diff --git a/java/index.html b/java/index.html new file mode 100644 index 0000000..0067c0d --- /dev/null +++ b/java/index.html @@ -0,0 +1,983 @@ + + + + + + + + + + + + + + + + + + + + + + Java - c01dkit's tech blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + + + + +

Java

+

Java环境配置

+

https://www.oracle.com/java/technologies/downloads/下载对应系统的包。Linux选择Compressed Archive,解压缩以后配置下path;Windows可以用MSI Installer。对应的源码在lib/src.zip中。

+

Java源码架构理解

+

核心代码、主要功能在java.base/java目录下,其中包含了io、lang、util等多个关键模块。

+

Java里有哪些数据结构类型?如何实现的?

+

Java中常见的数据类型比如Set、Array、

+ + + + + + +
+
+ + +
+ +
+ + + +
+
+
+
+ + + + + + + + + + + \ No newline at end of file diff --git a/linux-server/index.html b/linux-server/index.html index 014dee1..31ad3f1 100644 --- a/linux-server/index.html +++ b/linux-server/index.html @@ -710,6 +710,13 @@
  • + 打开文件数 + + +
  • + +
  • + 参考资料 @@ -1045,6 +1052,13 @@
  • + 打开文件数 + + +
  • + +
  • + 参考资料 @@ -1179,7 +1193,10 @@

    系统服务

    定时服务

    定时程序执行失败的原因是多样的,可能是因为定时服务没启动,需要systemctl restart cron.service,或者是cron服务坏掉了,先apt install cron --reinstall强制重新安装下,再重启服务,或者是安装了别的依赖库但是没有重启cron导致运行失败,试试/etc/init.d/cron restart

    -

    参考资料

    +

    打开文件数

    +

    https://www.baeldung.com/linux/list-open-file-descriptors

    +

    Linux默认最多同时打开1024个文件,可以通过ulimit -n查看。fuzzing等要注意关闭文件描述符,否则可能导致服务器故障(比如ssh连不上)。/proc//fd里列出了pid锁打开的文件。

    +

    参考资料

    1. systemd相关资料
    diff --git a/readings/index.html b/readings/index.html index 43fbc7a..2287c7a 100644 --- a/readings/index.html +++ b/readings/index.html @@ -306,6 +306,13 @@ 编程语言 +
  • + +
  • + + 磨刀不误砍柴工 + +
  • @@ -1004,6 +1011,13 @@ 编程语言 + + +
  • + + 磨刀不误砍柴工 + +
  • @@ -1053,6 +1067,12 @@

    编程语言

  • 多进程
  • 进程池
  • +

    磨刀不误砍柴工

    + diff --git a/search/search_index.json b/search/search_index.json index 0777a96..c20efe6 100644 --- a/search/search_index.json +++ b/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to c01dkit's tech blog","text":"

    \u76ee\u5f55\u4e3a\u81ea\u52a8\u751f\u6210\uff0c\u53ef\u80fd\u6709\u8bef\u3002\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u65f6\u95f42023-12-18\u3002

    \u6b22\u8fce\u63d0issue\u4ee5\u6307\u9519\u3001\u4ea4\u6d41\uff01

    \u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u5185\u5bb9\uff1a

    "},{"location":"#_1","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"#ctf-pwn-college-cse-365-spring-2023","title":"CTF\u7b14\u8bb0 / pwn-college / CSE 365 - spring 2023","text":""},{"location":"#c","title":"\u7f16\u7a0b\u8bed\u8a00 / C\u8bed\u8a00","text":""},{"location":"#go","title":"\u7f16\u7a0b\u8bed\u8a00 / Go","text":""},{"location":"#python","title":"\u7f16\u7a0b\u8bed\u8a00 / Python","text":""},{"location":"#_2","title":"\u7f16\u7a0b\u8bed\u8a00 / \u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"#python_1","title":"\u7f16\u7a0b\u5e94\u7528 / python\u722c\u866b","text":""},{"location":"#ida","title":"\u7a0b\u5e8f\u9006\u5411 / IDA\u57fa\u7840","text":""},{"location":"#_3","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u57fa\u7840","text":""},{"location":"#_4","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u9ad8\u9636","text":""},{"location":"#autoconf","title":"\u5b66\u4e60\u7b14\u8bb0 / autoconf","text":""},{"location":"#chatgpt","title":"\u5b66\u4e60\u7b14\u8bb0 / ChatGPT","text":""},{"location":"#docker","title":"\u5b66\u4e60\u7b14\u8bb0 / Docker","text":""},{"location":"#ubuntu","title":"\u5b66\u4e60\u7b14\u8bb0 / Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"#git","title":"\u5b66\u4e60\u7b14\u8bb0 / Git","text":""},{"location":"#sslh","title":"\u5b66\u4e60\u7b14\u8bb0 / sslh","text":""},{"location":"#_5","title":"\u5b66\u4e60\u7b14\u8bb0 / \u7aef\u53e3\u590d\u7528","text":""},{"location":"#_6","title":"\u5b66\u4e60\u7b14\u8bb0 / \u73af\u5883\u914d\u7f6e","text":""},{"location":"#_7","title":"\u5b66\u4e60\u7b14\u8bb0 / \u4ee3\u7406\u8f6c\u53d1","text":""},{"location":"#latex","title":"\u79d1\u7814\u751f\u6d3b / latex\u57fa\u7840","text":""},{"location":"#_8","title":"\u79d1\u7814\u751f\u6d3b / \u79d1\u7814\u5fc3\u5f97","text":""},{"location":"#_9","title":"\u79d1\u7814\u751f\u6d3b / \u6a21\u7cca\u6d4b\u8bd5","text":""},{"location":"#_10","title":"\u79d1\u7814\u751f\u6d3b / \u6839\u56e0\u5206\u6790","text":""},{"location":"IDA/","title":"IDA\u4f7f\u7528","text":""},{"location":"IDA/#arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"

    \u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002

    raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002

    "},{"location":"autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"

    \u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49

    "},{"location":"autoconf/#_1","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a

    bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"autoconf/#_2","title":"\u533a\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002

    \u7f16\u5199Makefile.am\u6587\u4ef6

    \u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a

    bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n

    \u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939

    POMP\u7684\u4f8b\u5b50\uff1a

    SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\nsrc/Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"c/","title":"C\u8bed\u8a00","text":""},{"location":"c/#_1","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"
    member_address - &(((TYPE *)0)->member);\n

    \u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002

    "},{"location":"c/#_2","title":"\u52a8\u6001\u94fe\u63a5\u5e93","text":"

    \u7f16\u8bd1\u52a8\u6001\u94fe\u63a5\u5e93\u672c\u8eab

    \u4f7f\u7528gcc\u7f16\u8bd1\u51fa\u52a8\u6001\u94fe\u63a5\u5e93\uff1a

    gcc <source C file> -shared -fPIC -o lib<source>.so\n

    \u7f16\u8bd1\u539f\u9879\u76ee\u65f6\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93

    \u4f7f\u7528-l\u6307\u5b9a\u52a0\u8f7d\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002

    \u6bd4\u5982gcc main.c -lcapstone\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09

    \u5982\u679c\u52a8\u6001\u94fe\u63a5\u5e93\u4e0d\u5728\u9ed8\u8ba4\u7684\u7cfb\u7edf\u5e93\u4e2d\uff0c\u53ef\u4ee5\u6dfb\u52a0-L\u6765\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u4fdd\u5b58\u4f4d\u7f6e\u3002

    \u8fd0\u884c\u9879\u76ee\u65f6\u52a0\u8f7d\u52a8\u6001\u94fe\u63a5\u5e93

    \u5373\u4fbf\u7f16\u8bd1\u6210\u529f\uff0c\u8fd0\u884c\u53ef\u80fd\u62a5\u9519\u3002\u641c\u7d22\u987a\u5e8f\u4e3a\uff1a

    1. \u5728\u7f16\u8bd1\u65f6\u6dfb\u52a0-Wl,-rpath=xxx\u6765\u6307\u5b9a\u8fd0\u884c\u65f6\u6240\u9700\u7684\u52a8\u6001\u5e93\u6587\u4ef6
    2. \u5728\u73af\u5883\u53d8\u91cfLD_LIBRARY_PATH\u6307\u5b9a\u7684\u76ee\u5f55\u4e2d\u641c\u7d22
    3. \u5728/etc/ld.so.conf\u7ed9\u51fa\u7684\u76ee\u5f55\u4e2d\u641c\u7d22
    4. \u5728\u9ed8\u8ba4\u7684\u641c\u7d22\u8def\u5f84/lib\u3001/lib64\u3001/usrlib\u3001/usrlib64\u7b49\u641c\u7d22
    "},{"location":"code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"code-gracely/#_2","title":"\u7a0b\u5e8f\u53d8\u91cf","text":""},{"location":"code-gracely/#_3","title":"\u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5","text":"

