e5f\u53ef\u4ee5\u7528git clone\uff1a
git clone --depth 1 https://github.com/openssh/openssh-portable.git\n
\u4e3a\u4e86\u9632\u6b62\u4e4b\u540emake install\u51fa\u7684\u6587\u4ef6\u8986\u76d6\u7cfb\u7edf\u81ea\u5df1\u7684ssh\uff0c\u8fd9\u91cc\u6307\u5b9aconfigure\u5c06\u4e4b\u540e\u7f16\u8bd1\u51fa\u7684\u6587\u4ef6\u653e\u5230\u9879\u76ee\u7684/output\u6587\u4ef6\u5939\u4e0b\u3002\u6309readme\u7684Building from git\u7684\u65b9\u6cd5\uff0c\u8fdb\u5165openssh\u6240\u5728\u76ee\u5f55\u540e\uff0c\u8fd0\u884c\uff1a
autoreconf\n./configure --prefix=`pwd`/output\nmake\n
\u6b64\u65f6\u76f8\u5173\u53ef\u6267\u884c\u6587\u4ef6\u5df2\u7ecf\u7f16\u8bd1\u5b8c\u6bd5\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u6e05\u6670\u663e\u793a\uff0c\u53ef\u4ee5\u8fd0\u884cmake install
\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u7684output\u6587\u4ef6\u5939\u4e0b\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u7ed3\u6784\u3002
\u7ea6 1131 \u4e2a\u5b57 99 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 14 \u5206\u949f
\u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002
sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002
"},{"location":"misc-notes/software-kits/tech-sslh/#\u4fbf\u6377\u4e0a\u624b","title":"\u4fbf\u6377\u4e0a\u624b","text":"apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n
\u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg
\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002
\u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\u201dOK1\u201d\u6216\u8005\u201dOK2\u201d\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex
\u3001ssh
\u3001tls
\u3001http
\u3002
\u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002
protocols:\n(\n { name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
"},{"location":"misc-notes/software-kits/tech-sslh/#sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"\u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c
\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a
sslhcfg_cl_parse
\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2config_protocols
\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe
\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219start_listen_sockets
\u5f00\u59cb\u76d1\u542csocketsmain_loop
\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570\u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener
\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept
\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler
\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002
\u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol
\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer
\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)
\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002
\u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a
/* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n /* description probe */\n { \"ssh\", is_ssh_protocol},\n { \"openvpn\", is_openvpn_protocol },\n { \"wireguard\", is_wireguard_protocol },\n { \"tinc\", is_tinc_protocol },\n { \"xmpp\", is_xmpp_protocol },\n { \"http\", is_http_protocol },\n { \"tls\", is_tls_protocol },\n { \"adb\", is_adb_protocol },\n { \"socks5\", is_socks5_protocol },\n { \"syslog\", is_syslog_protocol },\n { \"teamspeak\", is_teamspeak_protocol },\n { \"msrdp\", is_msrdp_protocol },\n { \"anyprot\", is_true }\n};\n
\u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol
\u3001is_http_protocol
\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a
/* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\n if (len < 4)\n return PROBE_AGAIN;\n\n return !strncmp(p, \"SSH-\", 4);\n}\n
\u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\u201dSSH-\u201c\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002
/* Is the buffer the beginning of an HTTP connection? */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\n int res;\n /* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\n if (memmem(p, len, \"HTTP\", 4))\n return PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n /* Otherwise it could be HTTP/1.0 without version: check if it's got an\n * HTTP method (RFC2616 5.1.1) */\n PROBE_HTTP_METHOD(\"OPTIONS\");\n PROBE_HTTP_METHOD(\"GET\");\n PROBE_HTTP_METHOD(\"HEAD\");\n PROBE_HTTP_METHOD(\"POST\");\n PROBE_HTTP_METHOD(\"PUT\");\n PROBE_HTTP_METHOD(\"DELETE\");\n PROBE_HTTP_METHOD(\"TRACE\");\n PROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\n return PROBE_NEXT;\n}\n
http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\u201dHTTP\u201d\u5b57\u7b26\u4e32\u3002
\u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a
/* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\n int i;\n\n for (i = 0; i < ARRAY_SIZE(builtins); i++) {\n if (!strcmp(builtins[i].name, description)) {\n return builtins[i].probe;\n }\n }\n\n /* Special case of \"regex\" probe (we don't want to set it in builtins\n * because builtins is also used to build the command-line options and\n * regexp is not legal on the command line)*/\n if (!strcmp(description, \"regex\"))\n return regex_probe;\n\n /* Special case of \"timeout\" is allowed as a probe name in the\n * configuration file even though it's not really a probe */\n if (!strcmp(description, \"timeout\"))\n return is_true;\n\n return NULL;\n}\n
is_true
\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002
regex_probe
\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002
tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002
\u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a
# match BOTH ALPN/SNI\n { name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n { name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ]; log_level: 0; tfo_ok: true },\n\n# just match SNI\n { name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n { name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n { name: \"tls\"; host: \"localhost\"; port: \"443\"; tfo_ok: true },\n
alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002
sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002
sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002
"},{"location":"misc-notes/software-kits/try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":"\u7ea6 1574 \u4e2a\u5b57 3 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 6 \u5206\u949f
"},{"location":"misc-notes/software-kits/try-chatgpt/#\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f
\u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a
wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
\u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a \u2013recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 \u2013no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 \u2013page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 \u2013html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 \u2013convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 \u2013restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 \u2013domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 \u2013no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002
\u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002
\u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f
\u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a
\u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 \u2013limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a
wget --limit-rate=200k http://example.com\n
\u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 \u2013tries \u548c \u2013wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a
wget --tries=10 --wait=5 http://example.com\n
\u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 \u2013user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n
\u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002
"},{"location":"misc-notes/software-kits/try-chatgpt/#\u6bd4\u8f83gopythonrust\u7684\u5173\u7cfb","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f
\u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a
Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002
Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002
Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002
\u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002
"},{"location":"misc-notes/software-kits/try-chatgpt/#\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"\u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9
\u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a
OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002
NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002
SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002
Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002
SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002
Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002
GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002
\u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01
"},{"location":"programming-languages/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"programming-languages/c/","title":"C\u8bed\u8a00","text":"\u7ea6 386 \u4e2a\u5b57 30 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 4 \u5206\u949f
"},{"location":"programming-languages/c/#\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"member_address - &(((TYPE *)0)->member);\n
\u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002
"},{"location":"programming-languages/c/#\u52a8\u6001\u94fe\u63a5\u5e93","title":"\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u7f16\u8bd1\u52a8\u6001\u94fe\u63a5\u5e93\u672c\u8eab
\u4f7f\u7528gcc\u7f16\u8bd1\u51fa\u52a8\u6001\u94fe\u63a5\u5e93\uff1a
gcc <source C file> -shared -fPIC -o lib<source>.so\n
\u7f16\u8bd1\u539f\u9879\u76ee\u65f6\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93
\u4f7f\u7528-l\u6307\u5b9a\u52a0\u8f7d\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002
\u6bd4\u5982gcc main.c -lcapstone
\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c
\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09
\u5982\u679c\u52a8\u6001\u94fe\u63a5\u5e93\u4e0d\u5728\u9ed8\u8ba4\u7684\u7cfb\u7edf\u5e93\u4e2d\uff0c\u53ef\u4ee5\u6dfb\u52a0-L
\u6765\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u4fdd\u5b58\u4f4d\u7f6e\u3002
\u8fd0\u884c\u9879\u76ee\u65f6\u52a0\u8f7d\u52a8\u6001\u94fe\u63a5\u5e93
\u5373\u4fbf\u7f16\u8bd1\u6210\u529f\uff0c\u8fd0\u884c\u53ef\u80fd\u62a5\u9519\u3002\u641c\u7d22\u987a\u5e8f\u4e3a\uff1a
-Wl,-rpath=xxx
\u6765\u6307\u5b9a\u8fd0\u884c\u65f6\u6240\u9700\u7684\u52a8\u6001\u5e93\u6587\u4ef6LD_LIBRARY_PATH
\u6307\u5b9a\u7684\u76ee\u5f55\u4e2d\u641c\u7d22/etc/ld.so.conf
\u7ed9\u51fa\u7684\u76ee\u5f55\u4e2d\u641c\u7d22/lib
\u3001/lib64
\u3001/usrlib
\u3001/usrlib64
\u7b49\u641c\u7d22\u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c
int arr[10] = {\n [0] = 1,\n [1 ... 4] = 2,\n [5 ... 7] = 4,\n};\n
\u6570\u7ec4\u5728\u5b9a\u4e49\u7684\u540c\u65f6\u8fdb\u884c\u90e8\u5206\u521d\u59cb\u5316\u65f6\uff0c\u672a\u88ab\u8d4b\u503c\u7684\u5143\u7d20\u90fd\u4f1a\u6309\u7167\u9759\u6001\u53d8\u91cf\u8fdb\u884c\u5904\u7406\uff0c\u5373\u9ed8\u8ba4\u7f6e\u96f6\uff0c\u5373\u4fbfint a[10] = {};
\u6ca1\u6709\u663e\u5f0f\u521d\u59cb\u5316\u4efb\u4f55\u503c\u3002
\u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c
struct test {\n int a;\n int b;\n int c;\n int d;\n};\n\nint main(\n int argc, \n char const *argv[]\n )\n{\n struct test t = {\n .a = 1,\n .b = 2,\n .c = 3,\n .d = 4,\n };\n\n return 0;\n}\n
"},{"location":"programming-languages/code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":"\u7ea6 1414 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 5 \u5206\u949f
"},{"location":"programming-languages/code-gracely/#\u7a0b\u5e8f\u53d8\u91cf","title":"\u7a0b\u5e8f\u53d8\u91cf","text":"\u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002
"},{"location":"programming-languages/code-gracely/#\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":"\u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a
\u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a
\u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002
"},{"location":"programming-languages/code-gracely/#\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"\u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002
"},{"location":"programming-languages/code-gracely/#\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"\u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002
"},{"location":"programming-languages/cpp/","title":"C++","text":"\u7ea6 1253 \u4e2a\u5b57 196 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 24 \u5206\u949f
"},{"location":"programming-languages/cpp/#stl\u4e0e\u5e38\u7528\u6570\u636e\u7c7b\u578b","title":"STL\u4e0e\u5e38\u7528\u6570\u636e\u7c7b\u578b","text":""},{"location":"programming-languages/cpp/#string","title":"string","text":"\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528==
\u5224\u65adstring\u5b57\u7b26\u4e32\u662f\u5426\u76f8\u7b49\u3001+
\u6765\u8fdb\u884c\u5b57\u7b26\u4e32\u62fc\u63a5\u3002
vector
\u52a8\u6001\u6570\u7ec4\u53ef\u4ee5\u968f\u673a\u8bbf\u95ee\uff0c\u5176\u5927\u5c0f\u7531\u7cfb\u7edf\u81ea\u52a8\u7ba1\u7406\u3002
#include<vector>\n\n// \u58f0\u660e\u4e0e\u521d\u59cb\u5316\nstd::vector<int> vec1;\nstd::vector<int> vec2(3); // \u6307\u5b9a\u957f\u5ea6\uff0c\u9ed8\u8ba4\u521d\u59cb\u5316\nstd::vector<int> vec3(3, 10); // \u6307\u5b9a\u957f\u5ea6\u548c\u9ed8\u8ba4\u503c\nstd::vector<int> vec4 = {1,2,3,4} // \u5217\u8868\u8fdb\u884c\u521d\u59cb\u5316\n\n// \u4f7f\u7528\u65b9\u6cd5\nvec.push_back(val); // \u4f20\u9012\u5f15\u7528\nvec.pop_back();\nvec.at(pos); // \u6709\u8fb9\u754c\u68c0\u67e5\nvec[1]; // \u65e0\u8fb9\u754c\u68c0\u67e5\nvec.clear(); // \u6e05\u7a7a\nvec.front(); // \u8fd4\u56de\u7b2c\u4e00\u4e2a\u5143\u7d20\nvec.back(); // \u8fd4\u56de\u6700\u540e\u4e00\u4e2a\u5143\u7d20\nvec.data(); // \u8fd4\u56de\u5e95\u5c42\u6570\u7ec4\u6307\u9488\nvec.size();\nvec.capacity();\nvec.reserve(n); // \u9884\u7559n\u4e2a\u5143\u7d20\u7a7a\u95f4\nvec.resize(n);\nvec.insert(pos, val);\nvec.erase(pos);\nvec.begin(); // \u8d77\u59cb\u8fed\u4ee3\u5668\nvec.end(); // \u7ed3\u675f\u8fed\u4ee3\u5668\n\n// \u904d\u5386\u65b9\u6cd5\nfor (int i = 0; i < vec.size(); i++) { x = vec[i] ;}\n
"},{"location":"programming-languages/cpp/#deque\u53cc\u7aef\u961f\u5217","title":"deque\u53cc\u7aef\u961f\u5217","text":"deque
\u53cc\u7aef\u961f\u5217\u53ef\u4ee5\u968f\u673a\u8bbf\u95ee\uff0c\u5176\u5927\u5c0f\u7531\u7cfb\u7edf\u81ea\u52a8\u7ba1\u7406\u3002
#include<deque>\n\n// \u58f0\u660e\u4e0e\u521d\u59cb\u5316\nstd::deque<int> deque;\nstd::deque<int> deque(3); // \u6307\u5b9a\u957f\u5ea6\uff0c\u9ed8\u8ba4\u521d\u59cb\u5316\nstd::deque<int> deque(3, 10); // \u6307\u5b9a\u957f\u5ea6\u548c\u9ed8\u8ba4\u503c\nstd::deque<int> deque = {1,2,3,4} // \u5217\u8868\u8fdb\u884c\u521d\u59cb\u5316\n\n// \u4f7f\u7528\u65b9\u6cd5\ndeque.push_back(val); // \u4f20\u9012\u5f15\u7528\ndeque.pop_back();\ndeque.push_front(val);\ndeque.pop_front();\ndeque.at(pos); // \u6709\u8fb9\u754c\u68c0\u67e5\ndeque[1]; // \u65e0\u8fb9\u754c\u68c0\u67e5\ndeque.clear(); // \u6e05\u7a7a\ndeque.front(); // \u8fd4\u56de\u7b2c\u4e00\u4e2a\u5143\u7d20\ndeque.back(); // \u8fd4\u56de\u6700\u540e\u4e00\u4e2a\u5143\u7d20\ndeque.size();\ndeque.capacity();\ndeque.reserve(n); // \u9884\u7559n\u4e2a\u5143\u7d20\u7a7a\u95f4\ndeque.resize(n);\ndeque.insert(pos, val);\ndeque.erase(pos);\ndeque.swap(other_deque) // \u4ea4\u6362\u4e24\u4e2adeque\u5185\u5bb9\ndeque.begin(); // \u8d77\u59cb\u8fed\u4ee3\u5668\ndeque.end(); // \u7ed3\u675f\u8fed\u4ee3\u5668\n
"},{"location":"programming-languages/cpp/#\u5934\u6587\u4ef6\u4e0e\u547d\u540d\u7a7a\u95f4","title":"\u5934\u6587\u4ef6\u4e0e\u547d\u540d\u7a7a\u95f4","text":"\u547d\u540d\u7a7a\u95f4\u7528\u4e8e\u5904\u7406\u4e0d\u540c\u5e93\u4e2d\u7684\u540c\u540d\u51fd\u6570\u3001\u7c7b\u4e0e\u53d8\u91cf\uff0c\u76f8\u5f53\u4e8e\u5b9a\u4e49\u4e0a\u4e0b\u6587\u3002
// \u547d\u540d\u7a7a\u95f4\u5b9a\u4e49\nnamespace namespace_name {\n // \u4ee3\u7801\u58f0\u660e\n}\n\n// \u4f7f\u7528\u547d\u540d\u7a7a\u95f4\u5185\u7684\u51fd\u6570\uff0c\u9700\u8981\u6307\u5b9a \u547d\u540d\u7a7a\u95f4::\nnamespace_name::namespace_func;\n\n// using\u6307\u4ee4\uff0c\u5219\u4e4b\u540e\u4f7f\u7528\u8be5\u547d\u540d\u7a7a\u95f4\u5185\u7684\u51fd\u6570\u4e0d\u9700\u8981\u52a0 \u547d\u540d\u7a7a\u95f4::\nusing namespace namespace_name;\nnamespace_func;\n\n//\u5168\u5c40\u53d8\u91cf\u548c\u5c40\u90e8\u53d8\u91cf\u51b2\u7a81\u65f6::val\u8868\u793a\u5168\u5c40\u53d8\u91cf\n::global_val;\nlocal_val;\n
"},{"location":"programming-languages/cpp/#\u8f93\u5165\u4e0e\u8f93\u51fa","title":"\u8f93\u5165\u4e0e\u8f93\u51fa","text":"\u4f7f\u7528iostream\u5934\u6587\u4ef6\u5f15\u5165\u8f93\u5165\u8f93\u51fa\u3002
#include <iostream>\nusing namespace std;\nint main() {\n char a[10];\n cin >> a;\n cout << a;\n}\n
"},{"location":"programming-languages/cpp/#\u53d8\u91cf\u5e38\u91cf\u4e0e\u7c7b\u578b\u9650\u5b9a\u7b26","title":"\u53d8\u91cf\u3001\u5e38\u91cf\u4e0e\u7c7b\u578b\u9650\u5b9a\u7b26","text":"\u57fa\u672c\u6570\u636e\u7c7b\u578b\u7c7b\u4f3cC\u8bed\u8a00\uff0c\u6b64\u5916\u8fd8\u5305\u62ecbool
\u7b49\u3002\u5b57\u7b26\u7c7b\u578b\u9664\u4e861\u5b57\u8282\u7684char
\uff0c\u8fd8\u5305\u62ecwchar_t
\uff08\u5bbd\u5b57\u7b26\uff0c\u53602\u62164\u5b57\u8282\uff09\u3001char16_t
\u3001char32_t
\u3002
\u7c7b\u578b\u9650\u5b9a\u7b26\u5305\u62ecconst
\u3001mutable
\u3001volatile
\u3001restrict
\u3001static
\u3001register
\u7b49\uff0c\u7f6e\u4e8e\u7c7b\u578b\u524d\u3002
Note
mutable
\u5728C++11\u652f\u6301register
\u5728C++11\u5931\u6548\uff0c\u5728C++17\u88ab\u5f03\u7528const
\u5b9a\u4e49\u503c\u4e0d\u53ef\u88ab\u4fee\u6539\u7684\u53d8\u91cf\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u7ef4\u62a4\u5bf9\u8c61\u7684\u72b6\u6001\u4e0d\u53d1\u751f\u6539\u53d8const
\u6210\u5458\u51fd\u6570\u5185\u90e8\uff0c\u4e0d\u80fd\u4fee\u6539\u975e\u9759\u6001\u6210\u5458\u53d8\u91cf\u7684\u503cconst
\u5bf9\u8c61\u53ea\u80fd\u8c03\u7528const
\u6210\u5458\u51fd\u6570mutable
\u4fee\u9970\u7c7b\u7684\u6210\u5458\u53d8\u91cf\uff0c\u8868\u793a\u8be5\u53d8\u91cf\u53ef\u4ee5\u88ab\u4fee\u6539\uff0c\u5373\u4fbf\u88abconst\u4fee\u9970class Sample {\n public:\n int get_data() const { // const \u6210\u5458\u51fd\u6570\u5185\u90e8\u4e0d\u80fd\u4fee\u6539\u4efb\u4f55\u975e\u9759\u6001\u6210\u5458\u53d8\u91cf\u7684\u503c\n return __data;\n }\n void set_data(int new_value) const {\n __data = new_value; // \u867d\u7136\u662fconst \u6210\u5458\u51fd\u6570\u5185\u90e8\uff0c\u4f46\u7531\u4e8e__data\u662fmutable\u7684\uff0c\u6240\u4ee5\u53ef\u4ee5\u4fee\u6539\n }\n private:\n mutable int __data;\n}\n\nint main () {\n const Sample obj; // const\u5bf9\u8c61\u53ea\u80fd\u8c03\u7528const\u51fd\u6570\n obj.set_data(10);\n obj.get_data(); \n}\n
volatile
\u6697\u793a\u7f16\u8bd1\u5668\u8be5\u53d8\u91cf\u7684\u503c\u53ef\u80fd\u88ab\u5916\u90e8\u786c\u4ef6\u6216\u5176\u4ed6\u7ebf\u7a0b\u4fee\u6539\uff08\u5728\u4e0d\u786e\u5b9a\u7684\u65f6\u673a\u88ab\u4fee\u6539\uff09restrict
\u6697\u793a\u7f16\u8bd1\u5668\u8be5\u53d8\u91cf\u7684\u503c\u53ea\u80fd\u88ab\u8fd9\u4e2a\u6307\u9488\u8bbf\u95eestatic
\u5b9a\u4e49\u9759\u6001\u53d8\u91cfregister
\u6697\u793a\u7f16\u8bd1\u5668\u8be5\u53d8\u91cf\u7ecf\u5e38\u88ab\u4f7f\u7528\uff0c\u53ef\u4ee5\u5b58\u50a8\u5728\u5bc4\u5b58\u5668\u4e2d\u7c7b\u6210\u5458\u51fd\u6570\u53ef\u4ee5\u5728\u7c7b\u5b9a\u4e49\u7684\u5185\u90e8\u8fdb\u884c\u5b9a\u4e49\uff0c\u6b64\u65f6\u6210\u5458\u51fd\u6570\u5373\u4e3a\u5185\u8054\u51fd\u6570\u3002\u4e5f\u53ef\u4ee5\u5728\u7c7b\u5b9a\u4e49\u7684\u5916\u90e8\u8fdb\u884c\u5b9a\u4e49\uff0c\u4e00\u822c\u4f7f\u7528\u8fd4\u56de\u503c\u7c7b\u578b \u7c7b\u540d::\u51fd\u6570\u540d(\u53c2\u6570\u5217\u8868) {\u51fd\u6570\u4f53}
\u7684\u5f62\u5f0f\u3002
class Sample {\n public:\n int sample1() {return 1;} // \u5728\u7c7b\u5185\u90e8\u5b9a\u4e49\u51fd\u6570\u5b9e\u73b0\n int sample2(); // \u5728\u7c7b\u5916\u90e8\u5b9a\u4e49\u51fd\u6570\u5b9e\u73b0\n}\n\n// \u9700\u8981\u4f7f\u7528\u8303\u56f4\u89e3\u6790\u8fd0\u7b97\u7b26::\u6765\u6307\u5b9a\u54ea\u4e2a\u7c7b\nint Sample::sample2() {return 2;}\n
"},{"location":"programming-languages/cpp/#\u6784\u9020\u51fd\u6570\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u6790\u6784\u51fd\u6570","title":"\u6784\u9020\u51fd\u6570\u3001\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u3001\u6790\u6784\u51fd\u6570","text":"\u7c7b\u7684\u6784\u9020\u51fd\u6570\u5728\u521b\u5efa\u65b0\u7684\u7c7b\u5bf9\u8c61\u662f\u6267\u884c\uff0c\u540d\u79f0\u4e0e\u7c7b\u540d\u76f8\u540c\uff0c\u6ca1\u6709\u8fd4\u56de\u503c\u3002\u4e00\u822c\u7528\u4e8e\u4e3a\u6210\u5458\u53d8\u91cf\u8bbe\u7f6e\u521d\u59cb\u503c\u3002 \u6784\u9020\u51fd\u6570\u4e2d\uff0c\u4f7f\u7528\u521d\u59cb\u5316\u5217\u8868\u6765\u5bf9\u7c7b\u6210\u5458\u8fdb\u884c\u8d4b\u503c\u65f6\uff0c\u5728\u6784\u9020\u51fd\u6570\u5b9a\u4e49\u7684\u5927\u62ec\u53f7\u524d\u52a0\u4e0a: X(a)
\uff0c\u5176\u4e2dX\u662f\u5185\u90e8\u6210\u5458\uff0ca\u662f\u6784\u9020\u51fd\u6570\u7684\u53c2\u6570\uff0c\u5b9e\u73b0\u5c06a\u8d4b\u7ed9X\u3002\u8ba1\u7b97\u987a\u5e8f\u662f\u6309\u7c7b\u5185\u7684\u6210\u5458\u5b9a\u4e49\u987a\u5e8f\uff0c\u800c\u4e0d\u662f\u6309\u521d\u59cb\u5316\u5217\u8868\u7684\u987a\u5e8f\u6765\u8fdb\u884c\u8d4b\u503c\u3002 \u62f7\u8d1d\u6784\u9020\u51fd\u6570\u4e00\u822c\u7528\u4e8e\u6839\u636e\u5df2\u6709\u7684\u7c7b\u5bf9\u8c61\uff0c\u751f\u6210\u65b0\u7684\u7c7b\u5bf9\u8c61\uff0c\u6bd4\u5982\u590d\u5236\u3002\u5982\u679c\u7c7b\u4e0d\u5305\u542b\u6307\u9488\u6216\u52a8\u6001\u5185\u5b58\u5206\u914d\uff0c\u53ef\u4ee5\u4e0d\u5199\uff0c\u7f16\u8bd1\u5668\u4f1a\u5e2e\u52a9\u751f\u6210\uff1b\u5426\u5219\u5fc5\u987b\u81ea\u5df1\u5b9e\u73b0\u3002 \u6790\u6784\u51fd\u6570\u7c7b\u4f3c\u4e8e\u6784\u9020\u51fd\u6570\uff0c\u4f46\u51fd\u6570\u540d\u524d\u52a0\u4e86~\u7b26\u53f7\u3002\u5b83\u4e0d\u80fd\u5e26\u6709\u53c2\u6570\uff0c\u4e5f\u6ca1\u6709\u8fd4\u56de\u503c\uff0c\u4e00\u822c\u7528\u4e8e\u91ca\u653e\u5bf9\u8c61\u65f6\u8fdb\u884c\u8d44\u6e90\u91ca\u653e\u3002 \u6790\u6784\u51fd\u6570\u90fd\u4e0d\u9700\u8981\u663e\u5f0f\u8c03\u7528\u3002
#include<iostream>\nclass Sample {\n public:\n void setData(int i);\n Sample(); // \u6784\u9020\u51fd\u6570\n Sample(int i); // \u5e26\u53c2\u6784\u9020\u51fd\u6570\n Sample(const Sample & obj); // \u62f7\u8d1d\u6784\u9020\u51fd\u6570\n ~Sample(); // \u6790\u6784\u51fd\u6570\n private:\n int * data;\n}\n\n// \u5728\u7c7b\u58f0\u660e\u5916\u90e8\u5b9e\u73b0\u51fd\u6570\uff0c\u5219\u4e3a\u975e\u5185\u8054\nSample::Sample() {\n std::cout << \"Construction\" << std::endl;\n data = new int;\n *data = 0;\n}\n\n// \u5e26\u521d\u59cb\u5316\u5217\u8868\u7684\u6784\u9020\u51fd\u6570\nSample::Sample(int i): data(i) {\n std::cout << \"Construction with initial list\" << std::endl;\n data = new int;\n *data = i;\n}\n\n// \u62f7\u8d1d\u6784\u9020\u51fd\u6570\u5b9a\u4e49\nSample::Sample(const Sample & obj) {\n std::cout << \"Construction with another object\" << std::endl;\n data = new int;\n *data = *obj.data;\n}\n\n// \u6790\u6784\u51fd\u6570\u5b9a\u4e49\nSample::~Sample() {\n std::cout << \"Deletion\" << std::endl;\n delete data;\n}\n\nvoid Sample::setData(int i) {\n data = i;\n}\n\nint main () {\n Sample sample1;\n sample1.setData(1);\n Sample sample2(2);\n Sample sample3(sample1);\n Sample sample4 = sample3;\n}\n
\u521b\u5efa\u7c7b\u7684\u5bf9\u8c61\u65f6\uff0c\u53ef\u4ee5\u76f4\u63a5\u4ee5\u7c7b\u540d \u5bf9\u8c61\u540d
\u7684\u5f62\u5f0f\u6784\u5efa\u4e00\u4e2a\u9ed8\u8ba4\u5bf9\u8c61\uff0c\u6216\u8005\u7c7b\u540d \u5bf9\u8c61\u540d(\u53c2\u6570\u5217\u8868)
\u6784\u5efa\u4e00\u4e2a\u5e26\u53c2\u6570\u7684\u5bf9\u8c61\uff0c\u6216\u8005\u7c7b\u540d \u5bf9\u8c61\u540d=\u5df2\u6709\u5bf9\u8c61
\u3001\u7c7b\u540d \u5bf9\u8c61\u540d(\u5df2\u6709\u5bf9\u8c61)
\u6765\u7528\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u3002\u6ce8\u610f\u4e0d\u8981\u76f4\u63a5\u8c03\u7528\u6784\u9020\u51fd\u6570\u672c\u8eab\uff0c\u5b83\u6ca1\u6709\u8fd4\u56de\u503c\u3002
\u5728\u4e00\u4e9b\u9ed8\u8ba4\u51fd\u6570\uff08\u6bd4\u5982\u62f7\u8d1d\u6784\u9020\u51fd\u6570\uff09\u540e\u52a0\u4e0a= delete
\u610f\u4e3a\u7981\u6b62\u8be5\u51fd\u6570\u88ab\u8c03\u7528\u3002
class Sample {\n Sample(const Sample &) = delete; // \u7981\u6b62\u901a\u8fc7\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u65b0\u5efa\u5bf9\u8c61\n Sample &operator=(const Sample &) = delete; // \u7981\u6b62\u901a\u8fc7\u8d4b\u503c\u6765\u62f7\u8d1d\u5bf9\u8c61\n}\n
"},{"location":"programming-languages/cpp/#explicit","title":"explicit","text":"\u5982\u679c\u4e00\u4e2a\u6784\u9020\u51fd\u6570\u53ea\u63a5\u53d7\u4e00\u4e2a\u53c2\u6570\uff08\u6216\u8005\u662f\u53ef\u4ee5\u901a\u8fc7\u9ed8\u8ba4\u503c\u53d8\u6210\u53ea\u63a5\u53d7\u4e00\u4e2a\u53c2\u6570\uff09\uff0c\u5b83\u4f1a\u88ab\u89c6\u4e3a\u4e00\u4e2a\u8f6c\u6362\u6784\u9020\u51fd\u6570\u3002\u8fd9\u79cd\u6784\u9020\u51fd\u6570\u5141\u8bb8\u901a\u8fc7\u9690\u5f0f\u8f6c\u6362\u5c06\u5176\u4ed6\u7c7b\u578b\u7684\u5bf9\u8c61\u8f6c\u6362\u4e3a\u5f53\u524d\u7c7b\u7684\u5bf9\u8c61\uff0c\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e0d\u5fc5\u8981\u7684\u884c\u4e3a\u3002\u4e3a\u4e86\u907f\u514d\u8fd9\u79cd\u60c5\u51b5\uff0c\u4f7f\u7528explicit\u6765\u663e\u5f0f\u521b\u5efa\u5bf9\u8c61\u3002
\u663e\u5f0f\u521b\u5efa\u5bf9\u8c61\u663e\u5f0f\u7c7b\u578b\u8f6c\u6362#include <iostream>\nusing namespace std;\nclass MyClass {\npublic:\n explicit MyClass(int value) {\n cout << \"Constructor called with value: \" << value << endl;\n }\n};\n\nvoid print(const MyClass& obj) {\n cout << \"print function called\" << endl;\n}\n\nint main() {\n // print(42); // \u9519\u8bef\uff0c\u65e0\u6cd5\u9690\u5f0f\u8f6c\u6362\n print(MyClass(42)); // \u5fc5\u987b\u663e\u5f0f\u521b\u5efa\u5bf9\u8c61\n return 0;\n}\n
#include <iostream>\nusing namespace std;\n\nclass MyClass {\npublic:\n explicit operator int() const {\n return 42;\n }\n};\n\nint main() {\n MyClass obj;\n // int value = obj; // \u9519\u8bef\uff0c\u65e0\u6cd5\u9690\u5f0f\u8f6c\u6362\n int value = static_cast<int>(obj); // \u5fc5\u987b\u663e\u5f0f\u8f6c\u6362\n cout << \"value = \" << value << endl;\n return 0;\n}\n
"},{"location":"programming-languages/cpp/#\u5c01\u88c5","title":"\u5c01\u88c5","text":""},{"location":"programming-languages/cpp/#\u7ee7\u627f","title":"\u7ee7\u627f","text":""},{"location":"programming-languages/cpp/#\u591a\u6001","title":"\u591a\u6001","text":""},{"location":"programming-languages/cpp/#\u8fd0\u7b97\u7b26\u91cd\u8f7d","title":"\u8fd0\u7b97\u7b26\u91cd\u8f7d","text":""},{"location":"programming-languages/cpp/#\u9759\u6001\u6210\u5458\u53d8\u91cf\u4e0e\u9759\u6001\u6210\u5458\u51fd\u6570","title":"\u9759\u6001\u6210\u5458\u53d8\u91cf\u4e0e\u9759\u6001\u6210\u5458\u51fd\u6570","text":""},{"location":"programming-languages/cpp/#\u5e38\u91cf\u6210\u5458\u51fd\u6570","title":"\u5e38\u91cf\u6210\u5458\u51fd\u6570","text":""},{"location":"programming-languages/cpp/#this\u6307\u9488","title":"this\u6307\u9488","text":""},{"location":"programming-languages/cpp/#\u5bf9\u8c61\u7684\u6df1\u62f7\u8d1d\u4e0e\u6d45\u62f7\u8d1d","title":"\u5bf9\u8c61\u7684\u6df1\u62f7\u8d1d\u4e0e\u6d45\u62f7\u8d1d","text":""},{"location":"programming-languages/cpp/#\u6a21\u677f\u7f16\u7a0b","title":"\u6a21\u677f\u7f16\u7a0b","text":""},{"location":"programming-languages/cpp/#\u667a\u80fd\u6307\u9488","title":"\u667a\u80fd\u6307\u9488","text":""},{"location":"programming-languages/cpp/#c11\u65b0\u7279\u6027","title":"C++11\u65b0\u7279\u6027","text":""},{"location":"programming-languages/cpp/#\u7c7b\u578b\u522b\u540d","title":"\u7c7b\u578b\u522b\u540d","text":"\u4f7f\u7528 using NewType = OldType
\u4e3a\u590d\u6742\u7c7b\u578b\u6784\u5efa\u7b80\u5355\u522b\u540d\uff0c\u539f\u7406\u7c7b\u4f3ctypedef OldType NewType
\uff0c\u4f46\u8868\u8fbe\u66f4\u52a0\u6e05\u6670\uff0c\u800c\u4e14\u652f\u6301\u6cdb\u578b\u3002
template <typename T>\nusing Vec = std::vector<T>;\n\nVec<int> myVec; // \u7b49\u4ef7\u4e8e std::vector<int>\n
"},{"location":"programming-languages/cpp/#c14\u65b0\u7279\u6027","title":"C++14\u65b0\u7279\u6027","text":""},{"location":"programming-languages/cpp/#c17\u65b0\u7279\u6027","title":"C++17\u65b0\u7279\u6027","text":""},{"location":"programming-languages/cpp/#c20\u65b0\u7279\u6027","title":"C++20\u65b0\u7279\u6027","text":""},{"location":"programming-languages/crawler/","title":"\u722c\u866b\u6a21\u677f","text":"\u7ea6 142 \u4e2a\u5b57 156 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 16 \u5206\u949f
"},{"location":"programming-languages/crawler/#scrapy","title":"Scrapy","text":"\u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd
"},{"location":"programming-languages/crawler/#\u52a0\u56fd\u5185\u4ee3\u7406","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"\u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406
import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n\t\"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n\tyield scrapy.Request(\n\t\theaders = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n\t\tmeta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n\t\t)\n
"},{"location":"programming-languages/crawler/#applicationjson\u7c7b\u578b","title":"application/json\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a
import json\nheaders = {\n \"Content-Type\": \"application/json\",\n \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n url=url, \n method='POST', \n headers=headers, \n body=data,\n callback=self.parse, \n meta={'period': t}, \n errback=self.err,\n cb_kwargs={'period': t,'page':0}\n)\n
"},{"location":"programming-languages/crawler/#applicationx-www-form-urlencoded\u7c7b\u578b","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a
post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n url=url,\n formdata=post_data,\n errback=self.err,\n callback = self.parse,\n cookies = cookies,\n cb_kwargs = {'id':'shixian','page':str(page)},\n )\n
\u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002
"},{"location":"programming-languages/crawler/#selenium","title":"Selenium","text":"\u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8
from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n cur = -1\n final = -1\n try:\n pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n except:\n print('Current page is not found')\n return cur,final\n \n for page in pages:\n if 'active' in page.get_attribute('class'):\n cur = int(page.text)\n if 'number' in page.get_attribute('class'):\n final = int(page.text)\n return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n \"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n \"\"\"\n global CURRENT_PAGE\n global CURRENT_TITLE\n titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n jscode = 'document.location = '+'\"'+config['url']+'\"'\n driver.execute_script(jscode)\n for title,svgs in zip(titles,icons):\n svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n continue\n skip = False\n for svg in svgs:\n # if visible \n if svg.get_attribute('style') == 'display: inline-block;':\n svg.click()\n time.sleep(7)\n cls = driver.window_handles\n if len(cls) > 1:\n time.sleep(20)\n ok = archive_file(title.text,config)\n if not ok:\n print(f'Failed to download {title.text}')\n while len(cls) > 1:\n driver.switch_to.window(cls[1])\n driver.close()\n driver.switch_to.window(cls[0])\n cls = driver.window_handles\n return (False, title.text)\n cls = driver.window_handles\n driver.switch_to.window(cls[0])\n CURRENT_TITLE = None\n CURRENT_PAGE += 1\n return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n
\u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a
import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n if op >= 200:\n print('failed 200 times!')\n break\n p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n op += 1\n \n time.sleep(30)\n if p.poll() == 0:\n break\n p.wait()\n
"},{"location":"programming-languages/go/","title":"go","text":"\u7ea6 66 \u4e2a\u5b57 14 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
"},{"location":"programming-languages/go/#go\u73af\u5883\u914d\u7f6e","title":"go\u73af\u5883\u914d\u7f6e","text":"go env -w GO111MODULE=on\ngo env -w GOPROXY=https://goproxy.cn\n
"},{"location":"programming-languages/go/#\u521b\u5efa\u5de5\u7a0b","title":"\u521b\u5efa\u5de5\u7a0b","text":"\u5de5\u7a0b\u4fdd\u5b58\u5728xxx/go/src/xxx\u4e0b\uff0c\u5e76\u5c06GOPATH=xxx/go\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d
"},{"location":"programming-languages/go/#\u5feb\u901f\u5165\u95e8","title":"\u5feb\u901f\u5165\u95e8","text":"package main\nimport (\n \"fmt\"\n)\n\nfunc main() {\n //\u5faa\u73af\u8f93\u51fa\n for i:=0; i<10; i++{\n fmt.Println(i)\n }\n}\n
"},{"location":"programming-languages/java/","title":"Java","text":"\u7ea6 108 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"programming-languages/java/#java\u73af\u5883\u914d\u7f6e","title":"Java\u73af\u5883\u914d\u7f6e","text":"\u5728https://www.oracle.com/java/technologies/downloads/\u4e0b\u8f7d\u5bf9\u5e94\u7cfb\u7edf\u7684\u5305\u3002Linux\u9009\u62e9Compressed Archive\uff0c\u89e3\u538b\u7f29\u4ee5\u540e\u914d\u7f6e\u4e0bpath\uff1bWindows\u53ef\u4ee5\u7528MSI Installer\u3002\u5bf9\u5e94\u7684\u6e90\u7801\u5728lib/src.zip\u4e2d\u3002
"},{"location":"programming-languages/java/#java\u6e90\u7801\u67b6\u6784\u7406\u89e3","title":"Java\u6e90\u7801\u67b6\u6784\u7406\u89e3","text":"\u6838\u5fc3\u4ee3\u7801\u3001\u4e3b\u8981\u529f\u80fd\u5728java.base/java\u76ee\u5f55\u4e0b\uff0c\u5176\u4e2d\u5305\u542b\u4e86io\u3001lang\u3001util\u7b49\u591a\u4e2a\u5173\u952e\u6a21\u5757\u3002
"},{"location":"programming-languages/java/#java\u91cc\u6709\u54ea\u4e9b\u6570\u636e\u7ed3\u6784\u7c7b\u578b\u5982\u4f55\u5b9e\u73b0\u7684","title":"Java\u91cc\u6709\u54ea\u4e9b\u6570\u636e\u7ed3\u6784\u7c7b\u578b\uff1f\u5982\u4f55\u5b9e\u73b0\u7684\uff1f","text":"Java\u4e2d\u5e38\u89c1\u7684\u6570\u636e\u7c7b\u578b\u6bd4\u5982Set\u3001Array\u3001
"},{"location":"programming-languages/python/","title":"Python","text":"\u7ea6 786 \u4e2a\u5b57 242 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 27 \u5206\u949f
"},{"location":"programming-languages/python/#\u4e00\u4e9b\u5c0f\u70b9","title":"\u4e00\u4e9b\u5c0f\u70b9","text":"obj.__dir__() \u6216\u8005dir(obj)
\u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install \u2013upgrade, pip3 install \u2013force-reinstall\u7b49\u7b49\u3002
import argparse\n\ndef populate_parser(parser):\n parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n # Verbosity switches\n parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
"},{"location":"programming-languages/python/#\u914d\u7f6e\u8bfb\u53d6yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"\u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305
import yaml\n\nwith open('config.yml', 'rb') as f:\n data = yaml.load(f, Loader=yaml.FullLoader)\n print(data)\n
\u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09
\u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6
item:\n test1: 1\n test2: 2\n test2.1: TRUE\n test2.2: true\n test2.3: True\nmatters:\n test3: 3\n 3: 333\n test4: 4\n test5: ${item.test1}\n test6: a b c d\n test7: \n
\u4f1a\u88ab\u8bc6\u522b\u4e3a
{'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
"},{"location":"programming-languages/python/#\u914d\u7f6e\u8bfb\u53d6json","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ajson","text":"\u9664\u4e86yaml\u4ee5\u5916\uff0c\u7528json\u4e5f\u53ef\u4ee5\u5f88\u65b9\u4fbf\u5730\u5904\u7406\u914d\u7f6e\u3002\u800c\u4e14\u4e0d\u9700\u8981\u989d\u5916\u4e0b\u8f7d\u4ec0\u4e48\u5305\u3002
import json\n\nconfig = json.load(open('config.json','r',encoding='utf8')) # \u76f4\u63a5\u62ff\u5230\u4e86\u5b57\u5178\u683c\u5f0f\u7684config\njson.dump(config, open('config.json', 'w',encoding='utf8'), indent=4, ensure_ascii=False)\n
"},{"location":"programming-languages/python/#\u8fdb\u5ea6\u6761\u8f93\u51fatqdm","title":"\u8fdb\u5ea6\u6761\u8f93\u51fa\uff1atqdm","text":"from tqdm import tqdm # \u7528\u4e8e\u663e\u793a\u8fdb\u5ea6\u6761\nwith tqdm(total=total_num, desc=\"Sample progress bar\", unit=\"file\") as pbar:\n pbar.update(1)\n
"},{"location":"programming-languages/python/#\u8f93\u51fa\u65e5\u5fd7logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"\u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002
import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n
\u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f
import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n
\u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)
"},{"location":"programming-languages/python/#\u63a5\u53e3\u8bbe\u8ba1","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"\u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002
import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n event_id, pc, cnt = bb_regex.match(line).groups()\n\n event_id = int(event_id, 16)\n pc = int(pc, 16)\n cnt = int(cnt)\n\n return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n pc, addr, mode = line.split(\" \")\n return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n try:\n with open(filename, \"r\") as f:\n return [line_parser(line) for line in f.readlines() if line]\n except FileNotFoundError:\n return []\n\ndef parse_bbl_trace(filename):\n return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n return _parse_file(filename, parse_mmio_set_line)\n
"},{"location":"programming-languages/python/#\u4e2d\u95f4\u6570\u636e\u5b58\u50a8capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"Cap\u2019n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a
// test.capnp\nstruct TraceEvent {\n union {\n basicBlock @0 :BasicBlock;\n access @1 :Access;\n }\n}\n\nstruct BasicBlock {\n pc @0 :UInt32;\n lr @1 :UInt32;\n}\n\nstruct Access {\n target @0 :AccessTarget;\n type @1 :AccessType;\n size @2 :UInt8;\n pc @3 :UInt32;\n}\n\nenum AccessTarget {\n ram @0;\n mmio @1;\n}\nenum AccessType {\n read @0;\n write @1;\n}\n
\u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n if event.which() == 'basicBlock':\n print(event.basicBlock.pc)\ntrace_file.close()\n
"},{"location":"programming-languages/python/#\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"\u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal
pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n if timeout_seconds != 0:\n def handler(signal_no, stack_frame):\n pipeline.request_shutdown()\n\n # spin up an alarm for the time\n signal.signal(signal.SIGALRM, handler)\n signal.alarm(timeout_seconds)\n\n pipeline.start()\nexcept Exception as e:\n logger.error(f\"Got exception, shutting down pipeline: {e}\")\n import traceback\n traceback.print_exc()\n status = 1\n
"},{"location":"programming-languages/python/#\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362intelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc
from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n 0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n 0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n # Check if the address is consecutive with the current data\n if current_address is None or address == current_address + len(current_data):\n if current_address is None:\n current_address = address\n current_data += bytes([ih[address]])\n else:\n # Save the previous data and start a new block\n restored_data[current_address] = current_data\n current_address = address\n current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
"},{"location":"programming-languages/python/#\u53c2\u8003\u8d44\u6599","title":"\u53c2\u8003\u8d44\u6599","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"researching-is-living/general/interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":"\u7ea6 179 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
\u7ea6 311 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
\u7ea6 21 \u4e2a\u5b57 190 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 19 \u5206\u949f
"},{"location":"researching-is-living/general/latex/#\u63a8\u8350\u5de5\u5177","title":"\u63a8\u8350\u5de5\u5177","text":"\u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c
"},{"location":"researching-is-living/general/latex/#\u82f1\u6587latex","title":"\u82f1\u6587latex","text":"\\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
"},{"location":"researching-is-living/general/latex/#\u4e2d\u6587latex","title":"\u4e2d\u6587latex","text":"\\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}} % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}} % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}} % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}} % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}} % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont} % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont} % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont} % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont} % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont} % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont} % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont} % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont} % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont} % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont} % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx} \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n\t\\begin{tikzpicture}\n\t\\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n\t\\draw (0,0) circle (#1);\n\t\\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
"},{"location":"researching-is-living/general/picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"\u7ea6 1043 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 3 \u5206\u949f
Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)
RR: A Fault Model for Efficient TEE Replication (NDSS 2023)
No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)
FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)
Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer
A Survey on Adversarial Attacks for Malware Analysis
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)
A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)
Structural Attack against Graph Based Android Malware Detection (CCS 2021)
Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)
Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)
P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)
Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)
REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)
Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)
POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis
A Survey on Software Fault Localization (TSE 2016)
\u7ea6 156 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
"},{"location":"researching-is-living/general/readings/#\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","title":"\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","text":"\u7ea6 508 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
"},{"location":"researching-is-living/general/sci-thoughts/#\u517b\u6210\u4e60\u60ef","title":"\u517b\u6210\u4e60\u60ef","text":"\u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002
\u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002
\u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002
\u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002
"},{"location":"researching-is-living/general/sci-thoughts/#\u79d1\u7814\u5199\u4f5c","title":"\u79d1\u7814\u5199\u4f5c","text":"\u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002
\u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002
"},{"location":"researching-is-living/general/sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"\u7ea6 468 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
\u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a
\u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a
\u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a
\u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a
\u63d0\u51fa\u672c\u6587novelty\uff1a
\u63d0\u51fa\u672c\u6587insight\uff1a
\u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a
\u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a
\u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a
\u7ea6 943 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 3 \u5206\u949f
\u7ea6 1699 \u4e2a\u5b57 2 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 6 \u5206\u949f
\u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f1\uff1a
\u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a2\uff1a
Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.