    \u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002

    "},{"location":"code-gracely/#_4","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":""},{"location":"code-gracely/#_5","title":"\u4f18\u5316\u8ba1\u7b97\u6548\u7387","text":""},{"location":"code-gracely/#_6","title":"\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801","text":"
    1. \u4f7f\u7528\u9ad8\u7ea7\u8bed\u8a00\u5b8c\u6210\u7a0b\u5e8f\u7f16\u5199
    2. \u8fdb\u884c\u6d4b\u8bd5\uff0c\u9a8c\u8bc1\u6b63\u786e\u6027
    3. \u8fdb\u884c\u7a0b\u5e8f\u5206\u6790\uff0c\u786e\u5b9a\u70ed\u70b9\u4ee3\u7801
    4. \u5bf9\u70ed\u70b9\u4ee3\u7801\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u6539\u5199
    "},{"location":"code-gracely/#_7","title":"\u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41","text":""},{"location":"code-gracely/#_8","title":"\u5faa\u73af","text":""},{"location":"code-gracely/#_9","title":"\u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf","text":""},{"location":"code-gracely/#if-else","title":"\u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad","text":"

    \u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a

    \u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a

    \u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002

    "},{"location":"code-gracely/#_10","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"

    \u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002

    "},{"location":"code-gracely/#_11","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"

    \u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002

    "},{"location":"code-gracely/#_12","title":"\u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027","text":""},{"location":"code-gracely/#c","title":"C","text":"

    \u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c

    int arr[10] = {\n[0]       = 1,\n[1 ... 4] = 2,\n[5 ... 7] = 4,\n};\n

    \u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c

    struct test {\nint a;\nint b;\nint c;\nint d;\n};\n\nint main(\nint argc, char const *argv[]\n)\n{\nstruct test t = {\n.a = 1,\n.b = 2,\n.c = 3,\n.d = 4,\n};\n\nreturn 0;\n}\n
    "},{"location":"crawler/","title":"\u722c\u866b\u6a21\u677f","text":""},{"location":"crawler/#scrapy","title":"Scrapy","text":"

    \u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd

    "},{"location":"crawler/#_2","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"

    \u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406

    import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n    \"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n    yield scrapy.Request(\n        headers = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n        meta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n        )\n
    "},{"location":"crawler/#applicationjson","title":"application/json\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a

    import json\nheaders = {\n    \"Content-Type\": \"application/json\",\n    \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n    url=url, \n    method='POST', \n    headers=headers, \n    body=data,\n    callback=self.parse, \n    meta={'period': t}, \n    errback=self.err,\n    cb_kwargs={'period': t,'page':0}\n)\n
    "},{"location":"crawler/#applicationx-www-form-urlencoded","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a

    post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n    url=url,\n    formdata=post_data,\n    errback=self.err,\n    callback = self.parse,\n    cookies = cookies,\n    cb_kwargs = {'id':'shixian','page':str(page)},\n    )\n

    \u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002

    "},{"location":"crawler/#selenium","title":"Selenium","text":"

    \u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8

    from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n    cur = -1\n    final = -1\n    try:\n        pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n    except:\n        print('Current page is not found')\n        return cur,final\n\n    for page in pages:\n        if 'active' in page.get_attribute('class'):\n            cur = int(page.text)\n        if 'number' in page.get_attribute('class'):\n            final = int(page.text)\n    return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n\"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n    \"\"\"\n    global CURRENT_PAGE\n    global CURRENT_TITLE\n    titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n    icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n    jscode = 'document.location = '+'\"'+config['url']+'\"'\n    driver.execute_script(jscode)\n    for title,svgs in zip(titles,icons):\n        svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n        print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n        if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n            continue\n        skip = False\n        for svg in svgs:\n            # if visible \n            if svg.get_attribute('style') == 'display: inline-block;':\n                svg.click()\n                time.sleep(7)\n                cls = driver.window_handles\n                if len(cls) > 1:\n                    time.sleep(20)\n                ok = archive_file(title.text,config)\n                if not ok:\n                    print(f'Failed to download {title.text}')\n                    while len(cls) > 1:\n                        driver.switch_to.window(cls[1])\n                        driver.close()\n                        driver.switch_to.window(cls[0])\n                        cls = driver.window_handles\n                    return (False, title.text)\n                cls = driver.window_handles\n                driver.switch_to.window(cls[0])\n    CURRENT_TITLE = None\n    CURRENT_PAGE += 1\n    return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n    SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n    yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n

    \u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a

    import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n    if op >= 200:\n        print('failed 200 times!')\n        break\n    p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n    print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n    op += 1\n\n    time.sleep(30)\n    if p.poll() == 0:\n        break\n    p.wait()\n
    "},{"location":"docker/","title":"Docker\u4f7f\u7528\u7b14\u8bb0","text":""},{"location":"docker/#docker_1","title":"\u5b89\u88c5docker","text":"

    \u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef

    "},{"location":"docker/#_1","title":"\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e","text":"

    \u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/lib/systemd/system/docker.service\u7684-g\u53c2\u6570\u6765\u6307\u5b9a\u4f4d\u7f6e\u3002\u53ef\u4ee5\u901a\u8fc7docker info\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002

    \u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002

    \u53e6\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a

    {\n\"data-root\": \"/home/docker\"\n}\n

    \u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a

    sudo cp -r /var/lib/docker /home/docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\nsudo systemctl status docker\n
    "},{"location":"docker/#_2","title":"\u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55","text":"

    \u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8

    docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx  -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
    \u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d--user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002

    \u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002

    \u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002

    \u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc

    "},{"location":"docker/#_3","title":"\u65b0\u5bb9\u5668\u521d\u59cb\u5316","text":"

    apt-get update\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential

    "},{"location":"docker/#_4","title":"\u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668","text":"

    \u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5

    "},{"location":"docker/#_5","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"
    docker exec -it <\u5bb9\u5668id> /bin/bash\n

    \u53ef\u4ee5Ctrl+D\u9000\u51fa

    "},{"location":"envs/","title":"\u73af\u5883\u914d\u7f6e","text":""},{"location":"envs/#_2","title":"\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"
    sudo apt update\nsudo apt install curl build-essential gcc make -y\n
    "},{"location":"envs/#rust","title":"rust\u5b89\u88c5\u4e0e\u66f4\u65b0","text":"
    curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n
    rustup update\n

    \u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)

    [source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
    "},{"location":"envs/#golang","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"
    go env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"envs/#ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"
    sudo apt install zsh\n

    curl\u548cwget\u4e8c\u9009\u4e00

    sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
    sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
    "},{"location":"envs/#git","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"

    \u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3

    git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
    "},{"location":"envs/#perf-ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"
    sudo apt-get install linux-tools-`uname -r`\n
    "},{"location":"envs/#ssh","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"
    evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
    "},{"location":"envs/#windowsmake","title":"Windows\u4e0b\u5b89\u88c5make","text":"

    \u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make

    "},{"location":"envs/#_3","title":"\u53c2\u8003\u6587\u7ae0","text":""},{"location":"fuzzing/","title":"\u6a21\u7cca\u6d4b\u8bd5\u57fa\u672c\u4ecb\u7ecd","text":"

    \u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f[^1]\uff1a

    1. \u4f7f\u7528\u7f16\u8bd1\u5668\u5411\u57fa\u672c\u5757\u8fb9\u7f18\u63d2\u6869\uff0c\u53ef\u4ee5\u51c6\u786e\u5730\u63d2\u6869\u5e76\u6613\u4e8e\u4f18\u5316\uff0c\u4f46\u9700\u8981\u6e90\u7801\u5df2\u77e5\u3002
    2. \u9759\u6001\u4e8c\u8fdb\u5236\u91cd\u5199\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u4ecd\u5728\u7814\u7a76\uff0c\u56e0\u4e3a\u9759\u6001\u4ee3\u7801\u63d2\u6869\u51c6\u786e\u6027\u96be\u4ee5\u4fdd\u8bc1\uff0c\u5e76\u4e14\u4f18\u5316\u80fd\u529b\u6709\u9650\u3002\u8fd9\u4e9b\u9650\u5236\u6761\u4ef6\u4f1a\u5f71\u54cd\u4ee3\u7801\u7387\u4fe1\u606f\u7684\u8d28\u91cf\u4e0e\u51c6\u786e\u6027\uff0c\u4ee5\u53ca\u4e8c\u8fdb\u5236\u91cd\u5199\u7684\u8868\u73b0\u3002
    3. \u52a8\u6001\u4e8c\u8fdb\u5236\u63d2\u6869\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u53ef\u4ee5\u5bb9\u6613\u3001\u51c6\u786e\u63d2\u5165\u4ee3\u7801\uff0c\u4f46\u662f\u52a8\u6001\u7ffb\u8bd1\u4e8c\u8fdb\u5236\u7684\u5f00\u9500\u53ef\u80fd\u5927\u5230\u4e0d\u80fd\u63a5\u53d7\u3002
    4. \u786c\u4ef6\u8f85\u52a9\u8ffd\u8e2a\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u5229\u7528\u5185\u7f6e\u7684\u786c\u4ef6\u8ffd\u8e2a\u6269\u5c55\uff0c\u5728\u8fd0\u884c\u65f6\u76f4\u63a5\u83b7\u53d6\u63a7\u5236\u6267\u884c\u6d41\u4fe1\u606f\u3002

    \u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a[^2]\uff1a

    Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.

    The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.

    Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.

    Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.

    Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.

    "},{"location":"fuzzing/#_2","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49

    "},{"location":"fuzzing/#aflnet","title":"AFLNET","text":"

    \u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002

    "},{"location":"fuzzing/#stateafl","title":"STATEAFL","text":"

    \u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002

    "},{"location":"fuzzing/#nsfuzz","title":"NSFuzz","text":"

    \u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002

    \u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002

    \u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002

    shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
    "},{"location":"fuzzing/#iothunter","title":"IoTHunter","text":"

    \u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002

    "},{"location":"fuzzing/#_3","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002

    \u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002

    \u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002

    "},{"location":"fuzzing/#dataflow","title":"DATAFLOW","text":"

    \u6e90\u7801

    \u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002

    [^1]: FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE [^2]: Intrusive v.s. non-intrusive tracing

    "},{"location":"git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"git/#github","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"

    \u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a

    \u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force\u53c2\u6570

    "},{"location":"git/#gitignore","title":"\u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6","text":"

    \u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09

    "},{"location":"git/#add","title":"\u64a4\u56deadd","text":"

    \u4f7f\u7528git add .\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .\u6765\u64a4\u56degit add . \u3002\uff08\u4f7f\u7528git status\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09

    "},{"location":"git/#gitgithub","title":"\u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee","text":"
    1. \u4f7f\u7528git config --global user.name \"<yourname>\"\u8bbe\u7f6e\u7528\u6237\u540d
    2. \u4f7f\u7528git config --global user.email \"<email>\"\u8bbe\u7f6e\u90ae\u7bb1
    3. \u4f7f\u7528ssh-keygen -t rsa -C \"<comments>\"\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09
    4. \u5728\u4e0a\u4e00\u6b65\u8fc7\u7a0b\u4e2d\u9ed8\u8ba4\u7684\u8def\u5f84\uff08\u6bd4\u5982~/.ssh\uff09\u627e\u5230id_rsa.pub\u6587\u4ef6\uff0c\u62f7\u8d1d\u5176\u5168\u90e8\u5185\u5bb9
    5. \u6253\u5f00github\uff0c\u53f3\u4e0a\u89d2\u5934\u50cf\uff0csettings\uff0c\u5de6\u4fa7\u7684SSH and GPG keys\uff0c\u7136\u540e\u7ed9SSH\u6dfb\u52a0\u8fd9\u4e2a\u516c\u94a5\u5373\u53ef

    ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528

    \u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile> \u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002

    \u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982

    Host github.com\n    HostName github.com\n    IdentityFile ~/.ssh/id_ed25519_user_github\n

    \u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002

    "},{"location":"git/#_1","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"

    \u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09

    "},{"location":"git/#_2","title":"\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93","text":"

    \u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002

    1. \u9996\u5148\u53d6\u6d88\u539f\u6765\u7684\u8fdc\u7a0b\u5206\u652f\u8ddf\u8e2agit remote rm <remote repo name>
    2. \u7136\u540e\u6dfb\u52a0\u81ea\u5df1\u7684\u4ed3\u5e93\u4f5c\u4e3a\u8fdc\u7a0bgit remote add <remote repo name> <repo url>

    \u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>

    \u8fd9\u91cc\u7684<remote repo name>\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002

    "},{"location":"git/#_3","title":"\u5b50\u6a21\u5757\u7684\u4e0b\u8f7d","text":"

    \u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002

    \u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002

    \u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull\u3002

    \u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6

    "},{"location":"git/#_4","title":"\u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539","text":"

    \u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log\u627e\u5230\u3002

    \u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002

    \u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>

    "},{"location":"git/#_5","title":"\u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528","text":"

    \u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002

    \u53ef\u4ee5\u4f7f\u7528git branch -a\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*\u7684\u662f\u5f53\u524dbranch\u3002

    \u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name> \u76f8\u5f53\u4e8e\u5148git branch <branch name> \u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002

    \u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a

    \u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>

    \u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>

    \u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002

    \u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002

    \u53ef\u4ee5\u7528git fetch --all\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"\u3002

    "},{"location":"git/#github-debug","title":"Github debug\u5408\u96c6","text":"

    \u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002

    "},{"location":"git/#git-clonegnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"

    \u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy

    \u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false

    "},{"location":"go/","title":"go","text":""},{"location":"go/#go_1","title":"go\u73af\u5883\u914d\u7f6e","text":"
    1. \u4ecehttps://go.dev/dl/\u4e0b\u8f7dArchive\u7684\u5305\uff0c\u89e3\u538b\u7f29\uff08\u6bd4\u5982\u5230~/.local\uff09\uff0c\u6dfb\u52a0\u5176\u4e2d\u7684bin\u76ee\u5f55\u5230PATH\u8def\u5f84
    2. \u56fd\u5185\u4f7f\u7528\u65f6\u8bbe\u7f6e\u4ee3\u7406
    go env -w GO111MODULE=on\ngo env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"go/#_1","title":"\u521b\u5efa\u5de5\u7a0b","text":"

    \u5de5\u7a0b\u4fdd\u5b58\u5728xxx/go/src/xxx\u4e0b\uff0c\u5e76\u5c06GOPATH=xxx/go\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d

    "},{"location":"go/#_2","title":"\u5feb\u901f\u5165\u95e8","text":"
    package main\nimport (\n\"fmt\"\n)\n\nfunc main() {\n//\u5faa\u73af\u8f93\u51fa\nfor i:=0; i<10; i++{\nfmt.Println(i)\n}\n}\n
    "},{"location":"interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":"
    1. [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing \u4e0d\u6b63\u786e\u7684\u9519\u8bef\u5904\u7406\u51fd\u6570\u672c\u8eab\u53ef\u80fd\u4e5f\u4f1a\u5e26\u6765\u65b0\u7684\u9519\u8bef\uff0c\u5c24\u5176\u662f\u5728\u505a\u4e00\u4e9b\u524d\u671f\u6e05\u7406\u5de5\u4f5c\u65f6\uff0c\u6267\u884c\u987a\u5e8f\u4e0d\u6b63\u786e\u4f1a\u5e26\u6765\u63d0\u6743\u3001\u5d29\u6e83\u4e0eDoS\u3002\u672c\u6587\u5e0c\u671b\u63a8\u65ad\u51fa\u9884\u671f\u7684\u6e05\u7406\u51fd\u6570\u3002
    2. [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck \u8003\u8651\u5230\u6570\u636e\u6d41\u5411\u7684\u5b9e\u4f53\uff0c\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u9690\u79c1\u89c4\u8303\u8fdb\u884c\u7814\u7a76\u5efa\u6a21\u3002
    3. [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub\u4e0a\u7531\u4e8e\u4e00\u4e9b\u4e0d\u5f53\u64cd\u4f5c\u53ef\u80fd\u4f1a\u5bfc\u81f4API\u5bc6\u94a5\u6cc4\u9732\u3002\u672c\u6587\u7814\u7a76\u8868\u660e\u8fd9\u79cd\u6cc4\u9732\u975e\u5e38\u7316\u7357\uff0c\u5e76\u4e14\u8fdc\u6ca1\u6709\u89e3\u51b3\u95ee\u9898\u3002
    "},{"location":"investigations/","title":"\u56db\u5927\u8c03\u67e5","text":"
    1. [Usenix Security 2022] \"I feel invaded, annoyed, anxious and I may protect myself\": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country
    2. [Usenix Security 2022] \"Like Lesbians Walking the Perimeter\": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
    3. [Usenix Security 2022] How and Why People Use Virtual Private Networks
    4. [Usenix Security 2021] \"It's the Company, the Government, You and I\": User Perceptions of Responsibility for Smart Home Privacy and Security
    5. [Usenix Security 2021] \"Shhh...be quiet!\" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
    6. [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
    7. [Usenix Security 2021] 'Passwords Keep Me Safe' \u2013 Understanding What Children Think about Passwords
    8. [Usenix Security 2021] \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
    9. [Usenix Security 2021] \"Now I'm a bit angry:\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
    10. [Usenix Security 2020] \"I am uncomfortable sharing what I can't see\": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications
    11. [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
    12. [Usenix Security 2020] An Observational Investigation of Reverse Engineers\u2019 Processes
    13. [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers
    14. [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports
    15. [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
    16. [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
    17. [NDSS 2019] A First Look into the Facebook Advertising Ecosystem
    "},{"location":"latex/","title":"latex\u57fa\u7840","text":""},{"location":"latex/#_1","title":"\u63a8\u8350\u5de5\u5177","text":"