The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.
Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.
Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.
Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.
"},{"location":"researching-is-living/related/fuzzing/#\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49
"},{"location":"researching-is-living/related/fuzzing/#aflnet","title":"AFLNET","text":"\u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002
"},{"location":"researching-is-living/related/fuzzing/#stateafl","title":"STATEAFL","text":"\u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002
"},{"location":"researching-is-living/related/fuzzing/#nsfuzz","title":"NSFuzz","text":"\u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002
\u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002
\u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002
shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
"},{"location":"researching-is-living/related/fuzzing/#iothunter","title":"IoTHunter","text":"\u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002
"},{"location":"researching-is-living/related/fuzzing/#\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002
\u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002
\u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002
"},{"location":"researching-is-living/related/fuzzing/#dataflow","title":"DATAFLOW","text":"\u6e90\u7801
\u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002
FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE \u21a9
Intrusive v.s. non-intrusive tracing \u21a9
\u7ea6 164 \u4e2a\u5b57 2 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
"},{"location":"researching-is-living/related/linux-kernel/#\u7f16\u8bd1","title":"\u7f16\u8bd1","text":"\u4e0b\u8f7d\u6e90\u7801\uff0c\u53ef\u4ee5\u4ece\u6e05\u534e\u6e90pull\u4e00\u4e2a\uff1agit clone https://mirrors.tuna.tsinghua.edu.cn/git/linux.git
\u3002\u968f\u540e\u7f16\u8bd1\u6e90\u7801\uff0c\u53c2\u8003CSDN\u6559\u7a0b\u3002\u6838\u5fc3\u903b\u8f91\u662f\u4e0b\u8f7d\u597d\u5fc5\u8981\u7684\u4f9d\u8d56\u5305\uff08\u6bd4\u5982apt install build-essential flex bison libssl-dev libelf-dev
\uff09\u4e4b\u540e\uff0c\u5728\u6839\u76ee\u5f55\u8fd0\u884cmake menuconfig
\uff0c\u7136\u540eExit\u4fdd\u5b58\u6587\u4ef6\uff0c\u6700\u540e\u76f4\u63a5\u591a\u7ebf\u7a0b\u7f16\u8bd1make -j8
\u3002
\u968f\u540e\u662f\u6f2b\u957f\u7684\u7f16\u8bd1\u8fc7\u7a0b\u3002\u4ee5Linux 6.12-rc6\u4e3a\u4f8b\u53ef\u80fd\u51fa\u73b0\u7684\u62a5\u9519\uff1a
\u8bc1\u4e66\u95ee\u9898\uff1a
make[3]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.\nmake[2]: *** [scripts/Makefile.build:478: certs] Error 2\nmake[2]: *** Waiting for unfinished jobs....\n
\u53c2\u8003StackOverflow\u4e0a\u7684\u89e3\u7b54\uff0c\u53ef\u4ee5\u4fee\u6539conf\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u7b80\u5355\u5730\u8fd0\u884c scripts/config --disable SYSTEM_TRUSTED_KEYS\nscripts/config --disable SYSTEM_REVOCATION_KEYS\n
\u91cd\u65b0make\u540e\u4e00\u8def\u56de\u8f66\u3002"},{"location":"researching-is-living/related/rca/","title":"\u6839\u56e0\u5206\u6790","text":"\u7ea6 2291 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 8 \u5206\u949f
\u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002
\u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002
\u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002
\u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a
\u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002
\u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002
\u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5
\u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002
\u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002
"},{"location":"researching-is-living/related/rca/#\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"\u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684
"},{"location":"researching-is-living/related/rca/#\u5206\u6790\u65f6\u95f4\u5f00\u9500","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"\u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002
"},{"location":"researching-is-living/related/rca/#\u4e00\u4e9b\u60f3\u6cd5","title":"\u4e00\u4e9b\u60f3\u6cd5","text":"\u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba
"},{"location":"software-security/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"\u7ea6 4823 \u4e2a\u5b57 1287 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 145 \u5206\u949f
\u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college
\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b
\u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF
\u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF
\u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a
HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment
\u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding
POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type
\u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\u201ca\u201d:\u201dxx\u201d}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob
RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#assembly-crash-course-\u5b66\u4e60\u7b14\u8bb0","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#building-a-web-server-\u5b66\u4e60\u7b14\u8bb0","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"\u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002
\u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a
// int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n * uint16_t sa_family;\n * uint8_t sa_data[14]; \n * }\n * \n * struct sockaddr_in {\n * uint16_t sin_family;\n * uint16_t sin_port;\n * uint32_t sin_addr;\n * uint8_t __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#reverse-engineering-\u5b66\u4e60\u7b14\u8bb0","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":"start
\u5728main\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884cstarti
\u5728_start\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884crun
\u4e0d\u6253\u65ad\u70b9\uff0c\u76f4\u63a5\u8fd0\u884cattach <PID>
\u5c06gdb\u9644\u7740\u5230\u4e00\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0bcore <PATH>
\u5206\u6790\u4e00\u4e2a\u7a0b\u5e8f\u8fd0\u884c\u540e\u4ea7\u751f\u7684coredump\u6587\u4ef6start <ARG1> <ARG2> < <STDIN_PATH>
\u8fd0\u884c\u5e26\u6709\u53c2\u6570\u7684\u7a0b\u5e8f\uff0c\u548cshell\u91cc\u8f93\u547d\u4ee4\u4e00\u6837info registers
\u53ef\u4ee5\u67e5\u770b\u5bc4\u5b58\u5668\u7684\u503c\uff08\u6216\u8005\u7b80\u5355\u7684i r
\uff09print
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u8005\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u6bd4\u5982p/x $rdi
\u4ee516\u8fdb\u5236\u6253\u5370rdi\u5bc4\u5b58\u5668\u7684\u503cx/<n><u><f> <address>
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u7edd\u5bf9\u5730\u5740\u7684\u5185\u5bb9\u3002n
\u8868\u793anumber\uff0c\u4e5f\u5c31\u662f\u8bf4\u8981\u6253\u5370\u51e0\u4e2a\u5355\u5143\uff1bu
\u8868\u793aunit size\uff0c\u6bcf\u4e2a\u5355\u5143\u7684\u5b57\u8282\u957f\u5ea6\uff0c\u53ef\u53d6b/h/w/g
\uff0c\u5206\u522b\u8868\u793a1\uff0c2\uff0c4\uff0c8\u5b57\u8282\uff1bf
\u8868\u793a\u8f93\u51fa\u683c\u5f0f\uff0c\u53ef\u53d6d/x/s/i
\uff0c\u5206\u522b\u8868\u793a\u5341\u8fdb\u5236\u3001\u5341\u516d\u8fdb\u5236\u3001\u5b57\u7b26\u4e32\u3001\u6c47\u7f16\u6307\u4ee4\u3002address\u8868\u793a\u8981\u6253\u5370\u7684\u5730\u5740\uff0c\u53ef\u4ee5\u5199\u6210\u6570\u5b66\u8868\u8fbe\u5f0f\u3002set disassembly-flavor intel
\u7528\u6765\u4fee\u6539\u6c47\u7f16\u6307\u4ee4\u7684\u8868\u793a\u5f62\u5f0f\uff0c\u8fd9\u91cc\u662fintel\u6307\u4ee4\u3002stepi <n>
\u6b65\u5165n\u6761\u6c47\u7f16\u6307\u4ee4\uff0cnexti <n>
\u6b65\u8fc7n\u6761\u6c47\u7f16\u6307\u4ee4\uff1b\u5206\u522b\u7b80\u5199\u4e3asi
\u4e0eni
finish
\u6267\u884c\u5230\u5f53\u524d\u51fd\u6570\u7ed3\u675f\u5e76\u8fd4\u56debreak *<addres>
\u5728address\u5904\u6253\u65ad\u70b9\uff0c\u53ef\u4ee5\u7b80\u5199\u4e3ab *<address>
display/<n><u><f>
\u6765\u5728\u6bcf\u4e00\u6761\u64cd\u4f5c\u7ed3\u675f\u540e\u663e\u793a\u67d0\u4e9b\u6570\u503c\u3002nuf\u7684\u7528\u6cd5\u548cx
\u6253\u5370\u5185\u5b58\u5730\u5740\u4e00\u6837-x xxx.gdb
\uff0c\u5c31\u53ef\u4ee5\u5728gdb\u542f\u52a8\u540e\u81ea\u52a8\u5316\u8fd0\u884c\u811a\u672c~/.gdbinit
\u5728\u521d\u59cb\u5316gdb\u4f1a\u8bdd\u65f6\u81ea\u52a8\u8fd0\u884ccall
\u76f4\u63a5\u8c03\u7528\u51fd\u6570\uff0c\u6bd4\u5982call (void)win()
set pagination off
\u5173\u95ed\u5206\u9875\u786e\u8ba4 \u4ee5\u4e0b\u662f\u4e2agdb\u811a\u672c\u7684\u4f8b\u5b50\uff0csilent
\u7528\u4e8e\u5728\u9047\u5230\u65ad\u70b9\u65f6\u51cf\u5c11\u8f93\u51fa\u4fe1\u606f\uff0c\u4ee5\u53ca\u4f7f\u7528set
\u548cprintf
\u8bbe\u7f6e\u53d8\u91cf\u3001\u6253\u5370\u503c\u3002start\nbreak *main+42\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x32)\n printf \"Current value: %llx\\n\", $local_variable\n continue\nend\ncontinue\n
if
\u3001catch
\u6765\u52ab\u6301systemcall\uff0c\u6bd4\u5982\uff1astart\ncatch syscall read\ncommands\n silent\n if ($rdi == 42)\n set $rdi = 0\n end\n continue\nend\ncontinue\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run
\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002
\u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a
\u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002
Level 1
Send an HTTP request using curl
curl http://127.0.0.1\n
Level 2
Send an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\n
Level 3
Send an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 4
Set the host header in an HTTP request using curl
curl -H 'host:xxxxx' http://127.0.0.1\n
Level 5
Set the host header in an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n
Level 6
Set the host header in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n
Level 7
Set the path in an HTTP request using curl
curl http://127.0.0.1/xxxxx\n
Level 8
Set the path in an HTTP request using nc
nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n
Level 9
Set the path in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n
Level 10~12
URL encode a path in an HTTP request using curl/nc/python
\u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef
Level 13~15
Specify an argument in an HTTP request using curl/nc/python
GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef
nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762
Level 16~18
Specify multiple arguments in an HTTP request using curl/nc/python
\u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389
Level 19~21
Include form data in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n
Level 22~24
Include form data with multiple fields in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n
Level 25~27
Include json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n
Level 28~30
Include complex json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n
Level 31~33
Follow an HTTP redirect from HTTP response using curl/nc/python
#curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 34~36
Include a cookie from HTTP response using curl/nc/python
#curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 37~39
Make multiple requests in response to stateful HTTP responses using curl/nc/python
#curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002
Level 1
In this level you will work with registers_use! Please set the following: rdi = 0x1337
from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
\u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run
\u5373\u53ef\u3002 Level 2
asm('add rdi,0x331337')\n
Level 3
asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n
Level 4
\u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg
\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002
asm('mov rax, rdi;div rsi')\n
Level 5
asm('mov rax, rdi;div rsi;mov rax, rdx')\n
Level 6
\u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002
asm('mov al, dil;mov bx, si')\n
Level 7
shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09
asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n
Level 8
and reg1, reg2
\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002
asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n
Level 9
\u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002
asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n
Level 10
\u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]
\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg
\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002
asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n
Level 11
\u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002
asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n
Level 12
\u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002
asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n
Level 13
asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n
Level 14
asm('pop rax;sub rax,rdi; push rax')\n
Level 15
\u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668
asm('push rdi; push rsi; pop rdi; pop rsi')\n
Level 16
\u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09
asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n
Level 17
\u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002
asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n
Level 18
\u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n add eax, [rdi+8]\n add eax, [rdi+12]\n jmp done\ncase2:\n sub eax, [rdi+8]\n sub eax, [rdi+12]\n jmp done\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 19
jmp [reg + offset]
\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002
asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n
Level 20
\u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n cmp rcx, rsi\n je done\n add rax, [rdi + 8 * rcx]\n add rcx, 1\n jmp loop\ndone:\n div rsi\n\"\"\"\n\nprint(asm(payload))\n
Level 21
\u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 22
\u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9
\u8fdb\u884c\u4f20\u53c2\u3001rax
\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n mov bl, [rdx]\n test bl,bl\n jz done\n cmp bl, 0x5a\n jg notif\n mov rax, 0x403000\n xor rdi, rdi\n mov dil, bl\n call rax\n mov [rdx], al\n add rcx, 1\nnotif:\n add rdx, 1\n jmp loop\ndone:\n mov rax, rcx\n ret\n\"\"\"\n\nprint(asm(payload))\n
Level 23
\u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]
\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002
from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n cmp rcx, rdx\n jg loop1_end\n mov al, [rdi + rcx]\n mov r8, rbp\n mov r9, rax\n imul r9, 4\n sub r8, r9\n mov ebx, [r8]\n add ebx, 1\n mov [r8], ebx\n add rcx, 1\n jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n cmp rcx, 0xff\n jg loop2_end\n mov r8, rbp\n mov r9, rcx\n imul r9, 4\n sub r8, r9\n mov edx, [r8]\n cmp edx, ebx\n jle loop2_conti\n mov rbx, rdx\n mov rax, rcx\nloop2_conti:\n add rcx, 1\n jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"\u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002
\u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c
Level 1
\u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a
===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0) = ?\n+++ exited with 0 +++\n
\u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server
\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002
\u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s
\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o
\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server
\u5373\u53ef\u3002
\u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002
\u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a
hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n
\u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86
Level 2
In this challenge you will create a socket.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n\n push rax\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n
Level 3
In this challenge you will bind an address to a socket.
\u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n
\u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n push rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, rax # socket_fd\n push 0x50000002 # AF_INET(2) and PORT(80) in big endian\n mov rsi, rsp # sockaddr_in\n push 0x0 # IP(0.0.0.0)\n push 0x0 # padding\n push 0x0 # padding\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n
Level 4
In this challenge you will listen on a socket.
\u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 5
In this challenge you will accept a connection.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL)\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 6
In this challenge you will respond to an http request.
\u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1\n syscall\n\n # close(4)\n mov rdi, tunnel\n mov rax, 3\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\nrequest: .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 7
In this challenge you will respond to a GET request for the contents of a specified file.
\u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002
open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e0\uff09\u3002
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0) = 0\n[\u2713] accept(3, NULL, NULL) = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY) = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5) = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n
\u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0 # sys_read\n syscall\n\n # open(\"<open_path>\", O_RDONLY) = 5\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(5, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n\n # close(5)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n # close(4)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 8
In this challenge you will accept multiple requests.
\u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0 # sys_read\n syscall\n\n # open(\"<open_path>\", O_RDONLY) = 5\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(5, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n\n # close(5)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n # close(4)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n\n # accept(3, NULL, NULL)\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n \n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 9
In this challenge you will concurrently accept multiple requests.
\u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n\nparent_process_1:\n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # fork() = <fork_result>\n mov rax, 57 # sys_fork\n syscall\n \n test rax, rax\n jnz parent_process_2\n jz child_process\n\nparent_process_2:\n\n # close(3)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n jmp parent_process_1\n\nchild_process:\n\n # close(3)\n mov rdi, sockfd\n mov rax, 3 # sys_close\n syscall\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0 # sys_read\n syscall\n\n # open(\"<open_path>\", O_RDONLY) = 3\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(3, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n\n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 10
In this challenge you will respond to a POST request with a specified file and update its contents.
\u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\u201drnrn\u201c\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n\nparent_process_1:\n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # fork() = <fork_result>\n mov rax, 57 # sys_fork\n syscall\n \n test rax, rax\n jnz parent_process_2\n jz child_process\n\nparent_process_2:\n\n # close(3)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n jmp parent_process_1\n\nchild_process:\n\n # close(3)\n mov rdi, sockfd\n mov rax, 3 # sys_close\n syscall\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov requestlen, rax\n\n # open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\n lea rdi, [request+5] # extract file name\n movb [rdi+16], 0\n mov rsi, 0x41 # O_WRONLY | O_CREAT\n mov rdx, 0777\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n \n # locate POST body\n mov rcx, 0\n mov ebx, separate\nlocate_body:\n mov eax, [request+rcx]\n add rcx, 1\n cmp eax, ebx\n jne locate_body\n # extrace POST body\n add rcx, 3\n mov rdi, txtfile\n lea rsi, [request+rcx]\n mov rdx, requestlen\n sub rdx, rcx\n mov rax, 1 # sys_write\n syscall\n\n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 11
In this challenge you will respond to multiple concurrent GET and POST requests.
\u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n\nparent_process_1:\n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # fork() = <fork_result>\n mov rax, 57 # sys_fork\n syscall\n \n test rax, rax\n jnz parent_process_2\n jz child_process\n\nparent_process_2:\n\n # close(3)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n jmp parent_process_1\n\nchild_process:\n\n # close(3)\n mov rdi, sockfd\n mov rax, 3 # sys_close\n syscall\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov requestlen, rax\n\n # check GET or POST\n mov eax, request\n mov ebx, requestget\n cmp eax, ebx\n je handle_get\n mov ebx, requestpost\n cmp eax, ebx\n je handle_post\n\n jmp program_exit\n\nhandle_get:\n # open(\"<open_path>\", O_RDONLY) = 3\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(3, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n jmp program_exit\n\nhandle_post:\n # open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\n lea rdi, [request+5] # extract file name\n movb [rdi+16], 0\n mov rsi, 0x41 # O_WRONLY | O_CREAT\n mov rdx, 0777\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n \n # locate POST body\n mov rcx, 0\n mov ebx, separate\nlocate_body:\n mov eax, [request+rcx]\n add rcx, 1\n cmp eax, ebx\n jne locate_body\n # extrace POST body\n add rcx, 3\n mov rdi, txtfile\n lea rsi, [request+rcx]\n mov rdx, requestlen\n sub rdx, rcx\n mov rax, 1 # sys_write\n syscall\n\n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\nprogram_exit:\n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"Level 1
\u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run
\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002
Level 2
\u672c\u5173run\u4ee5\u540ep/x $r12
\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002
Level 3
\u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp
\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002
Level 4
\u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc
\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0
\uff0cset $pc=xxx
\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002
Level 5
\u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002
run\u540e\u5148disas $pc
\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a
0x000055981a8ccd40 <+666>: mov esi,0x0\n0x000055981a8ccd45 <+671>: lea rdi,[rip+0xd5e] # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>: mov eax,0x0\n0x000055981a8ccd51 <+683>: call 0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>: mov ecx,eax\n0x000055981a8ccd58 <+690>: lea rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>: mov edx,0x8\n0x000055981a8ccd61 <+699>: mov rsi,rax\n0x000055981a8ccd64 <+702>: mov edi,ecx\n0x000055981a8ccd66 <+704>: call 0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>: lea rdi,[rip+0xd46] # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>: call 0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>: lea rdi,[rip+0xd5a] # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>: mov eax,0x0\n0x000055981a8ccd83 <+733>: call 0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>: lea rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>: mov rsi,rax\n0x000055981a8ccd8f <+745>: lea rdi,[rip+0xd51] # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>: mov eax,0x0\n0x000055981a8ccd9b <+757>: call 0x55981a8cc260 <__isoc99_scanf@plt>\n
\u731c\u6d4b\u57280x000055981a8ccd51
\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66
\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72
\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002
\u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002
start\nbreak *main+716\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x18)\n printf \"Current value: %llx\\n\", $local_variable\n continue\nend\ncontinue\n
\u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002
Level 6
\u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715
\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002
Level 7
\uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f
Level 8
\u76f4\u63a5\u8c03\u7528call (void)win()
\uff0c\u53ef\u4ee5disas *win
\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002
0x0000556609b49951 <+0>: endbr64\n0x0000556609b49955 <+4>: push rbp\n0x0000556609b49956 <+5>: mov rbp,rsp\n0x0000556609b49959 <+8>: sub rsp,0x10\n0x0000556609b4995d <+12>: mov QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>: mov eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>: lea edx,[rax+0x1]\n0x0000556609b4996e <+29>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>: mov DWORD PTR [rax],edx\n0x0000556609b49974 <+35>: lea rdi,[rip+0x73e] # 0x556609b4a0b9\n0x0000556609b4997b <+42>: call 0x556609b49180 <puts@plt>\n
\u53ef\u89c1\u57280x0000556609b49969
\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002
\u4f9d\u6b21\u6267\u884c\uff1abreak *win
\uff0ccall (void)win()
\uff0cset $rip=*win+35
\uff0cc
\u5373\u53ef\u3002
Level 1.0
Reverse engineer this challenge to find the correct license key.
\u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002
\u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]
\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002
Level 1.1
Reverse engineer this challenge to find the correct license key.
\u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c
\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt
\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)
\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX
\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5c <address>
\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002
\u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002
Level 2.0
Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.