    \u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c

    "},{"location":"latex/#latex_1","title":"\u82f1\u6587latex","text":"
    \\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
    "},{"location":"latex/#latex_2","title":"\u4e2d\u6587latex","text":"
    \\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}}    % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}}             % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}}          % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}}         % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}}               % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont}           % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont}          % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont}          % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont}        % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont}        % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont}            % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont}    % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont}            % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont}       % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont}    % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx}  \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n    \\begin{tikzpicture}\n    \\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n    \\draw (0,0) circle (#1);\n    \\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
    "},{"location":"linux-server/","title":"Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"linux-server/#pid","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"

    sudo ls -lah /proc/<pid>\n
    \u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f

    "},{"location":"linux-server/#_1","title":"\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"
    # \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u4e0d\u5e26echo\u81ea\u52a8\u52a0\u7684\u6362\u884c\necho -en '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program 
    "},{"location":"linux-server/#_2","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"

    \u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5

    lspci | grep VGA\n

    \u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09

    nvidia-smi\n
    "},{"location":"linux-server/#_3","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"
    htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
    "},{"location":"linux-server/#_4","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"
    ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
    "},{"location":"linux-server/#dns","title":"\u4fee\u6539DNS","text":"

    \u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf\u9632\u6b62\u4fee\u6539\u3002

    "},{"location":"linux-server/#_5","title":"\u7cfb\u7edf\u670d\u52a1","text":"

    systemctl status xxx\u68c0\u67e5\u67d0\u4e9b\u670d\u52a1\u8fd0\u884c\u72b6\u6001\uff0c\u53ef\u4ee5ls -lah /etc/systemd/system\u3001ls -lah /lib/systemd/system\u67e5\u8be2\u6709\u54ea\u4e9b\u670d\u52a1\u3002\u8b66\u60d5\u5947\u602a\u7684\u6570\u5b57service\uff0c\u53ef\u80fd\u662f\u75c5\u6bd2\u3002

    \u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1\u65f6\uff0c\u521b\u5efa/etc/systemd/system/xxx.service\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u5185\u5bb9\uff0c\u6bd4\u5982\u4e0b\u9762\u7684socat.service\uff1a

    [Unit]\nDescription=port forward 4320\n# \u542f\u52a8\u987a\u5e8f\uff08\u591a\u4e2a\u670d\u52a1\u4e2d\u95f4\u7528\u7a7a\u683c\u9694\u5f00\uff09\nAfter=network.target[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u540e\u542f\u52a8]\nBefore=[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u524d\u542f\u52a8]\n\n# \u4f9d\u8d56\u5173\u7cfb\nWants=[\u5f31\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\u4e0d\u5f71\u54cd\u5f53\u524d\u670d\u52a1]\nRequires=[\u5f3a\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\uff0c\u5f53\u524d\u670d\u52a1\u5fc5\u987b\u9000\u51fa]\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\nExecReload=[\u91cd\u542f\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStop=[\u505c\u6b62\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPre=[\u542f\u52a8\u670d\u52a1\u4e4b\u524d\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPost=[\u542f\u52a8\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\nExecStopPost=[\u505c\u6b62\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\n\n# \u542f\u52a8\u7c7b\u578b\n# simple\uff08\u9ed8\u8ba4\u503c\uff09\uff1aExecStart\u5b57\u6bb5\u542f\u52a8\u7684\u8fdb\u7a0b\u4e3a\u4e3b\u8fdb\u7a0b\n# forking\uff1aExecStart\u5b57\u6bb5\u5c06\u4ee5fork()\u65b9\u5f0f\u542f\u52a8\uff0c\u6b64\u65f6\u7236\u8fdb\u7a0b\u5c06\u4f1a\u9000\u51fa\uff0c\u5b50\u8fdb\u7a0b\u5c06\u6210\u4e3a\u4e3b\u8fdb\u7a0b\n# oneshot\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u53ea\u6267\u884c\u4e00\u6b21\uff0cSystemd \u4f1a\u7b49\u5b83\u6267\u884c\u5b8c\uff0c\u624d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# dbus\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u4f1a\u7b49\u5f85 D-Bus \u4fe1\u53f7\u540e\u542f\u52a8\n# notify\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u542f\u52a8\u7ed3\u675f\u540e\u4f1a\u53d1\u51fa\u901a\u77e5\u4fe1\u53f7\uff0c\u7136\u540e Systemd \u518d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# idle\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u662f\u8981\u7b49\u5230\u5176\u4ed6\u4efb\u52a1\u90fd\u6267\u884c\u5b8c\uff0c\u624d\u4f1a\u542f\u52a8\u8be5\u670d\u52a1\u3002\u4e00\u79cd\u4f7f\u7528\u573a\u5408\u662f\u4e3a\u8ba9\u8be5\u670d\u52a1\u7684\u8f93\u51fa\uff0c\u4e0d\u4e0e\u5176\u4ed6\u670d\u52a1\u7684\u8f93\u51fa\u76f8\u6df7\u5408\nType=[\u542f\u52a8\u7c7b\u578b]\n\n# \u5982\u4f55\u505c\u6b62\u670d\u52a1\n# control-group\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u5f53\u524d\u63a7\u5236\u7ec4\u91cc\u9762\u7684\u6240\u6709\u5b50\u8fdb\u7a0b\uff0c\u90fd\u4f1a\u88ab\u6740\u6389\n# process\uff1a\u53ea\u6740\u4e3b\u8fdb\u7a0b\n# mixed\uff1a\u4e3b\u8fdb\u7a0b\u5c06\u6536\u5230 SIGTERM \u4fe1\u53f7\uff0c\u5b50\u8fdb\u7a0b\u6536\u5230 SIGKILL \u4fe1\u53f7\n# none\uff1a\u6ca1\u6709\u8fdb\u7a0b\u4f1a\u88ab\u6740\u6389\uff0c\u53ea\u662f\u6267\u884c\u670d\u52a1\u7684 stop \u547d\u4ee4\u3002\nKillMode=[\u5982\u4f55\u505c\u6b62\u670d\u52a1]\n\n# \u91cd\u542f\u65b9\u5f0f\n# no\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u9000\u51fa\u540e\u4e0d\u4f1a\u91cd\u542f\n# on-success\uff1a\u53ea\u6709\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u4e3a0\uff09\uff0c\u624d\u4f1a\u91cd\u542f\n# on-failure\uff1a\u975e\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u975e0\uff09\uff0c\u5305\u62ec\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abnormal\uff1a\u53ea\u6709\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abort\uff1a\u53ea\u6709\u5728\u6536\u5230\u6ca1\u6709\u6355\u6349\u5230\u7684\u4fe1\u53f7\u7ec8\u6b62\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-watchdog\uff1a\u8d85\u65f6\u9000\u51fa\uff0c\u624d\u4f1a\u91cd\u542f\n# always\uff1a\u4e0d\u7ba1\u662f\u4ec0\u4e48\u9000\u51fa\u539f\u56e0\uff0c\u603b\u662f\u91cd\u542f\nRestart=[\u670d\u52a1\u9000\u51fa\u540e\uff0cSystemd \u7684\u91cd\u542f\u65b9\u5f0f]\n\nRestartSec=[\u8868\u793a Systemd \u91cd\u542f\u670d\u52a1\u4e4b\u524d\uff0c\u9700\u8981\u7b49\u5f85\u7684\u79d2\u6570]\n\n[Install]\nWantedBy=multi-user.target\n# \u6267\u884c sytemctl enable **.service\u547d\u4ee4\u65f6\uff0c**.service\u7684\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\uff0c\u5c31\u4f1a\u653e\u5728/etc/systemd/system/multi-user.target.wants\u5b50\u76ee\u5f55\u4e2d\n# \u6267\u884csystemctl get-default\u547d\u4ee4\uff0c\u83b7\u53d6\u9ed8\u8ba4\u542f\u52a8Target\n# multi-user.target\u7ec4\u4e2d\u7684\u670d\u52a1\u90fd\u5c06\u5f00\u673a\u542f\u52a8\n# \u5e38\u7528Target\uff0c1. multi-user.target-\u591a\u7528\u6237\u547d\u4ee4\u884c\uff1b2. graphical.target-\u56fe\u5f62\u754c\u9762\u6a21\u5f0f\nWantedBy=[\u8868\u793a\u8be5\u670d\u52a1\u6240\u5728\u7684Target]\n
    "},{"location":"linux-server/#_6","title":"\u5b9a\u65f6\u670d\u52a1","text":"

    \u5b9a\u65f6\u7a0b\u5e8f\u6267\u884c\u5931\u8d25\u7684\u539f\u56e0\u662f\u591a\u6837\u7684\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b9a\u65f6\u670d\u52a1\u6ca1\u542f\u52a8\uff0c\u9700\u8981systemctl restart cron.service\uff0c\u6216\u8005\u662fcron\u670d\u52a1\u574f\u6389\u4e86\uff0c\u5148apt install cron --reinstall\u5f3a\u5236\u91cd\u65b0\u5b89\u88c5\u4e0b\uff0c\u518d\u91cd\u542f\u670d\u52a1\uff0c\u6216\u8005\u662f\u5b89\u88c5\u4e86\u522b\u7684\u4f9d\u8d56\u5e93\u4f46\u662f\u6ca1\u6709\u91cd\u542fcron\u5bfc\u81f4\u8fd0\u884c\u5931\u8d25\uff0c\u8bd5\u8bd5/etc/init.d/cron restart\u3002

    "},{"location":"linux-server/#_7","title":"\u53c2\u8003\u8d44\u6599","text":"
    1. systemd\u76f8\u5173\u8d44\u6599
    "},{"location":"openssh/","title":"OpenSSH\u9605\u8bfb\u7b14\u8bb0","text":""},{"location":"openssh/#_1","title":"\u51c6\u5907\u5de5\u4f5c","text":"

    (\u4ee5\u4e0b\u5747\u5728wsl\u7684root\u7528\u6237) ubuntu\u7cfb\u7edf\uff0c\u5148\u9884\u88c5\u4e0b\u73af\u5883\uff1a

    apt install build-essential autoconf zlib1g-dev libssl-dev\n

    \u4e0b\u8f7d\u6e90\u7801\uff0c\u76f4\u63a5\u4eceGithub\u94fe\u63a5\u4e0b\u8f7dzip\u5230\u672c\u5730\u89e3\u538b\uff0c\u4e5f\u53ef\u4ee5\u7528git clone\uff1a

    git clone --depth 1 https://github.com/openssh/openssh-portable.git\n

    \u4e3a\u4e86\u9632\u6b62\u4e4b\u540emake install\u51fa\u7684\u6587\u4ef6\u8986\u76d6\u7cfb\u7edf\u81ea\u5df1\u7684ssh\uff0c\u8fd9\u91cc\u6307\u5b9aconfigure\u5c06\u4e4b\u540e\u7f16\u8bd1\u51fa\u7684\u6587\u4ef6\u653e\u5230\u9879\u76ee\u7684/output\u6587\u4ef6\u5939\u4e0b\u3002\u6309readme\u7684Building from git\u7684\u65b9\u6cd5\uff0c\u8fdb\u5165openssh\u6240\u5728\u76ee\u5f55\u540e\uff0c\u8fd0\u884c\uff1a

    autoreconf\n./configure --prefix=`pwd`/output\nmake\n

    \u6b64\u65f6\u76f8\u5173\u53ef\u6267\u884c\u6587\u4ef6\u5df2\u7ecf\u7f16\u8bd1\u5b8c\u6bd5\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u6e05\u6670\u663e\u793a\uff0c\u53ef\u4ee5\u8fd0\u884cmake install\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u7684output\u6587\u4ef6\u5939\u4e0b\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u7ed3\u6784\u3002

    "},{"location":"picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"

    Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)

    RR: A Fault Model for Efficient TEE Replication (NDSS 2023)

    No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)

    FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)

    Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer

    A Survey on Adversarial Attacks for Malware Analysis

    Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)

    A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)

    Structural Attack against Graph Based Android Malware Detection (CCS 2021)

    Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)

    Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)

    P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)

    Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)

    REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)

    What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)

    Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)

    POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis

    A Survey on Software Fault Localization (TSE 2016)

    "},{"location":"porting/","title":"\u6298\u817e\u7f51\u7ad9","text":""},{"location":"porting/#_2","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"

    \u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002

    "},{"location":"porting/#sslh","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"

    \u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh\uff1a

    # Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --anyprot 127.0.0.1:2008 -F /etc/sslh/sslh.cfg --pidfile /var/run/sslh/sslh.pid\"\n

    \u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002

    \u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a

    \u7136\u540esystemctl enable sslh\u3001systemctl start sslh\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002

    \u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F\uff08\u6216--config\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002

    \u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002

    config\u6587\u4ef6\u6307\u5b9a\u5339\u914d\u89c4\u5219\u7684\u4f8b\u5b50\u5982\u4e0b\u6240\u793a\uff08\u7247\u6bb5\uff09

    protocols:\n(\n{ name: \"http\"; host: \"127.0.0.1\"; port: \"808\"; },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"443\"; sni_hostnames: [ \"remote.c01dkit.com\" ]; tfo_ok: true },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"7000\"; sni_hostnames: [ \"project-frp\" ]; tfo_ok: true },\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"60000\"; regex_patterns: [ \"^SSH-2.0-Go\\x0d$\", \"^SSH-2.0-OpenSSH\\x0d$\" ]; },\n);\n
    "},{"location":"porting/#ssh","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"

    \u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002

    Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
    "},{"location":"porting/#nginxhttphttps","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"

    \u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a

    user  c01dkit;\nworker_processes  1;\n\nevents {\n    worker_connections  1024;\n}\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n    sendfile        on;\n    keepalive_timeout  65;\n    server_tokens off;\n    server {\n        listen       1284;\n        listen       127.0.0.1:1284;\n        charset utf-8;\n        server_name  xxxx.c01dkit.com;\n        if ($scheme = http ) {\n            return 301 https://$host:xxxx$request_uri;  \n        }\n        error_page  404              /404.html;\n    }\n\n    server {\n        listen       127.0.0.1:443 ssl ;\n        listen       443 ssl ;\n        listen       [::]:443 ssl ;\n        server_name  xxxx.c01dkit.com;\n        charset utf-8;\n        ssl_certificate      xxxx/fullchain.pem;\n        ssl_certificate_key  xxxx/privkey.pem;\n\n        ssl_session_cache    shared:SSL:1m;\n        ssl_session_timeout  5m;\n\n        ssl_ciphers  HIGH:!aNULL:!MD5;\n        ssl_prefer_server_ciphers  on;\n\n        location / {\n            root   xxxxx;\n            index  index.html index.htm;\n            error_page  404              /404.html;\n\n        }\n        location ~ \\.php$ {\n            fastcgi_pass   unix:/run/php/php8.1-fpm.sock;\n            fastcgi_index  index.php;\n            fastcgi_param  SCRIPT_FILENAME  xxxx/www$fastcgi_script_name;\n            include        fastcgi_params;\n            error_page  404              /404.html;\n        }\n    }\n\n}\n

    \u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66\u7ae0\u8282\u3002

    \u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a

    nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n

    \u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063

    "},{"location":"porting/#iptablessslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"

    \u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002

    iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002

    \u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a

    # Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h  dom mon dow   command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002