\u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002
Level 2.1
\u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a
0x5584f463251f: lea rax,[rbp-0xe]\n0x5584f4632523: mov edx,0x5\n0x5584f4632528: mov rsi,rax\n0x5584f463252b: mov edi,0x0\n0x5584f4632530: call 0x5584f46321a0 <read@plt>\n0x5584f4632535: movzx eax,BYTE PTR [rbp-0xe]\n0x5584f4632539: mov BYTE PTR [rbp-0x10],al\n0x5584f463253c: movzx eax,BYTE PTR [rbp-0xd]\n0x5584f4632540: mov BYTE PTR [rbp-0xf],al\n0x5584f4632543: movzx eax,BYTE PTR [rbp-0xf]\n0x5584f4632547: mov BYTE PTR [rbp-0xe],al\n0x5584f463254a: movzx eax,BYTE PTR [rbp-0x10]\n0x5584f463254e: mov BYTE PTR [rbp-0xd],al\n0x5584f4632551: lea rdi,[rip+0xdb0] # 0x5584f4633308\n0x5584f4632558: call 0x5584f4632140 <puts@plt>\n0x5584f463255d: lea rax,[rbp-0xe]\n0x5584f4632561: mov edx,0x5\n0x5584f4632566: lea rsi,[rip+0x2aa3] # 0x5584f4635010\n0x5584f463256d: mov rdi,rax\n0x5584f4632570: call 0x5584f46321b0 <memcmp@plt>\n
\u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5c 0x5584f4635010
\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002
Level 3.0-3.1
\u8fd0\u884c\u7a0b\u5e8f\uff0c\u968f\u4fbf\u8f93\u51e0\u4e2a\u6570\u3002\u663e\u5f0f\u544a\u8bc9\u4e86\u89c4\u5219\u662f\u9006\u5e8f\uff0c\u53c8\u628a\u6b63\u786e\u7b54\u6848\u6253\u5370\u51fa\u6765\u4e86\u3002
3.1\u731c\u6d4b\u548c3.0\u4e00\u6837\u4e5f\u662f\u9006\u5e8f\u3002\u76f4\u63a5\u63092.1\u7684\u65b9\u6cd5\u770b\u4e00\u4e0b[rbp-0xe]\u5904\u7684\u503c\u7136\u540e\u9006\u5e8f\u8f93\u5165\u5c31\u884c\u3002
Level 4.0-4.1
\u89c4\u5219\u662f\u8fdb\u884c\u9012\u589e\u6392\u5e8f\u3002\u8fd9\u4e0b\u53ea\u9700\u8981\u5305\u542b\u8fd9\u4e9b\u5b57\u6bcd\u5c31\u884c\u3002\uff08\u8fd9\u4e0d\u662f\u66f4\u7b80\u5355\u4e86\u2026\u2026\uff09
Level 5.0-5.1
\u8fd9\u9053\u9898\u662f\u5bf9\u8f93\u5165\u5b57\u7b26\u8fdb\u884c\u5f02\u6216\u3002\u7b80\u5355\u5199\u4e86\u4e2apython\uff0c\u5728\u63a7\u5236\u53f0\u4ea4\u4e92\u65f6\u8fd0\u884c\u4e0b\uff1a
tx = lambda x:int(x,16)\n''.join([chr(i^0xb8) for i in [tx(a) for a in 'd6 d5 d6 cf da'.split() ]])\n
5.1\u548c5.0\u7c7b\u4f3c\uff0c\u4eff\u7167\u4e4b\u524d\u7684\u65b9\u6cd5\u53ef\u4ee5\u770b\u5230\u5f02\u6216\u7528\u7684\u662f0x1c\u3002
Level 6.0
\u8fd9\u9053\u9898\u7ed3\u5408\u4e86\u4ea4\u6362\u3001\u5f02\u6216\u3001\u9006\u5e8f\u4e09\u79cd\u64cd\u4f5c\uff0c\u5e72\u8106\u5199\u4e2a\u811a\u672c\u5904\u7406\u4e0b\u5427\u3002
def do_reverse(li):\n return li[::-1]\n\ndef do_swap(li, idx1, idx2):\n li[idx1], li[idx2] = li[idx2], li[idx1]\n return li\n\ndef do_xor(li, key):\n xor_li = []\n while key > 0:\n xor_li.insert(0, key & 0xff)\n key >>= 8\n for i in range(len(li)):\n li[i] ^= xor_li[i % len(xor_li)]\n return li\n\ndef do_sort(li):\n li.sort()\n return li\n\ndef sanitize(s):\n if type(s) is str:\n f = lambda tx: int(tx,16)\n return [f(i) for i in s.split()]\n if type(s) is list:\n return ''.join([chr(i) for i in s])\n\nprint(sanitize(do_swap(do_xor(do_reverse(sanitize('51 90 52 86 58 98 4d 81 4b 84 4f 9a 57 8c 51 91 56')),0x3ef5),5,6)))\n
6.1\u6709\u70b9\u5947\u602a\uff0c\u770b\u6c47\u7f16\u597d\u50cf\u662f\u5148\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9010\u5b57\u8282\u4e0e0xbb\u5f02\u6216\u3002\u597d\u50cf\u548c5.0\u7684\u7f6e\u6362-\u5f02\u6216-\u9006\u5e8f\u4e0d\u4e00\u6837\u7684\uff1f\u53ef\u80fd\u662f\u968f\u673a\u9009\u62e9\u7b56\u7565\u5427\u3002
Level 7.0-7.1
7.0\u7528\u4e0a\u4e00\u4e2a\u811a\u672c\u5373\u53ef\u3002
print(sanitize(do_swap(do_sort(do_xor(do_swap(do_xor(sanitize(' 16 34 42 00 13 31 46 0d 1c 3b 4e 15 05 22 52 10 04 22 54 1c 0f 2e 59 1d 0e 2f 5b'),0x85a4d396),13,16),0xf2)),7,10)))\n
7.1\u662f\u5148\u548c0x15ca\u5f02\u6216\uff0c\u7136\u540e\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9012\u589e\u6392\u5e8f
print(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0x15ca)))\nprint(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0xca15)))\n\n#u\u00abq\u00acr\u00a6e\u00bad\u00beb\u00b6i\u00b7jo\u00b0o\u00bda\u00bee\u00a5y\u00ads\u00afq\n#\u00aat\u00aes\u00ady\u00bae\u00bba\u00bdi\u00b6h\u00b5\u00b0o\u00b0b\u00bea\u00baz\u00a6r\u00acp\u00ae\n#\u7136\u540e\u628a\u4e24\u4e2a\u7ed3\u679c\u4e2d\u5b57\u6bcd\u6392\u8d77\u6765\n#utqsryeedabiihjooobaaezyrspq\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#\u603b\u7ed3","title":"\u603b\u7ed3","text":"CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01
"},{"location":"software-security/program-analysis/llvm/","title":"LLVM \u5b66\u4e60","text":"\u7ea6 1024 \u4e2a\u5b57 170 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 20 \u5206\u949f
\u53e0\u4e2a\u7532
\u672c\u6587\u5185\u5bb9\u662f\u7ed3\u5408ChatGPT-4o-Latest\u6a21\u578b\u3001LLVM 15.0.7\uff0c\u5728\u521a\u63a5\u89e6llvm\u7684\u65f6\u5019\u8fb9\u5b66\u8fb9\u5199\u4e0b\u7684\u7b14\u8bb0\uff0c\u53ef\u80fd\u4f1a\u51fa\u73b0\u7eb0\u6f0f\u3002\u6b22\u8fce\u8bc4\u8bba\u65a7\u6b63\uff01
"},{"location":"software-security/program-analysis/llvm/#\u5feb\u901f\u4e0a\u624b","title":"\u5feb\u901f\u4e0a\u624b","text":""},{"location":"software-security/program-analysis/llvm/#\u6e90\u7801\u7f16\u8bd1","title":"\u6e90\u7801\u7f16\u8bd1","text":"\u9996\u5148\u5728https://github.com/llvm/llvm-project/releases/ \u4e0b\u8f7d\u5fc3\u4eea\u7684llvm-project-xx.x.x.src.tar.xz
\uff0c\u7136\u540etar -xf llvm*
\u89e3\u538b\u7f29\u540e\u6309\u5982\u4e0b\u8fdb\u884c\u7f16\u8bd1\uff1a
cd llvm-project-*\nmkdir build && cd build\ncmake -G \"Unix Makefiles\" -DLLVM_ENABLE_PROJECTS=\"clang\" -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=On -DLLVM_TARGETS_TO_BUILD=host ../llvm\ncmake --build . -j8 # make -j8 \u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\u591a\u7ebf\u7a0b\u7f16\u8bd1\n
\u7136\u540e\u628a\u751f\u6210\u7684build/bin\u76ee\u5f55\u52a0\u5230PATH\u91cc\uff0c\u628abuild\u76ee\u5f55\u8bbe\u4e3aLLVM_DIR\u5168\u5c40\u53d8\u91cf\u3002
export PATH=<installation/dir/of/llvm/18/bin>:/$PATH\nexport LLVM_DIR=<installation/dir/of/llvm/18>\n
<installation/dir/of/llvm/18>
\u5373\u4e4b\u524d\u5728llvm-project\u6587\u4ef6\u5939\u91cc\u521b\u5efa\u7684build\u76ee\u5f55\u3002
\u53c2\u8003CSDN\u535a\u5ba2
# \u9996\u5148\uff0c\u6dfb\u52a0\u6240\u6709\u53ef\u7528\u7684 llvm-config \u7248\u672c\u5230 update-alternatives\u3002\u6700\u540e\u768420\u300110\u8868\u793a\u6743\u91cd\nsudo update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-15 20\nsudo update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-18 10\n# \u9009\u62e9\u9ed8\u8ba4\u7248\u672c\nsudo update-alternatives --config llvm-config\n\n# \u6dfb\u52a0\u6240\u6709\u53ef\u7528\u7684 clang \u7248\u672c\u5230 update-alternatives\nsudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-15 20\nsudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-18 10\nsudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang-15 20\nsudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang-18 10\n# \u9009\u62e9\u9ed8\u8ba4\u7248\u672c\nsudo update-alternatives --config clang\nsudo update-alternatives --config clang++\n\n# \u67e5\u770bllvm\u7248\u672c\nllvm-config --version\n# \u67e5\u770bclang\u7248\u672c\nclang --version\n
"},{"location":"software-security/program-analysis/llvm/#\u6559\u5b66\u9879\u76ee","title":"\u6559\u5b66\u9879\u76ee","text":"\u63a5\u4e0b\u6765\u63a8\u8350\u8fd9\u4e2agithub\u9879\u76eehttps://github.com/banach-space/llvm-tutor\uff0c\u6309HelloWorld: Your First Pass\u7ae0\u8282\u7ee7\u7eed\u64cd\u4f5c\u5373\u53ef\u3002
# \u5728llvm-tutor/HelloWorld\u76ee\u5f55\u4e0b\uff0c\u9996\u5148\u751f\u6210Pass\u7684.so\u6587\u4ef6\n\nmkdir build\ncd build\ncmake -DLT_LLVM_INSTALL_DIR=$LLVM_DIR .. # \u7528\u4e8e\u5b9a\u4f4dLLVMConfig.cmake\u6587\u4ef6\uff0c\u4ece\u800c\u5e2e\u52a9\u8bbe\u7f6e\u5e93\u6587\u4ef6\u8def\u5f84\nmake\n\n# \u7136\u540e\u7f16\u8bd1\u9700\u8981\u63d2\u6869\u7684\u6587\u4ef6\nclang -O1 -S -emit-llvm <source/dir/llvm/tutor>/inputs/input_for_hello.c -o input_for_hello.ll\n\n# \u6700\u540e\u6267\u884c\u6587\u4ef6\nopt -load-pass-plugin ./libHelloWorld.so -passes=hello-world -disable-output input_for_hello.ll\n
opt\u662f\u4e00\u4e2a\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u7528\u4e8e\u5728LLVM IR\u5c42\u9762\u4e0a\u8fdb\u884c\u4ee3\u7801\u4f18\u5316\u3002 \u5b83\u53ef\u4ee5\u5e94\u7528\u5404\u79cd\u5404\u6837\u7684\u4f18\u5316\u7b56\u7565\uff0c\u5982\u6b7b\u4ee3\u7801\u6d88\u9664\u3001\u5e38\u91cf\u6298\u53e0\u7b49\uff0c\u4ee5\u63d0\u9ad8\u751f\u6210\u4ee3\u7801\u7684\u6548\u7387\u3002
LLVM Pass\u5de5\u4f5c\u5728LLVM IR\u6587\u4ef6\u7684\u57fa\u7840\u4e4b\u4e0a\u3002IR\u5305\u62ecll\uff08\u6587\u672c\u683c\u5f0f\uff0c\u4fbf\u4e8e\u4eba\u5de5\u9605\u8bfb\uff09\u548cbc\uff08\u5b57\u8282\u7801\uff09\u4e24\u79cd\u5f62\u5f0f\u3002\u6e90\u7801\u3001IR\u3001\u6c47\u7f16\u4ee3\u7801\u7684\u4e92\u76f8\u8f6c\u5316\u65b9\u6cd5\u5982\u4e0b\u6240\u793a\uff1a
.c -> .ll: clang -emit-llvm -S a.c -o a.ll\n.c -> .bc: clang -emit-llvm -c a.c -o a.bc\n.ll -> .bc: llvm-as a.ll -o a.bc\n.bc -> .ll: llvm-dis a.bc -o a.ll\n.bc -> .s: llc a.bc -o a.s\n
"},{"location":"software-security/program-analysis/llvm/#\u9879\u76ee\u4f8b\u5b50","title":"\u9879\u76ee\u4f8b\u5b50","text":"\u5229\u7528LLVM\u6784\u5efa\u9759\u6001\u5206\u6790\u6846\u67b6\u65f6\uff0c\u8003\u8651\u7528cmake\u6765\u7ec4\u7ec7\u6574\u4e2a\u9879\u76ee\u7684\u7f16\u8bd1\u3002\u5047\u8bbe\u9700\u8981\u6784\u5efa\u4e00\u4e2a\u7a0b\u5e8f\uff0c\u5b83\u63a5\u6536\u4e00\u4e2abc\u6587\u4ef6\u540d\u4f5c\u4e3a\u53c2\u6570\uff0c\u7136\u540e\u7528\u4e24\u4e2apass\u6765\u8fdb\u884c\u5904\u7406\uff0c\u6253\u5370\u51fabc\u6587\u4ef6\u6240\u5305\u542b\u7684\u51fd\u6570\u540d\uff0c\u4ee5\u53ca\u51fd\u6570\u7684\u53c2\u6570\u4e2a\u6570\uff0c\u53ef\u4ee5\u8fd9\u4e48\u6765\u7ec4\u7ec7\u9879\u76ee\uff1a
Makefilesrc/CMakeLists.txtsrc/main.cppsrc/PrintFunctionArgsPass.cppsrc/PrintFunctionArgsPass.hppsrc/PrintFunctionNamesPass.cppsrc/PrintFunctionNamesPass.hppLLVM_BUILD := ~/llvm-project-15.0.7.src/build\n\n# Rule to build the project\nbuild_project:\n\tmkdir -p build \\\n\t\t&& cd build \\\n\t\t&& PATH=${LLVM_BUILD}/bin:${PATH} \\\n\t\t\tCC=clang CXX=clang++ \\\n\t\t\tcmake ../src \\\n\t\t\t\t-DCMAKE_BUILD_TYPE=Release \\\n\t\t\t\t-DLLVM_ENABLE_ASSERTIONS=ON \\\n\t\t\t\t-DCMAKE_CXX_FLAGS_RELEASE=\"-std=c++17 -fno-rtti -fpic -g\" \\\n\t\t&& make\n\n# Rule to clean the build directory\nclean_project:\n\trm -rf build\n\n# Default target\nall: project\n\n# Clean target\nclean: clean_project\n\n# Project target depends on build_project\nproject: clean_project build_project\n
cmake_minimum_required(VERSION 3.13)\nproject(IPA)\n\nfind_package(LLVM REQUIRED CONFIG)\n# list(APPEND CMAKE_MODULE_PATH \"${LLVM_CMAKE_DIR}\")\nmessage(STATUS \"Found LLVM ${LLVM_PACKAGE_VERSION}\")\nmessage(STATUS \"Using LLVMConfig.cmake in: ${LLVM_DIR}\")\ninclude_directories(${LLVM_INCLUDE_DIRS})\n# add_definitions(${LLVM_DEFINITIONS})\n\nset(project\n main.cpp\n PrintFunctionArgsPass.cpp\n PrintFunctionArgsPass.hpp\n PrintFunctionNamesPass.cpp\n PrintFunctionNamesPass.hpp\n)\nadd_executable(ipa ${project})\n\ntarget_link_libraries(\n ipa\n LLVMCore\n LLVMSupport\n LLVMIRReader\n LLVMAnalysis\n)\n
#include \"llvm/IR/Module.h\"\n#include \"llvm/Support/CommandLine.h\"\n#include \"llvm/Support/raw_ostream.h\"\n#include \"llvm/IRReader/IRReader.h\"\n#include \"llvm/Support/SourceMgr.h\"\n#include \"llvm/Pass.h\"\n\n#include \"PrintFunctionNamesPass.hpp\"\n#include \"PrintFunctionArgsPass.hpp\"\n\nusing namespace llvm;\n\n// Command-line option to specify multiple input .bc files\nstatic cl::list<std::string> InputFilenames(cl::Positional,\n cl::desc(\"<input .bc files>\"),\n cl::OneOrMore);\n\nint main(int argc, char **argv) {\n cl::ParseCommandLineOptions(argc, argv, \"Function Passes\\n\");\n\n LLVMContext Context;\n\n // Iterate through all input files\n for (const auto &InputFilename : InputFilenames) {\n SMDiagnostic Err;\n\n // Load the bitcode file\n std::unique_ptr<Module> Mod = parseIRFile(InputFilename, Err, Context);\n if (!Mod) {\n errs() << \"Error reading bitcode file: \" << InputFilename << \"\\n\";\n Err.print(argv[0], errs());\n continue; // Skip to the next file if there's an error\n }\n\n errs() << \"Analyzing file: \" << InputFilename << \"\\n\";\n\n // Create and run the function name pass\n PrintFunctionNamesPass NamePass;\n NamePass.runOnModule(*Mod);\n\n // Create and run the function argument pass\n PrintFunctionArgsPass ArgsPass;\n ArgsPass.runOnModule(*Mod);\n }\n\n return 0;\n}\n
#include \"PrintFunctionArgsPass.hpp\"\n#include \"llvm/IR/Function.h\"\n#include \"llvm/Support/raw_ostream.h\"\n\nusing namespace llvm;\n\nchar PrintFunctionArgsPass::ID = 0;\n\nPrintFunctionArgsPass::PrintFunctionArgsPass() : ModulePass(ID) {}\n\nbool PrintFunctionArgsPass::runOnModule(Module &M) {\n // Iterate through all functions in the module and print the number of arguments\n for (Function &F : M) {\n if (!F.isDeclaration()) {\n errs() << \"Function Name: \" << F.getName() \n << \", Argument Count: \" << F.arg_size() << \"\\n\";\n }\n }\n return false;\n}\n
#ifndef PRINT_FUNCTION_ARGS_PASS_HPP\n#define PRINT_FUNCTION_ARGS_PASS_HPP\n\n#include \"llvm/IR/Module.h\"\n#include \"llvm/Pass.h\"\n\nclass PrintFunctionArgsPass : public llvm::ModulePass {\npublic:\n static char ID;\n PrintFunctionArgsPass();\n\n bool runOnModule(llvm::Module &M) override;\n};\n\n#endif // PRINT_FUNCTION_ARGS_PASS_HPP\n
#include \"PrintFunctionNamesPass.hpp\"\n#include \"llvm/IR/Function.h\"\n#include \"llvm/Support/raw_ostream.h\"\n\nusing namespace llvm;\n\nchar PrintFunctionNamesPass::ID = 0;\n\nPrintFunctionNamesPass::PrintFunctionNamesPass() : ModulePass(ID) {}\n\nbool PrintFunctionNamesPass::runOnModule(Module &M) {\n // Iterate through all functions in the module and print their names\n for (Function &F : M) {\n if (!F.isDeclaration()) {\n errs() << \"Function Name: \" << F.getName() << \"\\n\";\n }\n }\n return false;\n}\n
#ifndef PRINT_FUNCTION_NAMES_PASS_HPP\n#define PRINT_FUNCTION_NAMES_PASS_HPP\n\n#include \"llvm/IR/Module.h\"\n#include \"llvm/Pass.h\"\n\n\nclass PrintFunctionNamesPass : public llvm::ModulePass {\npublic:\n static char ID;\n PrintFunctionNamesPass();\n\n bool runOnModule(llvm::Module &M) override;\n};\n\n#endif // PRINT_FUNCTION_NAMES_PASS_HPP\n
"},{"location":"software-security/program-analysis/llvm/#llvm-ir","title":"LLVM IR","text":""},{"location":"software-security/program-analysis/llvm/#opaque-pointer","title":"opaque pointer","text":"\u4e0d\u900f\u660e\u6307\u9488\u5373\u4e0d\u5173\u5fc3\u5177\u4f53\u7684\u6307\u9488\u7c7b\u578b\uff0c\u800c\u4f7f\u7528ptr
\u6765\u53d6\u4ee3\u4e4b\u524d\u7684\u5177\u4f53\u7c7b\u578b\u6bd4\u5982i32*
\u3002\u4e0d\u900f\u660e\u6307\u9488\u5728LLVM 15\u6210\u4e3a\u9ed8\u8ba4\u9009\u9879\uff0c\u5e76\u5728LLVM 17\u79fb\u9664\u900f\u660e\u6307\u9488\u3002\u5bf9\u4e8e\u5141\u8bb8\u7981\u7528\u4e0d\u900f\u660e\u6307\u9488\u7684LLVM\u7248\u672c\u800c\u8a00\uff0c\u5728\u547d\u4ee4\u884c\u7f16\u8bd1\u65f6\uff0c\u53ef\u4ee5\u6dfb\u52a0-Xclang -no-opaque-pointers
\u6765\u4fdd\u7559\u663e\u5f0f\u7c7b\u578b\u3002cmake\u53ef\u4ee5\u4f7f\u7528-DCLANG_ENABLE_OPAQUE_POINTERS=OFF
\u3002
\u5728\u542f\u7528\u4e0d\u900f\u660e\u6307\u9488\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5728\u7f16\u8bd1\u65f6\u542f\u7528-g
\u53c2\u6570\uff0c\u4f7f\u5f97\u53ef\u4ee5\u4ece\u7f16\u8bd1\u5668\u751f\u6210\u7684\u8c03\u8bd5\u4fe1\u606f\u4e2d\u6062\u590d\u51fa\u6307\u9488\u7684\u7c7b\u578b\u4fe1\u606f\u3002
#include<stdio.h>\n\nstruct sample {\n int x1;\n int x2;\n struct sample *next;\n};\n\nvoid test(int *p, struct sample* s) {\n s->x2 = *p;\n}\n\nint main () {\n int a, *p;\n a = 10;\n p = &a;\n struct sample s1;\n s1.x1 = 20;\n test(p, &s1);\n printf(\"%d\",s1.x2 + s1.x1);\n}\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, ptr }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(ptr noundef %0, ptr noundef %1) #0 {\n %3 = alloca ptr, align 8\n %4 = alloca ptr, align 8\n store ptr %0, ptr %3, align 8\n store ptr %1, ptr %4, align 8\n %5 = load ptr, ptr %3, align 8\n %6 = load i32, ptr %5, align 4\n %7 = load ptr, ptr %4, align 8\n %8 = getelementptr inbounds %struct.sample, ptr %7, i32 0, i32 1\n store i32 %6, ptr %8, align 4\n ret void\n}\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 {\n %1 = alloca i32, align 4\n %2 = alloca ptr, align 8\n %3 = alloca %struct.sample, align 8\n store i32 10, ptr %1, align 4\n store ptr %1, ptr %2, align 8\n %4 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0\n store i32 20, ptr %4, align 8\n %5 = load ptr, ptr %2, align 8\n call void @test(ptr noundef %5, ptr noundef %3)\n %6 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 1\n %7 = load i32, ptr %6, align 4\n %8 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0\n %9 = load i32, ptr %8, align 8\n %10 = add nsw i32 %7, %9\n %11 = call i32 (ptr, ...) @printf(ptr noundef @.str, i32 noundef %10)\n ret i32 0\n}\n\ndeclare i32 @printf(ptr noundef, ...) #1\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.module.flags = !{!0, !1, !2, !3, !4}\n!llvm.ident = !{!5}\n\n!0 = !{i32 1, !\"wchar_size\", i32 4}\n!1 = !{i32 7, !\"PIC Level\", i32 2}\n!2 = !{i32 7, !\"PIE Level\", i32 2}\n!3 = !{i32 7, !\"uwtable\", i32 2}\n!4 = !{i32 7, !\"frame-pointer\", i32 2}\n!5 = !{!\"clang version 15.0.7\"}\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, %struct.sample* }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(i32* noundef %0, %struct.sample* noundef %1) #0 {\n %3 = alloca i32*, align 8\n %4 = alloca %struct.sample*, align 8\n store i32* %0, i32** %3, align 8\n store %struct.sample* %1, %struct.sample** %4, align 8\n %5 = load i32*, i32** %3, align 8\n %6 = load i32, i32* %5, align 4\n %7 = load %struct.sample*, %struct.sample** %4, align 8\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %7, i32 0, i32 1\n store i32 %6, i32* %8, align 4\n ret void\n}\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 {\n %1 = alloca i32, align 4\n %2 = alloca i32*, align 8\n %3 = alloca %struct.sample, align 8\n store i32 10, i32* %1, align 4\n store i32* %1, i32** %2, align 8\n %4 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0\n store i32 20, i32* %4, align 8\n %5 = load i32*, i32** %2, align 8\n call void @test(i32* noundef %5, %struct.sample* noundef %3)\n %6 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 1\n %7 = load i32, i32* %6, align 4\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0\n %9 = load i32, i32* %8, align 8\n %10 = add nsw i32 %7, %9\n %11 = call i32 (i8*, ...) @printf(i8* noundef getelementptr inbounds ([3 x i8], [3 x i8]* @.str, i64 0, i64 0), i32 noundef %10)\n ret i32 0\n}\n\ndeclare i32 @printf(i8* noundef, ...) #1\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.module.flags = !{!0, !1, !2, !3, !4}\n!llvm.ident = !{!5}\n\n!0 = !{i32 1, !\"wchar_size\", i32 4}\n!1 = !{i32 7, !\"PIC Level\", i32 2}\n!2 = !{i32 7, !\"PIE Level\", i32 2}\n!3 = !{i32 7, !\"uwtable\", i32 2}\n!4 = !{i32 7, !\"frame-pointer\", i32 2}\n!5 = !{!\"clang version 15.0.7\"}\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, ptr }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1, !dbg !0\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(ptr noundef %0, ptr noundef %1) #0 !dbg !17 {\n %3 = alloca ptr, align 8\n %4 = alloca ptr, align 8\n store ptr %0, ptr %3, align 8\n call void @llvm.dbg.declare(metadata ptr %3, metadata !29, metadata !DIExpression()), !dbg !30\n store ptr %1, ptr %4, align 8\n call void @llvm.dbg.declare(metadata ptr %4, metadata !31, metadata !DIExpression()), !dbg !32\n %5 = load ptr, ptr %3, align 8, !dbg !33\n %6 = load i32, ptr %5, align 4, !dbg !34\n %7 = load ptr, ptr %4, align 8, !dbg !35\n %8 = getelementptr inbounds %struct.sample, ptr %7, i32 0, i32 1, !dbg !36\n store i32 %6, ptr %8, align 4, !dbg !37\n ret void, !dbg !38\n}\n\n; Function Attrs: nocallback nofree nosync nounwind readnone speculatable willreturn\ndeclare void @llvm.dbg.declare(metadata, metadata, metadata) #1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 !dbg !39 {\n %1 = alloca i32, align 4\n %2 = alloca ptr, align 8\n %3 = alloca %struct.sample, align 8\n call void @llvm.dbg.declare(metadata ptr %1, metadata !42, metadata !DIExpression()), !dbg !43\n call void @llvm.dbg.declare(metadata ptr %2, metadata !44, metadata !DIExpression()), !dbg !45\n store i32 10, ptr %1, align 4, !dbg !46\n store ptr %1, ptr %2, align 8, !dbg !47\n call void @llvm.dbg.declare(metadata ptr %3, metadata !48, metadata !DIExpression()), !dbg !49\n %4 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0, !dbg !50\n store i32 20, ptr %4, align 8, !dbg !51\n %5 = load ptr, ptr %2, align 8, !dbg !52\n call void @test(ptr noundef %5, ptr noundef %3), !dbg !53\n %6 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 1, !dbg !54\n %7 = load i32, ptr %6, align 4, !dbg !54\n %8 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0, !dbg !55\n %9 = load i32, ptr %8, align 8, !dbg !55\n %10 = add nsw i32 %7, %9, !dbg !56\n %11 = call i32 (ptr, ...) @printf(ptr noundef @.str, i32 noundef %10), !dbg !57\n ret i32 0, !dbg !58\n}\n\ndeclare i32 @printf(ptr noundef, ...) #2\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { nocallback nofree nosync nounwind readnone speculatable willreturn }\nattributes #2 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.dbg.cu = !{!7}\n!llvm.module.flags = !{!9, !10, !11, !12, !13, !14, !15}\n!llvm.ident = !{!16}\n\n!0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression())\n!1 = distinct !DIGlobalVariable(scope: null, file: !2, line: 20, type: !3, isLocal: true, isDefinition: true)\n!2 = !DIFile(filename: \"testsuite/sample1.c\", directory: \"/home/cby/llm-pca/01-project\", checksumkind: CSK_MD5, checksum: \"086ff607109bac3c6d0d457996aa6d0d\")\n!3 = !DICompositeType(tag: DW_TAG_array_type, baseType: !4, size: 24, elements: !5)\n!4 = !DIBasicType(name: \"char\", size: 8, encoding: DW_ATE_signed_char)\n!5 = !{!6}\n!6 = !DISubrange(count: 3)\n!7 = distinct !DICompileUnit(language: DW_LANG_C99, file: !2, producer: \"clang version 15.0.7\", isOptimized: false, runtimeVersion: 0, emissionKind: FullDebug, globals: !8, splitDebugInlining: false, nameTableKind: None)\n!8 = !{!0}\n!9 = !{i32 7, !\"Dwarf Version\", i32 5}\n!10 = !{i32 2, !\"Debug Info Version\", i32 3}\n!11 = !{i32 1, !\"wchar_size\", i32 4}\n!12 = !{i32 7, !\"PIC Level\", i32 2}\n!13 = !{i32 7, !\"PIE Level\", i32 2}\n!14 = !{i32 7, !\"uwtable\", i32 2}\n!15 = !{i32 7, !\"frame-pointer\", i32 2}\n!16 = !{!\"clang version 15.0.7\"}\n!17 = distinct !DISubprogram(name: \"test\", scope: !2, file: !2, line: 10, type: !18, scopeLine: 10, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!18 = !DISubroutineType(types: !19)\n!19 = !{null, !20, !22}\n!20 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !21, size: 64)\n!21 = !DIBasicType(name: \"int\", size: 32, encoding: DW_ATE_signed)\n!22 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !23, size: 64)\n!23 = distinct !DICompositeType(tag: DW_TAG_structure_type, name: \"sample\", file: !2, line: 4, size: 128, elements: !24)\n!24 = !{!25, !26, !27}\n!25 = !DIDerivedType(tag: DW_TAG_member, name: \"x1\", scope: !23, file: !2, line: 5, baseType: !21, size: 32)\n!26 = !DIDerivedType(tag: DW_TAG_member, name: \"x2\", scope: !23, file: !2, line: 6, baseType: !21, size: 32, offset: 32)\n!27 = !DIDerivedType(tag: DW_TAG_member, name: \"next\", scope: !23, file: !2, line: 7, baseType: !22, size: 64, offset: 64)\n!28 = !{}\n!29 = !DILocalVariable(name: \"p\", arg: 1, scope: !17, file: !2, line: 10, type: !20)\n!30 = !DILocation(line: 10, column: 16, scope: !17)\n!31 = !DILocalVariable(name: \"s\", arg: 2, scope: !17, file: !2, line: 10, type: !22)\n!32 = !DILocation(line: 10, column: 34, scope: !17)\n!33 = !DILocation(line: 11, column: 14, scope: !17)\n!34 = !DILocation(line: 11, column: 13, scope: !17)\n!35 = !DILocation(line: 11, column: 5, scope: !17)\n!36 = !DILocation(line: 11, column: 8, scope: !17)\n!37 = !DILocation(line: 11, column: 11, scope: !17)\n!38 = !DILocation(line: 12, column: 1, scope: !17)\n!39 = distinct !DISubprogram(name: \"main\", scope: !2, file: !2, line: 13, type: !40, scopeLine: 13, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!40 = !DISubroutineType(types: !41)\n!41 = !{!21}\n!42 = !DILocalVariable(name: \"a\", scope: !39, file: !2, line: 14, type: !21)\n!43 = !DILocation(line: 14, column: 9, scope: !39)\n!44 = !DILocalVariable(name: \"p\", scope: !39, file: !2, line: 14, type: !20)\n!45 = !DILocation(line: 14, column: 13, scope: !39)\n!46 = !DILocation(line: 15, column: 7, scope: !39)\n!47 = !DILocation(line: 16, column: 7, scope: !39)\n!48 = !DILocalVariable(name: \"s1\", scope: !39, file: !2, line: 17, type: !23)\n!49 = !DILocation(line: 17, column: 19, scope: !39)\n!50 = !DILocation(line: 18, column: 8, scope: !39)\n!51 = !DILocation(line: 18, column: 11, scope: !39)\n!52 = !DILocation(line: 19, column: 10, scope: !39)\n!53 = !DILocation(line: 19, column: 5, scope: !39)\n!54 = !DILocation(line: 20, column: 20, scope: !39)\n!55 = !DILocation(line: 20, column: 28, scope: !39)\n!56 = !DILocation(line: 20, column: 23, scope: !39)\n!57 = !DILocation(line: 20, column: 5, scope: !39)\n!58 = !DILocation(line: 21, column: 1, scope: !39)\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, %struct.sample* }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1, !dbg !0\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(i32* noundef %0, %struct.sample* noundef %1) #0 !dbg !17 {\n %3 = alloca i32*, align 8\n %4 = alloca %struct.sample*, align 8\n store i32* %0, i32** %3, align 8\n call void @llvm.dbg.declare(metadata i32** %3, metadata !29, metadata !DIExpression()), !dbg !30\n store %struct.sample* %1, %struct.sample** %4, align 8\n call void @llvm.dbg.declare(metadata %struct.sample** %4, metadata !31, metadata !DIExpression()), !dbg !32\n %5 = load i32*, i32** %3, align 8, !dbg !33\n %6 = load i32, i32* %5, align 4, !dbg !34\n %7 = load %struct.sample*, %struct.sample** %4, align 8, !dbg !35\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %7, i32 0, i32 1, !dbg !36\n store i32 %6, i32* %8, align 4, !dbg !37\n ret void, !dbg !38\n}\n\n; Function Attrs: nocallback nofree nosync nounwind readnone speculatable willreturn\ndeclare void @llvm.dbg.declare(metadata, metadata, metadata) #1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 !dbg !39 {\n %1 = alloca i32, align 4\n %2 = alloca i32*, align 8\n %3 = alloca %struct.sample, align 8\n call void @llvm.dbg.declare(metadata i32* %1, metadata !42, metadata !DIExpression()), !dbg !43\n call void @llvm.dbg.declare(metadata i32** %2, metadata !44, metadata !DIExpression()), !dbg !45\n store i32 10, i32* %1, align 4, !dbg !46\n store i32* %1, i32** %2, align 8, !dbg !47\n call void @llvm.dbg.declare(metadata %struct.sample* %3, metadata !48, metadata !DIExpression()), !dbg !49\n %4 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0, !dbg !50\n store i32 20, i32* %4, align 8, !dbg !51\n %5 = load i32*, i32** %2, align 8, !dbg !52\n call void @test(i32* noundef %5, %struct.sample* noundef %3), !dbg !53\n %6 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 1, !dbg !54\n %7 = load i32, i32* %6, align 4, !dbg !54\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0, !dbg !55\n %9 = load i32, i32* %8, align 8, !dbg !55\n %10 = add nsw i32 %7, %9, !dbg !56\n %11 = call i32 (i8*, ...) @printf(i8* noundef getelementptr inbounds ([3 x i8], [3 x i8]* @.str, i64 0, i64 0), i32 noundef %10), !dbg !57\n ret i32 0, !dbg !58\n}\n\ndeclare i32 @printf(i8* noundef, ...) #2\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { nocallback nofree nosync nounwind readnone speculatable willreturn }\nattributes #2 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.dbg.cu = !{!7}\n!llvm.module.flags = !{!9, !10, !11, !12, !13, !14, !15}\n!llvm.ident = !{!16}\n\n!0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression())\n!1 = distinct !DIGlobalVariable(scope: null, file: !2, line: 20, type: !3, isLocal: true, isDefinition: true)\n!2 = !DIFile(filename: \"testsuite/sample1.c\", directory: \"/home/cby/llm-pca/01-project\", checksumkind: CSK_MD5, checksum: \"086ff607109bac3c6d0d457996aa6d0d\")\n!3 = !DICompositeType(tag: DW_TAG_array_type, baseType: !4, size: 24, elements: !5)\n!4 = !DIBasicType(name: \"char\", size: 8, encoding: DW_ATE_signed_char)\n!5 = !{!6}\n!6 = !DISubrange(count: 3)\n!7 = distinct !DICompileUnit(language: DW_LANG_C99, file: !2, producer: \"clang version 15.0.7\", isOptimized: false, runtimeVersion: 0, emissionKind: FullDebug, globals: !8, splitDebugInlining: false, nameTableKind: None)\n!8 = !{!0}\n!9 = !{i32 7, !\"Dwarf Version\", i32 5}\n!10 = !{i32 2, !\"Debug Info Version\", i32 3}\n!11 = !{i32 1, !\"wchar_size\", i32 4}\n!12 = !{i32 7, !\"PIC Level\", i32 2}\n!13 = !{i32 7, !\"PIE Level\", i32 2}\n!14 = !{i32 7, !\"uwtable\", i32 2}\n!15 = !{i32 7, !\"frame-pointer\", i32 2}\n!16 = !{!\"clang version 15.0.7\"}\n!17 = distinct !DISubprogram(name: \"test\", scope: !2, file: !2, line: 10, type: !18, scopeLine: 10, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!18 = !DISubroutineType(types: !19)\n!19 = !{null, !20, !22}\n!20 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !21, size: 64)\n!21 = !DIBasicType(name: \"int\", size: 32, encoding: DW_ATE_signed)\n!22 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !23, size: 64)\n!23 = distinct !DICompositeType(tag: DW_TAG_structure_type, name: \"sample\", file: !2, line: 4, size: 128, elements: !24)\n!24 = !{!25, !26, !27}\n!25 = !DIDerivedType(tag: DW_TAG_member, name: \"x1\", scope: !23, file: !2, line: 5, baseType: !21, size: 32)\n!26 = !DIDerivedType(tag: DW_TAG_member, name: \"x2\", scope: !23, file: !2, line: 6, baseType: !21, size: 32, offset: 32)\n!27 = !DIDerivedType(tag: DW_TAG_member, name: \"next\", scope: !23, file: !2, line: 7, baseType: !22, size: 64, offset: 64)\n!28 = !{}\n!29 = !DILocalVariable(name: \"p\", arg: 1, scope: !17, file: !2, line: 10, type: !20)\n!30 = !DILocation(line: 10, column: 16, scope: !17)\n!31 = !DILocalVariable(name: \"s\", arg: 2, scope: !17, file: !2, line: 10, type: !22)\n!32 = !DILocation(line: 10, column: 34, scope: !17)\n!33 = !DILocation(line: 11, column: 14, scope: !17)\n!34 = !DILocation(line: 11, column: 13, scope: !17)\n!35 = !DILocation(line: 11, column: 5, scope: !17)\n!36 = !DILocation(line: 11, column: 8, scope: !17)\n!37 = !DILocation(line: 11, column: 11, scope: !17)\n!38 = !DILocation(line: 12, column: 1, scope: !17)\n!39 = distinct !DISubprogram(name: \"main\", scope: !2, file: !2, line: 13, type: !40, scopeLine: 13, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!40 = !DISubroutineType(types: !41)\n!41 = !{!21}\n!42 = !DILocalVariable(name: \"a\", scope: !39, file: !2, line: 14, type: !21)\n!43 = !DILocation(line: 14, column: 9, scope: !39)\n!44 = !DILocalVariable(name: \"p\", scope: !39, file: !2, line: 14, type: !20)\n!45 = !DILocation(line: 14, column: 13, scope: !39)\n!46 = !DILocation(line: 15, column: 7, scope: !39)\n!47 = !DILocation(line: 16, column: 7, scope: !39)\n!48 = !DILocalVariable(name: \"s1\", scope: !39, file: !2, line: 17, type: !23)\n!49 = !DILocation(line: 17, column: 19, scope: !39)\n!50 = !DILocation(line: 18, column: 8, scope: !39)\n!51 = !DILocation(line: 18, column: 11, scope: !39)\n!52 = !DILocation(line: 19, column: 10, scope: !39)\n!53 = !DILocation(line: 19, column: 5, scope: !39)\n!54 = !DILocation(line: 20, column: 20, scope: !39)\n!55 = !DILocation(line: 20, column: 28, scope: !39)\n!56 = !DILocation(line: 20, column: 23, scope: !39)\n!57 = !DILocation(line: 20, column: 5, scope: !39)\n!58 = !DILocation(line: 21, column: 1, scope: !39)\n
\u7ed3\u5408\u8c03\u8bd5\u5143\u6570\u636e\uff08\u5982 DILocalVariable \u548c DIType\uff09\u4ee5\u53ca\u9ad8\u5c42\u63a5\u53e3\uff08\u5982\u51fd\u6570\u7b7e\u540d\uff09\u53ef\u4ee5\u6062\u590d\u6307\u9488\u7c7b\u578b\u3002\u4f46\u5982\u679c\u6ca1\u6709\u8c03\u8bd5\u4fe1\u606f\uff0c\u6062\u590d\u7c7b\u578b\u4f1a\u53d8\u5f97\u56f0\u96be\uff0c\u53ea\u80fd\u901a\u8fc7\u95f4\u63a5\u624b\u6bb5\u63a8\u65ad\u6307\u9488\u7c7b\u578b\u3002
"},{"location":"software-security/program-analysis/llvm/#llvm-api","title":"LLVM API","text":""},{"location":"software-security/program-analysis/llvm/#\u5934\u6587\u4ef6\u67b6\u6784","title":"\u5934\u6587\u4ef6\u67b6\u6784","text":"\u5173\u6ce8\u4e4b\u524d\u4e0b\u8f7d\u7684llvm-project-xx.x.x.src\u76ee\u5f55\u4e0b\u7684llvm/include/llvm\u6587\u4ef6\u5939\uff0c\u91cc\u9762\u5305\u542bADT
\u3001IR
\u3001IRReader
\u7b49\u5404\u79cd\u5934\u6587\u4ef6\uff0c\u4ece\u4e2d\u53ef\u4ee5\u4e86\u89e3\u5982\u4f55\u8c03API\u3002\u4ee515.0.7\u7248\u672c\u4e3a\u4f8b\uff0c\u76ee\u5f55\u67b6\u6784\u5982\u4e0b\uff1a
./\n\u251c\u2500\u2500 ADT/\n\u251c\u2500\u2500 Analysis/\n\u251c\u2500\u2500 AsmParser/\n\u251c\u2500\u2500 BinaryFormat/\n\u251c\u2500\u2500 Bitcode/\n\u251c\u2500\u2500 Bitstream/\n\u251c\u2500\u2500 CMakeLists.txt\n\u251c\u2500\u2500 CodeGen/\n\u251c\u2500\u2500 Config/\n\u251c\u2500\u2500 DebugInfo/\n\u251c\u2500\u2500 Debuginfod/\n\u251c\u2500\u2500 Demangle/\n\u251c\u2500\u2500 DWARFLinker/\n\u251c\u2500\u2500 DWP/\n\u251c\u2500\u2500 ExecutionEngine/\n\u251c\u2500\u2500 FileCheck/\n\u251c\u2500\u2500 Frontend/\n\u251c\u2500\u2500 FuzzMutate/\n\u251c\u2500\u2500 InitializePasses.h\n\u251c\u2500\u2500 InterfaceStub/\n\u251c\u2500\u2500 IR/\n\u251c\u2500\u2500 IRReader/\n\u251c\u2500\u2500 LineEditor/\n\u251c\u2500\u2500 LinkAllIR.h\n\u251c\u2500\u2500 LinkAllPasses.h\n\u251c\u2500\u2500 Linker/\n\u251c\u2500\u2500 LTO/\n\u251c\u2500\u2500 MC/\n\u251c\u2500\u2500 MCA/\n\u251c\u2500\u2500 module.extern.modulemap\n\u251c\u2500\u2500 module.install.modulemap\n\u251c\u2500\u2500 module.modulemap\n\u251c\u2500\u2500 module.modulemap.build\n\u251c\u2500\u2500 ObjCopy/\n\u251c\u2500\u2500 Object/\n\u251c\u2500\u2500 ObjectYAML/\n\u251c\u2500\u2500 Option/\n\u251c\u2500\u2500 PassAnalysisSupport.h\n\u251c\u2500\u2500 Passes/\n\u251c\u2500\u2500 Pass.h\n\u251c\u2500\u2500 PassInfo.h\n\u251c\u2500\u2500 PassRegistry.h\n\u251c\u2500\u2500 PassSupport.h\n\u251c\u2500\u2500 ProfileData/\n\u251c\u2500\u2500 Remarks/\n\u251c\u2500\u2500 Support/\n\u251c\u2500\u2500 TableGen/\n\u251c\u2500\u2500 Target/\n\u251c\u2500\u2500 Testing/\n\u251c\u2500\u2500 TextAPI/\n\u251c\u2500\u2500 ToolDrivers/\n\u251c\u2500\u2500 Transforms/\n\u251c\u2500\u2500 WindowsDriver/\n\u251c\u2500\u2500 WindowsManifest/\n\u251c\u2500\u2500 WindowsResource/\n\u2514\u2500\u2500 XRay/\n\n43 directories, 13 files\n
"},{"location":"software-security/program-analysis/llvm/#passh","title":"Pass.h","text":"LLVM Pass\u7684\u57fa\u7840\u662f\u4e00\u4e2a\u4e2apass\uff0c\u6bd4\u5982\u81ea\u5df1\u5199\u4e00\u4e2a\u7c7b\u7ee7\u627fllvm::ModulePass
\uff0c\u5728\u5185\u90e8\u8986\u5199runOnModule
\u51fd\u6570\u3002\u800cModulePass\u53c8\u662f\u7ee7\u627f\u81eallvm::Pass
\u7684\uff0c\u4e5f\u5c31\u662f\u76f4\u63a5\u6765\u81ea\u5934\u6587\u4ef6\u76ee\u5f55\u4e0b\u7684Pass.h
\u6587\u4ef6\u3002\u8fd9\u4e2a\u5934\u6587\u4ef6\u5927\u81f4\u7ed3\u6784\u5982\u4e0b\uff1a
#ifndef LLVM_PASS_H\n#define LLVM_PASS_H\n#include <string>\n\nnamespace llvm {\n\nclass AnalysisResolver;\nclass AnalysisUsage;\nclass Function;\n// ...\n\n// AnalysisID - Use the PassInfo to identify a pass...\nusing AnalysisID = const void *;\n\n/// Different types of internal pass managers.\nenum PassManagerType {\n// ...\n};\n\n// Different types of passes.\nenum PassKind {\n// ...\n};\n\n/// This enumerates the LLVM full LTO or ThinLTO optimization phases.\nenum class ThinOrFullLTOPhase {\n// ...\n};\n\nclass Pass {\n// ...\n};\n\nclass ModulePass : public Pass {\n// ...\n};\n\nclass ImmutablePass : public ModulePass {\n// ...\n};\n\nclass FunctionPass : public Pass {\n// ...\n};\n\n} // end namespace llvm\n\n// Include support files that contain important APIs commonly used by Passes,\n// but that we want to separate out to make it easier to read the header files.\n#include \"llvm/PassAnalysisSupport.h\"\n#include \"llvm/PassSupport.h\"\n\n#endif // LLVM_PASS_H\n
\u53ef\u89c1\uff0cModulePass\u548cFunctionPass\u4e24\u4e2a\u7c7b\u76f4\u63a5\u7ee7\u627f\u4e86Pass\u3002ImmutablePass\u76f4\u63a5\u7ee7\u627f\u4e86ModulePass\u3002
"},{"location":"software-security/program-analysis/llvm/#bc\u6587\u4ef6\u8bfb\u53d6\u4e0e\u89e3\u6790","title":"bc\u6587\u4ef6\u8bfb\u53d6\u4e0e\u89e3\u6790","text":"\u901a\u8fc7#include \"llvm/IRReader/IRReader.h\"
\u4f7f\u7528std::unique_ptr<Module> parseIRFile(StringRef Filename, SMDiagnostic &Err, LLVMContext &Context)
\u6765\u83b7\u53d6bc\u6587\u4ef6\u7684\u6307\u9488\uff0c\u968f\u540e\u53ef\u4ee5\u5728\u81ea\u5b9a\u4e49\u65b9\u6cd5\u5982myParseFunc(const Module &Mod)
\u4e2d\u904d\u5386\u6307\u9488\u5185\u5bb9\uff08\u5373\u89e3\u5f15\u7528\uff09\uff0c\u5f97\u5230llvm::Module\u4e0b\u4e00\u5c42\u7684llvm::Function\u3002\u7c7b\u4f3c\u5730\uff0c\u5bf9llvm::Function\u8fdb\u4e00\u6b65\u904d\u5386\u53ef\u4ee5\u83b7\u53d6llvm::BasicBlock\uff0c\u518d\u8fdb\u4e00\u6b65\u904d\u5386\u53ef\u4ee5\u83b7\u53d6llvm::Instruction\uff0c\u6bcf\u4e00\u7ea7\u53ef\u4ee5\u8c03\u7528\u76f8\u5173API\u51fd\u6570\u3002
\u6839\u636eLLVM\u5206\u6790\u7684\u7a0b\u5e8f\u5bf9\u8c61\u4e0d\u540c\uff0c\u53ef\u4ee5\u6309\u4ece\u5927\u5230\u5c0f\u7684\u987a\u5e8f\u5206\u4e3aModule\u3001Function\u3001BasicBlock\u3001Instruction\u56db\u4e2a\u7b49\u7ea7\u3002\u53ef\u4ee5\u76f4\u63a5\u91c7\u7528for\u5faa\u73af\u904d\u5386\u9ad8\u7b49\u7ea7\u5bf9\u8c61\u7684\u65b9\u6cd5\uff0c\u83b7\u53d6\u5176\u4e2d\u7684\u4e0b\u4e00\u7ea7\u5bf9\u8c61\u3002\u53ef\u89c1\u524d\u6587\u7684\u9879\u76ee\u4f8b\u5b50\u3002
"},{"location":"software-security/program-analysis/llvm/#llvmmodule","title":"llvm::Module","text":"\u53ef\u4ee5\u7406\u89e3\u4e3a\u5bf9\u6574\u4e2abc\u6587\u4ef6\u8fdb\u884c\u5206\u6790\u5f97\u5230\u7684\u7ed3\u679c\uff0c\u5176\u4e2d\u5305\u542b\u591a\u4e2aFunction\u3002
"},{"location":"software-security/program-analysis/llvm/#llvmfunction","title":"llvm::Function","text":""},{"location":"software-security/program-analysis/llvm/#llvmbasicblock","title":"llvm::BasicBlock","text":""},{"location":"software-security/program-analysis/llvm/#llvminstruction","title":"llvm::Instruction","text":"const llvm::Instruction I;\nI.getOpcodeName(); // \u83b7\u53d6\u64cd\u4f5c\u7b26\u7684\u5b57\u7b26\u4e32\u540d\u79f0\nI.getNumOperands(); // \u83b7\u53d6\u64cd\u4f5c\u6570\u4e2a\u6570\nI.getOperand(i); // \u83b7\u53d6\u7b2ci\u4e2a\u64cd\u4f5c\u6570\uff0c\u8fd4\u56dellvm::Value*\n\nI.hasMetaData(); // \u68c0\u67e5\u5f53\u524d\u6307\u4ee4\u662f\u5426\u9644\u6709metadata\uff0c\u6bd4\u5982\u8c03\u8bd5\u4fe1\u606f\nI.getMetaData(\"dbg\"); // \u83b7\u53d6\u5f53\u524d\u6307\u4ee4\u7684dbg\u8c03\u8bd5\u4fe1\u606f\n
"},{"location":"software-security/program-analysis/llvm/#\u8c03\u8bd5\u4fe1\u606f\u5206\u6790","title":"\u8c03\u8bd5\u4fe1\u606f\u5206\u6790","text":"\u524d\u6587\u63d0\u5230\uff0c\u5728\u7f16\u8bd1\u7a0b\u5e8f\u65f6\u6dfb\u52a0-g
\u9009\u9879\uff0c\u53ef\u4ee5\u751f\u6210\u7c7b\u4f3c
\u7ea6 112 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"software-security/reverse/IDA/#\u53cd\u7f16\u8bd1arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"\u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002
raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002
"},{"location":"software-security/reverse/reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":"\u7ea6 59 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"software-security/reverse/reverse-advanced/#windows\u9006\u5411\u6280\u672f\u6982\u5ff5","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker
"},{"location":"software-security/reverse/reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"\u7ea6 1078 \u4e2a\u5b57 10 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 5 \u5206\u949f
\u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u8c03\u7528\u7ea6\u5b9a","title":"\u8c03\u7528\u7ea6\u5b9a","text":"cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002
stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X
\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002
fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"call
\u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c
retn
\u5373pop EIP
test
\u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668
NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"\u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a
push ebp\nmov ebp,esp\n
\u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27
"},{"location":"software-security/reverse/reverse-basic/#\u540d\u79f0\u4fee\u9970","title":"\u540d\u79f0\u4fee\u9970","text":"\u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv
\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a
namespace wikipedia\n{\n class article\n {\n public:\n std::string format();\n }\n}\n
\u5176\u4e2d_Z
\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN
\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E
\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002
PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002
#pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a
\u6216.lib
\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so
\u6216.dll
\u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c
\u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef
\u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o
\uff0car crs libxx.a xx.o
\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC
\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e
\u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr
\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g
\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2
)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file
\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002
\u4f7f\u7528ulimit -c unlimited
\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern
\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g
\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>
\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002
Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5
"}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\u200b\\u3000\\-\u3001\u3002\uff0c\uff0e\uff1f\uff01\uff1b]+","pipeline":["stemmer"]},"docs":[{"location":"","title":"\u9996\u9875","text":"\u7ea6 100 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
\u81f4\u8f9e
\u535a\u5ba2\u603b\u89c8
\u63a8\u8350\u9605\u8bfb
\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/","title":"Index","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
he!
"},{"location":"algorithm-and-data-structure/algorithm/branch-and-bound-algo/","title":"\u5206\u652f\u5b9a\u754c\u7b97\u6cd5","text":"\u7ea6 6 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/dynamic-algo/","title":"\u52a8\u6001\u89c4\u5212\u7b97\u6cd5","text":"\u7ea6 6 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/graph-algo/","title":"\u56fe\u7b97\u6cd5","text":"\u7ea6 3 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/algorithm/greedy-algo/","title":"\u8d2a\u5fc3\u7b97\u6cd5","text":"\u7ea6 4 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/array/","title":"\u6570\u7ec4","text":"\u7ea6 2 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/graph/","title":"\u56fe","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/linkedlist/","title":"\u94fe\u8868","text":"\u7ea6 2 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/queue/","title":"\u961f\u5217","text":"\u7ea6 2 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/stack/","title":"\u6808","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"algorithm-and-data-structure/data-structure/tree/","title":"\u6811","text":"\u7ea6 1 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"misc-notes/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"misc-notes/environments/envs/","title":"\u73af\u5883\u914d\u7f6e","text":"\u7ea6 593 \u4e2a\u5b57 49 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 7 \u5206\u949f
\u7ecf\u5e38\u9047\u5230\u65b0\u7cfb\u7edf\u5feb\u901f\u914d\u7f6e\u7684\u73af\u5883\uff08wsl\u3001\u65b0\u670d\u52a1\u5668\uff09\uff0c\u7279\u6b64\u603b\u7ed3\u4e00\u4e0b
"},{"location":"misc-notes/environments/envs/#ubuntu\u66f4\u65b0\u57fa\u672c\u73af\u5883","title":"Ubuntu\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"sudo apt update\nsudo apt install curl build-essential gcc make -y\n
"},{"location":"misc-notes/environments/envs/#\u5b89\u88c5docker","title":"\u5b89\u88c5docker","text":"\u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef
\u4e5f\u53ef\u4ee5\u6309curl -fsSL https://get.docker.com -o get-docker.sh
\u3001sudo sh get-docker.sh
\u6765\u5b89\u88c5\u3002
curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n
rustup update\n
\u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)
[source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
"},{"location":"misc-notes/environments/envs/#\u8bbe\u7f6egolang\u4ee3\u7406","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"go env -w GOPROXY=https://goproxy.cn\n
"},{"location":"misc-notes/environments/envs/#\u5b89\u88c5ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"sudo apt install zsh\n
curl\u548cwget\u4e8c\u9009\u4e00
sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
\u4e2a\u4eba\u89c9\u5f97jonathan\u7684\u4e3b\u9898\u6bd4\u8f83\u597d\u770b\uff0c\u53ef\u4ee5\u914d\u7f6e\u4e0b~/.zshrc\u7684ZSH_THEME\u3002
"},{"location":"misc-notes/environments/envs/#git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"\u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3
git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
"},{"location":"misc-notes/environments/envs/#perf-\u5b89\u88c5ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"sudo apt-get install linux-tools-`uname -r`\n
"},{"location":"misc-notes/environments/envs/#\u9009\u62e9ssh\u5bc6\u94a5","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"\u4f1a\u5728\u5f53\u524dterminal\u521b\u5efa\u4e00\u4e2aagent\uff0c\u540e\u7eed\u9ed8\u8ba4\u4f7f\u7528\u8fd9\u4e2aagent\u8fdb\u884cssh\u64cd\u4f5c\u3002\u5bf9\u4e8e\u6709\u5bc6\u7801\u7684\u79c1\u94a5\u6216\u8005\u81ea\u5b9a\u4e49\u547d\u540d\u79c1\u94a5\u6765\u8bf4\u6bd4\u8f83\u597d\u7528\u3002
evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
"},{"location":"misc-notes/environments/envs/#windows\u4e0b\u5b89\u88c5make","title":"Windows\u4e0b\u5b89\u88c5make","text":"\u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make
wsl -l --all -v
wsl --shutdown <\u955c\u50cf\u540d>
wsl --export <\u955c\u50cf\u540d> <\u5907\u4efd\u4fdd\u5b58\u4f4d\u7f6e.tar>
wsl --unregister <\u955c\u50cf\u540d>
wsl --import <\u955c\u50cf\u540d> <\u5bfc\u51fa\u8def\u5f84> <\u5907\u4efd\u4fdd\u5b58\u4f4d\u7f6e.tar> --version 2
\u4e0b\u8f7dhttps://nodejs.org/en/download/
npm\u8bbe\u7f6e\u56fd\u5185\u6e90\uff1a npm config set registry=\"http://r.cnpmjs.org\"
\u5728\u8981\u4fdd\u5b58\u9879\u76ee\u76ee\u5f55\u7684\u76ee\u5f55\u91cc\uff0c\u8fd0\u884cnpm create vue@latest
\uff0c\u968f\u540e\u4f1a\u5f15\u5bfc\u521b\u5efa\u9879\u76ee\u540d\u7b49\u3002\u8fdb\u5165\u9879\u76ee\u540e\uff0c\u5148npm install
\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528npm run dev
\u548cnpm run build
\u6765\u751f\u6210\u7f51\u7ad9\u3002
\u4f7f\u7528docker pull nginx
\u76f4\u63a5\u62c9\u53d6\u65b0\u7684nginx\u955c\u50cf\uff0c\u7136\u540edocker run -itd --name=<\u5bb9\u5668\u540d\u5b57> -p 4000:80 -v /vue\u9879\u76ee\u8def\u5f84/dist:/usr/share/nginx/html nginx
\u6765\u76f4\u63a5\u63d0\u4f9b\u7f51\u7ad9\u670d\u52a1\u3002\u6ce8\u610f\u8fd9\u91cc\u662f\u5c06\u4e3b\u673a4000\u7aef\u53e3\u6620\u5c04\u523080\u7aef\u53e3\uff0c\u540c\u65f6\u5c06npm run build
\u751f\u6210\u7684\u7f51\u7ad9\u6302\u8f7d\u5230nginx\u7684\u9ed8\u8ba4\u7ad9\u70b9\u76ee\u5f55\u4e2d\uff08nginx\u7248\u672c1.25\uff09\u3002
\u53ef\u4ee5\u5728\u5916\u90e8\u8bbf\u95ee\u4e00\u4e0b\uff0c\u5982\u679c\u770b\u5230\u7684\u7f51\u7ad9\u662fnginx\u9ed8\u8ba4\u9875\u9762\uff0c\u53ef\u4ee5docker exec\u5230nginx\u5bb9\u5668\u91cc\u68c0\u67e5\u4e0b/etc/nginx/conf.d/default.conf
\uff08\u6216\u76f8\u4f3c\u7684\u5176\u4ed6conf\u8def\u5f84\uff0c\u6839\u636enginx\u7248\u672c\u6709\u6240\u533a\u522b\uff09\uff0c\u770b\u770broot\u5230\u5e95\u662f\u7528\u54ea\u4e2a\u76ee\u5f55\u4f5c\u4e3a\u7ad9\u70b9\u7684\u3002
\u6709\u65f6\u5019\u9700\u8981\u7528ssh\u7684X11 Forward\u529f\u80fd\uff0c\u8fde\u63a5\u670d\u52a1\u5668\u4e0a\u7684\u6d4f\u89c8\u5668\u3002
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -\n\necho 'deb http://dl.google.com/linux/chrome/deb/ stable main' >> /etc/apt/sources.list\nsudo apt-get update \nsudo apt-get install google-chrome-stable\n
\u5b89\u88c5\u597d\u540e\uff0c\u7528\u975eroot\u7528\u6237\uff0cssh -X\u8fde\u63a5\u670d\u52a1\u5668\uff0c\u518d\u8fd0\u884cchrome-google\u5373\u53ef\u6253\u5f00\u6d4f\u89c8\u5668\u3002
"},{"location":"misc-notes/environments/envs/#\u5b89\u88c5\u7b80\u4e2d\u5b57\u4f53","title":"\u5b89\u88c5\u7b80\u4e2d\u5b57\u4f53","text":"apt install ttf-wqy-zenhei\napt install fonts-wqy-microhei # \u5b89\u88c5\u4e00\u4e2a\u5c31\u884c\nfc-cache # \u5237\u65b0\u7f13\u5b58\nfc-list # \u68c0\u67e5\u5217\u8868\n
"},{"location":"misc-notes/environments/envs/#\u53c2\u8003\u6587\u7ae0","title":"\u53c2\u8003\u6587\u7ae0","text":"\u7ea6 1216 \u4e2a\u5b57 14 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 5 \u5206\u949f
"},{"location":"misc-notes/environments/linux-server/#\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"sudo ls -lah /proc/<pid>\n
\u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f"},{"location":"misc-notes/environments/linux-server/#\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","title":"\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"# \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u4e0d\u5e26echo\u81ea\u52a8\u52a0\u7684\u6362\u884c\necho -en '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program \n
"},{"location":"misc-notes/environments/linux-server/#\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"\u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5
lspci | grep VGA\n
\u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09
nvidia-smi\n
"},{"location":"misc-notes/environments/linux-server/#\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
"},{"location":"misc-notes/environments/linux-server/#\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
"},{"location":"misc-notes/environments/linux-server/#\u4fee\u6539dns","title":"\u4fee\u6539DNS","text":"\u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf
\u9632\u6b62\u4fee\u6539\u3002
systemctl status xxx
\u68c0\u67e5\u67d0\u4e9b\u670d\u52a1\u8fd0\u884c\u72b6\u6001\uff0c\u53ef\u4ee5ls -lah /etc/systemd/system
\u3001ls -lah /lib/systemd/system
\u67e5\u8be2\u6709\u54ea\u4e9b\u670d\u52a1\u3002\u8b66\u60d5\u5947\u602a\u7684\u6570\u5b57service\uff0c\u53ef\u80fd\u662f\u75c5\u6bd2\u3002
\u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1\u65f6\uff0c\u521b\u5efa/etc/systemd/system/xxx.service
\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u5185\u5bb9\uff0c\u6bd4\u5982\u4e0b\u9762\u7684socat.service\uff1a
[Unit]\nDescription=port forward 4320\n# \u542f\u52a8\u987a\u5e8f\uff08\u591a\u4e2a\u670d\u52a1\u4e2d\u95f4\u7528\u7a7a\u683c\u9694\u5f00\uff09\nAfter=network.target[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u540e\u542f\u52a8]\nBefore=[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u524d\u542f\u52a8]\n\n# \u4f9d\u8d56\u5173\u7cfb\nWants=[\u5f31\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\u4e0d\u5f71\u54cd\u5f53\u524d\u670d\u52a1]\nRequires=[\u5f3a\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\uff0c\u5f53\u524d\u670d\u52a1\u5fc5\u987b\u9000\u51fa]\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\nExecReload=[\u91cd\u542f\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStop=[\u505c\u6b62\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPre=[\u542f\u52a8\u670d\u52a1\u4e4b\u524d\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPost=[\u542f\u52a8\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\nExecStopPost=[\u505c\u6b62\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\n\n# \u542f\u52a8\u7c7b\u578b\n# simple\uff08\u9ed8\u8ba4\u503c\uff09\uff1aExecStart\u5b57\u6bb5\u542f\u52a8\u7684\u8fdb\u7a0b\u4e3a\u4e3b\u8fdb\u7a0b\n# forking\uff1aExecStart\u5b57\u6bb5\u5c06\u4ee5fork()\u65b9\u5f0f\u542f\u52a8\uff0c\u6b64\u65f6\u7236\u8fdb\u7a0b\u5c06\u4f1a\u9000\u51fa\uff0c\u5b50\u8fdb\u7a0b\u5c06\u6210\u4e3a\u4e3b\u8fdb\u7a0b\n# oneshot\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u53ea\u6267\u884c\u4e00\u6b21\uff0cSystemd \u4f1a\u7b49\u5b83\u6267\u884c\u5b8c\uff0c\u624d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# dbus\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u4f1a\u7b49\u5f85 D-Bus \u4fe1\u53f7\u540e\u542f\u52a8\n# notify\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u542f\u52a8\u7ed3\u675f\u540e\u4f1a\u53d1\u51fa\u901a\u77e5\u4fe1\u53f7\uff0c\u7136\u540e Systemd \u518d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# idle\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u662f\u8981\u7b49\u5230\u5176\u4ed6\u4efb\u52a1\u90fd\u6267\u884c\u5b8c\uff0c\u624d\u4f1a\u542f\u52a8\u8be5\u670d\u52a1\u3002\u4e00\u79cd\u4f7f\u7528\u573a\u5408\u662f\u4e3a\u8ba9\u8be5\u670d\u52a1\u7684\u8f93\u51fa\uff0c\u4e0d\u4e0e\u5176\u4ed6\u670d\u52a1\u7684\u8f93\u51fa\u76f8\u6df7\u5408\nType=[\u542f\u52a8\u7c7b\u578b]\n\n# \u5982\u4f55\u505c\u6b62\u670d\u52a1\n# control-group\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u5f53\u524d\u63a7\u5236\u7ec4\u91cc\u9762\u7684\u6240\u6709\u5b50\u8fdb\u7a0b\uff0c\u90fd\u4f1a\u88ab\u6740\u6389\n# process\uff1a\u53ea\u6740\u4e3b\u8fdb\u7a0b\n# mixed\uff1a\u4e3b\u8fdb\u7a0b\u5c06\u6536\u5230 SIGTERM \u4fe1\u53f7\uff0c\u5b50\u8fdb\u7a0b\u6536\u5230 SIGKILL \u4fe1\u53f7\n# none\uff1a\u6ca1\u6709\u8fdb\u7a0b\u4f1a\u88ab\u6740\u6389\uff0c\u53ea\u662f\u6267\u884c\u670d\u52a1\u7684 stop \u547d\u4ee4\u3002\nKillMode=[\u5982\u4f55\u505c\u6b62\u670d\u52a1]\n\n# \u91cd\u542f\u65b9\u5f0f\n# no\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u9000\u51fa\u540e\u4e0d\u4f1a\u91cd\u542f\n# on-success\uff1a\u53ea\u6709\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u4e3a0\uff09\uff0c\u624d\u4f1a\u91cd\u542f\n# on-failure\uff1a\u975e\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u975e0\uff09\uff0c\u5305\u62ec\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abnormal\uff1a\u53ea\u6709\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abort\uff1a\u53ea\u6709\u5728\u6536\u5230\u6ca1\u6709\u6355\u6349\u5230\u7684\u4fe1\u53f7\u7ec8\u6b62\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-watchdog\uff1a\u8d85\u65f6\u9000\u51fa\uff0c\u624d\u4f1a\u91cd\u542f\n# always\uff1a\u4e0d\u7ba1\u662f\u4ec0\u4e48\u9000\u51fa\u539f\u56e0\uff0c\u603b\u662f\u91cd\u542f\nRestart=[\u670d\u52a1\u9000\u51fa\u540e\uff0cSystemd \u7684\u91cd\u542f\u65b9\u5f0f]\n\nRestartSec=[\u8868\u793a Systemd \u91cd\u542f\u670d\u52a1\u4e4b\u524d\uff0c\u9700\u8981\u7b49\u5f85\u7684\u79d2\u6570]\n\n[Install]\nWantedBy=multi-user.target\n# \u6267\u884c sytemctl enable **.service\u547d\u4ee4\u65f6\uff0c**.service\u7684\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\uff0c\u5c31\u4f1a\u653e\u5728/etc/systemd/system/multi-user.target.wants\u5b50\u76ee\u5f55\u4e2d\n# \u6267\u884csystemctl get-default\u547d\u4ee4\uff0c\u83b7\u53d6\u9ed8\u8ba4\u542f\u52a8Target\n# multi-user.target\u7ec4\u4e2d\u7684\u670d\u52a1\u90fd\u5c06\u5f00\u673a\u542f\u52a8\n# \u5e38\u7528Target\uff0c1. multi-user.target-\u591a\u7528\u6237\u547d\u4ee4\u884c\uff1b2. graphical.target-\u56fe\u5f62\u754c\u9762\u6a21\u5f0f\nWantedBy=[\u8868\u793a\u8be5\u670d\u52a1\u6240\u5728\u7684Target]\n
systemctl start **
systemctl stop **
systemctl restart **
systemctl status **
systemctl enable **
enable\u547d\u4ee4\u76f8\u5f53\u4e8e\u5728\u76ee\u5f55\u91cc\u6dfb\u52a0\u4e86\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\u3002\u5f00\u673a\u65f6\uff0cSystemd\u4f1a\u6267\u884c/etc/systemd/system/\u76ee\u5f55\u91cc\u9762\u7684\u914d\u7f6e\u6587\u4ef6systemctl kill **
systemctl cat **
systemctl list-dependencies multi-user.target
systemctl isolate graphical.target
systemctl daemon-reload
\u5b9a\u65f6\u7a0b\u5e8f\u6267\u884c\u5931\u8d25\u7684\u539f\u56e0\u662f\u591a\u6837\u7684\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b9a\u65f6\u670d\u52a1\u6ca1\u542f\u52a8\uff0c\u9700\u8981systemctl restart cron.service
\uff0c\u6216\u8005\u662fcron\u670d\u52a1\u574f\u6389\u4e86\uff0c\u5148apt install cron --reinstall
\u5f3a\u5236\u91cd\u65b0\u5b89\u88c5\u4e0b\uff0c\u518d\u91cd\u542f\u670d\u52a1\uff0c\u6216\u8005\u662f\u5b89\u88c5\u4e86\u522b\u7684\u4f9d\u8d56\u5e93\u4f46\u662f\u6ca1\u6709\u91cd\u542fcron\u5bfc\u81f4\u8fd0\u884c\u5931\u8d25\uff0c\u8bd5\u8bd5/etc/init.d/cron restart
\u3002
https://www.baeldung.com/linux/list-open-file-descriptors
Linux\u9ed8\u8ba4\u6700\u591a\u540c\u65f6\u6253\u5f001024\u4e2a\u6587\u4ef6\uff0c\u53ef\u4ee5\u901a\u8fc7ulimit -n
\u67e5\u770b\u3002fuzzing\u7b49\u8981\u6ce8\u610f\u5173\u95ed\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5426\u5219\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u6545\u969c\uff08\u6bd4\u5982ssh\u8fde\u4e0d\u4e0a\uff09\u3002/proc//fd\u91cc\u5217\u51fa\u4e86pid\u9501\u6253\u5f00\u7684\u6587\u4ef6\u3002"},{"location":"misc-notes/environments/linux-server/#\u53c2\u8003\u8d44\u6599","title":"\u53c2\u8003\u8d44\u6599","text":"
\u7ea6 1481 \u4e2a\u5b57 49 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 10 \u5206\u949f
"},{"location":"misc-notes/environments/porting/#\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"\u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002
"},{"location":"misc-notes/environments/porting/#sslh\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"\u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh
\uff1a
# Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --anyprot 127.0.0.1:2008 -F /etc/sslh/sslh.cfg --pidfile /var/run/sslh/sslh.pid\"\n
\u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service
\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS
\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002
\u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a
--listen 0.0.0.0:4684
\u8868\u793asslh\u8fd0\u884c\u57284684\u7aef\u53e3\uff0c\u5c06\u8fd9\u4e2a\u7aef\u53e3\u6536\u5230\u7684\u6570\u636e\u5305\u6309\u89c4\u5219\u8f6c\u53d1\u5230\u5176\u4ed6\u7aef\u53e3\u4e0a--ssh 127.0.0.1:5752
\u8868\u793a\u5c06\u6536\u5230\u7684ssh\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u57305752\u7aef\u53e3--tls 127.0.0.1:443
\u8868\u793a\u5c06\u6536\u5230\u7684tls\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u5730443\u7aef\u53e3--http 127.0.0.1:1284
\u8868\u793a\u5c06\u6536\u5230\u7684http\u8bf7\u6c42\u8f6c\u53d1\u5230\u672c\u57301284\u7aef\u53e3--anyprot 127.0.0.1:2008
\u8868\u793a\u5c06\u5339\u914d\u90fd\u4e0d\u7b26\u5408\u7684\u5305\u53d1\u9001\u5230\u672c\u57302008\u7aef\u53e3-F /etc/sslh/sslh.cfg
\u8868\u793a\u4f7f\u7528sslh.cfg\u8fd9\u4e2a\u6587\u4ef6\u4e2d\u7684\u8bbe\u5b9a\u8fdb\u884c\u66f4\u4e30\u5bcc\u7684\u914d\u7f6e\u7136\u540esystemctl enable sslh
\u3001systemctl start sslh
\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002
\u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot
\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk
\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F
\uff08\u6216--config
\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002
\u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002
config\u6587\u4ef6\u6307\u5b9a\u5339\u914d\u89c4\u5219\u7684\u4f8b\u5b50\u5982\u4e0b\u6240\u793a\uff08\u7247\u6bb5\uff09
protocols:\n(\n { name: \"http\"; host: \"127.0.0.1\"; port: \"808\"; },\n { name: \"tls\"; host: \"127.0.0.1\"; port: \"443\"; sni_hostnames: [ \"remote.c01dkit.com\" ]; tfo_ok: true },\n { name: \"tls\"; host: \"127.0.0.1\"; port: \"7000\"; sni_hostnames: [ \"project-frp\" ]; tfo_ok: true },\n { name: \"regex\"; host: \"127.0.0.1\"; port: \"60000\"; regex_patterns: [ \"^SSH-2.0-Go\\x0d$\", \"^SSH-2.0-OpenSSH\\x0d$\" ]; },\n);\n
"},{"location":"misc-notes/environments/porting/#ssh\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"\u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config
\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002
Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
"},{"location":"misc-notes/environments/porting/#nginx\u63d0\u4f9bhttphttps\u670d\u52a1","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"\u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a
user c01dkit;\nworker_processes 1;\n\nevents {\n worker_connections 1024;\n}\n\nhttp {\n include mime.types;\n default_type application/octet-stream;\n sendfile on;\n keepalive_timeout 65;\n server_tokens off;\n server {\n listen 1284;\n\t\tlisten 127.0.0.1:1284;\n charset utf-8;\n server_name xxxx.c01dkit.com;\n\t\tif ($scheme = http ) {\n\t\t\treturn 301 https://$host:xxxx$request_uri;\t\n\t\t}\n error_page 404 /404.html;\n }\n\n server {\n\t\tlisten 127.0.0.1:443 ssl ;\n listen 443 ssl ;\n\t\tlisten [::]:443 ssl ;\n server_name xxxx.c01dkit.com;\n charset utf-8;\n ssl_certificate xxxx/fullchain.pem;\n ssl_certificate_key xxxx/privkey.pem;\n\n ssl_session_cache shared:SSL:1m;\n ssl_session_timeout 5m;\n\n ssl_ciphers HIGH:!aNULL:!MD5;\n ssl_prefer_server_ciphers on;\n\n location / {\n root xxxxx;\n index index.html index.htm;\n error_page 404 /404.html;\n\n }\n location ~ \\.php$ {\n fastcgi_pass unix:/run/php/php8.1-fpm.sock;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME xxxx/www$fastcgi_script_name;\n include fastcgi_params;\n error_page 404 /404.html;\n }\n }\n\n}\n
\u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66
\u7ae0\u8282\u3002
\u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a
nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n
\u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063
"},{"location":"misc-notes/environments/porting/#iptables\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"\u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002
\u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a
# Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h dom mon dow command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002
"},{"location":"misc-notes/environments/porting/#https\u8bc1\u4e66","title":"https\u8bc1\u4e66","text":"\u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot
\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot
\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx
\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns
\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002
\u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh
\u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a
echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n
\u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002
\u6b64\u5916\uff0c\u65b0\u627e\u5230\u4e00\u4e2a\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728web\u7aef\u914d\u7f6e\u65b0\u8bc1\u4e66\u7684\u7f51\u7ad9\uff1ahttps://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html
"},{"location":"misc-notes/environments/proxy/","title":"\u4ee3\u7406\u8f6c\u53d1","text":"\u7ea6 452 \u4e2a\u5b57 9 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
"},{"location":"misc-notes/environments/proxy/#\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","title":"\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","text":"\u53ef\u4ee5\u4f7f\u7528zerotier\uff0c\u767b\u5f55\u4ee5\u540e\u521b\u5efa\u4e00\u4e2a\u7f51\u7edc\u3002\u7136\u540e\u9700\u8981\u7ec4\u5c40\u57df\u7f51\u7684\u8bbe\u5907\u4e0b\u8f7dzerotier\u4ee5\u540ejoin\u4e0a\u5c31\u884c\u4e86\u3002
\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc\u6216\u8fd9\u91cc\uff0c\u6216\u8005\u8fd9\u91cc\u7684\u4e00\u952e\u811a\u672c\u7684\u94fe\u63a5\u914d\u7f6e\u79c1\u6709planet\uff0c\u65e2\u80fd\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u53c8\u80fd\u52a0\u5feb\u8fde\u63a5\u901f\u5ea6\u3002\u7b80\u5355\u6765\u8bf4\uff0c\u9700\u8981\u7528ZeroTier\u5b98\u65b9\u4ee3\u7801\u7f16\u8bd1\u81ea\u5df1\u7684planet\u6587\u4ef6\u5e76\u66ff\u6362\u6389zerotier\u5ba2\u6237\u7aef\u4f7f\u7528\u7684planet\uff0c\u7136\u540e\u7528ztncui\u8fd9\u4e2a\u540e\u53f0\u7ba1\u7406\u754c\u9762\u914d\u7f6ezerotier\u7684\u8bb8\u53ef\u3002
"},{"location":"misc-notes/environments/proxy/#\u5185\u7f51\u7a7f\u900f","title":"\u5185\u7f51\u7a7f\u900f","text":"\u9700\u8981\u516c\u7f51\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u5728\u963f\u91cc\u4e91\u79df\u4e00\u4e2a
\u4e00\u79cd\u65b9\u6cd5\u662ffrp
\u53e6\u4e00\u79cd\u65b9\u6cd5\u662fssh\u6b63\u5411\u8fde\u63a5\u914d\u5408\u53cd\u5411\u8fde\u63a5\uff1a
\u9996\u5148\u5185\u7f51\u670d\u52a1\u5668\u5f00\u4e2ascreen\u8fd0\u884cssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port
\u8fde\u63a5\u5230\u4e91\u670d\u52a1\u5668\u4e0a\u3002\u8fd9\u6837\u7684\u8bdd\u4e91\u670d\u52a1\u5668\u8bbf\u95ee127.0.0.1:1234\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u5185\u7f51\u7684127.0.0.1:22\u3002\u7136\u540e\u9700\u8981\u8fde\u63a5\u5185\u7f51\u7684\u4e3b\u673a\u4e5f\u5f00\u4e2ascreen\u8fd0\u884cssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port
\uff0c\u8fd9\u6837\u7684\u8bdd\u8be5\u4e3b\u673a\u8bbf\u95ee\u81ea\u5df1127.0.0.1:2345\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u4e91\u670d\u52a1\u5668\u7684127.0.0.1:1234\u3002\u7136\u540e\u8be5\u4e3b\u673a\u518d\u5f00\u4e00\u4e2a\u7ec8\u7aef\uff0cssh user@127.0.0.1 -p 2345
\u5373\u53ef\u3002
\u65b9\u4fbf\u8d77\u89c1\u4e5f\u53ef\u4ee5\u5728.ssh/config\u6587\u4ef6\u91cc\u7528RemoteForward ip1:port1 ip2:port2
\u548cLocalForward ip1:port1 ip2:port2
\u6765\u7b80\u5316\u6bcf\u6b21ssh\u8fde\u63a5\u90fd\u8fd9\u4e48\u641e\u3002
\u5e0c\u671b\u5c06\u67d0\u7aef\u53e3\u6536\u5230\u7684\u6d88\u606f\u8f6c\u53d1\u5230\u5176\u4ed6\u4e3b\u673a\u7684\u67d0\u4e00\u7aef\u53e3\uff0c\u53ef\u4ee5\u8bd5\u8bd5socat\uff0c\u6bd4\u5982socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80
\uff0c\u53ef\u4ee5\u628a4320\u7aef\u53e3\u6536\u5230\u7684TCP4\u6570\u636e\u5305\u8f6c\u53d1\u5230\u5b50\u7f5110.244.55.25\u768480\u7aef\u53e3\uff0c\u914d\u5408zerotier\u53ef\u4ee5\u5b9e\u73b0\u5185\u7f51\u5bf9\u5916\u5f00\u653e\u7aef\u53e3\u3002
\u5373\uff0cvi /etc/systemd/system/socat.service
\u7f16\u8f91\u5982\u4e0b\u7684socat\uff0c\u5e76systemctl enable socat.service
\u542f\u7528\u5f00\u673a\u542f\u52a8\uff0c\u7136\u540esystemctl start socat.service
\u3002\u4e3a\u4e86\u652f\u6301https\u8fde\u63a5\uff0c\u4f7f\u7528TCP-LISTEN/TCP\u3002\u9700\u8981\u76ee\u6807\u4e3b\u673a\u90a3\u8fb9\u914d\u7f6e\u597dssl\u8bc1\u4e66\u3002
[Unit]\nDescription=port forward 4320\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP-LISTEN:4320,reuseaddr,fork TCP:<\u76ee\u6807\u57df\u540d>:443\n\n[Install]\nWantedBy=multi-user.target\n
"},{"location":"misc-notes/software-kits/autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"\u7ea6 292 \u4e2a\u5b57 85 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 9 \u5206\u949f
\u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49
"},{"location":"misc-notes/software-kits/autoconf/#\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"\u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a
bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n
bin_PROGRAMS
\u7528\u4e8e\u7ed9\u9879\u76ee\u8d77\u540d\uff0c\u6bd4\u5982X\uff0c\u90a3\u4e48\u4e4b\u540e\u7684X_SOURCES\u5219\u7528\u6765\u6307\u5b9a\u4f7f\u7528\u7684\u6e90\u6587\u4ef6\u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
\u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002
\u7f16\u5199Makefile.am\u6587\u4ef6
\u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a
bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n
AM_CFLAGS
\u7528\u4e8e\u6dfb\u52a0\u7f16\u8bd1\u9009\u9879\u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939
POMP\u7684\u4f8b\u5b50\uff1a
SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n\t$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n\t$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n
\u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\n src/Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
\u7ea6 722 \u4e2a\u5b57 11 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 4 \u5206\u949f
"},{"location":"misc-notes/software-kits/docker/#\u5b89\u88c5docker","title":"\u5b89\u88c5docker","text":"\u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef
\u4e5f\u53ef\u4ee5\u6309curl -fsSL https://get.docker.com -o get-docker.sh
\u3001sudo sh get-docker.sh
\u6765\u5b89\u88c5\u3002
docker\u9ed8\u8ba4\u4ece\u5b98\u7f51\u62c9\u53d6\u955c\u50cf\uff0c\u53ef\u80fd\u7531\u4e8e\u5899\u800c\u62c9\u4e0d\u5230\u3002\u53ef\u4ee5\u8003\u8651\u4f7f\u7528\u963f\u91cc\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u53c2\u8003https://zhuanlan.zhihu.com/p/347643668\u3002
\u8003\u8651\u5230\u56fd\u5185\u4f3c\u4e4e\u628adocker\u955c\u50cf\u4e0b\u67b6\u4e86\uff0c\u8fd8\u662f\u76f4\u63a5\u4fee\u6539docker\u4ee3\u7406\u5427\u3002
\u5148\u521b\u5efa\u76ee\u5f55mkdir /etc/systemd/system/docker.service.d
\uff0c\u518d\u521b\u5efa\u6587\u4ef6/etc/systemd/system/docker.service.d/http-proxy.conf
\uff0c\u518d\u5f80\u91cc\u9762\u6dfb\u52a0\u4ee3\u7406\uff1a
[Service]\nEnvironment=\"HTTP_PROXY=http://proxy.example.com:80/\"\nEnvironment=\"HTTPS_PROXY=http://proxy.example.com:80/\"\nEnvironment=\"NO_PROXY=localhost,127.0.0.0/8,docker-registry.somecorporation.com\" #\u53ef\u9009\u3002\u5982\u679c\u4f7f\u7528\u672c\u5730\u955c\u50cf\u4ed3\u5e93\u3002\n
\u7136\u540e\u66f4\u65b0\u914d\u7f6esudo systemctl daemon-reload
\uff0c\u5e76\u91cd\u542fdocker\uff1asudo systemctl restart docker
\u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker
\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7docker info
\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002
\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker
\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002
\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a
{\n \"data-root\": \"/home/docker\"\n}\n
\u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a
sudo systemctl daemon-reload\nsudo systemctl restart docker\n
\u8fd8\u6709\u4e00\u79cd\u505a\u6cd5\uff0c\u9002\u7528\u4e8e\u5df2\u7ecf\u4f7f\u7528\u8fc7\u4e00\u6bb5\u65f6\u95f4\u7684docker\uff0c\u5173\u95eddocker\u540emv\u539f\u6765\u7684/var/lib/docker
\u5230\u65b0\u76ee\u5f55\uff08\u6bd4\u5982/data/docker\uff09\u7136\u540e\u518dln -s /data/docker /var/lib/docker
\u5efa\u7acb\u8f6f\u94fe\u63a5\u3002
\u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8
docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
\u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d\u2013user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002
\u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002
\u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002
\u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u
\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc
apt-get update
\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential
\u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5
"},{"location":"misc-notes/software-kits/docker/#\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"docker exec -it <\u5bb9\u5668id> /bin/bash\n
\u53ef\u4ee5Ctrl+D\u9000\u51fa
"},{"location":"misc-notes/software-kits/git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":"\u7ea6 1937 \u4e2a\u5b57 3 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 7 \u5206\u949f
"},{"location":"misc-notes/software-kits/git/#\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"\u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a
git init
+git add .