    "},{"location":"porting/#https","title":"https\u8bc1\u4e66","text":"

    \u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002

    \u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh \u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a

    echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n

    \u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002

    \u6b64\u5916\uff0c\u65b0\u627e\u5230\u4e00\u4e2a\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728web\u7aef\u914d\u7f6e\u65b0\u8bc1\u4e66\u7684\u7f51\u7ad9\uff1ahttps://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html

    "},{"location":"proxy/","title":"\u4ee3\u7406\u8f6c\u53d1","text":""},{"location":"proxy/#_2","title":"\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","text":"

    \u53ef\u4ee5\u4f7f\u7528zerotier\uff0c\u767b\u5f55\u4ee5\u540e\u521b\u5efa\u4e00\u4e2a\u7f51\u7edc\u3002\u7136\u540e\u9700\u8981\u7ec4\u5c40\u57df\u7f51\u7684\u8bbe\u5907\u4e0b\u8f7dzerotier\u4ee5\u540ejoin\u4e0a\u5c31\u884c\u4e86\u3002

    "},{"location":"proxy/#_3","title":"\u5185\u7f51\u7a7f\u900f","text":"

    \u9700\u8981\u516c\u7f51\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u5728\u963f\u91cc\u4e91\u79df\u4e00\u4e2a

    \u4e00\u79cd\u65b9\u6cd5\u662ffrp

    \u53e6\u4e00\u79cd\u65b9\u6cd5\u662fssh\u6b63\u5411\u8fde\u63a5\u914d\u5408\u53cd\u5411\u8fde\u63a5\uff1a

    \u9996\u5148\u5185\u7f51\u670d\u52a1\u5668\u5f00\u4e2ascreen\u8fd0\u884cssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port\u8fde\u63a5\u5230\u4e91\u670d\u52a1\u5668\u4e0a\u3002\u8fd9\u6837\u7684\u8bdd\u670d\u52a1\u5668\u8bbf\u95ee127.0.0.1:1234\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u5185\u7f51\u7684127.0.0.1:22\u3002\u7136\u540e\u9700\u8981\u8fde\u63a5\u5185\u7f51\u7684\u4e3b\u673a\u4e5f\u5f00\u4e2ascreen\u8fd0\u884cssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port\uff0c\u8fd9\u6837\u7684\u8bdd\u8be5\u4e3b\u673a\u8bbf\u95ee\u81ea\u5df1127.0.0.1:2345\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u4e91\u670d\u52a1\u5668\u7684127.0.0.1:1234\u3002\u7136\u540e\u8be5\u4e3b\u673a\u518d\u5f00\u4e00\u4e2a\u7ec8\u7aef\uff0cssh user@127.0.0.1 -p 2345\u5373\u53ef\u3002

    "},{"location":"proxy/#_4","title":"\u5b50\u7f51\u8f6c\u53d1","text":"

    \u5e0c\u671b\u5c06\u67d0\u7aef\u53e3\u6536\u5230\u7684\u6d88\u606f\u8f6c\u53d1\u5230\u5176\u4ed6\u4e3b\u673a\u7684\u67d0\u4e00\u7aef\u53e3\uff0c\u53ef\u4ee5\u8bd5\u8bd5socat\uff0c\u6bd4\u5982socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\uff0c\u53ef\u4ee5\u628a4320\u7aef\u53e3\u6536\u5230\u7684TCP4\u6570\u636e\u5305\u8f6c\u53d1\u5230\u5b50\u7f5110.244.55.25\u768480\u7aef\u53e3\uff0c\u914d\u5408zerotier\u53ef\u4ee5\u5b9e\u73b0\u5185\u7f51\u5bf9\u5916\u5f00\u653e\u7aef\u53e3\u3002

    "},{"location":"pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"

    \u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b

    "},{"location":"pwn-college-cse365-spring2023/#talking-web","title":"Talking Web \u5b66\u4e60\u7b14\u8bb0","text":"

    \u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF

    \u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF

    \u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a

    HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment

    \u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding

    POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type

    \u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\"a\":\"xx\"}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob

    RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002

    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"pwn-college-cse365-spring2023/#building-a-web-server","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"

    \u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002

    \u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a

    // int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n *   uint16_t sa_family;\n *   uint8_t  sa_data[14];   \n * }\n * \n * struct sockaddr_in {\n *   uint16_t sin_family;\n *   uint16_t sin_port;\n *   uint32_t sin_addr;\n *   uint8_t  __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":"
    start\nbreak *main+42\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x32)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
    start\ncatch syscall read\ncommands\n    silent\n    if ($rdi == 42)\nset $rdi = 0\nend\n    continue\nend\ncontinue\n
    "},{"location":"pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002

    \u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a

    \u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002

    Level 1

    Send an HTTP request using curl

    curl http://127.0.0.1\n

    Level 2

    Send an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\n

    Level 3

    Send an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 4

    Set the host header in an HTTP request using curl

    curl -H 'host:xxxxx' http://127.0.0.1\n

    Level 5

    Set the host header in an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n

    Level 6

    Set the host header in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n

    Level 7

    Set the path in an HTTP request using curl

    curl http://127.0.0.1/xxxxx\n

    Level 8

    Set the path in an HTTP request using nc

    nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n

    Level 9

    Set the path in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n

    Level 10~12

    URL encode a path in an HTTP request using curl/nc/python

    \u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef

    Level 13~15

    Specify an argument in an HTTP request using curl/nc/python

    GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef

    nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762

    Level 16~18

    Specify multiple arguments in an HTTP request using curl/nc/python

    \u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389

    Level 19~21

    Include form data in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n

    Level 22~24

    Include form data with multiple fields in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n

    Level 25~27

    Include json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' |  nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n

    Level 28~30

    Include complex json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n

    Level 31~33

    Follow an HTTP redirect from HTTP response using curl/nc/python

    #curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 34~36

    Include a cookie from HTTP response using curl/nc/python

    #curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 37~39

    Make multiple requests in response to stateful HTTP responses using curl/nc/python

    #curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v #nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002

    Level 1

    In this level you will work with registers_use! Please set the following: rdi = 0x1337

    from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
    \u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run\u5373\u53ef\u3002

    Level 2

    asm('add rdi,0x331337')\n

    Level 3

    asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n

    Level 4

    \u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002

    asm('mov rax, rdi;div rsi')\n

    Level 5

    asm('mov rax, rdi;div rsi;mov rax, rdx')\n

    Level 6

    \u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002

    asm('mov al, dil;mov bx, si')\n

    Level 7

    shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09

    asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n

    Level 8

    and reg1, reg2\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002

    asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n

    Level 9

    \u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002

    asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n

    Level 10

    \u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002

    asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n

    Level 11

    \u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002

    asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n

    Level 12

    \u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002

    asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n

    Level 13

    asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n

    Level 14

    asm('pop rax;sub rax,rdi; push rax')\n

    Level 15

    \u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668

    asm('push rdi; push rsi; pop rdi; pop rsi')\n

    Level 16

    \u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09

    asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n

    Level 17

    \u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002

    asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n

    Level 18

    \u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n    add eax, [rdi+8]\n    add eax, [rdi+12]\n    jmp done\ncase2:\n    sub eax, [rdi+8]\n    sub eax, [rdi+12]\n    jmp done\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 19

    jmp [reg + offset]\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002

    asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n

    Level 20

    \u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n    cmp rcx, rsi\n    je done\n    add rax, [rdi + 8 * rcx]\n    add rcx, 1\n    jmp loop\ndone:\n    div rsi\n\"\"\"\n\nprint(asm(payload))\n

    Level 21

    \u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 22

    \u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9\u8fdb\u884c\u4f20\u53c2\u3001rax\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n    mov bl, [rdx]\n    test bl,bl\n    jz done\n    cmp bl, 0x5a\n    jg notif\n    mov rax, 0x403000\n    xor rdi, rdi\n    mov dil, bl\n    call rax\n    mov [rdx], al\n    add rcx, 1\nnotif:\n    add rdx, 1\n    jmp loop\ndone:\n    mov rax, rcx\n    ret\n\"\"\"\n\nprint(asm(payload))\n

    Level 23

    \u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002

    from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n    cmp rcx, rdx\n    jg loop1_end\n    mov al, [rdi + rcx]\n    mov r8, rbp\n    mov r9, rax\n    imul r9, 4\n    sub r8, r9\n    mov ebx, [r8]\n    add ebx, 1\n    mov [r8], ebx\n    add rcx, 1\n    jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n    cmp rcx, 0xff\n    jg loop2_end\n    mov r8, rbp\n    mov r9, rcx\n    imul r9, 4\n    sub r8, r9\n    mov edx, [r8]\n    cmp edx, ebx\n    jle loop2_conti\n    mov rbx, rdx\n    mov rax, rcx\nloop2_conti:\n    add rcx, 1\n    jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
    "},{"location":"pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"

    \u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002

    \u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c

    Level 1

    \u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a

    ===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0)                                 = ?\n+++ exited with 0 +++\n

    \u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002

    \u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server\u5373\u53ef\u3002

    \u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002

    \u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a

    hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n

    \u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86

    Level 2

    In this challenge you will create a socket.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    # create a socket\n    mov rdi, 2 # AF_INET\n    mov rsi, 1 # SOCK_STREAM\n    mov rdx, 0 # IPPROTO_IP\n    mov rax, 41 # sys_socket\n    syscall\n\n    push rax\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n

    Level 3

    In this challenge you will bind an address to a socket.