+git commit -m \"comments\"
)git status
\u67e5\u770b\uff09git remote add origin git@github.com:xxx(\u4ed3\u5e93\u7f51\u7ad9\u6bd4\u5982github\u63d0\u4f9b\u7684ssh\u5730\u5740)
git push -u origin master
\u5411\u8fdc\u7a0b\u4ed3\u5e93\u63d0\u4ea4\u4ee3\u7801\uff08\u540e\u6765\u542c\u8bf4github\u9ed8\u8ba4\u540d\u6539\u6210main\u4e86\uff1f\uff09\u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force
\u53c2\u6570
\u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09
"},{"location":"misc-notes/software-kits/git/#\u64a4\u56deadd","title":"\u64a4\u56deadd","text":"\u4f7f\u7528git add .
\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>
\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .
\u6765\u64a4\u56degit add .
\u3002\uff08\u4f7f\u7528git status
\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09
git config --global user.name \"<yourname>\"
\u8bbe\u7f6e\u7528\u6237\u540dgit config --global user.email \"<email>\"
\u8bbe\u7f6e\u90ae\u7bb1ssh-keygen -t rsa -C \"<comments>\"
\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528
\u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)
\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile>
\u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l
\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002
\u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config
\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982
Host github.com\n HostName github.com\n IdentityFile ~/.ssh/id_ed25519_user_github\n
\u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002
"},{"location":"misc-notes/software-kits/git/#\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"\u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>
\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09
\u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002
git remote rm <remote repo name>
git remote add <remote repo name> <repo url>
\u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>
\u8fd9\u91cc\u7684<remote repo name>
\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002
\u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002
\u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive
\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002
\u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull
\u3002
\u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>
\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6
\u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>
\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log
\u627e\u5230\u3002
\u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>
\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002
\u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>
\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>
\u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002
\u53ef\u4ee5\u4f7f\u7528git branch -a
\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*
\u7684\u662f\u5f53\u524dbranch\u3002
\u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name>
\u76f8\u5f53\u4e8e\u5148git branch <branch name>
\u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>
\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002
\u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>
\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a
-u
\u8868\u793a\u8bb0\u4f4f\u5f53\u524d\u8bbe\u5b9a\uff0c\u4e4b\u540e\u5728\u8fd9\u4e00\u5206\u652f\u4e0apush\u65f6\uff0c\u7b80\u5355\u4f7f\u7528git push
\u5c31\u4f1a\u63a8\u9001\uff0c\u4e0d\u9700\u8981\u518d\u6572\u8fd9\u4e48\u957f\u4e86\u3002git remote add origin
\u8bbe\u5b9a\u7684\u8fdc\u7a0b\u4e3b\u673a\u540d\u79f0\uff0c\u9700\u8981\u548c\u5b9e\u9645\u8bbe\u5b9a\u4e00\u6837\u3002\u56e0\u4e3a\u5927\u5bb6\u4f7f\u7528origin\u662f\u5728\u592a\u666e\u904d\u4e86\uff0c\u6240\u4ee5\u8fd9\u91cc\u6ca1\u6709\u7528<remote host name>
\u6765\u8868\u793a\uff0c\u610f\u4f1a\u5373\u53ef\u3002\u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>
\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>
\u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>
\u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>
\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002
\u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>
\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002
\u53ef\u4ee5\u7528git fetch --all
\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch
\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master
\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"
\u3002
\u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002
"},{"location":"misc-notes/software-kits/git/#git-clone\u62a5\u9519gnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"\u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy
\u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false
\u7ea6 164 \u4e2a\u5b57 5 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
"},{"location":"misc-notes/software-kits/openssh/#\u51c6\u5907\u5de5\u4f5c","title":"\u51c6\u5907\u5de5\u4f5c","text":"(\u4ee5\u4e0b\u5747\u5728wsl\u7684root\u7528\u6237) ubuntu\u7cfb\u7edf\uff0c\u5148\u9884\u88c5\u4e0b\u73af\u5883\uff1a
apt install build-essential autoconf zlib1g-dev libssl-dev\n
\u4e0b\u8f7d\u6e90\u7801\uff0c\u76f4\u63a5\u4eceGithub\u94fe\u63a5\u4e0b\u8f7dzip\u5230\u672c\u5730\u89e3\u538b\uff0c\u4e5f\u53ef\u4ee5\u7528git clone\uff1a
git clone --depth 1 https://github.com/openssh/openssh-portable.git\n
\u4e3a\u4e86\u9632\u6b62\u4e4b\u540emake install\u51fa\u7684\u6587\u4ef6\u8986\u76d6\u7cfb\u7edf\u81ea\u5df1\u7684ssh\uff0c\u8fd9\u91cc\u6307\u5b9aconfigure\u5c06\u4e4b\u540e\u7f16\u8bd1\u51fa\u7684\u6587\u4ef6\u653e\u5230\u9879\u76ee\u7684/output\u6587\u4ef6\u5939\u4e0b\u3002\u6309readme\u7684Building from git\u7684\u65b9\u6cd5\uff0c\u8fdb\u5165openssh\u6240\u5728\u76ee\u5f55\u540e\uff0c\u8fd0\u884c\uff1a
autoreconf\n./configure --prefix=`pwd`/output\nmake\n
\u6b64\u65f6\u76f8\u5173\u53ef\u6267\u884c\u6587\u4ef6\u5df2\u7ecf\u7f16\u8bd1\u5b8c\u6bd5\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u6e05\u6670\u663e\u793a\uff0c\u53ef\u4ee5\u8fd0\u884cmake install
\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u7684output\u6587\u4ef6\u5939\u4e0b\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u7ed3\u6784\u3002
\u7ea6 1131 \u4e2a\u5b57 99 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 14 \u5206\u949f
\u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002
sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002
"},{"location":"misc-notes/software-kits/tech-sslh/#\u4fbf\u6377\u4e0a\u624b","title":"\u4fbf\u6377\u4e0a\u624b","text":"apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n
\u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg
\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002
\u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\u201dOK1\u201d\u6216\u8005\u201dOK2\u201d\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex
\u3001ssh
\u3001tls
\u3001http
\u3002
\u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002
protocols:\n(\n { name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
"},{"location":"misc-notes/software-kits/tech-sslh/#sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"\u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c
\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a
sslhcfg_cl_parse
\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2config_protocols
\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe
\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219start_listen_sockets
\u5f00\u59cb\u76d1\u542csocketsmain_loop
\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570\u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener
\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept
\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler
\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002
\u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol
\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer
\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)
\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002
\u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a
/* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n /* description probe */\n { \"ssh\", is_ssh_protocol},\n { \"openvpn\", is_openvpn_protocol },\n { \"wireguard\", is_wireguard_protocol },\n { \"tinc\", is_tinc_protocol },\n { \"xmpp\", is_xmpp_protocol },\n { \"http\", is_http_protocol },\n { \"tls\", is_tls_protocol },\n { \"adb\", is_adb_protocol },\n { \"socks5\", is_socks5_protocol },\n { \"syslog\", is_syslog_protocol },\n { \"teamspeak\", is_teamspeak_protocol },\n { \"msrdp\", is_msrdp_protocol },\n { \"anyprot\", is_true }\n};\n
\u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol
\u3001is_http_protocol
\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a
/* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\n if (len < 4)\n return PROBE_AGAIN;\n\n return !strncmp(p, \"SSH-\", 4);\n}\n
\u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\u201dSSH-\u201c\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002
/* Is the buffer the beginning of an HTTP connection? */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\n int res;\n /* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\n if (memmem(p, len, \"HTTP\", 4))\n return PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n /* Otherwise it could be HTTP/1.0 without version: check if it's got an\n * HTTP method (RFC2616 5.1.1) */\n PROBE_HTTP_METHOD(\"OPTIONS\");\n PROBE_HTTP_METHOD(\"GET\");\n PROBE_HTTP_METHOD(\"HEAD\");\n PROBE_HTTP_METHOD(\"POST\");\n PROBE_HTTP_METHOD(\"PUT\");\n PROBE_HTTP_METHOD(\"DELETE\");\n PROBE_HTTP_METHOD(\"TRACE\");\n PROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\n return PROBE_NEXT;\n}\n
http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\u201dHTTP\u201d\u5b57\u7b26\u4e32\u3002
\u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a
/* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\n int i;\n\n for (i = 0; i < ARRAY_SIZE(builtins); i++) {\n if (!strcmp(builtins[i].name, description)) {\n return builtins[i].probe;\n }\n }\n\n /* Special case of \"regex\" probe (we don't want to set it in builtins\n * because builtins is also used to build the command-line options and\n * regexp is not legal on the command line)*/\n if (!strcmp(description, \"regex\"))\n return regex_probe;\n\n /* Special case of \"timeout\" is allowed as a probe name in the\n * configuration file even though it's not really a probe */\n if (!strcmp(description, \"timeout\"))\n return is_true;\n\n return NULL;\n}\n
is_true
\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002
regex_probe
\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002
tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002
\u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a
# match BOTH ALPN/SNI\n { name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n { name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ]; log_level: 0; tfo_ok: true },\n\n# just match SNI\n { name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n { name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n { name: \"tls\"; host: \"localhost\"; port: \"443\"; tfo_ok: true },\n
alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002
sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002
sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002
"},{"location":"misc-notes/software-kits/try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":"\u7ea6 1574 \u4e2a\u5b57 3 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 6 \u5206\u949f
"},{"location":"misc-notes/software-kits/try-chatgpt/#\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f
\u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a
wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
\u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a \u2013recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 \u2013no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 \u2013page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 \u2013html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 \u2013convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 \u2013restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 \u2013domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 \u2013no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002
\u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002
\u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f
\u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a
\u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 \u2013limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a
wget --limit-rate=200k http://example.com\n
\u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 \u2013tries \u548c \u2013wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a
wget --tries=10 --wait=5 http://example.com\n
\u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 \u2013user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n
\u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002
"},{"location":"misc-notes/software-kits/try-chatgpt/#\u6bd4\u8f83gopythonrust\u7684\u5173\u7cfb","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f
\u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a
Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002
Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002
Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002
\u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002
"},{"location":"misc-notes/software-kits/try-chatgpt/#\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"\u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9
\u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a
OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002
NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002
SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002
Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002
SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002
Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002
GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002
\u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01
"},{"location":"programming-languages/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"programming-languages/c/","title":"C\u8bed\u8a00","text":"\u7ea6 386 \u4e2a\u5b57 30 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 4 \u5206\u949f
"},{"location":"programming-languages/c/#\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"member_address - &(((TYPE *)0)->member);\n
\u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002
"},{"location":"programming-languages/c/#\u52a8\u6001\u94fe\u63a5\u5e93","title":"\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u7f16\u8bd1\u52a8\u6001\u94fe\u63a5\u5e93\u672c\u8eab
\u4f7f\u7528gcc\u7f16\u8bd1\u51fa\u52a8\u6001\u94fe\u63a5\u5e93\uff1a
gcc <source C file> -shared -fPIC -o lib<source>.so\n
\u7f16\u8bd1\u539f\u9879\u76ee\u65f6\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93
\u4f7f\u7528-l\u6307\u5b9a\u52a0\u8f7d\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002
\u6bd4\u5982gcc main.c -lcapstone
\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c
\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09
\u5982\u679c\u52a8\u6001\u94fe\u63a5\u5e93\u4e0d\u5728\u9ed8\u8ba4\u7684\u7cfb\u7edf\u5e93\u4e2d\uff0c\u53ef\u4ee5\u6dfb\u52a0-L
\u6765\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u4fdd\u5b58\u4f4d\u7f6e\u3002
\u8fd0\u884c\u9879\u76ee\u65f6\u52a0\u8f7d\u52a8\u6001\u94fe\u63a5\u5e93
\u5373\u4fbf\u7f16\u8bd1\u6210\u529f\uff0c\u8fd0\u884c\u53ef\u80fd\u62a5\u9519\u3002\u641c\u7d22\u987a\u5e8f\u4e3a\uff1a
-Wl,-rpath=xxx
\u6765\u6307\u5b9a\u8fd0\u884c\u65f6\u6240\u9700\u7684\u52a8\u6001\u5e93\u6587\u4ef6LD_LIBRARY_PATH
\u6307\u5b9a\u7684\u76ee\u5f55\u4e2d\u641c\u7d22/etc/ld.so.conf
\u7ed9\u51fa\u7684\u76ee\u5f55\u4e2d\u641c\u7d22/lib
\u3001/lib64
\u3001/usrlib
\u3001/usrlib64
\u7b49\u641c\u7d22\u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c
int arr[10] = {\n [0] = 1,\n [1 ... 4] = 2,\n [5 ... 7] = 4,\n};\n
\u6570\u7ec4\u5728\u5b9a\u4e49\u7684\u540c\u65f6\u8fdb\u884c\u90e8\u5206\u521d\u59cb\u5316\u65f6\uff0c\u672a\u88ab\u8d4b\u503c\u7684\u5143\u7d20\u90fd\u4f1a\u6309\u7167\u9759\u6001\u53d8\u91cf\u8fdb\u884c\u5904\u7406\uff0c\u5373\u9ed8\u8ba4\u7f6e\u96f6\uff0c\u5373\u4fbfint a[10] = {};
\u6ca1\u6709\u663e\u5f0f\u521d\u59cb\u5316\u4efb\u4f55\u503c\u3002
\u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c
struct test {\n int a;\n int b;\n int c;\n int d;\n};\n\nint main(\n int argc, \n char const *argv[]\n )\n{\n struct test t = {\n .a = 1,\n .b = 2,\n .c = 3,\n .d = 4,\n };\n\n return 0;\n}\n
"},{"location":"programming-languages/code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":"\u7ea6 1414 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 5 \u5206\u949f
"},{"location":"programming-languages/code-gracely/#\u7a0b\u5e8f\u53d8\u91cf","title":"\u7a0b\u5e8f\u53d8\u91cf","text":"\u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002
"},{"location":"programming-languages/code-gracely/#\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":"\u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a
\u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a
\u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002
"},{"location":"programming-languages/code-gracely/#\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"\u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002
"},{"location":"programming-languages/code-gracely/#\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"\u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002
"},{"location":"programming-languages/cpp/","title":"C++","text":"\u7ea6 1253 \u4e2a\u5b57 196 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 24 \u5206\u949f
"},{"location":"programming-languages/cpp/#stl\u4e0e\u5e38\u7528\u6570\u636e\u7c7b\u578b","title":"STL\u4e0e\u5e38\u7528\u6570\u636e\u7c7b\u578b","text":""},{"location":"programming-languages/cpp/#string","title":"string","text":"\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528==
\u5224\u65adstring\u5b57\u7b26\u4e32\u662f\u5426\u76f8\u7b49\u3001+
\u6765\u8fdb\u884c\u5b57\u7b26\u4e32\u62fc\u63a5\u3002
vector
\u52a8\u6001\u6570\u7ec4\u53ef\u4ee5\u968f\u673a\u8bbf\u95ee\uff0c\u5176\u5927\u5c0f\u7531\u7cfb\u7edf\u81ea\u52a8\u7ba1\u7406\u3002
#include<vector>\n\n// \u58f0\u660e\u4e0e\u521d\u59cb\u5316\nstd::vector<int> vec1;\nstd::vector<int> vec2(3); // \u6307\u5b9a\u957f\u5ea6\uff0c\u9ed8\u8ba4\u521d\u59cb\u5316\nstd::vector<int> vec3(3, 10); // \u6307\u5b9a\u957f\u5ea6\u548c\u9ed8\u8ba4\u503c\nstd::vector<int> vec4 = {1,2,3,4} // \u5217\u8868\u8fdb\u884c\u521d\u59cb\u5316\n\n// \u4f7f\u7528\u65b9\u6cd5\nvec.push_back(val); // \u4f20\u9012\u5f15\u7528\nvec.pop_back();\nvec.at(pos); // \u6709\u8fb9\u754c\u68c0\u67e5\nvec[1]; // \u65e0\u8fb9\u754c\u68c0\u67e5\nvec.clear(); // \u6e05\u7a7a\nvec.front(); // \u8fd4\u56de\u7b2c\u4e00\u4e2a\u5143\u7d20\nvec.back(); // \u8fd4\u56de\u6700\u540e\u4e00\u4e2a\u5143\u7d20\nvec.data(); // \u8fd4\u56de\u5e95\u5c42\u6570\u7ec4\u6307\u9488\nvec.size();\nvec.capacity();\nvec.reserve(n); // \u9884\u7559n\u4e2a\u5143\u7d20\u7a7a\u95f4\nvec.resize(n);\nvec.insert(pos, val);\nvec.erase(pos);\nvec.begin(); // \u8d77\u59cb\u8fed\u4ee3\u5668\nvec.end(); // \u7ed3\u675f\u8fed\u4ee3\u5668\n\n// \u904d\u5386\u65b9\u6cd5\nfor (int i = 0; i < vec.size(); i++) { x = vec[i] ;}\n
"},{"location":"programming-languages/cpp/#deque\u53cc\u7aef\u961f\u5217","title":"deque\u53cc\u7aef\u961f\u5217","text":"deque
\u53cc\u7aef\u961f\u5217\u53ef\u4ee5\u968f\u673a\u8bbf\u95ee\uff0c\u5176\u5927\u5c0f\u7531\u7cfb\u7edf\u81ea\u52a8\u7ba1\u7406\u3002
#include<deque>\n\n// \u58f0\u660e\u4e0e\u521d\u59cb\u5316\nstd::deque<int> deque;\nstd::deque<int> deque(3); // \u6307\u5b9a\u957f\u5ea6\uff0c\u9ed8\u8ba4\u521d\u59cb\u5316\nstd::deque<int> deque(3, 10); // \u6307\u5b9a\u957f\u5ea6\u548c\u9ed8\u8ba4\u503c\nstd::deque<int> deque = {1,2,3,4} // \u5217\u8868\u8fdb\u884c\u521d\u59cb\u5316\n\n// \u4f7f\u7528\u65b9\u6cd5\ndeque.push_back(val); // \u4f20\u9012\u5f15\u7528\ndeque.pop_back();\ndeque.push_front(val);\ndeque.pop_front();\ndeque.at(pos); // \u6709\u8fb9\u754c\u68c0\u67e5\ndeque[1]; // \u65e0\u8fb9\u754c\u68c0\u67e5\ndeque.clear(); // \u6e05\u7a7a\ndeque.front(); // \u8fd4\u56de\u7b2c\u4e00\u4e2a\u5143\u7d20\ndeque.back(); // \u8fd4\u56de\u6700\u540e\u4e00\u4e2a\u5143\u7d20\ndeque.size();\ndeque.capacity();\ndeque.reserve(n); // \u9884\u7559n\u4e2a\u5143\u7d20\u7a7a\u95f4\ndeque.resize(n);\ndeque.insert(pos, val);\ndeque.erase(pos);\ndeque.swap(other_deque) // \u4ea4\u6362\u4e24\u4e2adeque\u5185\u5bb9\ndeque.begin(); // \u8d77\u59cb\u8fed\u4ee3\u5668\ndeque.end(); // \u7ed3\u675f\u8fed\u4ee3\u5668\n
"},{"location":"programming-languages/cpp/#\u5934\u6587\u4ef6\u4e0e\u547d\u540d\u7a7a\u95f4","title":"\u5934\u6587\u4ef6\u4e0e\u547d\u540d\u7a7a\u95f4","text":"\u547d\u540d\u7a7a\u95f4\u7528\u4e8e\u5904\u7406\u4e0d\u540c\u5e93\u4e2d\u7684\u540c\u540d\u51fd\u6570\u3001\u7c7b\u4e0e\u53d8\u91cf\uff0c\u76f8\u5f53\u4e8e\u5b9a\u4e49\u4e0a\u4e0b\u6587\u3002
// \u547d\u540d\u7a7a\u95f4\u5b9a\u4e49\nnamespace namespace_name {\n // \u4ee3\u7801\u58f0\u660e\n}\n\n// \u4f7f\u7528\u547d\u540d\u7a7a\u95f4\u5185\u7684\u51fd\u6570\uff0c\u9700\u8981\u6307\u5b9a \u547d\u540d\u7a7a\u95f4::\nnamespace_name::namespace_func;\n\n// using\u6307\u4ee4\uff0c\u5219\u4e4b\u540e\u4f7f\u7528\u8be5\u547d\u540d\u7a7a\u95f4\u5185\u7684\u51fd\u6570\u4e0d\u9700\u8981\u52a0 \u547d\u540d\u7a7a\u95f4::\nusing namespace namespace_name;\nnamespace_func;\n\n//\u5168\u5c40\u53d8\u91cf\u548c\u5c40\u90e8\u53d8\u91cf\u51b2\u7a81\u65f6::val\u8868\u793a\u5168\u5c40\u53d8\u91cf\n::global_val;\nlocal_val;\n
"},{"location":"programming-languages/cpp/#\u8f93\u5165\u4e0e\u8f93\u51fa","title":"\u8f93\u5165\u4e0e\u8f93\u51fa","text":"\u4f7f\u7528iostream\u5934\u6587\u4ef6\u5f15\u5165\u8f93\u5165\u8f93\u51fa\u3002
#include <iostream>\nusing namespace std;\nint main() {\n char a[10];\n cin >> a;\n cout << a;\n}\n
"},{"location":"programming-languages/cpp/#\u53d8\u91cf\u5e38\u91cf\u4e0e\u7c7b\u578b\u9650\u5b9a\u7b26","title":"\u53d8\u91cf\u3001\u5e38\u91cf\u4e0e\u7c7b\u578b\u9650\u5b9a\u7b26","text":"\u57fa\u672c\u6570\u636e\u7c7b\u578b\u7c7b\u4f3cC\u8bed\u8a00\uff0c\u6b64\u5916\u8fd8\u5305\u62ecbool
\u7b49\u3002\u5b57\u7b26\u7c7b\u578b\u9664\u4e861\u5b57\u8282\u7684char
\uff0c\u8fd8\u5305\u62ecwchar_t
\uff08\u5bbd\u5b57\u7b26\uff0c\u53602\u62164\u5b57\u8282\uff09\u3001char16_t
\u3001char32_t
\u3002
\u7c7b\u578b\u9650\u5b9a\u7b26\u5305\u62ecconst
\u3001mutable
\u3001volatile
\u3001restrict
\u3001static
\u3001register
\u7b49\uff0c\u7f6e\u4e8e\u7c7b\u578b\u524d\u3002
Note
mutable
\u5728C++11\u652f\u6301register
\u5728C++11\u5931\u6548\uff0c\u5728C++17\u88ab\u5f03\u7528const
\u5b9a\u4e49\u503c\u4e0d\u53ef\u88ab\u4fee\u6539\u7684\u53d8\u91cf\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u7ef4\u62a4\u5bf9\u8c61\u7684\u72b6\u6001\u4e0d\u53d1\u751f\u6539\u53d8const
\u6210\u5458\u51fd\u6570\u5185\u90e8\uff0c\u4e0d\u80fd\u4fee\u6539\u975e\u9759\u6001\u6210\u5458\u53d8\u91cf\u7684\u503cconst
\u5bf9\u8c61\u53ea\u80fd\u8c03\u7528const
\u6210\u5458\u51fd\u6570mutable
\u4fee\u9970\u7c7b\u7684\u6210\u5458\u53d8\u91cf\uff0c\u8868\u793a\u8be5\u53d8\u91cf\u53ef\u4ee5\u88ab\u4fee\u6539\uff0c\u5373\u4fbf\u88abconst\u4fee\u9970class Sample {\n public:\n int get_data() const { // const \u6210\u5458\u51fd\u6570\u5185\u90e8\u4e0d\u80fd\u4fee\u6539\u4efb\u4f55\u975e\u9759\u6001\u6210\u5458\u53d8\u91cf\u7684\u503c\n return __data;\n }\n void set_data(int new_value) const {\n __data = new_value; // \u867d\u7136\u662fconst \u6210\u5458\u51fd\u6570\u5185\u90e8\uff0c\u4f46\u7531\u4e8e__data\u662fmutable\u7684\uff0c\u6240\u4ee5\u53ef\u4ee5\u4fee\u6539\n }\n private:\n mutable int __data;\n}\n\nint main () {\n const Sample obj; // const\u5bf9\u8c61\u53ea\u80fd\u8c03\u7528const\u51fd\u6570\n obj.set_data(10);\n obj.get_data(); \n}\n
volatile
\u6697\u793a\u7f16\u8bd1\u5668\u8be5\u53d8\u91cf\u7684\u503c\u53ef\u80fd\u88ab\u5916\u90e8\u786c\u4ef6\u6216\u5176\u4ed6\u7ebf\u7a0b\u4fee\u6539\uff08\u5728\u4e0d\u786e\u5b9a\u7684\u65f6\u673a\u88ab\u4fee\u6539\uff09restrict
\u6697\u793a\u7f16\u8bd1\u5668\u8be5\u53d8\u91cf\u7684\u503c\u53ea\u80fd\u88ab\u8fd9\u4e2a\u6307\u9488\u8bbf\u95eestatic
\u5b9a\u4e49\u9759\u6001\u53d8\u91cfregister
\u6697\u793a\u7f16\u8bd1\u5668\u8be5\u53d8\u91cf\u7ecf\u5e38\u88ab\u4f7f\u7528\uff0c\u53ef\u4ee5\u5b58\u50a8\u5728\u5bc4\u5b58\u5668\u4e2d\u7c7b\u6210\u5458\u51fd\u6570\u53ef\u4ee5\u5728\u7c7b\u5b9a\u4e49\u7684\u5185\u90e8\u8fdb\u884c\u5b9a\u4e49\uff0c\u6b64\u65f6\u6210\u5458\u51fd\u6570\u5373\u4e3a\u5185\u8054\u51fd\u6570\u3002\u4e5f\u53ef\u4ee5\u5728\u7c7b\u5b9a\u4e49\u7684\u5916\u90e8\u8fdb\u884c\u5b9a\u4e49\uff0c\u4e00\u822c\u4f7f\u7528\u8fd4\u56de\u503c\u7c7b\u578b \u7c7b\u540d::\u51fd\u6570\u540d(\u53c2\u6570\u5217\u8868) {\u51fd\u6570\u4f53}
\u7684\u5f62\u5f0f\u3002
class Sample {\n public:\n int sample1() {return 1;} // \u5728\u7c7b\u5185\u90e8\u5b9a\u4e49\u51fd\u6570\u5b9e\u73b0\n int sample2(); // \u5728\u7c7b\u5916\u90e8\u5b9a\u4e49\u51fd\u6570\u5b9e\u73b0\n}\n\n// \u9700\u8981\u4f7f\u7528\u8303\u56f4\u89e3\u6790\u8fd0\u7b97\u7b26::\u6765\u6307\u5b9a\u54ea\u4e2a\u7c7b\nint Sample::sample2() {return 2;}\n
"},{"location":"programming-languages/cpp/#\u6784\u9020\u51fd\u6570\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u6790\u6784\u51fd\u6570","title":"\u6784\u9020\u51fd\u6570\u3001\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u3001\u6790\u6784\u51fd\u6570","text":"\u7c7b\u7684\u6784\u9020\u51fd\u6570\u5728\u521b\u5efa\u65b0\u7684\u7c7b\u5bf9\u8c61\u662f\u6267\u884c\uff0c\u540d\u79f0\u4e0e\u7c7b\u540d\u76f8\u540c\uff0c\u6ca1\u6709\u8fd4\u56de\u503c\u3002\u4e00\u822c\u7528\u4e8e\u4e3a\u6210\u5458\u53d8\u91cf\u8bbe\u7f6e\u521d\u59cb\u503c\u3002 \u6784\u9020\u51fd\u6570\u4e2d\uff0c\u4f7f\u7528\u521d\u59cb\u5316\u5217\u8868\u6765\u5bf9\u7c7b\u6210\u5458\u8fdb\u884c\u8d4b\u503c\u65f6\uff0c\u5728\u6784\u9020\u51fd\u6570\u5b9a\u4e49\u7684\u5927\u62ec\u53f7\u524d\u52a0\u4e0a: X(a)
\uff0c\u5176\u4e2dX\u662f\u5185\u90e8\u6210\u5458\uff0ca\u662f\u6784\u9020\u51fd\u6570\u7684\u53c2\u6570\uff0c\u5b9e\u73b0\u5c06a\u8d4b\u7ed9X\u3002\u8ba1\u7b97\u987a\u5e8f\u662f\u6309\u7c7b\u5185\u7684\u6210\u5458\u5b9a\u4e49\u987a\u5e8f\uff0c\u800c\u4e0d\u662f\u6309\u521d\u59cb\u5316\u5217\u8868\u7684\u987a\u5e8f\u6765\u8fdb\u884c\u8d4b\u503c\u3002 \u62f7\u8d1d\u6784\u9020\u51fd\u6570\u4e00\u822c\u7528\u4e8e\u6839\u636e\u5df2\u6709\u7684\u7c7b\u5bf9\u8c61\uff0c\u751f\u6210\u65b0\u7684\u7c7b\u5bf9\u8c61\uff0c\u6bd4\u5982\u590d\u5236\u3002\u5982\u679c\u7c7b\u4e0d\u5305\u542b\u6307\u9488\u6216\u52a8\u6001\u5185\u5b58\u5206\u914d\uff0c\u53ef\u4ee5\u4e0d\u5199\uff0c\u7f16\u8bd1\u5668\u4f1a\u5e2e\u52a9\u751f\u6210\uff1b\u5426\u5219\u5fc5\u987b\u81ea\u5df1\u5b9e\u73b0\u3002 \u6790\u6784\u51fd\u6570\u7c7b\u4f3c\u4e8e\u6784\u9020\u51fd\u6570\uff0c\u4f46\u51fd\u6570\u540d\u524d\u52a0\u4e86~\u7b26\u53f7\u3002\u5b83\u4e0d\u80fd\u5e26\u6709\u53c2\u6570\uff0c\u4e5f\u6ca1\u6709\u8fd4\u56de\u503c\uff0c\u4e00\u822c\u7528\u4e8e\u91ca\u653e\u5bf9\u8c61\u65f6\u8fdb\u884c\u8d44\u6e90\u91ca\u653e\u3002 \u6790\u6784\u51fd\u6570\u90fd\u4e0d\u9700\u8981\u663e\u5f0f\u8c03\u7528\u3002
#include<iostream>\nclass Sample {\n public:\n void setData(int i);\n Sample(); // \u6784\u9020\u51fd\u6570\n Sample(int i); // \u5e26\u53c2\u6784\u9020\u51fd\u6570\n Sample(const Sample & obj); // \u62f7\u8d1d\u6784\u9020\u51fd\u6570\n ~Sample(); // \u6790\u6784\u51fd\u6570\n private:\n int * data;\n}\n\n// \u5728\u7c7b\u58f0\u660e\u5916\u90e8\u5b9e\u73b0\u51fd\u6570\uff0c\u5219\u4e3a\u975e\u5185\u8054\nSample::Sample() {\n std::cout << \"Construction\" << std::endl;\n data = new int;\n *data = 0;\n}\n\n// \u5e26\u521d\u59cb\u5316\u5217\u8868\u7684\u6784\u9020\u51fd\u6570\nSample::Sample(int i): data(i) {\n std::cout << \"Construction with initial list\" << std::endl;\n data = new int;\n *data = i;\n}\n\n// \u62f7\u8d1d\u6784\u9020\u51fd\u6570\u5b9a\u4e49\nSample::Sample(const Sample & obj) {\n std::cout << \"Construction with another object\" << std::endl;\n data = new int;\n *data = *obj.data;\n}\n\n// \u6790\u6784\u51fd\u6570\u5b9a\u4e49\nSample::~Sample() {\n std::cout << \"Deletion\" << std::endl;\n delete data;\n}\n\nvoid Sample::setData(int i) {\n data = i;\n}\n\nint main () {\n Sample sample1;\n sample1.setData(1);\n Sample sample2(2);\n Sample sample3(sample1);\n Sample sample4 = sample3;\n}\n
\u521b\u5efa\u7c7b\u7684\u5bf9\u8c61\u65f6\uff0c\u53ef\u4ee5\u76f4\u63a5\u4ee5\u7c7b\u540d \u5bf9\u8c61\u540d
\u7684\u5f62\u5f0f\u6784\u5efa\u4e00\u4e2a\u9ed8\u8ba4\u5bf9\u8c61\uff0c\u6216\u8005\u7c7b\u540d \u5bf9\u8c61\u540d(\u53c2\u6570\u5217\u8868)
\u6784\u5efa\u4e00\u4e2a\u5e26\u53c2\u6570\u7684\u5bf9\u8c61\uff0c\u6216\u8005\u7c7b\u540d \u5bf9\u8c61\u540d=\u5df2\u6709\u5bf9\u8c61
\u3001\u7c7b\u540d \u5bf9\u8c61\u540d(\u5df2\u6709\u5bf9\u8c61)
\u6765\u7528\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u3002\u6ce8\u610f\u4e0d\u8981\u76f4\u63a5\u8c03\u7528\u6784\u9020\u51fd\u6570\u672c\u8eab\uff0c\u5b83\u6ca1\u6709\u8fd4\u56de\u503c\u3002
\u5728\u4e00\u4e9b\u9ed8\u8ba4\u51fd\u6570\uff08\u6bd4\u5982\u62f7\u8d1d\u6784\u9020\u51fd\u6570\uff09\u540e\u52a0\u4e0a= delete
\u610f\u4e3a\u7981\u6b62\u8be5\u51fd\u6570\u88ab\u8c03\u7528\u3002
class Sample {\n Sample(const Sample &) = delete; // \u7981\u6b62\u901a\u8fc7\u62f7\u8d1d\u6784\u9020\u51fd\u6570\u65b0\u5efa\u5bf9\u8c61\n Sample &operator=(const Sample &) = delete; // \u7981\u6b62\u901a\u8fc7\u8d4b\u503c\u6765\u62f7\u8d1d\u5bf9\u8c61\n}\n
"},{"location":"programming-languages/cpp/#explicit","title":"explicit","text":"\u5982\u679c\u4e00\u4e2a\u6784\u9020\u51fd\u6570\u53ea\u63a5\u53d7\u4e00\u4e2a\u53c2\u6570\uff08\u6216\u8005\u662f\u53ef\u4ee5\u901a\u8fc7\u9ed8\u8ba4\u503c\u53d8\u6210\u53ea\u63a5\u53d7\u4e00\u4e2a\u53c2\u6570\uff09\uff0c\u5b83\u4f1a\u88ab\u89c6\u4e3a\u4e00\u4e2a\u8f6c\u6362\u6784\u9020\u51fd\u6570\u3002\u8fd9\u79cd\u6784\u9020\u51fd\u6570\u5141\u8bb8\u901a\u8fc7\u9690\u5f0f\u8f6c\u6362\u5c06\u5176\u4ed6\u7c7b\u578b\u7684\u5bf9\u8c61\u8f6c\u6362\u4e3a\u5f53\u524d\u7c7b\u7684\u5bf9\u8c61\uff0c\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e0d\u5fc5\u8981\u7684\u884c\u4e3a\u3002\u4e3a\u4e86\u907f\u514d\u8fd9\u79cd\u60c5\u51b5\uff0c\u4f7f\u7528explicit\u6765\u663e\u5f0f\u521b\u5efa\u5bf9\u8c61\u3002
\u663e\u5f0f\u521b\u5efa\u5bf9\u8c61\u663e\u5f0f\u7c7b\u578b\u8f6c\u6362#include <iostream>\nusing namespace std;\nclass MyClass {\npublic:\n explicit MyClass(int value) {\n cout << \"Constructor called with value: \" << value << endl;\n }\n};\n\nvoid print(const MyClass& obj) {\n cout << \"print function called\" << endl;\n}\n\nint main() {\n // print(42); // \u9519\u8bef\uff0c\u65e0\u6cd5\u9690\u5f0f\u8f6c\u6362\n print(MyClass(42)); // \u5fc5\u987b\u663e\u5f0f\u521b\u5efa\u5bf9\u8c61\n return 0;\n}\n
#include <iostream>\nusing namespace std;\n\nclass MyClass {\npublic:\n explicit operator int() const {\n return 42;\n }\n};\n\nint main() {\n MyClass obj;\n // int value = obj; // \u9519\u8bef\uff0c\u65e0\u6cd5\u9690\u5f0f\u8f6c\u6362\n int value = static_cast<int>(obj); // \u5fc5\u987b\u663e\u5f0f\u8f6c\u6362\n cout << \"value = \" << value << endl;\n return 0;\n}\n
"},{"location":"programming-languages/cpp/#\u5c01\u88c5","title":"\u5c01\u88c5","text":""},{"location":"programming-languages/cpp/#\u7ee7\u627f","title":"\u7ee7\u627f","text":""},{"location":"programming-languages/cpp/#\u591a\u6001","title":"\u591a\u6001","text":""},{"location":"programming-languages/cpp/#\u8fd0\u7b97\u7b26\u91cd\u8f7d","title":"\u8fd0\u7b97\u7b26\u91cd\u8f7d","text":""},{"location":"programming-languages/cpp/#\u9759\u6001\u6210\u5458\u53d8\u91cf\u4e0e\u9759\u6001\u6210\u5458\u51fd\u6570","title":"\u9759\u6001\u6210\u5458\u53d8\u91cf\u4e0e\u9759\u6001\u6210\u5458\u51fd\u6570","text":""},{"location":"programming-languages/cpp/#\u5e38\u91cf\u6210\u5458\u51fd\u6570","title":"\u5e38\u91cf\u6210\u5458\u51fd\u6570","text":""},{"location":"programming-languages/cpp/#this\u6307\u9488","title":"this\u6307\u9488","text":""},{"location":"programming-languages/cpp/#\u5bf9\u8c61\u7684\u6df1\u62f7\u8d1d\u4e0e\u6d45\u62f7\u8d1d","title":"\u5bf9\u8c61\u7684\u6df1\u62f7\u8d1d\u4e0e\u6d45\u62f7\u8d1d","text":""},{"location":"programming-languages/cpp/#\u6a21\u677f\u7f16\u7a0b","title":"\u6a21\u677f\u7f16\u7a0b","text":""},{"location":"programming-languages/cpp/#\u667a\u80fd\u6307\u9488","title":"\u667a\u80fd\u6307\u9488","text":""},{"location":"programming-languages/cpp/#c11\u65b0\u7279\u6027","title":"C++11\u65b0\u7279\u6027","text":""},{"location":"programming-languages/cpp/#\u7c7b\u578b\u522b\u540d","title":"\u7c7b\u578b\u522b\u540d","text":"\u4f7f\u7528 using NewType = OldType
\u4e3a\u590d\u6742\u7c7b\u578b\u6784\u5efa\u7b80\u5355\u522b\u540d\uff0c\u539f\u7406\u7c7b\u4f3ctypedef OldType NewType
\uff0c\u4f46\u8868\u8fbe\u66f4\u52a0\u6e05\u6670\uff0c\u800c\u4e14\u652f\u6301\u6cdb\u578b\u3002
template <typename T>\nusing Vec = std::vector<T>;\n\nVec<int> myVec; // \u7b49\u4ef7\u4e8e std::vector<int>\n
"},{"location":"programming-languages/cpp/#c14\u65b0\u7279\u6027","title":"C++14\u65b0\u7279\u6027","text":""},{"location":"programming-languages/cpp/#c17\u65b0\u7279\u6027","title":"C++17\u65b0\u7279\u6027","text":""},{"location":"programming-languages/cpp/#c20\u65b0\u7279\u6027","title":"C++20\u65b0\u7279\u6027","text":""},{"location":"programming-languages/crawler/","title":"\u722c\u866b\u6a21\u677f","text":"\u7ea6 142 \u4e2a\u5b57 156 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 16 \u5206\u949f
"},{"location":"programming-languages/crawler/#scrapy","title":"Scrapy","text":"\u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd
"},{"location":"programming-languages/crawler/#\u52a0\u56fd\u5185\u4ee3\u7406","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"\u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406
import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n\t\"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n\tyield scrapy.Request(\n\t\theaders = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n\t\tmeta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n\t\t)\n
"},{"location":"programming-languages/crawler/#applicationjson\u7c7b\u578b","title":"application/json\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a
import json\nheaders = {\n \"Content-Type\": \"application/json\",\n \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n url=url, \n method='POST', \n headers=headers, \n body=data,\n callback=self.parse, \n meta={'period': t}, \n errback=self.err,\n cb_kwargs={'period': t,'page':0}\n)\n
"},{"location":"programming-languages/crawler/#applicationx-www-form-urlencoded\u7c7b\u578b","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a
post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n url=url,\n formdata=post_data,\n errback=self.err,\n callback = self.parse,\n cookies = cookies,\n cb_kwargs = {'id':'shixian','page':str(page)},\n )\n
\u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002
"},{"location":"programming-languages/crawler/#selenium","title":"Selenium","text":"\u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8
from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n cur = -1\n final = -1\n try:\n pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n except:\n print('Current page is not found')\n return cur,final\n \n for page in pages:\n if 'active' in page.get_attribute('class'):\n cur = int(page.text)\n if 'number' in page.get_attribute('class'):\n final = int(page.text)\n return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n \"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n \"\"\"\n global CURRENT_PAGE\n global CURRENT_TITLE\n titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n jscode = 'document.location = '+'\"'+config['url']+'\"'\n driver.execute_script(jscode)\n for title,svgs in zip(titles,icons):\n svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n continue\n skip = False\n for svg in svgs:\n # if visible \n if svg.get_attribute('style') == 'display: inline-block;':\n svg.click()\n time.sleep(7)\n cls = driver.window_handles\n if len(cls) > 1:\n time.sleep(20)\n ok = archive_file(title.text,config)\n if not ok:\n print(f'Failed to download {title.text}')\n while len(cls) > 1:\n driver.switch_to.window(cls[1])\n driver.close()\n driver.switch_to.window(cls[0])\n cls = driver.window_handles\n return (False, title.text)\n cls = driver.window_handles\n driver.switch_to.window(cls[0])\n CURRENT_TITLE = None\n CURRENT_PAGE += 1\n return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n
\u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a
import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n if op >= 200:\n print('failed 200 times!')\n break\n p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n op += 1\n \n time.sleep(30)\n if p.poll() == 0:\n break\n p.wait()\n
"},{"location":"programming-languages/go/","title":"go","text":"\u7ea6 66 \u4e2a\u5b57 14 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
"},{"location":"programming-languages/go/#go\u73af\u5883\u914d\u7f6e","title":"go\u73af\u5883\u914d\u7f6e","text":"go env -w GO111MODULE=on\ngo env -w GOPROXY=https://goproxy.cn\n
"},{"location":"programming-languages/go/#\u521b\u5efa\u5de5\u7a0b","title":"\u521b\u5efa\u5de5\u7a0b","text":"\u5de5\u7a0b\u4fdd\u5b58\u5728xxx/go/src/xxx\u4e0b\uff0c\u5e76\u5c06GOPATH=xxx/go\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d
"},{"location":"programming-languages/go/#\u5feb\u901f\u5165\u95e8","title":"\u5feb\u901f\u5165\u95e8","text":"package main\nimport (\n \"fmt\"\n)\n\nfunc main() {\n //\u5faa\u73af\u8f93\u51fa\n for i:=0; i<10; i++{\n fmt.Println(i)\n }\n}\n
"},{"location":"programming-languages/java/","title":"Java","text":"\u7ea6 108 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"programming-languages/java/#java\u73af\u5883\u914d\u7f6e","title":"Java\u73af\u5883\u914d\u7f6e","text":"\u5728https://www.oracle.com/java/technologies/downloads/\u4e0b\u8f7d\u5bf9\u5e94\u7cfb\u7edf\u7684\u5305\u3002Linux\u9009\u62e9Compressed Archive\uff0c\u89e3\u538b\u7f29\u4ee5\u540e\u914d\u7f6e\u4e0bpath\uff1bWindows\u53ef\u4ee5\u7528MSI Installer\u3002\u5bf9\u5e94\u7684\u6e90\u7801\u5728lib/src.zip\u4e2d\u3002
"},{"location":"programming-languages/java/#java\u6e90\u7801\u67b6\u6784\u7406\u89e3","title":"Java\u6e90\u7801\u67b6\u6784\u7406\u89e3","text":"\u6838\u5fc3\u4ee3\u7801\u3001\u4e3b\u8981\u529f\u80fd\u5728java.base/java\u76ee\u5f55\u4e0b\uff0c\u5176\u4e2d\u5305\u542b\u4e86io\u3001lang\u3001util\u7b49\u591a\u4e2a\u5173\u952e\u6a21\u5757\u3002
"},{"location":"programming-languages/java/#java\u91cc\u6709\u54ea\u4e9b\u6570\u636e\u7ed3\u6784\u7c7b\u578b\u5982\u4f55\u5b9e\u73b0\u7684","title":"Java\u91cc\u6709\u54ea\u4e9b\u6570\u636e\u7ed3\u6784\u7c7b\u578b\uff1f\u5982\u4f55\u5b9e\u73b0\u7684\uff1f","text":"Java\u4e2d\u5e38\u89c1\u7684\u6570\u636e\u7c7b\u578b\u6bd4\u5982Set\u3001Array\u3001
"},{"location":"programming-languages/python/","title":"Python","text":"\u7ea6 786 \u4e2a\u5b57 242 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 27 \u5206\u949f
"},{"location":"programming-languages/python/#\u4e00\u4e9b\u5c0f\u70b9","title":"\u4e00\u4e9b\u5c0f\u70b9","text":"obj.__dir__() \u6216\u8005dir(obj)
\u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install \u2013upgrade, pip3 install \u2013force-reinstall\u7b49\u7b49\u3002
import argparse\n\ndef populate_parser(parser):\n parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n # Verbosity switches\n parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
"},{"location":"programming-languages/python/#\u914d\u7f6e\u8bfb\u53d6yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"\u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305
import yaml\n\nwith open('config.yml', 'rb') as f:\n data = yaml.load(f, Loader=yaml.FullLoader)\n print(data)\n
\u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09
\u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6
item:\n test1: 1\n test2: 2\n test2.1: TRUE\n test2.2: true\n test2.3: True\nmatters:\n test3: 3\n 3: 333\n test4: 4\n test5: ${item.test1}\n test6: a b c d\n test7: \n
\u4f1a\u88ab\u8bc6\u522b\u4e3a
{'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
"},{"location":"programming-languages/python/#\u914d\u7f6e\u8bfb\u53d6json","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ajson","text":"\u9664\u4e86yaml\u4ee5\u5916\uff0c\u7528json\u4e5f\u53ef\u4ee5\u5f88\u65b9\u4fbf\u5730\u5904\u7406\u914d\u7f6e\u3002\u800c\u4e14\u4e0d\u9700\u8981\u989d\u5916\u4e0b\u8f7d\u4ec0\u4e48\u5305\u3002
import json\n\nconfig = json.load(open('config.json','r',encoding='utf8')) # \u76f4\u63a5\u62ff\u5230\u4e86\u5b57\u5178\u683c\u5f0f\u7684config\njson.dump(config, open('config.json', 'w',encoding='utf8'), indent=4, ensure_ascii=False)\n
"},{"location":"programming-languages/python/#\u8fdb\u5ea6\u6761\u8f93\u51fatqdm","title":"\u8fdb\u5ea6\u6761\u8f93\u51fa\uff1atqdm","text":"from tqdm import tqdm # \u7528\u4e8e\u663e\u793a\u8fdb\u5ea6\u6761\nwith tqdm(total=total_num, desc=\"Sample progress bar\", unit=\"file\") as pbar:\n pbar.update(1)\n
"},{"location":"programming-languages/python/#\u8f93\u51fa\u65e5\u5fd7logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"\u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002
import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n
\u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f
import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n
\u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)
"},{"location":"programming-languages/python/#\u63a5\u53e3\u8bbe\u8ba1","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"\u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002
import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n event_id, pc, cnt = bb_regex.match(line).groups()\n\n event_id = int(event_id, 16)\n pc = int(pc, 16)\n cnt = int(cnt)\n\n return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n pc, addr, mode = line.split(\" \")\n return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n try:\n with open(filename, \"r\") as f:\n return [line_parser(line) for line in f.readlines() if line]\n except FileNotFoundError:\n return []\n\ndef parse_bbl_trace(filename):\n return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n return _parse_file(filename, parse_mmio_set_line)\n
"},{"location":"programming-languages/python/#\u4e2d\u95f4\u6570\u636e\u5b58\u50a8capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"Cap\u2019n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a
// test.capnp\nstruct TraceEvent {\n union {\n basicBlock @0 :BasicBlock;\n access @1 :Access;\n }\n}\n\nstruct BasicBlock {\n pc @0 :UInt32;\n lr @1 :UInt32;\n}\n\nstruct Access {\n target @0 :AccessTarget;\n type @1 :AccessType;\n size @2 :UInt8;\n pc @3 :UInt32;\n}\n\nenum AccessTarget {\n ram @0;\n mmio @1;\n}\nenum AccessType {\n read @0;\n write @1;\n}\n
\u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n if event.which() == 'basicBlock':\n print(event.basicBlock.pc)\ntrace_file.close()\n
"},{"location":"programming-languages/python/#\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"\u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal
pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n if timeout_seconds != 0:\n def handler(signal_no, stack_frame):\n pipeline.request_shutdown()\n\n # spin up an alarm for the time\n signal.signal(signal.SIGALRM, handler)\n signal.alarm(timeout_seconds)\n\n pipeline.start()\nexcept Exception as e:\n logger.error(f\"Got exception, shutting down pipeline: {e}\")\n import traceback\n traceback.print_exc()\n status = 1\n
"},{"location":"programming-languages/python/#\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362intelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc
from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n 0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n 0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n # Check if the address is consecutive with the current data\n if current_address is None or address == current_address + len(current_data):\n if current_address is None:\n current_address = address\n current_data += bytes([ih[address]])\n else:\n # Save the previous data and start a new block\n restored_data[current_address] = current_data\n current_address = address\n current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
"},{"location":"programming-languages/python/#\u53c2\u8003\u8d44\u6599","title":"\u53c2\u8003\u8d44\u6599","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"researching-is-living/general/interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":"\u7ea6 179 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
\u7ea6 311 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
\u7ea6 21 \u4e2a\u5b57 190 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 19 \u5206\u949f
"},{"location":"researching-is-living/general/latex/#\u63a8\u8350\u5de5\u5177","title":"\u63a8\u8350\u5de5\u5177","text":"\u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c
"},{"location":"researching-is-living/general/latex/#\u82f1\u6587latex","title":"\u82f1\u6587latex","text":"\\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
"},{"location":"researching-is-living/general/latex/#\u4e2d\u6587latex","title":"\u4e2d\u6587latex","text":"\\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}} % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}} % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}} % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}} % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}} % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont} % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont} % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont} % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont} % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont} % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont} % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont} % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont} % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont} % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont} % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx} \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n\t\\begin{tikzpicture}\n\t\\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n\t\\draw (0,0) circle (#1);\n\t\\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
"},{"location":"researching-is-living/general/picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"\u7ea6 1043 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 3 \u5206\u949f
Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)
RR: A Fault Model for Efficient TEE Replication (NDSS 2023)
No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)
FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)
Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer
A Survey on Adversarial Attacks for Malware Analysis
Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)
A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)
Structural Attack against Graph Based Android Malware Detection (CCS 2021)
Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)
Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)
P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)
Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)
REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)
Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)
POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis
A Survey on Software Fault Localization (TSE 2016)
\u7ea6 156 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
"},{"location":"researching-is-living/general/readings/#\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","title":"\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","text":"\u7ea6 508 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
"},{"location":"researching-is-living/general/sci-thoughts/#\u517b\u6210\u4e60\u60ef","title":"\u517b\u6210\u4e60\u60ef","text":"\u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002
\u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002
\u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002
\u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002
"},{"location":"researching-is-living/general/sci-thoughts/#\u79d1\u7814\u5199\u4f5c","title":"\u79d1\u7814\u5199\u4f5c","text":"\u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002
\u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002
"},{"location":"researching-is-living/general/sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"\u7ea6 468 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 2 \u5206\u949f
\u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a
\u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a
\u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a
\u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a
\u63d0\u51fa\u672c\u6587novelty\uff1a
\u63d0\u51fa\u672c\u6587insight\uff1a
\u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a
\u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a
\u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a
\u7ea6 943 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 3 \u5206\u949f
\u7ea6 1699 \u4e2a\u5b57 2 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 6 \u5206\u949f
\u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f1\uff1a
\u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a2\uff1a
Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.
The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.
Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.
Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.
Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.
"},{"location":"researching-is-living/related/fuzzing/#\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49
"},{"location":"researching-is-living/related/fuzzing/#aflnet","title":"AFLNET","text":"\u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002
"},{"location":"researching-is-living/related/fuzzing/#stateafl","title":"STATEAFL","text":"\u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002
"},{"location":"researching-is-living/related/fuzzing/#nsfuzz","title":"NSFuzz","text":"\u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002
\u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002
\u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002
shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
"},{"location":"researching-is-living/related/fuzzing/#iothunter","title":"IoTHunter","text":"\u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002
"},{"location":"researching-is-living/related/fuzzing/#\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002
\u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002
\u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002
"},{"location":"researching-is-living/related/fuzzing/#dataflow","title":"DATAFLOW","text":"\u6e90\u7801
\u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002
FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE \u21a9
Intrusive v.s. non-intrusive tracing \u21a9
\u7ea6 164 \u4e2a\u5b57 2 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 1 \u5206\u949f
"},{"location":"researching-is-living/related/linux-kernel/#\u7f16\u8bd1","title":"\u7f16\u8bd1","text":"\u4e0b\u8f7d\u6e90\u7801\uff0c\u53ef\u4ee5\u4ece\u6e05\u534e\u6e90pull\u4e00\u4e2a\uff1agit clone https://mirrors.tuna.tsinghua.edu.cn/git/linux.git
\u3002\u968f\u540e\u7f16\u8bd1\u6e90\u7801\uff0c\u53c2\u8003CSDN\u6559\u7a0b\u3002\u6838\u5fc3\u903b\u8f91\u662f\u4e0b\u8f7d\u597d\u5fc5\u8981\u7684\u4f9d\u8d56\u5305\uff08\u6bd4\u5982apt install build-essential flex bison libssl-dev libelf-dev
\uff09\u4e4b\u540e\uff0c\u5728\u6839\u76ee\u5f55\u8fd0\u884cmake menuconfig
\uff0c\u7136\u540eExit\u4fdd\u5b58\u6587\u4ef6\uff0c\u6700\u540e\u76f4\u63a5\u591a\u7ebf\u7a0b\u7f16\u8bd1make -j8
\u3002
\u968f\u540e\u662f\u6f2b\u957f\u7684\u7f16\u8bd1\u8fc7\u7a0b\u3002\u4ee5Linux 6.12-rc6\u4e3a\u4f8b\u53ef\u80fd\u51fa\u73b0\u7684\u62a5\u9519\uff1a
\u8bc1\u4e66\u95ee\u9898\uff1a
make[3]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.\nmake[2]: *** [scripts/Makefile.build:478: certs] Error 2\nmake[2]: *** Waiting for unfinished jobs....\n
\u53c2\u8003StackOverflow\u4e0a\u7684\u89e3\u7b54\uff0c\u53ef\u4ee5\u4fee\u6539conf\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u7b80\u5355\u5730\u8fd0\u884c scripts/config --disable SYSTEM_TRUSTED_KEYS\nscripts/config --disable SYSTEM_REVOCATION_KEYS\n
\u91cd\u65b0make\u540e\u4e00\u8def\u56de\u8f66\u3002"},{"location":"researching-is-living/related/rca/","title":"\u6839\u56e0\u5206\u6790","text":"\u7ea6 2291 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 8 \u5206\u949f
\u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002
\u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002
\u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002
\u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a
\u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002
\u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002
\u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5
\u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002
\u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002
"},{"location":"researching-is-living/related/rca/#\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"\u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684
"},{"location":"researching-is-living/related/rca/#\u5206\u6790\u65f6\u95f4\u5f00\u9500","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"\u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002
"},{"location":"researching-is-living/related/rca/#\u4e00\u4e9b\u60f3\u6cd5","title":"\u4e00\u4e9b\u60f3\u6cd5","text":"\u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba
"},{"location":"software-security/","title":"Index","text":"\u7ea6 0 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"\u7ea6 4823 \u4e2a\u5b57 1287 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 145 \u5206\u949f
\u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college
\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b
\u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF
\u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF
\u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a
HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment
\u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding
POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type
\u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\u201ca\u201d:\u201dxx\u201d}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob
RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#assembly-crash-course-\u5b66\u4e60\u7b14\u8bb0","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#building-a-web-server-\u5b66\u4e60\u7b14\u8bb0","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"\u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002
\u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a
// int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n * uint16_t sa_family;\n * uint8_t sa_data[14]; \n * }\n * \n * struct sockaddr_in {\n * uint16_t sin_family;\n * uint16_t sin_port;\n * uint32_t sin_addr;\n * uint8_t __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#reverse-engineering-\u5b66\u4e60\u7b14\u8bb0","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":"start
\u5728main\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884cstarti
\u5728_start\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884crun
\u4e0d\u6253\u65ad\u70b9\uff0c\u76f4\u63a5\u8fd0\u884cattach <PID>
\u5c06gdb\u9644\u7740\u5230\u4e00\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0bcore <PATH>
\u5206\u6790\u4e00\u4e2a\u7a0b\u5e8f\u8fd0\u884c\u540e\u4ea7\u751f\u7684coredump\u6587\u4ef6start <ARG1> <ARG2> < <STDIN_PATH>
\u8fd0\u884c\u5e26\u6709\u53c2\u6570\u7684\u7a0b\u5e8f\uff0c\u548cshell\u91cc\u8f93\u547d\u4ee4\u4e00\u6837info registers
\u53ef\u4ee5\u67e5\u770b\u5bc4\u5b58\u5668\u7684\u503c\uff08\u6216\u8005\u7b80\u5355\u7684i r
\uff09print
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u8005\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u6bd4\u5982p/x $rdi
\u4ee516\u8fdb\u5236\u6253\u5370rdi\u5bc4\u5b58\u5668\u7684\u503cx/<n><u><f> <address>
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u7edd\u5bf9\u5730\u5740\u7684\u5185\u5bb9\u3002n
\u8868\u793anumber\uff0c\u4e5f\u5c31\u662f\u8bf4\u8981\u6253\u5370\u51e0\u4e2a\u5355\u5143\uff1bu
\u8868\u793aunit size\uff0c\u6bcf\u4e2a\u5355\u5143\u7684\u5b57\u8282\u957f\u5ea6\uff0c\u53ef\u53d6b/h/w/g
\uff0c\u5206\u522b\u8868\u793a1\uff0c2\uff0c4\uff0c8\u5b57\u8282\uff1bf
\u8868\u793a\u8f93\u51fa\u683c\u5f0f\uff0c\u53ef\u53d6d/x/s/i
\uff0c\u5206\u522b\u8868\u793a\u5341\u8fdb\u5236\u3001\u5341\u516d\u8fdb\u5236\u3001\u5b57\u7b26\u4e32\u3001\u6c47\u7f16\u6307\u4ee4\u3002address\u8868\u793a\u8981\u6253\u5370\u7684\u5730\u5740\uff0c\u53ef\u4ee5\u5199\u6210\u6570\u5b66\u8868\u8fbe\u5f0f\u3002set disassembly-flavor intel
\u7528\u6765\u4fee\u6539\u6c47\u7f16\u6307\u4ee4\u7684\u8868\u793a\u5f62\u5f0f\uff0c\u8fd9\u91cc\u662fintel\u6307\u4ee4\u3002stepi <n>
\u6b65\u5165n\u6761\u6c47\u7f16\u6307\u4ee4\uff0cnexti <n>
\u6b65\u8fc7n\u6761\u6c47\u7f16\u6307\u4ee4\uff1b\u5206\u522b\u7b80\u5199\u4e3asi
\u4e0eni
finish
\u6267\u884c\u5230\u5f53\u524d\u51fd\u6570\u7ed3\u675f\u5e76\u8fd4\u56debreak *<addres>
\u5728address\u5904\u6253\u65ad\u70b9\uff0c\u53ef\u4ee5\u7b80\u5199\u4e3ab *<address>
display/<n><u><f>
\u6765\u5728\u6bcf\u4e00\u6761\u64cd\u4f5c\u7ed3\u675f\u540e\u663e\u793a\u67d0\u4e9b\u6570\u503c\u3002nuf\u7684\u7528\u6cd5\u548cx
\u6253\u5370\u5185\u5b58\u5730\u5740\u4e00\u6837-x xxx.gdb
\uff0c\u5c31\u53ef\u4ee5\u5728gdb\u542f\u52a8\u540e\u81ea\u52a8\u5316\u8fd0\u884c\u811a\u672c~/.gdbinit
\u5728\u521d\u59cb\u5316gdb\u4f1a\u8bdd\u65f6\u81ea\u52a8\u8fd0\u884ccall
\u76f4\u63a5\u8c03\u7528\u51fd\u6570\uff0c\u6bd4\u5982call (void)win()
set pagination off
\u5173\u95ed\u5206\u9875\u786e\u8ba4 \u4ee5\u4e0b\u662f\u4e2agdb\u811a\u672c\u7684\u4f8b\u5b50\uff0csilent
\u7528\u4e8e\u5728\u9047\u5230\u65ad\u70b9\u65f6\u51cf\u5c11\u8f93\u51fa\u4fe1\u606f\uff0c\u4ee5\u53ca\u4f7f\u7528set
\u548cprintf
\u8bbe\u7f6e\u53d8\u91cf\u3001\u6253\u5370\u503c\u3002start\nbreak *main+42\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x32)\n printf \"Current value: %llx\\n\", $local_variable\n continue\nend\ncontinue\n
if
\u3001catch
\u6765\u52ab\u6301systemcall\uff0c\u6bd4\u5982\uff1astart\ncatch syscall read\ncommands\n silent\n if ($rdi == 42)\n set $rdi = 0\n end\n continue\nend\ncontinue\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run
\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002
\u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a
\u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002
Level 1
Send an HTTP request using curl
curl http://127.0.0.1\n
Level 2
Send an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\n
Level 3
Send an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 4
Set the host header in an HTTP request using curl
curl -H 'host:xxxxx' http://127.0.0.1\n
Level 5
Set the host header in an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n
Level 6
Set the host header in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n
Level 7
Set the path in an HTTP request using curl
curl http://127.0.0.1/xxxxx\n
Level 8
Set the path in an HTTP request using nc
nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n
Level 9
Set the path in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n
Level 10~12
URL encode a path in an HTTP request using curl/nc/python
\u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef
Level 13~15
Specify an argument in an HTTP request using curl/nc/python
GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef
nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762
Level 16~18
Specify multiple arguments in an HTTP request using curl/nc/python
\u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389
Level 19~21
Include form data in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n
Level 22~24
Include form data with multiple fields in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n
Level 25~27
Include json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n
Level 28~30
Include complex json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n
Level 31~33
Follow an HTTP redirect from HTTP response using curl/nc/python
#curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 34~36
Include a cookie from HTTP response using curl/nc/python
#curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 37~39
Make multiple requests in response to stateful HTTP responses using curl/nc/python
#curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002
Level 1
In this level you will work with registers_use! Please set the following: rdi = 0x1337
from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
\u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run
\u5373\u53ef\u3002 Level 2
asm('add rdi,0x331337')\n
Level 3
asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n
Level 4
\u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg
\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002
asm('mov rax, rdi;div rsi')\n
Level 5
asm('mov rax, rdi;div rsi;mov rax, rdx')\n
Level 6
\u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002
asm('mov al, dil;mov bx, si')\n
Level 7
shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09
asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n
Level 8
and reg1, reg2
\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002
asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n
Level 9
\u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002
asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n
Level 10
\u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]
\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg
\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002
asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n
Level 11
\u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002
asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n
Level 12
\u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002
asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n
Level 13
asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n
Level 14
asm('pop rax;sub rax,rdi; push rax')\n
Level 15
\u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668
asm('push rdi; push rsi; pop rdi; pop rsi')\n
Level 16
\u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09
asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n
Level 17
\u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002
asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n
Level 18
\u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n add eax, [rdi+8]\n add eax, [rdi+12]\n jmp done\ncase2:\n sub eax, [rdi+8]\n sub eax, [rdi+12]\n jmp done\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 19
jmp [reg + offset]
\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002
asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n
Level 20
\u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n cmp rcx, rsi\n je done\n add rax, [rdi + 8 * rcx]\n add rcx, 1\n jmp loop\ndone:\n div rsi\n\"\"\"\n\nprint(asm(payload))\n
Level 21
\u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 22
\u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9
\u8fdb\u884c\u4f20\u53c2\u3001rax
\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n mov bl, [rdx]\n test bl,bl\n jz done\n cmp bl, 0x5a\n jg notif\n mov rax, 0x403000\n xor rdi, rdi\n mov dil, bl\n call rax\n mov [rdx], al\n add rcx, 1\nnotif:\n add rdx, 1\n jmp loop\ndone:\n mov rax, rcx\n ret\n\"\"\"\n\nprint(asm(payload))\n
Level 23
\u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]
\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002
from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n cmp rcx, rdx\n jg loop1_end\n mov al, [rdi + rcx]\n mov r8, rbp\n mov r9, rax\n imul r9, 4\n sub r8, r9\n mov ebx, [r8]\n add ebx, 1\n mov [r8], ebx\n add rcx, 1\n jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n cmp rcx, 0xff\n jg loop2_end\n mov r8, rbp\n mov r9, rcx\n imul r9, 4\n sub r8, r9\n mov edx, [r8]\n cmp edx, ebx\n jle loop2_conti\n mov rbx, rdx\n mov rax, rcx\nloop2_conti:\n add rcx, 1\n jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"\u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002
\u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c
Level 1
\u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a
===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0) = ?\n+++ exited with 0 +++\n
\u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server
\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002
\u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s
\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o
\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server
\u5373\u53ef\u3002
\u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002
\u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a
hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n
\u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86
Level 2
In this challenge you will create a socket.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n\n push rax\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n
Level 3
In this challenge you will bind an address to a socket.
\u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n
\u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n push rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, rax # socket_fd\n push 0x50000002 # AF_INET(2) and PORT(80) in big endian\n mov rsi, rsp # sockaddr_in\n push 0x0 # IP(0.0.0.0)\n push 0x0 # padding\n push 0x0 # padding\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n
Level 4
In this challenge you will listen on a socket.
\u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 5
In this challenge you will accept a connection.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL)\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 6
In this challenge you will respond to an http request.
\u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1\n syscall\n\n # close(4)\n mov rdi, tunnel\n mov rax, 3\n syscall\n \n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\nrequest: .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 7
In this challenge you will respond to a GET request for the contents of a specified file.
\u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002
open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e0\uff09\u3002
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0) = 0\n[\u2713] accept(3, NULL, NULL) = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY) = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5) = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n
\u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0 # sys_read\n syscall\n\n # open(\"<open_path>\", O_RDONLY) = 5\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(5, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n\n # close(5)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n # close(4)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 8
In this challenge you will accept multiple requests.
\u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n \n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0 # sys_read\n syscall\n\n # open(\"<open_path>\", O_RDONLY) = 5\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(5, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n\n # close(5)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n # close(4)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n\n # accept(3, NULL, NULL)\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n \n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 9
In this challenge you will concurrently accept multiple requests.
\u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n\nparent_process_1:\n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # fork() = <fork_result>\n mov rax, 57 # sys_fork\n syscall\n \n test rax, rax\n jnz parent_process_2\n jz child_process\n\nparent_process_2:\n\n # close(3)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n jmp parent_process_1\n\nchild_process:\n\n # close(3)\n mov rdi, sockfd\n mov rax, 3 # sys_close\n syscall\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 256\n mov rax, 0 # sys_read\n syscall\n\n # open(\"<open_path>\", O_RDONLY) = 3\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(3, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n\n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 10
In this challenge you will respond to a POST request with a specified file and update its contents.