    \u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n

    \u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\npush rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, rax # socket_fd\npush 0x50000002 # AF_INET(2) and PORT(80) in big endian\nmov rsi, rsp # sockaddr_in\npush 0x0 # IP(0.0.0.0)\npush 0x0 # padding\npush 0x0 # padding\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n

    Level 4

    In this challenge you will listen on a socket.

    \u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 5

    In this challenge you will accept a connection.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 6

    In this challenge you will respond to an http request.

    \u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\nrequest:  .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 7

    In this challenge you will respond to a GET request for the contents of a specified file.

    \u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002

    open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e\\0\uff09\u3002

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0)                            = 0\n[\u2713] accept(3, NULL, NULL)                   = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY)      = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5)                                = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4)                                = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n

    \u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 8

    In this challenge you will accept multiple requests.

    \u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 9

    In this challenge you will concurrently accept multiple requests.

    \u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 10

    In this challenge you will respond to a POST request with a specified file and update its contents.

    \u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\"\\r\\n\\r\\n\"\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 11

    In this challenge you will respond to multiple concurrent GET and POST requests.

    \u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# check GET or POST\nmov eax, request\nmov ebx, requestget\ncmp eax, ebx\nje handle_get\nmov ebx, requestpost\ncmp eax, ebx\nje handle_post\n\njmp program_exit\n\nhandle_get:\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\njmp program_exit\n\nhandle_post:\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\nprogram_exit:\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"

    Level 1

    \u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002

    Level 2

    \u672c\u5173run\u4ee5\u540ep/x $r12\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002

    Level 3

    \u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002

    Level 4

    \u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0\uff0cset $pc=xxx\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002

    Level 5

    \u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002

    run\u540e\u5148disas $pc\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a

    0x000055981a8ccd40 <+666>:   mov    esi,0x0\n0x000055981a8ccd45 <+671>:   lea    rdi,[rip+0xd5e]        # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>:   mov    eax,0x0\n0x000055981a8ccd51 <+683>:   call   0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>:   mov    ecx,eax\n0x000055981a8ccd58 <+690>:   lea    rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>:   mov    edx,0x8\n0x000055981a8ccd61 <+699>:   mov    rsi,rax\n0x000055981a8ccd64 <+702>:   mov    edi,ecx\n0x000055981a8ccd66 <+704>:   call   0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>:   lea    rdi,[rip+0xd46]        # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>:   call   0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>:   lea    rdi,[rip+0xd5a]        # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>:   mov    eax,0x0\n0x000055981a8ccd83 <+733>:   call   0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>:   lea    rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>:   mov    rsi,rax\n0x000055981a8ccd8f <+745>:   lea    rdi,[rip+0xd51]        # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>:   mov    eax,0x0\n0x000055981a8ccd9b <+757>:   call   0x55981a8cc260 <__isoc99_scanf@plt>\n

    \u731c\u6d4b\u57280x000055981a8ccd51\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002

    \u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002

    start\nbreak *main+716\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x18)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n

    \u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002

    Level 6

    \u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002

    Level 7

    \uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f

    Level 8

    \u76f4\u63a5\u8c03\u7528call (void)win()\uff0c\u53ef\u4ee5disas *win\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002

    0x0000556609b49951 <+0>:     endbr64\n0x0000556609b49955 <+4>:     push   rbp\n0x0000556609b49956 <+5>:     mov    rbp,rsp\n0x0000556609b49959 <+8>:     sub    rsp,0x10\n0x0000556609b4995d <+12>:    mov    QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>:    mov    eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>:    lea    edx,[rax+0x1]\n0x0000556609b4996e <+29>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>:    mov    DWORD PTR [rax],edx\n0x0000556609b49974 <+35>:    lea    rdi,[rip+0x73e]        # 0x556609b4a0b9\n0x0000556609b4997b <+42>:    call   0x556609b49180 <puts@plt>\n

    \u53ef\u89c1\u57280x0000556609b49969\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002

    \u4f9d\u6b21\u6267\u884c\uff1abreak *win\uff0ccall (void)win()\uff0cset $rip=*win+35\uff0cc\u5373\u53ef\u3002

    Level 1.0

    Reverse engineer this challenge to find the correct license key.

    \u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002

    \u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002

    Level 1.1

    Reverse engineer this challenge to find the correct license key.

    \u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5c <address>\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002

    \u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002

    Level 2.0

    Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

    \u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002

    Level 2.1

    \u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a

    0x5584f463251f:      lea    rax,[rbp-0xe]\n0x5584f4632523:      mov    edx,0x5\n0x5584f4632528:      mov    rsi,rax\n0x5584f463252b:      mov    edi,0x0\n0x5584f4632530:      call   0x5584f46321a0 <read@plt>\n0x5584f4632535:      movzx  eax,BYTE PTR [rbp-0xe]\n0x5584f4632539:      mov    BYTE PTR [rbp-0x10],al\n0x5584f463253c:      movzx  eax,BYTE PTR [rbp-0xd]\n0x5584f4632540:      mov    BYTE PTR [rbp-0xf],al\n0x5584f4632543:      movzx  eax,BYTE PTR [rbp-0xf]\n0x5584f4632547:      mov    BYTE PTR [rbp-0xe],al\n0x5584f463254a:      movzx  eax,BYTE PTR [rbp-0x10]\n0x5584f463254e:      mov    BYTE PTR [rbp-0xd],al\n0x5584f4632551:      lea    rdi,[rip+0xdb0]        # 0x5584f4633308\n0x5584f4632558:      call   0x5584f4632140 <puts@plt>\n0x5584f463255d:      lea    rax,[rbp-0xe]\n0x5584f4632561:      mov    edx,0x5\n0x5584f4632566:      lea    rsi,[rip+0x2aa3]        # 0x5584f4635010\n0x5584f463256d:      mov    rdi,rax\n0x5584f4632570:      call   0x5584f46321b0 <memcmp@plt>\n

    \u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5c 0x5584f4635010\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002

    Level 3.0-3.1

    \u8fd0\u884c\u7a0b\u5e8f\uff0c\u968f\u4fbf\u8f93\u51e0\u4e2a\u6570\u3002\u663e\u5f0f\u544a\u8bc9\u4e86\u89c4\u5219\u662f\u9006\u5e8f\uff0c\u53c8\u628a\u6b63\u786e\u7b54\u6848\u6253\u5370\u51fa\u6765\u4e86\u3002

    3.1\u731c\u6d4b\u548c3.0\u4e00\u6837\u4e5f\u662f\u9006\u5e8f\u3002\u76f4\u63a5\u63092.1\u7684\u65b9\u6cd5\u770b\u4e00\u4e0b[rbp-0xe]\u5904\u7684\u503c\u7136\u540e\u9006\u5e8f\u8f93\u5165\u5c31\u884c\u3002

    Level 4.0-4.1

    \u89c4\u5219\u662f\u8fdb\u884c\u9012\u589e\u6392\u5e8f\u3002\u8fd9\u4e0b\u53ea\u9700\u8981\u5305\u542b\u8fd9\u4e9b\u5b57\u6bcd\u5c31\u884c\u3002\uff08\u8fd9\u4e0d\u662f\u66f4\u7b80\u5355\u4e86\u2026\u2026\uff09