\u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\u201drnrn\u201c\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n\nparent_process_1:\n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # fork() = <fork_result>\n mov rax, 57 # sys_fork\n syscall\n \n test rax, rax\n jnz parent_process_2\n jz child_process\n\nparent_process_2:\n\n # close(3)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n jmp parent_process_1\n\nchild_process:\n\n # close(3)\n mov rdi, sockfd\n mov rax, 3 # sys_close\n syscall\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov requestlen, rax\n\n # open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\n lea rdi, [request+5] # extract file name\n movb [rdi+16], 0\n mov rsi, 0x41 # O_WRONLY | O_CREAT\n mov rdx, 0777\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n \n # locate POST body\n mov rcx, 0\n mov ebx, separate\nlocate_body:\n mov eax, [request+rcx]\n add rcx, 1\n cmp eax, ebx\n jne locate_body\n # extrace POST body\n add rcx, 3\n mov rdi, txtfile\n lea rsi, [request+rcx]\n mov rdx, requestlen\n sub rdx, rcx\n mov rax, 1 # sys_write\n syscall\n\n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
Level 11
In this challenge you will respond to multiple concurrent GET and POST requests.
\u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n \n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n mov sockfd, rax\n\n # bind the socket to 0.0.0.0:80\n mov rdi, sockfd # socket_fd\n lea rsi, sockaddr # sockaddr\n mov rdx, 16 # addrlen\n mov rax, 49 # sys_bind\n syscall\n \n # listen(3, 0)\n mov rdi, sockfd\n mov rsi, 0\n mov rax, 50 # sys_listen\n syscall\n\nparent_process_1:\n # accept(3, NULL, NULL) = 4\n mov rdi, sockfd\n mov rsi, 0\n mov rdx, 0\n mov rax, 43 # sys_accept\n syscall\n mov tunnel, rax\n\n # fork() = <fork_result>\n mov rax, 57 # sys_fork\n syscall\n \n test rax, rax\n jnz parent_process_2\n jz child_process\n\nparent_process_2:\n\n # close(3)\n mov rdi, tunnel\n mov rax, 3 # sys_close\n syscall\n jmp parent_process_1\n\nchild_process:\n\n # close(3)\n mov rdi, sockfd\n mov rax, 3 # sys_close\n syscall\n\n # read(4, <read_request>, <read_request_count>) = <read_request_result>\n mov rdi, tunnel\n lea rsi, request\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov requestlen, rax\n\n # check GET or POST\n mov eax, request\n mov ebx, requestget\n cmp eax, ebx\n je handle_get\n mov ebx, requestpost\n cmp eax, ebx\n je handle_post\n\n jmp program_exit\n\nhandle_get:\n # open(\"<open_path>\", O_RDONLY) = 3\n lea rdi, [request+4] # extract file name\n movb [rdi+16], 0\n mov rsi, 0 # O_RDONLY\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n\n # read(3, <read_file>, <read_file_count>) = <read_file_result>\n mov rdi, txtfile\n lea rsi, filecontent\n mov rdx, 1024\n mov rax, 0 # sys_read\n syscall\n mov filecnt, rax # \n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\n # write(4, <write_file>, <write_file_count>) = <write_file_result>\n mov rdi, tunnel\n lea rsi, filecontent\n mov rdx, filecnt\n mov rax, 1 # sys_write\n syscall\n\n jmp program_exit\n\nhandle_post:\n # open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\n lea rdi, [request+5] # extract file name\n movb [rdi+16], 0\n mov rsi, 0x41 # O_WRONLY | O_CREAT\n mov rdx, 0777\n mov rax, 2 # sys_open\n syscall\n mov txtfile, rax\n \n # locate POST body\n mov rcx, 0\n mov ebx, separate\nlocate_body:\n mov eax, [request+rcx]\n add rcx, 1\n cmp eax, ebx\n jne locate_body\n # extrace POST body\n add rcx, 3\n mov rdi, txtfile\n lea rsi, [request+rcx]\n mov rdx, requestlen\n sub rdx, rcx\n mov rax, 1 # sys_write\n syscall\n\n # close(3)\n mov rdi, txtfile\n mov rax, 3 # sys_close\n syscall\n\n # write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n mov rdi, tunnel\n lea rsi, response\n mov rdx, 19\n mov rax, 1 # sys_write\n syscall\n\nprogram_exit:\n # exit\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n .quad 0x0 # IP(0.0.0.0)\n .quad 0x0 # padding\n .quad 0x0 # padding\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"Level 1
\u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run
\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002
Level 2
\u672c\u5173run\u4ee5\u540ep/x $r12
\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002
Level 3
\u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp
\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002
Level 4
\u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc
\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0
\uff0cset $pc=xxx
\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002
Level 5
\u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002
run\u540e\u5148disas $pc
\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a
0x000055981a8ccd40 <+666>: mov esi,0x0\n0x000055981a8ccd45 <+671>: lea rdi,[rip+0xd5e] # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>: mov eax,0x0\n0x000055981a8ccd51 <+683>: call 0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>: mov ecx,eax\n0x000055981a8ccd58 <+690>: lea rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>: mov edx,0x8\n0x000055981a8ccd61 <+699>: mov rsi,rax\n0x000055981a8ccd64 <+702>: mov edi,ecx\n0x000055981a8ccd66 <+704>: call 0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>: lea rdi,[rip+0xd46] # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>: call 0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>: lea rdi,[rip+0xd5a] # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>: mov eax,0x0\n0x000055981a8ccd83 <+733>: call 0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>: lea rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>: mov rsi,rax\n0x000055981a8ccd8f <+745>: lea rdi,[rip+0xd51] # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>: mov eax,0x0\n0x000055981a8ccd9b <+757>: call 0x55981a8cc260 <__isoc99_scanf@plt>\n
\u731c\u6d4b\u57280x000055981a8ccd51
\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66
\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72
\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002
\u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002
start\nbreak *main+716\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x18)\n printf \"Current value: %llx\\n\", $local_variable\n continue\nend\ncontinue\n
\u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002
Level 6
\u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715
\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002
Level 7
\uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f
Level 8
\u76f4\u63a5\u8c03\u7528call (void)win()
\uff0c\u53ef\u4ee5disas *win
\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002
0x0000556609b49951 <+0>: endbr64\n0x0000556609b49955 <+4>: push rbp\n0x0000556609b49956 <+5>: mov rbp,rsp\n0x0000556609b49959 <+8>: sub rsp,0x10\n0x0000556609b4995d <+12>: mov QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>: mov eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>: lea edx,[rax+0x1]\n0x0000556609b4996e <+29>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>: mov DWORD PTR [rax],edx\n0x0000556609b49974 <+35>: lea rdi,[rip+0x73e] # 0x556609b4a0b9\n0x0000556609b4997b <+42>: call 0x556609b49180 <puts@plt>\n
\u53ef\u89c1\u57280x0000556609b49969
\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002
\u4f9d\u6b21\u6267\u884c\uff1abreak *win
\uff0ccall (void)win()
\uff0cset $rip=*win+35
\uff0cc
\u5373\u53ef\u3002
Level 1.0
Reverse engineer this challenge to find the correct license key.
\u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002
\u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]
\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002
Level 1.1
Reverse engineer this challenge to find the correct license key.
\u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c
\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt
\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)
\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX
\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5c <address>
\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002
\u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002
Level 2.0
Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.
\u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002
Level 2.1
\u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a
0x5584f463251f: lea rax,[rbp-0xe]\n0x5584f4632523: mov edx,0x5\n0x5584f4632528: mov rsi,rax\n0x5584f463252b: mov edi,0x0\n0x5584f4632530: call 0x5584f46321a0 <read@plt>\n0x5584f4632535: movzx eax,BYTE PTR [rbp-0xe]\n0x5584f4632539: mov BYTE PTR [rbp-0x10],al\n0x5584f463253c: movzx eax,BYTE PTR [rbp-0xd]\n0x5584f4632540: mov BYTE PTR [rbp-0xf],al\n0x5584f4632543: movzx eax,BYTE PTR [rbp-0xf]\n0x5584f4632547: mov BYTE PTR [rbp-0xe],al\n0x5584f463254a: movzx eax,BYTE PTR [rbp-0x10]\n0x5584f463254e: mov BYTE PTR [rbp-0xd],al\n0x5584f4632551: lea rdi,[rip+0xdb0] # 0x5584f4633308\n0x5584f4632558: call 0x5584f4632140 <puts@plt>\n0x5584f463255d: lea rax,[rbp-0xe]\n0x5584f4632561: mov edx,0x5\n0x5584f4632566: lea rsi,[rip+0x2aa3] # 0x5584f4635010\n0x5584f463256d: mov rdi,rax\n0x5584f4632570: call 0x5584f46321b0 <memcmp@plt>\n
\u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5c 0x5584f4635010
\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002
Level 3.0-3.1
\u8fd0\u884c\u7a0b\u5e8f\uff0c\u968f\u4fbf\u8f93\u51e0\u4e2a\u6570\u3002\u663e\u5f0f\u544a\u8bc9\u4e86\u89c4\u5219\u662f\u9006\u5e8f\uff0c\u53c8\u628a\u6b63\u786e\u7b54\u6848\u6253\u5370\u51fa\u6765\u4e86\u3002
3.1\u731c\u6d4b\u548c3.0\u4e00\u6837\u4e5f\u662f\u9006\u5e8f\u3002\u76f4\u63a5\u63092.1\u7684\u65b9\u6cd5\u770b\u4e00\u4e0b[rbp-0xe]\u5904\u7684\u503c\u7136\u540e\u9006\u5e8f\u8f93\u5165\u5c31\u884c\u3002
Level 4.0-4.1
\u89c4\u5219\u662f\u8fdb\u884c\u9012\u589e\u6392\u5e8f\u3002\u8fd9\u4e0b\u53ea\u9700\u8981\u5305\u542b\u8fd9\u4e9b\u5b57\u6bcd\u5c31\u884c\u3002\uff08\u8fd9\u4e0d\u662f\u66f4\u7b80\u5355\u4e86\u2026\u2026\uff09
Level 5.0-5.1
\u8fd9\u9053\u9898\u662f\u5bf9\u8f93\u5165\u5b57\u7b26\u8fdb\u884c\u5f02\u6216\u3002\u7b80\u5355\u5199\u4e86\u4e2apython\uff0c\u5728\u63a7\u5236\u53f0\u4ea4\u4e92\u65f6\u8fd0\u884c\u4e0b\uff1a
tx = lambda x:int(x,16)\n''.join([chr(i^0xb8) for i in [tx(a) for a in 'd6 d5 d6 cf da'.split() ]])\n
5.1\u548c5.0\u7c7b\u4f3c\uff0c\u4eff\u7167\u4e4b\u524d\u7684\u65b9\u6cd5\u53ef\u4ee5\u770b\u5230\u5f02\u6216\u7528\u7684\u662f0x1c\u3002
Level 6.0
\u8fd9\u9053\u9898\u7ed3\u5408\u4e86\u4ea4\u6362\u3001\u5f02\u6216\u3001\u9006\u5e8f\u4e09\u79cd\u64cd\u4f5c\uff0c\u5e72\u8106\u5199\u4e2a\u811a\u672c\u5904\u7406\u4e0b\u5427\u3002
def do_reverse(li):\n return li[::-1]\n\ndef do_swap(li, idx1, idx2):\n li[idx1], li[idx2] = li[idx2], li[idx1]\n return li\n\ndef do_xor(li, key):\n xor_li = []\n while key > 0:\n xor_li.insert(0, key & 0xff)\n key >>= 8\n for i in range(len(li)):\n li[i] ^= xor_li[i % len(xor_li)]\n return li\n\ndef do_sort(li):\n li.sort()\n return li\n\ndef sanitize(s):\n if type(s) is str:\n f = lambda tx: int(tx,16)\n return [f(i) for i in s.split()]\n if type(s) is list:\n return ''.join([chr(i) for i in s])\n\nprint(sanitize(do_swap(do_xor(do_reverse(sanitize('51 90 52 86 58 98 4d 81 4b 84 4f 9a 57 8c 51 91 56')),0x3ef5),5,6)))\n
6.1\u6709\u70b9\u5947\u602a\uff0c\u770b\u6c47\u7f16\u597d\u50cf\u662f\u5148\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9010\u5b57\u8282\u4e0e0xbb\u5f02\u6216\u3002\u597d\u50cf\u548c5.0\u7684\u7f6e\u6362-\u5f02\u6216-\u9006\u5e8f\u4e0d\u4e00\u6837\u7684\uff1f\u53ef\u80fd\u662f\u968f\u673a\u9009\u62e9\u7b56\u7565\u5427\u3002
Level 7.0-7.1
7.0\u7528\u4e0a\u4e00\u4e2a\u811a\u672c\u5373\u53ef\u3002
print(sanitize(do_swap(do_sort(do_xor(do_swap(do_xor(sanitize(' 16 34 42 00 13 31 46 0d 1c 3b 4e 15 05 22 52 10 04 22 54 1c 0f 2e 59 1d 0e 2f 5b'),0x85a4d396),13,16),0xf2)),7,10)))\n
7.1\u662f\u5148\u548c0x15ca\u5f02\u6216\uff0c\u7136\u540e\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9012\u589e\u6392\u5e8f
print(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0x15ca)))\nprint(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0xca15)))\n\n#u\u00abq\u00acr\u00a6e\u00bad\u00beb\u00b6i\u00b7jo\u00b0o\u00bda\u00bee\u00a5y\u00ads\u00afq\n#\u00aat\u00aes\u00ady\u00bae\u00bba\u00bdi\u00b6h\u00b5\u00b0o\u00b0b\u00bea\u00baz\u00a6r\u00acp\u00ae\n#\u7136\u540e\u628a\u4e24\u4e2a\u7ed3\u679c\u4e2d\u5b57\u6bcd\u6392\u8d77\u6765\n#utqsryeedabiihjooobaaezyrspq\n
"},{"location":"software-security/ctf/pwn-college-cse365-spring2023/#\u603b\u7ed3","title":"\u603b\u7ed3","text":"CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01
"},{"location":"software-security/program-analysis/llvm/","title":"LLVM \u5b66\u4e60","text":"\u7ea6 1024 \u4e2a\u5b57 173 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 21 \u5206\u949f
\u53e0\u4e2a\u7532
\u672c\u6587\u5185\u5bb9\u662f\u7ed3\u5408ChatGPT-4o-Latest\u6a21\u578b\u3001LLVM 15.0.7\uff0c\u5728\u521a\u63a5\u89e6llvm\u7684\u65f6\u5019\u8fb9\u5b66\u8fb9\u5199\u4e0b\u7684\u7b14\u8bb0\uff0c\u53ef\u80fd\u4f1a\u51fa\u73b0\u7eb0\u6f0f\u3002\u6b22\u8fce\u8bc4\u8bba\u65a7\u6b63\uff01
"},{"location":"software-security/program-analysis/llvm/#\u5feb\u901f\u4e0a\u624b","title":"\u5feb\u901f\u4e0a\u624b","text":""},{"location":"software-security/program-analysis/llvm/#\u6e90\u7801\u7f16\u8bd1","title":"\u6e90\u7801\u7f16\u8bd1","text":"\u9996\u5148\u5728https://github.com/llvm/llvm-project/releases/ \u4e0b\u8f7d\u5fc3\u4eea\u7684llvm-project-xx.x.x.src.tar.xz
\uff0c\u7136\u540etar -xf llvm*
\u89e3\u538b\u7f29\u540e\u6309\u5982\u4e0b\u8fdb\u884c\u7f16\u8bd1\uff1a
cd llvm-project-*\nmkdir build && cd build\ncmake -G \"Unix Makefiles\" -DLLVM_ENABLE_PROJECTS=\"clang\" -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=On -DLLVM_TARGETS_TO_BUILD=host ../llvm\ncmake --build . -j8 # make -j8 \u6839\u636e\u5b9e\u9645\u60c5\u51b5\u9009\u62e9\u591a\u7ebf\u7a0b\u7f16\u8bd1\n
\u7136\u540e\u628a\u751f\u6210\u7684build/bin\u76ee\u5f55\u52a0\u5230PATH\u91cc\uff0c\u628abuild\u76ee\u5f55\u8bbe\u4e3aLLVM_DIR\u5168\u5c40\u53d8\u91cf\u3002
export PATH=<installation/dir/of/llvm/18/bin>:/$PATH\nexport LLVM_DIR=<installation/dir/of/llvm/18>\n
<installation/dir/of/llvm/18>
\u5373\u4e4b\u524d\u5728llvm-project\u6587\u4ef6\u5939\u91cc\u521b\u5efa\u7684build\u76ee\u5f55\u3002
\u53c2\u8003CSDN\u535a\u5ba2
# \u9996\u5148\uff0c\u6dfb\u52a0\u6240\u6709\u53ef\u7528\u7684 llvm-config \u7248\u672c\u5230 update-alternatives\u3002\u6700\u540e\u768420\u300110\u8868\u793a\u6743\u91cd\nsudo update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-15 20\nsudo update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-18 10\n# \u9009\u62e9\u9ed8\u8ba4\u7248\u672c\nsudo update-alternatives --config llvm-config\n\n# \u6dfb\u52a0\u6240\u6709\u53ef\u7528\u7684 clang \u7248\u672c\u5230 update-alternatives\nsudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-15 20\nsudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-18 10\nsudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang-15 20\nsudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang-18 10\n# \u9009\u62e9\u9ed8\u8ba4\u7248\u672c\nsudo update-alternatives --config clang\nsudo update-alternatives --config clang++\n\n# \u67e5\u770bllvm\u7248\u672c\nllvm-config --version\n# \u67e5\u770bclang\u7248\u672c\nclang --version\n
"},{"location":"software-security/program-analysis/llvm/#\u6559\u5b66\u9879\u76ee","title":"\u6559\u5b66\u9879\u76ee","text":"\u63a5\u4e0b\u6765\u63a8\u8350\u8fd9\u4e2agithub\u9879\u76eehttps://github.com/banach-space/llvm-tutor\uff0c\u6309HelloWorld: Your First Pass\u7ae0\u8282\u7ee7\u7eed\u64cd\u4f5c\u5373\u53ef\u3002
# \u5728llvm-tutor/HelloWorld\u76ee\u5f55\u4e0b\uff0c\u9996\u5148\u751f\u6210Pass\u7684.so\u6587\u4ef6\n\nmkdir build\ncd build\ncmake -DLT_LLVM_INSTALL_DIR=$LLVM_DIR .. # \u7528\u4e8e\u5b9a\u4f4dLLVMConfig.cmake\u6587\u4ef6\uff0c\u4ece\u800c\u5e2e\u52a9\u8bbe\u7f6e\u5e93\u6587\u4ef6\u8def\u5f84\nmake\n\n# \u7136\u540e\u7f16\u8bd1\u9700\u8981\u63d2\u6869\u7684\u6587\u4ef6\nclang -O1 -S -emit-llvm <source/dir/llvm/tutor>/inputs/input_for_hello.c -o input_for_hello.ll\n\n# \u6700\u540e\u6267\u884c\u6587\u4ef6\nopt -load-pass-plugin ./libHelloWorld.so -passes=hello-world -disable-output input_for_hello.ll\n
opt\u662f\u4e00\u4e2a\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u7528\u4e8e\u5728LLVM IR\u5c42\u9762\u4e0a\u8fdb\u884c\u4ee3\u7801\u4f18\u5316\u3002 \u5b83\u53ef\u4ee5\u5e94\u7528\u5404\u79cd\u5404\u6837\u7684\u4f18\u5316\u7b56\u7565\uff0c\u5982\u6b7b\u4ee3\u7801\u6d88\u9664\u3001\u5e38\u91cf\u6298\u53e0\u7b49\uff0c\u4ee5\u63d0\u9ad8\u751f\u6210\u4ee3\u7801\u7684\u6548\u7387\u3002
LLVM Pass\u5de5\u4f5c\u5728LLVM IR\u6587\u4ef6\u7684\u57fa\u7840\u4e4b\u4e0a\u3002IR\u5305\u62ecll\uff08\u6587\u672c\u683c\u5f0f\uff0c\u4fbf\u4e8e\u4eba\u5de5\u9605\u8bfb\uff09\u548cbc\uff08\u5b57\u8282\u7801\uff09\u4e24\u79cd\u5f62\u5f0f\u3002\u6e90\u7801\u3001IR\u3001\u6c47\u7f16\u4ee3\u7801\u7684\u4e92\u76f8\u8f6c\u5316\u65b9\u6cd5\u5982\u4e0b\u6240\u793a\uff1a
.c -> .ll: clang -emit-llvm -S a.c -o a.ll\n.c -> .bc: clang -emit-llvm -c a.c -o a.bc\n.ll -> .bc: llvm-as a.ll -o a.bc\n.bc -> .ll: llvm-dis a.bc -o a.ll\n.bc -> .s: llc a.bc -o a.s\n
"},{"location":"software-security/program-analysis/llvm/#\u9879\u76ee\u4f8b\u5b50","title":"\u9879\u76ee\u4f8b\u5b50","text":"\u5229\u7528LLVM\u6784\u5efa\u9759\u6001\u5206\u6790\u6846\u67b6\u65f6\uff0c\u8003\u8651\u7528cmake\u6765\u7ec4\u7ec7\u6574\u4e2a\u9879\u76ee\u7684\u7f16\u8bd1\u3002\u5047\u8bbe\u9700\u8981\u6784\u5efa\u4e00\u4e2a\u7a0b\u5e8f\uff0c\u5b83\u63a5\u6536\u4e00\u4e2abc\u6587\u4ef6\u540d\u4f5c\u4e3a\u53c2\u6570\uff0c\u7136\u540e\u7528\u4e24\u4e2apass\u6765\u8fdb\u884c\u5904\u7406\uff0c\u6253\u5370\u51fabc\u6587\u4ef6\u6240\u5305\u542b\u7684\u51fd\u6570\u540d\uff0c\u4ee5\u53ca\u51fd\u6570\u7684\u53c2\u6570\u4e2a\u6570\uff0c\u53ef\u4ee5\u8fd9\u4e48\u6765\u7ec4\u7ec7\u9879\u76ee\uff1a
Makefilesrc/CMakeLists.txtsrc/main.cppsrc/PrintFunctionArgsPass.cppsrc/PrintFunctionArgsPass.hppsrc/PrintFunctionNamesPass.cppsrc/PrintFunctionNamesPass.hppLLVM_BUILD := ~/llvm-project-15.0.7.src/build\n\n# Rule to build the project\nbuild_project:\n\tmkdir -p build \\\n\t\t&& cd build \\\n\t\t&& PATH=${LLVM_BUILD}/bin:${PATH} \\\n\t\t\tCC=clang CXX=clang++ \\\n\t\t\tcmake ../src \\\n\t\t\t\t-DCMAKE_BUILD_TYPE=Release \\\n\t\t\t\t-DLLVM_ENABLE_ASSERTIONS=ON \\\n\t\t\t\t-DCMAKE_CXX_FLAGS_RELEASE=\"-std=c++17 -fno-rtti -fpic -g\" \\\n\t\t&& make\n\n# Rule to clean the build directory\nclean_project:\n\trm -rf build\n\n# Default target\nall: project\n\n# Clean target\nclean: clean_project\n\n# Project target depends on build_project\nproject: clean_project build_project\n
cmake_minimum_required(VERSION 3.13)\nproject(IPA)\n\nfind_package(LLVM REQUIRED CONFIG)\n# list(APPEND CMAKE_MODULE_PATH \"${LLVM_CMAKE_DIR}\")\nmessage(STATUS \"Found LLVM ${LLVM_PACKAGE_VERSION}\")\nmessage(STATUS \"Using LLVMConfig.cmake in: ${LLVM_DIR}\")\ninclude_directories(${LLVM_INCLUDE_DIRS})\n# add_definitions(${LLVM_DEFINITIONS})\n\nset(project\n main.cpp\n PrintFunctionArgsPass.cpp\n PrintFunctionArgsPass.hpp\n PrintFunctionNamesPass.cpp\n PrintFunctionNamesPass.hpp\n)\nadd_executable(ipa ${project})\n\ntarget_link_libraries(\n ipa\n LLVMCore\n LLVMSupport\n LLVMIRReader\n LLVMAnalysis\n)\n
#include \"llvm/IR/Module.h\"\n#include \"llvm/Support/CommandLine.h\"\n#include \"llvm/Support/raw_ostream.h\"\n#include \"llvm/IRReader/IRReader.h\"\n#include \"llvm/Support/SourceMgr.h\"\n#include \"llvm/Pass.h\"\n\n#include \"PrintFunctionNamesPass.hpp\"\n#include \"PrintFunctionArgsPass.hpp\"\n\nusing namespace llvm;\n\n// Command-line option to specify multiple input .bc files\nstatic cl::list<std::string> InputFilenames(cl::Positional,\n cl::desc(\"<input .bc files>\"),\n cl::OneOrMore);\n\nint main(int argc, char **argv) {\n cl::ParseCommandLineOptions(argc, argv, \"Function Passes\\n\");\n\n LLVMContext Context;\n\n // Iterate through all input files\n for (const auto &InputFilename : InputFilenames) {\n SMDiagnostic Err;\n\n // Load the bitcode file\n std::unique_ptr<Module> Mod = parseIRFile(InputFilename, Err, Context);\n if (!Mod) {\n errs() << \"Error reading bitcode file: \" << InputFilename << \"\\n\";\n Err.print(argv[0], errs());\n continue; // Skip to the next file if there's an error\n }\n\n errs() << \"Analyzing file: \" << InputFilename << \"\\n\";\n\n // Create and run the function name pass\n PrintFunctionNamesPass NamePass;\n NamePass.runOnModule(*Mod);\n\n // Create and run the function argument pass\n PrintFunctionArgsPass ArgsPass;\n ArgsPass.runOnModule(*Mod);\n }\n\n return 0;\n}\n
#include \"PrintFunctionArgsPass.hpp\"\n#include \"llvm/IR/Function.h\"\n#include \"llvm/Support/raw_ostream.h\"\n\nusing namespace llvm;\n\nchar PrintFunctionArgsPass::ID = 0;\n\nPrintFunctionArgsPass::PrintFunctionArgsPass() : ModulePass(ID) {}\n\nbool PrintFunctionArgsPass::runOnModule(Module &M) {\n // Iterate through all functions in the module and print the number of arguments\n for (Function &F : M) {\n if (!F.isDeclaration()) {\n errs() << \"Function Name: \" << F.getName() \n << \", Argument Count: \" << F.arg_size() << \"\\n\";\n }\n }\n return false;\n}\n
#ifndef PRINT_FUNCTION_ARGS_PASS_HPP\n#define PRINT_FUNCTION_ARGS_PASS_HPP\n\n#include \"llvm/IR/Module.h\"\n#include \"llvm/Pass.h\"\n\nclass PrintFunctionArgsPass : public llvm::ModulePass {\npublic:\n static char ID;\n PrintFunctionArgsPass();\n\n bool runOnModule(llvm::Module &M) override;\n};\n\n#endif // PRINT_FUNCTION_ARGS_PASS_HPP\n
#include \"PrintFunctionNamesPass.hpp\"\n#include \"llvm/IR/Function.h\"\n#include \"llvm/Support/raw_ostream.h\"\n\nusing namespace llvm;\n\nchar PrintFunctionNamesPass::ID = 0;\n\nPrintFunctionNamesPass::PrintFunctionNamesPass() : ModulePass(ID) {}\n\nbool PrintFunctionNamesPass::runOnModule(Module &M) {\n // Iterate through all functions in the module and print their names\n for (Function &F : M) {\n if (!F.isDeclaration()) {\n errs() << \"Function Name: \" << F.getName() << \"\\n\";\n }\n }\n return false;\n}\n
#ifndef PRINT_FUNCTION_NAMES_PASS_HPP\n#define PRINT_FUNCTION_NAMES_PASS_HPP\n\n#include \"llvm/IR/Module.h\"\n#include \"llvm/Pass.h\"\n\n\nclass PrintFunctionNamesPass : public llvm::ModulePass {\npublic:\n static char ID;\n PrintFunctionNamesPass();\n\n bool runOnModule(llvm::Module &M) override;\n};\n\n#endif // PRINT_FUNCTION_NAMES_PASS_HPP\n
"},{"location":"software-security/program-analysis/llvm/#llvm-ir","title":"LLVM IR","text":""},{"location":"software-security/program-analysis/llvm/#opaque-pointer","title":"opaque pointer","text":"\u4e0d\u900f\u660e\u6307\u9488\u5373\u4e0d\u5173\u5fc3\u5177\u4f53\u7684\u6307\u9488\u7c7b\u578b\uff0c\u800c\u4f7f\u7528ptr
\u6765\u53d6\u4ee3\u4e4b\u524d\u7684\u5177\u4f53\u7c7b\u578b\u6bd4\u5982i32*
\u3002\u4e0d\u900f\u660e\u6307\u9488\u5728LLVM 15\u6210\u4e3a\u9ed8\u8ba4\u9009\u9879\uff0c\u5e76\u5728LLVM 17\u79fb\u9664\u900f\u660e\u6307\u9488\u3002\u5bf9\u4e8e\u5141\u8bb8\u7981\u7528\u4e0d\u900f\u660e\u6307\u9488\u7684LLVM\u7248\u672c\u800c\u8a00\uff0c\u5728\u547d\u4ee4\u884c\u7f16\u8bd1\u65f6\uff0c\u53ef\u4ee5\u6dfb\u52a0-Xclang -no-opaque-pointers
\u6765\u4fdd\u7559\u663e\u5f0f\u7c7b\u578b\u3002cmake\u53ef\u4ee5\u4f7f\u7528-DCLANG_ENABLE_OPAQUE_POINTERS=OFF
\u3002
\u5728\u542f\u7528\u4e0d\u900f\u660e\u6307\u9488\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5728\u7f16\u8bd1\u65f6\u542f\u7528-g
\u53c2\u6570\uff0c\u4f7f\u5f97\u53ef\u4ee5\u4ece\u7f16\u8bd1\u5668\u751f\u6210\u7684\u8c03\u8bd5\u4fe1\u606f\u4e2d\u6062\u590d\u51fa\u6307\u9488\u7684\u7c7b\u578b\u4fe1\u606f\u3002
#include<stdio.h>\n\nstruct sample {\n int x1;\n int x2;\n struct sample *next;\n};\n\nvoid test(int *p, struct sample* s) {\n s->x2 = *p;\n}\n\nint main () {\n int a, *p;\n a = 10;\n p = &a;\n struct sample s1;\n s1.x1 = 20;\n test(p, &s1);\n printf(\"%d\",s1.x2 + s1.x1);\n}\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, ptr }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(ptr noundef %0, ptr noundef %1) #0 {\n %3 = alloca ptr, align 8\n %4 = alloca ptr, align 8\n store ptr %0, ptr %3, align 8\n store ptr %1, ptr %4, align 8\n %5 = load ptr, ptr %3, align 8\n %6 = load i32, ptr %5, align 4\n %7 = load ptr, ptr %4, align 8\n %8 = getelementptr inbounds %struct.sample, ptr %7, i32 0, i32 1\n store i32 %6, ptr %8, align 4\n ret void\n}\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 {\n %1 = alloca i32, align 4\n %2 = alloca ptr, align 8\n %3 = alloca %struct.sample, align 8\n store i32 10, ptr %1, align 4\n store ptr %1, ptr %2, align 8\n %4 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0\n store i32 20, ptr %4, align 8\n %5 = load ptr, ptr %2, align 8\n call void @test(ptr noundef %5, ptr noundef %3)\n %6 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 1\n %7 = load i32, ptr %6, align 4\n %8 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0\n %9 = load i32, ptr %8, align 8\n %10 = add nsw i32 %7, %9\n %11 = call i32 (ptr, ...) @printf(ptr noundef @.str, i32 noundef %10)\n ret i32 0\n}\n\ndeclare i32 @printf(ptr noundef, ...) #1\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.module.flags = !{!0, !1, !2, !3, !4}\n!llvm.ident = !{!5}\n\n!0 = !{i32 1, !\"wchar_size\", i32 4}\n!1 = !{i32 7, !\"PIC Level\", i32 2}\n!2 = !{i32 7, !\"PIE Level\", i32 2}\n!3 = !{i32 7, !\"uwtable\", i32 2}\n!4 = !{i32 7, !\"frame-pointer\", i32 2}\n!5 = !{!\"clang version 15.0.7\"}\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, %struct.sample* }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(i32* noundef %0, %struct.sample* noundef %1) #0 {\n %3 = alloca i32*, align 8\n %4 = alloca %struct.sample*, align 8\n store i32* %0, i32** %3, align 8\n store %struct.sample* %1, %struct.sample** %4, align 8\n %5 = load i32*, i32** %3, align 8\n %6 = load i32, i32* %5, align 4\n %7 = load %struct.sample*, %struct.sample** %4, align 8\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %7, i32 0, i32 1\n store i32 %6, i32* %8, align 4\n ret void\n}\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 {\n %1 = alloca i32, align 4\n %2 = alloca i32*, align 8\n %3 = alloca %struct.sample, align 8\n store i32 10, i32* %1, align 4\n store i32* %1, i32** %2, align 8\n %4 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0\n store i32 20, i32* %4, align 8\n %5 = load i32*, i32** %2, align 8\n call void @test(i32* noundef %5, %struct.sample* noundef %3)\n %6 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 1\n %7 = load i32, i32* %6, align 4\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0\n %9 = load i32, i32* %8, align 8\n %10 = add nsw i32 %7, %9\n %11 = call i32 (i8*, ...) @printf(i8* noundef getelementptr inbounds ([3 x i8], [3 x i8]* @.str, i64 0, i64 0), i32 noundef %10)\n ret i32 0\n}\n\ndeclare i32 @printf(i8* noundef, ...) #1\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.module.flags = !{!0, !1, !2, !3, !4}\n!llvm.ident = !{!5}\n\n!0 = !{i32 1, !\"wchar_size\", i32 4}\n!1 = !{i32 7, !\"PIC Level\", i32 2}\n!2 = !{i32 7, !\"PIE Level\", i32 2}\n!3 = !{i32 7, !\"uwtable\", i32 2}\n!4 = !{i32 7, !\"frame-pointer\", i32 2}\n!5 = !{!\"clang version 15.0.7\"}\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, ptr }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1, !dbg !0\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(ptr noundef %0, ptr noundef %1) #0 !dbg !17 {\n %3 = alloca ptr, align 8\n %4 = alloca ptr, align 8\n store ptr %0, ptr %3, align 8\n call void @llvm.dbg.declare(metadata ptr %3, metadata !29, metadata !DIExpression()), !dbg !30\n store ptr %1, ptr %4, align 8\n call void @llvm.dbg.declare(metadata ptr %4, metadata !31, metadata !DIExpression()), !dbg !32\n %5 = load ptr, ptr %3, align 8, !dbg !33\n %6 = load i32, ptr %5, align 4, !dbg !34\n %7 = load ptr, ptr %4, align 8, !dbg !35\n %8 = getelementptr inbounds %struct.sample, ptr %7, i32 0, i32 1, !dbg !36\n store i32 %6, ptr %8, align 4, !dbg !37\n ret void, !dbg !38\n}\n\n; Function Attrs: nocallback nofree nosync nounwind readnone speculatable willreturn\ndeclare void @llvm.dbg.declare(metadata, metadata, metadata) #1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 !dbg !39 {\n %1 = alloca i32, align 4\n %2 = alloca ptr, align 8\n %3 = alloca %struct.sample, align 8\n call void @llvm.dbg.declare(metadata ptr %1, metadata !42, metadata !DIExpression()), !dbg !43\n call void @llvm.dbg.declare(metadata ptr %2, metadata !44, metadata !DIExpression()), !dbg !45\n store i32 10, ptr %1, align 4, !dbg !46\n store ptr %1, ptr %2, align 8, !dbg !47\n call void @llvm.dbg.declare(metadata ptr %3, metadata !48, metadata !DIExpression()), !dbg !49\n %4 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0, !dbg !50\n store i32 20, ptr %4, align 8, !dbg !51\n %5 = load ptr, ptr %2, align 8, !dbg !52\n call void @test(ptr noundef %5, ptr noundef %3), !dbg !53\n %6 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 1, !dbg !54\n %7 = load i32, ptr %6, align 4, !dbg !54\n %8 = getelementptr inbounds %struct.sample, ptr %3, i32 0, i32 0, !dbg !55\n %9 = load i32, ptr %8, align 8, !dbg !55\n %10 = add nsw i32 %7, %9, !dbg !56\n %11 = call i32 (ptr, ...) @printf(ptr noundef @.str, i32 noundef %10), !dbg !57\n ret i32 0, !dbg !58\n}\n\ndeclare i32 @printf(ptr noundef, ...) #2\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { nocallback nofree nosync nounwind readnone speculatable willreturn }\nattributes #2 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.dbg.cu = !{!7}\n!llvm.module.flags = !{!9, !10, !11, !12, !13, !14, !15}\n!llvm.ident = !{!16}\n\n!0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression())\n!1 = distinct !DIGlobalVariable(scope: null, file: !2, line: 20, type: !3, isLocal: true, isDefinition: true)\n!2 = !DIFile(filename: \"testsuite/sample1.c\", directory: \"/home/cby/llm-pca/01-project\", checksumkind: CSK_MD5, checksum: \"086ff607109bac3c6d0d457996aa6d0d\")\n!3 = !DICompositeType(tag: DW_TAG_array_type, baseType: !4, size: 24, elements: !5)\n!4 = !DIBasicType(name: \"char\", size: 8, encoding: DW_ATE_signed_char)\n!5 = !{!6}\n!6 = !DISubrange(count: 3)\n!7 = distinct !DICompileUnit(language: DW_LANG_C99, file: !2, producer: \"clang version 15.0.7\", isOptimized: false, runtimeVersion: 0, emissionKind: FullDebug, globals: !8, splitDebugInlining: false, nameTableKind: None)\n!8 = !{!0}\n!9 = !{i32 7, !\"Dwarf Version\", i32 5}\n!10 = !{i32 2, !\"Debug Info Version\", i32 3}\n!11 = !{i32 1, !\"wchar_size\", i32 4}\n!12 = !{i32 7, !\"PIC Level\", i32 2}\n!13 = !{i32 7, !\"PIE Level\", i32 2}\n!14 = !{i32 7, !\"uwtable\", i32 2}\n!15 = !{i32 7, !\"frame-pointer\", i32 2}\n!16 = !{!\"clang version 15.0.7\"}\n!17 = distinct !DISubprogram(name: \"test\", scope: !2, file: !2, line: 10, type: !18, scopeLine: 10, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!18 = !DISubroutineType(types: !19)\n!19 = !{null, !20, !22}\n!20 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !21, size: 64)\n!21 = !DIBasicType(name: \"int\", size: 32, encoding: DW_ATE_signed)\n!22 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !23, size: 64)\n!23 = distinct !DICompositeType(tag: DW_TAG_structure_type, name: \"sample\", file: !2, line: 4, size: 128, elements: !24)\n!24 = !{!25, !26, !27}\n!25 = !DIDerivedType(tag: DW_TAG_member, name: \"x1\", scope: !23, file: !2, line: 5, baseType: !21, size: 32)\n!26 = !DIDerivedType(tag: DW_TAG_member, name: \"x2\", scope: !23, file: !2, line: 6, baseType: !21, size: 32, offset: 32)\n!27 = !DIDerivedType(tag: DW_TAG_member, name: \"next\", scope: !23, file: !2, line: 7, baseType: !22, size: 64, offset: 64)\n!28 = !{}\n!29 = !DILocalVariable(name: \"p\", arg: 1, scope: !17, file: !2, line: 10, type: !20)\n!30 = !DILocation(line: 10, column: 16, scope: !17)\n!31 = !DILocalVariable(name: \"s\", arg: 2, scope: !17, file: !2, line: 10, type: !22)\n!32 = !DILocation(line: 10, column: 34, scope: !17)\n!33 = !DILocation(line: 11, column: 14, scope: !17)\n!34 = !DILocation(line: 11, column: 13, scope: !17)\n!35 = !DILocation(line: 11, column: 5, scope: !17)\n!36 = !DILocation(line: 11, column: 8, scope: !17)\n!37 = !DILocation(line: 11, column: 11, scope: !17)\n!38 = !DILocation(line: 12, column: 1, scope: !17)\n!39 = distinct !DISubprogram(name: \"main\", scope: !2, file: !2, line: 13, type: !40, scopeLine: 13, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!40 = !DISubroutineType(types: !41)\n!41 = !{!21}\n!42 = !DILocalVariable(name: \"a\", scope: !39, file: !2, line: 14, type: !21)\n!43 = !DILocation(line: 14, column: 9, scope: !39)\n!44 = !DILocalVariable(name: \"p\", scope: !39, file: !2, line: 14, type: !20)\n!45 = !DILocation(line: 14, column: 13, scope: !39)\n!46 = !DILocation(line: 15, column: 7, scope: !39)\n!47 = !DILocation(line: 16, column: 7, scope: !39)\n!48 = !DILocalVariable(name: \"s1\", scope: !39, file: !2, line: 17, type: !23)\n!49 = !DILocation(line: 17, column: 19, scope: !39)\n!50 = !DILocation(line: 18, column: 8, scope: !39)\n!51 = !DILocation(line: 18, column: 11, scope: !39)\n!52 = !DILocation(line: 19, column: 10, scope: !39)\n!53 = !DILocation(line: 19, column: 5, scope: !39)\n!54 = !DILocation(line: 20, column: 20, scope: !39)\n!55 = !DILocation(line: 20, column: 28, scope: !39)\n!56 = !DILocation(line: 20, column: 23, scope: !39)\n!57 = !DILocation(line: 20, column: 5, scope: !39)\n!58 = !DILocation(line: 21, column: 1, scope: !39)\n
; ModuleID = 'testsuite/sample1.c'\nsource_filename = \"testsuite/sample1.c\"\ntarget datalayout = \"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128\"\ntarget triple = \"x86_64-unknown-linux-gnu\"\n\n%struct.sample = type { i32, i32, %struct.sample* }\n\n@.str = private unnamed_addr constant [3 x i8] c\"%d\\00\", align 1, !dbg !0\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local void @test(i32* noundef %0, %struct.sample* noundef %1) #0 !dbg !17 {\n %3 = alloca i32*, align 8\n %4 = alloca %struct.sample*, align 8\n store i32* %0, i32** %3, align 8\n call void @llvm.dbg.declare(metadata i32** %3, metadata !29, metadata !DIExpression()), !dbg !30\n store %struct.sample* %1, %struct.sample** %4, align 8\n call void @llvm.dbg.declare(metadata %struct.sample** %4, metadata !31, metadata !DIExpression()), !dbg !32\n %5 = load i32*, i32** %3, align 8, !dbg !33\n %6 = load i32, i32* %5, align 4, !dbg !34\n %7 = load %struct.sample*, %struct.sample** %4, align 8, !dbg !35\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %7, i32 0, i32 1, !dbg !36\n store i32 %6, i32* %8, align 4, !dbg !37\n ret void, !dbg !38\n}\n\n; Function Attrs: nocallback nofree nosync nounwind readnone speculatable willreturn\ndeclare void @llvm.dbg.declare(metadata, metadata, metadata) #1\n\n; Function Attrs: noinline nounwind optnone uwtable\ndefine dso_local i32 @main() #0 !dbg !39 {\n %1 = alloca i32, align 4\n %2 = alloca i32*, align 8\n %3 = alloca %struct.sample, align 8\n call void @llvm.dbg.declare(metadata i32* %1, metadata !42, metadata !DIExpression()), !dbg !43\n call void @llvm.dbg.declare(metadata i32** %2, metadata !44, metadata !DIExpression()), !dbg !45\n store i32 10, i32* %1, align 4, !dbg !46\n store i32* %1, i32** %2, align 8, !dbg !47\n call void @llvm.dbg.declare(metadata %struct.sample* %3, metadata !48, metadata !DIExpression()), !dbg !49\n %4 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0, !dbg !50\n store i32 20, i32* %4, align 8, !dbg !51\n %5 = load i32*, i32** %2, align 8, !dbg !52\n call void @test(i32* noundef %5, %struct.sample* noundef %3), !dbg !53\n %6 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 1, !dbg !54\n %7 = load i32, i32* %6, align 4, !dbg !54\n %8 = getelementptr inbounds %struct.sample, %struct.sample* %3, i32 0, i32 0, !dbg !55\n %9 = load i32, i32* %8, align 8, !dbg !55\n %10 = add nsw i32 %7, %9, !dbg !56\n %11 = call i32 (i8*, ...) @printf(i8* noundef getelementptr inbounds ([3 x i8], [3 x i8]* @.str, i64 0, i64 0), i32 noundef %10), !dbg !57\n ret i32 0, !dbg !58\n}\n\ndeclare i32 @printf(i8* noundef, ...) #2\n\nattributes #0 = { noinline nounwind optnone uwtable \"frame-pointer\"=\"all\" \"min-legal-vector-width\"=\"0\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\nattributes #1 = { nocallback nofree nosync nounwind readnone speculatable willreturn }\nattributes #2 = { \"frame-pointer\"=\"all\" \"no-trapping-math\"=\"true\" \"stack-protector-buffer-size\"=\"8\" \"target-cpu\"=\"x86-64\" \"target-features\"=\"+cx8,+fxsr,+mmx,+sse,+sse2,+x87\" \"tune-cpu\"=\"generic\" }\n\n!llvm.dbg.cu = !{!7}\n!llvm.module.flags = !{!9, !10, !11, !12, !13, !14, !15}\n!llvm.ident = !{!16}\n\n!0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression())\n!1 = distinct !DIGlobalVariable(scope: null, file: !2, line: 20, type: !3, isLocal: true, isDefinition: true)\n!2 = !DIFile(filename: \"testsuite/sample1.c\", directory: \"/home/cby/llm-pca/01-project\", checksumkind: CSK_MD5, checksum: \"086ff607109bac3c6d0d457996aa6d0d\")\n!3 = !DICompositeType(tag: DW_TAG_array_type, baseType: !4, size: 24, elements: !5)\n!4 = !DIBasicType(name: \"char\", size: 8, encoding: DW_ATE_signed_char)\n!5 = !{!6}\n!6 = !DISubrange(count: 3)\n!7 = distinct !DICompileUnit(language: DW_LANG_C99, file: !2, producer: \"clang version 15.0.7\", isOptimized: false, runtimeVersion: 0, emissionKind: FullDebug, globals: !8, splitDebugInlining: false, nameTableKind: None)\n!8 = !{!0}\n!9 = !{i32 7, !\"Dwarf Version\", i32 5}\n!10 = !{i32 2, !\"Debug Info Version\", i32 3}\n!11 = !{i32 1, !\"wchar_size\", i32 4}\n!12 = !{i32 7, !\"PIC Level\", i32 2}\n!13 = !{i32 7, !\"PIE Level\", i32 2}\n!14 = !{i32 7, !\"uwtable\", i32 2}\n!15 = !{i32 7, !\"frame-pointer\", i32 2}\n!16 = !{!\"clang version 15.0.7\"}\n!17 = distinct !DISubprogram(name: \"test\", scope: !2, file: !2, line: 10, type: !18, scopeLine: 10, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!18 = !DISubroutineType(types: !19)\n!19 = !{null, !20, !22}\n!20 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !21, size: 64)\n!21 = !DIBasicType(name: \"int\", size: 32, encoding: DW_ATE_signed)\n!22 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !23, size: 64)\n!23 = distinct !DICompositeType(tag: DW_TAG_structure_type, name: \"sample\", file: !2, line: 4, size: 128, elements: !24)\n!24 = !{!25, !26, !27}\n!25 = !DIDerivedType(tag: DW_TAG_member, name: \"x1\", scope: !23, file: !2, line: 5, baseType: !21, size: 32)\n!26 = !DIDerivedType(tag: DW_TAG_member, name: \"x2\", scope: !23, file: !2, line: 6, baseType: !21, size: 32, offset: 32)\n!27 = !DIDerivedType(tag: DW_TAG_member, name: \"next\", scope: !23, file: !2, line: 7, baseType: !22, size: 64, offset: 64)\n!28 = !{}\n!29 = !DILocalVariable(name: \"p\", arg: 1, scope: !17, file: !2, line: 10, type: !20)\n!30 = !DILocation(line: 10, column: 16, scope: !17)\n!31 = !DILocalVariable(name: \"s\", arg: 2, scope: !17, file: !2, line: 10, type: !22)\n!32 = !DILocation(line: 10, column: 34, scope: !17)\n!33 = !DILocation(line: 11, column: 14, scope: !17)\n!34 = !DILocation(line: 11, column: 13, scope: !17)\n!35 = !DILocation(line: 11, column: 5, scope: !17)\n!36 = !DILocation(line: 11, column: 8, scope: !17)\n!37 = !DILocation(line: 11, column: 11, scope: !17)\n!38 = !DILocation(line: 12, column: 1, scope: !17)\n!39 = distinct !DISubprogram(name: \"main\", scope: !2, file: !2, line: 13, type: !40, scopeLine: 13, spFlags: DISPFlagDefinition, unit: !7, retainedNodes: !28)\n!40 = !DISubroutineType(types: !41)\n!41 = !{!21}\n!42 = !DILocalVariable(name: \"a\", scope: !39, file: !2, line: 14, type: !21)\n!43 = !DILocation(line: 14, column: 9, scope: !39)\n!44 = !DILocalVariable(name: \"p\", scope: !39, file: !2, line: 14, type: !20)\n!45 = !DILocation(line: 14, column: 13, scope: !39)\n!46 = !DILocation(line: 15, column: 7, scope: !39)\n!47 = !DILocation(line: 16, column: 7, scope: !39)\n!48 = !DILocalVariable(name: \"s1\", scope: !39, file: !2, line: 17, type: !23)\n!49 = !DILocation(line: 17, column: 19, scope: !39)\n!50 = !DILocation(line: 18, column: 8, scope: !39)\n!51 = !DILocation(line: 18, column: 11, scope: !39)\n!52 = !DILocation(line: 19, column: 10, scope: !39)\n!53 = !DILocation(line: 19, column: 5, scope: !39)\n!54 = !DILocation(line: 20, column: 20, scope: !39)\n!55 = !DILocation(line: 20, column: 28, scope: !39)\n!56 = !DILocation(line: 20, column: 23, scope: !39)\n!57 = !DILocation(line: 20, column: 5, scope: !39)\n!58 = !DILocation(line: 21, column: 1, scope: !39)\n
\u7ed3\u5408\u8c03\u8bd5\u5143\u6570\u636e\uff08\u5982 DILocalVariable \u548c DIType\uff09\u4ee5\u53ca\u9ad8\u5c42\u63a5\u53e3\uff08\u5982\u51fd\u6570\u7b7e\u540d\uff09\u53ef\u4ee5\u6062\u590d\u6307\u9488\u7c7b\u578b\u3002\u4f46\u5982\u679c\u6ca1\u6709\u8c03\u8bd5\u4fe1\u606f\uff0c\u6062\u590d\u7c7b\u578b\u4f1a\u53d8\u5f97\u56f0\u96be\uff0c\u53ea\u80fd\u901a\u8fc7\u95f4\u63a5\u624b\u6bb5\u63a8\u65ad\u6307\u9488\u7c7b\u578b\u3002
"},{"location":"software-security/program-analysis/llvm/#llvm-api","title":"LLVM API","text":""},{"location":"software-security/program-analysis/llvm/#\u5934\u6587\u4ef6\u67b6\u6784","title":"\u5934\u6587\u4ef6\u67b6\u6784","text":"\u5173\u6ce8\u4e4b\u524d\u4e0b\u8f7d\u7684llvm-project-xx.x.x.src\u76ee\u5f55\u4e0b\u7684llvm/include/llvm\u6587\u4ef6\u5939\uff0c\u91cc\u9762\u5305\u542bADT
\u3001IR
\u3001IRReader
\u7b49\u5404\u79cd\u5934\u6587\u4ef6\uff0c\u4ece\u4e2d\u53ef\u4ee5\u4e86\u89e3\u5982\u4f55\u8c03API\u3002\u4ee515.0.7\u7248\u672c\u4e3a\u4f8b\uff0c\u76ee\u5f55\u67b6\u6784\u5982\u4e0b\uff1a
./\n\u251c\u2500\u2500 ADT/\n\u251c\u2500\u2500 Analysis/\n\u251c\u2500\u2500 AsmParser/\n\u251c\u2500\u2500 BinaryFormat/\n\u251c\u2500\u2500 Bitcode/\n\u251c\u2500\u2500 Bitstream/\n\u251c\u2500\u2500 CMakeLists.txt\n\u251c\u2500\u2500 CodeGen/\n\u251c\u2500\u2500 Config/\n\u251c\u2500\u2500 DebugInfo/\n\u251c\u2500\u2500 Debuginfod/\n\u251c\u2500\u2500 Demangle/\n\u251c\u2500\u2500 DWARFLinker/\n\u251c\u2500\u2500 DWP/\n\u251c\u2500\u2500 ExecutionEngine/\n\u251c\u2500\u2500 FileCheck/\n\u251c\u2500\u2500 Frontend/\n\u251c\u2500\u2500 FuzzMutate/\n\u251c\u2500\u2500 InitializePasses.h\n\u251c\u2500\u2500 InterfaceStub/\n\u251c\u2500\u2500 IR/\n\u251c\u2500\u2500 IRReader/\n\u251c\u2500\u2500 LineEditor/\n\u251c\u2500\u2500 LinkAllIR.h\n\u251c\u2500\u2500 LinkAllPasses.h\n\u251c\u2500\u2500 Linker/\n\u251c\u2500\u2500 LTO/\n\u251c\u2500\u2500 MC/\n\u251c\u2500\u2500 MCA/\n\u251c\u2500\u2500 module.extern.modulemap\n\u251c\u2500\u2500 module.install.modulemap\n\u251c\u2500\u2500 module.modulemap\n\u251c\u2500\u2500 module.modulemap.build\n\u251c\u2500\u2500 ObjCopy/\n\u251c\u2500\u2500 Object/\n\u251c\u2500\u2500 ObjectYAML/\n\u251c\u2500\u2500 Option/\n\u251c\u2500\u2500 PassAnalysisSupport.h\n\u251c\u2500\u2500 Passes/\n\u251c\u2500\u2500 Pass.h\n\u251c\u2500\u2500 PassInfo.h\n\u251c\u2500\u2500 PassRegistry.h\n\u251c\u2500\u2500 PassSupport.h\n\u251c\u2500\u2500 ProfileData/\n\u251c\u2500\u2500 Remarks/\n\u251c\u2500\u2500 Support/\n\u251c\u2500\u2500 TableGen/\n\u251c\u2500\u2500 Target/\n\u251c\u2500\u2500 Testing/\n\u251c\u2500\u2500 TextAPI/\n\u251c\u2500\u2500 ToolDrivers/\n\u251c\u2500\u2500 Transforms/\n\u251c\u2500\u2500 WindowsDriver/\n\u251c\u2500\u2500 WindowsManifest/\n\u251c\u2500\u2500 WindowsResource/\n\u2514\u2500\u2500 XRay/\n\n43 directories, 13 files\n
"},{"location":"software-security/program-analysis/llvm/#passh","title":"Pass.h","text":"LLVM Pass\u7684\u57fa\u7840\u662f\u4e00\u4e2a\u4e2apass\uff0c\u6bd4\u5982\u81ea\u5df1\u5199\u4e00\u4e2a\u7c7b\u7ee7\u627fllvm::ModulePass
\uff0c\u5728\u5185\u90e8\u8986\u5199runOnModule
\u51fd\u6570\u3002\u800cModulePass\u53c8\u662f\u7ee7\u627f\u81eallvm::Pass
\u7684\uff0c\u4e5f\u5c31\u662f\u76f4\u63a5\u6765\u81ea\u5934\u6587\u4ef6\u76ee\u5f55\u4e0b\u7684Pass.h
\u6587\u4ef6\u3002\u8fd9\u4e2a\u5934\u6587\u4ef6\u5927\u81f4\u7ed3\u6784\u5982\u4e0b\uff1a
#ifndef LLVM_PASS_H\n#define LLVM_PASS_H\n#include <string>\n\nnamespace llvm {\n\nclass AnalysisResolver;\nclass AnalysisUsage;\nclass Function;\n// ...\n\n// AnalysisID - Use the PassInfo to identify a pass...\nusing AnalysisID = const void *;\n\n/// Different types of internal pass managers.\nenum PassManagerType {\n// ...\n};\n\n// Different types of passes.\nenum PassKind {\n// ...\n};\n\n/// This enumerates the LLVM full LTO or ThinLTO optimization phases.\nenum class ThinOrFullLTOPhase {\n// ...\n};\n\nclass Pass {\n// ...\n};\n\nclass ModulePass : public Pass {\n// ...\n};\n\nclass ImmutablePass : public ModulePass {\n// ...\n};\n\nclass FunctionPass : public Pass {\n// ...\n};\n\n} // end namespace llvm\n\n// Include support files that contain important APIs commonly used by Passes,\n// but that we want to separate out to make it easier to read the header files.\n#include \"llvm/PassAnalysisSupport.h\"\n#include \"llvm/PassSupport.h\"\n\n#endif // LLVM_PASS_H\n
\u53ef\u89c1\uff0cModulePass\u548cFunctionPass\u4e24\u4e2a\u7c7b\u76f4\u63a5\u7ee7\u627f\u4e86Pass\u3002ImmutablePass\u76f4\u63a5\u7ee7\u627f\u4e86ModulePass\u3002
"},{"location":"software-security/program-analysis/llvm/#bc\u6587\u4ef6\u8bfb\u53d6\u4e0e\u89e3\u6790","title":"bc\u6587\u4ef6\u8bfb\u53d6\u4e0e\u89e3\u6790","text":"\u901a\u8fc7#include \"llvm/IRReader/IRReader.h\"
\u4f7f\u7528std::unique_ptr<Module> parseIRFile(StringRef Filename, SMDiagnostic &Err, LLVMContext &Context)
\u6765\u83b7\u53d6bc\u6587\u4ef6\u7684\u6307\u9488\uff0c\u968f\u540e\u53ef\u4ee5\u5728\u81ea\u5b9a\u4e49\u65b9\u6cd5\u5982myParseFunc(const Module &Mod)
\u4e2d\u904d\u5386\u6307\u9488\u5185\u5bb9\uff08\u5373\u89e3\u5f15\u7528\uff09\uff0c\u5f97\u5230llvm::Module\u4e0b\u4e00\u5c42\u7684llvm::Function\u3002\u7c7b\u4f3c\u5730\uff0c\u5bf9llvm::Function\u8fdb\u4e00\u6b65\u904d\u5386\u53ef\u4ee5\u83b7\u53d6llvm::BasicBlock\uff0c\u518d\u8fdb\u4e00\u6b65\u904d\u5386\u53ef\u4ee5\u83b7\u53d6llvm::Instruction\uff0c\u6bcf\u4e00\u7ea7\u53ef\u4ee5\u8c03\u7528\u76f8\u5173API\u51fd\u6570\u3002
\u6839\u636eLLVM\u5206\u6790\u7684\u7a0b\u5e8f\u5bf9\u8c61\u4e0d\u540c\uff0c\u53ef\u4ee5\u6309\u4ece\u5927\u5230\u5c0f\u7684\u987a\u5e8f\u5206\u4e3aModule\u3001Function\u3001BasicBlock\u3001Instruction\u56db\u4e2a\u7b49\u7ea7\u3002\u53ef\u4ee5\u76f4\u63a5\u91c7\u7528for\u5faa\u73af\u904d\u5386\u9ad8\u7b49\u7ea7\u5bf9\u8c61\u7684\u65b9\u6cd5\uff0c\u83b7\u53d6\u5176\u4e2d\u7684\u4e0b\u4e00\u7ea7\u5bf9\u8c61\u3002\u53ef\u89c1\u524d\u6587\u7684\u9879\u76ee\u4f8b\u5b50\u3002
"},{"location":"software-security/program-analysis/llvm/#llvmmodule","title":"llvm::Module","text":"\u53ef\u4ee5\u7406\u89e3\u4e3a\u5bf9\u6574\u4e2abc\u6587\u4ef6\u8fdb\u884c\u5206\u6790\u5f97\u5230\u7684\u7ed3\u679c\uff0c\u5176\u4e2d\u5305\u542b\u591a\u4e2aFunction\u3002
"},{"location":"software-security/program-analysis/llvm/#llvmfunction","title":"llvm::Function","text":""},{"location":"software-security/program-analysis/llvm/#llvmbasicblock","title":"llvm::BasicBlock","text":"const llvm::BasicBlock BB;\nBB.getTerminator(); // \u83b7\u53d6\u57fa\u672c\u5757\u6700\u540e\u4e00\u6761\u6307\u4ee4\n
"},{"location":"software-security/program-analysis/llvm/#llvminstruction","title":"llvm::Instruction","text":"const llvm::Instruction I;\nI.getOpcodeName(); // \u83b7\u53d6\u64cd\u4f5c\u7b26\u7684\u5b57\u7b26\u4e32\u540d\u79f0\nI.getNumOperands(); // \u83b7\u53d6\u64cd\u4f5c\u6570\u4e2a\u6570\nI.getOperand(i); // \u83b7\u53d6\u7b2ci\u4e2a\u64cd\u4f5c\u6570\uff0c\u8fd4\u56dellvm::Value*\n\nI.hasMetaData(); // \u68c0\u67e5\u5f53\u524d\u6307\u4ee4\u662f\u5426\u9644\u6709metadata\uff0c\u6bd4\u5982\u8c03\u8bd5\u4fe1\u606f\nI.getMetaData(\"dbg\"); // \u83b7\u53d6\u5f53\u524d\u6307\u4ee4\u7684dbg\u8c03\u8bd5\u4fe1\u606f\n
"},{"location":"software-security/program-analysis/llvm/#\u8c03\u8bd5\u4fe1\u606f\u5206\u6790","title":"\u8c03\u8bd5\u4fe1\u606f\u5206\u6790","text":"\u524d\u6587\u63d0\u5230\uff0c\u5728\u7f16\u8bd1\u7a0b\u5e8f\u65f6\u6dfb\u52a0-g
\u9009\u9879\uff0c\u53ef\u4ee5\u751f\u6210\u7c7b\u4f3c
\u7ea6 112 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"software-security/reverse/IDA/#\u53cd\u7f16\u8bd1arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"\u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002
raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002
"},{"location":"software-security/reverse/reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":"\u7ea6 59 \u4e2a\u5b57 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\u4e0d\u5230 1 \u5206\u949f
"},{"location":"software-security/reverse/reverse-advanced/#windows\u9006\u5411\u6280\u672f\u6982\u5ff5","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker
"},{"location":"software-security/reverse/reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"\u7ea6 1078 \u4e2a\u5b57 10 \u884c\u4ee3\u7801 \u9884\u8ba1\u9605\u8bfb\u65f6\u95f4 5 \u5206\u949f
\u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u8c03\u7528\u7ea6\u5b9a","title":"\u8c03\u7528\u7ea6\u5b9a","text":"cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002
stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X
\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002
fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"call
\u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c
retn
\u5373pop EIP
test
\u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668
NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"\u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a
push ebp\nmov ebp,esp\n
\u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27
"},{"location":"software-security/reverse/reverse-basic/#\u540d\u79f0\u4fee\u9970","title":"\u540d\u79f0\u4fee\u9970","text":"\u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv
\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a
namespace wikipedia\n{\n class article\n {\n public:\n std::string format();\n }\n}\n
\u5176\u4e2d_Z
\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN
\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E
\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002
PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002
#pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002
"},{"location":"software-security/reverse/reverse-basic/#\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a
\u6216.lib
\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so
\u6216.dll
\u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c
\u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef
\u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o
\uff0car crs libxx.a xx.o
\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC
\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e
\u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr
\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g
\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2
)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file
\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002
\u4f7f\u7528ulimit -c unlimited
\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern
\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g
\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>
\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002
Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5
"}]} \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml index 345b846..b309268 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,206 +2,206 @@约 4823 个字 1287 行代码 预计阅读时间 145 分钟
在终端连接pwn-college时,先在网页端配置下公钥,然后ssh -i 私钥 hacker@dojo.pwn.college
即可。网页端启动一个实例后,远程也会自动启动对应的环境。问题一般放在根目录的challenge文件夹下
请求第一行Request line:请求方法 URI 协议版本 CRLF
响应第一行Status line:协议版本 状态码 解释 CRLF
常见的请求方法:
HTTP URL Scheme:scheme://host:port/path?query#fragment
请求的资源含有一些特殊符号比如?,/,&,#等等时,使用%xx进行编码,其中xx是ASCII码。这种做法称为urlencoding
POST请求时,需要带上Content-Type
前者body里写a=xx,后者写{“a”:”xx”}。json可以构造更复杂的blob
RFC 1945 HTTP协议是无状态的,但是网络应用是有状态的。使用cookie来保持状态。
使用socket创建一个A-B的网络文件,然后使用bind将socket与具体的ip绑定。使用listen来被动侦听sockfd。使用accept接受外部连接。
使用TCP/IP进行网络通讯,服务器端的例子如:
// int socket(int domain, int type, int protocol)
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog CSE 365 - spring 2023
CSE 365 - Spring 2023¶
约 4823 个字 1287 行代码 预计阅读时间 145 分钟
在终端连接pwn-college时,先在网页端配置下公钥,然后ssh -i 私钥 hacker@dojo.pwn.college
即可。网页端启动一个实例后,远程也会自动启动对应的环境。问题一般放在根目录的challenge文件夹下
Talking Web 学习笔记¶
请求第一行Request line:请求方法 URI 协议版本 CRLF
响应第一行Status line:协议版本 状态码 解释 CRLF
常见的请求方法:
- GET:获取信息,如果URI是处理程序,则获取程序运行后的结果(而不是源码)
- HEAD:和GET类似,但是response不返回body,一般用于测试资源是否存在、修改时间,获取资源元数据等
- POST:提交额外的信息用于服务端处理
HTTP URL Scheme:scheme://host:port/path?query#fragment
- scheme 访问资源的协议,比如http
- host 持有资源的主机
- port 提供服务的程序使用的端口
- path 确定特定资源
- query 资源可以利用的额外信息
- fragment 客户端有关这一资源的信息(不会传给服务器?)
请求的资源含有一些特殊符号比如?,/,&,#等等时,使用%xx进行编码,其中xx是ASCII码。这种做法称为urlencoding
POST请求时,需要带上Content-Type
- Content-Type: application/x-www-form-urlencoded
- Content-Type: application/json
前者body里写a=xx,后者写{“a”:”xx”}。json可以构造更复杂的blob
RFC 1945 HTTP协议是无状态的,但是网络应用是有状态的。使用cookie来保持状态。
Assembly Crash Course 学习笔记¶
Building a Web Server 学习笔记¶
使用socket创建一个A-B的网络文件,然后使用bind将socket与具体的ip绑定。使用listen来被动侦听sockfd。使用accept接受外部连接。
使用TCP/IP进行网络通讯,服务器端的例子如:
// int socket(int domain, int type, int protocol)
socket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)
// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)
@@ -1353,7 +1397,7 @@
#ªt®syºe»a½i¶hµ°o°b¾aºz¦r¬p®
#然后把两个结果中字母排起来
#utqsryeedabiihjooobaaezyrspq
-
总结¶
CSE 365还是属于比较入门的类型,打好基础!
约 1024 个字 170 行代码 预计阅读时间 20 分钟
叠个甲
本文内容是结合ChatGPT-4o-Latest模型、LLVM 15.0.7,在刚接触llvm的时候边学边写下的笔记,可能会出现纰漏。欢迎评论斧正!
首先在https://github.com/llvm/llvm-project/releases/ 下载心仪的llvm-project-xx.x.x.src.tar.xz
,然后tar -xf llvm*
解压缩后按如下进行编译:
cd llvm-project-*
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 编译与配置
LLVM 学习¶
约 1024 个字 173 行代码 预计阅读时间 21 分钟
叠个甲
本文内容是结合ChatGPT-4o-Latest模型、LLVM 15.0.7,在刚接触llvm的时候边学边写下的笔记,可能会出现纰漏。欢迎评论斧正!
快速上手¶
源码编译¶
首先在https://github.com/llvm/llvm-project/releases/ 下载心仪的llvm-project-xx.x.x.src.tar.xz
,然后tar -xf llvm*
解压缩后按如下进行编译:
cd llvm-project-*
mkdir build && cd build
cmake -G "Unix Makefiles" -DLLVM_ENABLE_PROJECTS="clang" -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=On -DLLVM_TARGETS_TO_BUILD=host ../llvm
cmake --build . -j8 # make -j8 根据实际情况选择多线程编译
@@ -705,14 +749,16 @@
#include "llvm/PassSupport.h"
#endif // LLVM_PASS_H
-
可见,ModulePass和FunctionPass两个类直接继承了Pass。ImmutablePass直接继承了ModulePass。
bc文件读取与解析¶
通过#include "llvm/IRReader/IRReader.h"
使用std::unique_ptr<Module> parseIRFile(StringRef Filename, SMDiagnostic &Err, LLVMContext &Context)
来获取bc文件的指针,随后可以在自定义方法如myParseFunc(const Module &Mod)
中遍历指针内容(即解引用),得到llvm::Module下一层的llvm::Function。类似地,对llvm::Function进一步遍历可以获取llvm::BasicBlock,再进一步遍历可以获取llvm::Instruction,每一级可以调用相关API函数。
四大关键程序对象¶
根据LLVM分析的程序对象不同,可以按从大到小的顺序分为Module、Function、BasicBlock、Instruction四个等级。可以直接采用for循环遍历高等级对象的方法,获取其中的下一级对象。可见前文的项目例子。
llvm::Module¶
可以理解为对整个bc文件进行分析得到的结果,其中包含多个Function。
llvm::Function¶
llvm::BasicBlock¶
llvm::Instruction¶
const llvm::Instruction I;
-I.getOpcodeName(); // 获取操作符的字符串名称
-I.getNumOperands(); // 获取操作数个数
-I.getOperand(i); // 获取第i个操作数,返回llvm::Value*
-
-I.hasMetaData(); // 检查当前指令是否附有metadata,比如调试信息
-I.getMetaData("dbg"); // 获取当前指令的dbg调试信息
-
调试信息分析¶
前文提到,在编译程序时添加-g
选项,可以生成类似
约 1078 个字 10 行代码 预计阅读时间 5 分钟
逆向函数时,要提前预测下函数实现机制,以节省时间。要明白哪些部分属于程序特有的实现,哪些部分属于第三方的库,不要随便进到第三方库或者底层API里面分析。
cdecl(C默认)由caller负责清理栈上传入参数。
stdcall由callee负责清理栈上传入参数(Win32API),被调函数返回时使用RETN X
来退出,相当于RETN、POP X。比如退两个参数,就RETN 8。
fastcall为了提高速度,分别使用ECX、EDX传递前两个参数,更多参数还是使用内存。 传参时都是从右向左以此压入栈中。
call
包括保存返回地址、IP跳转
retn
即pop EIP
test
相当于AND,但是不改变普通寄存器的值,只修改EFLAGS寄存器
NOP指令通常用于控制时序的目的,强制内存对齐,防止流水线灾难,占据分支指令延迟,或是作为占位符以供程序的改善(或替代被移除的指令)。
函数内部一般先会执行以下两条指令:
push ebp
+ body[data-md-color-scheme="slate"] .gslide-desc { color: var(--md-default-fg-color);} c01dkit's tech blog 逆向基础
逆向基础¶
约 1078 个字 10 行代码 预计阅读时间 5 分钟
逆向函数时,要提前预测下函数实现机制,以节省时间。要明白哪些部分属于程序特有的实现,哪些部分属于第三方的库,不要随便进到第三方库或者底层API里面分析。
调用约定¶
cdecl(C默认)由caller负责清理栈上传入参数。
stdcall由callee负责清理栈上传入参数(Win32API),被调函数返回时使用RETN X
来退出,相当于RETN、POP X。比如退两个参数,就RETN 8。
fastcall为了提高速度,分别使用ECX、EDX传递前两个参数,更多参数还是使用内存。 传参时都是从右向左以此压入栈中。
一些常见汇编操作符¶
call
包括保存返回地址、IP跳转
retn
即pop EIP
test
相当于AND,但是不改变普通寄存器的值,只修改EFLAGS寄存器
NOP指令的用途¶
NOP指令通常用于控制时序的目的,强制内存对齐,防止流水线灾难,占据分支指令延迟,或是作为占位符以供程序的改善(或替代被移除的指令)。
函数执行栈帧推断¶
函数内部一般先会执行以下两条指令:
可以观察ebp和esp的修改情况推断函数栈帧
名称修饰¶
名称修饰(name mangling,name decoration),用来解决标志符的唯一命名问题。比如在不同的命名空间实现相同名称的函数,这个函数在怎么表示呢?名称修饰技术用来生成唯一的标志符,保留命名空间、函数名、结构体名、类名以及参数类型等等信息。名称修饰和调用约定、编译器有关,应用最广泛的是C++的代码(尤其是混合C编译时)。比如_ZN9wikipedia7article6formatEv
可以用来表示:
其中_Z
是开头(下划线+大写字母在C中是保留的标志符,避免冲突),N
表示是嵌套有命名空间和类名,随后的数字+字母中,数字表示长度,字母表示名称,并以E
结束。之后的参数表示函数的参数类型,v为void。
PE文件¶
PE(Portable Execution)文件是Windows系统使用的可执行文件格式。
- 可执行PE文件扩展名一般为exe,src
- 库文件扩展名一般为dll,ocx,cpl,drv
- 驱动程序文件扩展名一般为sys,vxd
- 对象文件扩展名一般为obj
PE文件的数据节¶
- .text 代码节,存放二进制机器码
- .data 初始化数据节,如宏定义、全局变量、静态变量
- .idata 可执行文件使用的动态链接库等外部函数与文件,即输入表
- .rsrc 程序资源节,包括图标、菜单等
#pragma data_seg()可以将代码任意部分编译到PE文件任意节,节名也可以自定义。
静态链接库与动态链接库¶
静态库的拓展名为.a
或.lib
;动态库的拓展名一般为.so
或.dll
静态库编译时直接整合到目标程序中,编译成功后的可执行文件可以独立运行;动态库编译时可执行程序无法独立运行
静态库更新后需要更新整个目标程序;动态库更新后只需更换新的动态库即可
静态库编译命令:gcc -c xx.c -o xx.o
,ar crs libxx.a xx.o
;动态库编译命令:gcc xx.c -o libxx.so -shared -fPIC
其中-fPIC表示使用相对位置
gdb¶
添加多个符号表add-symbol-file xxx addr
其中addr是代码段起始地址,xxx可以为sym文件,或elf文件等。变异时需要加上-g
保留符号表(指定具体格式如-g2 -gdwarf-2
),可以逐个使用add-symbol-file
,都添加进去。
使用ulimit -c unlimited
设置不限制coredump文件大小,然后root用户echo "core-%e-%p" > /proc/sys/kernel/core_pattern
设置保留程序名、pid,则对于编译时添加了-g
选项的程序,其崩溃产生的coredump文件可以使用gdb <程序名> <coredump文件名>
来寻找root cause。gdb内用where查看调用栈。
推荐阅读¶
Linux 静态库 编译和使用 Linux 动态库 编译和使用 Makefile入门 Makefile官方文档 coredump文件基础用法