    Level 5.0-5.1

    \u8fd9\u9053\u9898\u662f\u5bf9\u8f93\u5165\u5b57\u7b26\u8fdb\u884c\u5f02\u6216\u3002\u7b80\u5355\u5199\u4e86\u4e2apython\uff0c\u5728\u63a7\u5236\u53f0\u4ea4\u4e92\u65f6\u8fd0\u884c\u4e0b\uff1a

    tx = lambda x:int(x,16)\n''.join([chr(i^0xb8) for i in [tx(a) for a in 'd6 d5 d6 cf da'.split() ]])\n

    5.1\u548c5.0\u7c7b\u4f3c\uff0c\u4eff\u7167\u4e4b\u524d\u7684\u65b9\u6cd5\u53ef\u4ee5\u770b\u5230\u5f02\u6216\u7528\u7684\u662f0x1c\u3002

    Level 6.0

    \u8fd9\u9053\u9898\u7ed3\u5408\u4e86\u4ea4\u6362\u3001\u5f02\u6216\u3001\u9006\u5e8f\u4e09\u79cd\u64cd\u4f5c\uff0c\u5e72\u8106\u5199\u4e2a\u811a\u672c\u5904\u7406\u4e0b\u5427\u3002

    def do_reverse(li):\n    return li[::-1]\n\ndef do_swap(li, idx1, idx2):\n    li[idx1], li[idx2] = li[idx2], li[idx1]\n    return li\n\ndef do_xor(li, key):\n    xor_li = []\n    while key > 0:\n        xor_li.insert(0, key & 0xff)\n        key >>= 8\n    for i in range(len(li)):\n        li[i] ^= xor_li[i % len(xor_li)]\n    return li\n\ndef do_sort(li):\n    li.sort()\n    return li\n\ndef sanitize(s):\n    if type(s) is str:\n        f = lambda tx: int(tx,16)\n        return [f(i) for i in s.split()]\n    if type(s) is list:\n        return ''.join([chr(i) for i in s])\n\nprint(sanitize(do_swap(do_xor(do_reverse(sanitize('51 90 52 86 58 98 4d 81 4b 84 4f 9a 57 8c 51 91 56')),0x3ef5),5,6)))\n

    6.1\u6709\u70b9\u5947\u602a\uff0c\u770b\u6c47\u7f16\u597d\u50cf\u662f\u5148\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9010\u5b57\u8282\u4e0e0xbb\u5f02\u6216\u3002\u597d\u50cf\u548c5.0\u7684\u7f6e\u6362-\u5f02\u6216-\u9006\u5e8f\u4e0d\u4e00\u6837\u7684\uff1f\u53ef\u80fd\u662f\u968f\u673a\u9009\u62e9\u7b56\u7565\u5427\u3002

    Level 7.0-7.1

    7.0\u7528\u4e0a\u4e00\u4e2a\u811a\u672c\u5373\u53ef\u3002

    print(sanitize(do_swap(do_sort(do_xor(do_swap(do_xor(sanitize(' 16 34 42 00 13 31 46 0d 1c 3b 4e 15 05 22 52 10 04 22 54 1c 0f 2e 59 1d 0e 2f 5b'),0x85a4d396),13,16),0xf2)),7,10)))\n

    7.1\u662f\u5148\u548c0x15ca\u5f02\u6216\uff0c\u7136\u540e\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9012\u589e\u6392\u5e8f

    print(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0x15ca)))\nprint(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0xca15)))\n\n#u\u00abq\u00acr\u00a6e\u00bad\u00beb\u00b6i\u00b7jo\u00b0o\u00bda\u00bee\u00a5y\u00ads\u00afq\n#\u00aat\u00aes\u00ady\u00bae\u00bba\u00bdi\u00b6h\u00b5\u00b0o\u00b0b\u00bea\u00baz\u00a6r\u00acp\u00ae\n#\u7136\u540e\u628a\u4e24\u4e2a\u7ed3\u679c\u4e2d\u5b57\u6bcd\u6392\u8d77\u6765\n#utqsryeedabiihjooobaaezyrspq\n
    "},{"location":"pwn-college-cse365-spring2023/#_1","title":"\u603b\u7ed3","text":"

    CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01

    "},{"location":"python/","title":"Python","text":""},{"location":"python/#_1","title":"\u4e00\u4e9b\u5c0f\u70b9","text":""},{"location":"python/#_2","title":"\u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027","text":"

    obj.__dir__() \u6216\u8005dir(obj)

    "},{"location":"python/#argparse","title":"\u53c2\u6570\u89e3\u6790\uff1aargparse","text":"

    \u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install --upgrade, pip3 install --force-reinstall\u7b49\u7b49\u3002

    import argparse\n\ndef populate_parser(parser):\n    parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n    parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n    parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n    # Verbosity switches\n    parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n    parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
    "},{"location":"python/#yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"

    \u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305

    import yaml\n\nwith open('config.yml', 'rb') as f:\n    data = yaml.load(f, Loader=yaml.FullLoader)\n    print(data)\n

    \u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09

    \u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6

    item:\ntest1: 1\ntest2: 2\ntest2.1: TRUE\ntest2.2: true\ntest2.3: True\nmatters:\ntest3: 3\n3: 333\ntest4: 4\ntest5: ${item.test1}\ntest6: a b c d\ntest7: 

    \u4f1a\u88ab\u8bc6\u522b\u4e3a

    {'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
    "},{"location":"python/#logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"

    \u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002

    import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n

    \u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f

    import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n

    \u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)

    "},{"location":"python/#_3","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"

    \u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002

    import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n    event_id, pc, cnt = bb_regex.match(line).groups()\n\n    event_id = int(event_id, 16)\n    pc = int(pc, 16)\n    cnt = int(cnt)\n\n    return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n    pc, addr, mode = line.split(\" \")\n    return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n    try:\n        with open(filename, \"r\") as f:\n            return [line_parser(line) for line in f.readlines() if line]\n    except FileNotFoundError:\n        return []\n\ndef parse_bbl_trace(filename):\n    return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n    return _parse_file(filename, parse_mmio_set_line)\n
    "},{"location":"python/#capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"

    Cap'n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a

    // test.capnp\nstruct TraceEvent {\nunion {\nbasicBlock @0 :BasicBlock;\naccess @1 :Access;\n}\n}\n\nstruct BasicBlock {\npc @0 :UInt32;\nlr @1 :UInt32;\n}\n\nstruct Access {\ntarget @0 :AccessTarget;\ntype @1 :AccessType;\nsize @2 :UInt8;\npc @3 :UInt32;\n}\n\nenum AccessTarget {\nram @0;\nmmio @1;\n}\nenum AccessType {\nread @0;\nwrite @1;\n}\n
    \u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a

    import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n    if event.which() == 'basicBlock':\n        print(event.basicBlock.pc)\ntrace_file.close()\n
    "},{"location":"python/#_4","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"

    \u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal

    pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n    if timeout_seconds != 0:\n        def handler(signal_no, stack_frame):\n            pipeline.request_shutdown()\n\n        # spin up an alarm for the time\n        signal.signal(signal.SIGALRM, handler)\n        signal.alarm(timeout_seconds)\n\n    pipeline.start()\nexcept Exception as e:\n    logger.error(f\"Got exception, shutting down pipeline: {e}\")\n    import traceback\n    traceback.print_exc()\n    status = 1\n
    "},{"location":"python/#hexintelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"

    fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc

    from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n    0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n    0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n    ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n    ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n    # Check if the address is consecutive with the current data\n    if current_address is None or address == current_address + len(current_data):\n        if current_address is None:\n            current_address = address\n        current_data += bytes([ih[address]])\n    else:\n        # Save the previous data and start a new block\n        restored_data[current_address] = current_data\n        current_address = address\n        current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n    restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
    "},{"location":"python/#_5","title":"\u53c2\u8003\u8d44\u6599","text":""},{"location":"rca/","title":"\u6839\u56e0\u5206\u6790","text":"

    \u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002

    \u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002

    \u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002

    \u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a

    1. \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5(Spectrum-based)\u3002\u5927\u6982\u601d\u8def\u662f\u4e0d\u9700\u8981\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u7684\u8bed\u4e49\u4fe1\u606f\uff0c\u5229\u7528\u4e00\u4e9b\u7edf\u8ba1\u5b66\u7684\u65b9\u6cd5\u6765\u5206\u6790\u54ea\u4e9b\u6307\u4ee4\u6709\u95ee\u9898\u3002\u8fd9\u7c7b\u65b9\u6cd5\u57fa\u4e8e\u8fd9\u6837\u4e00\u4e2a\u573a\u666f\uff1a\u5047\u8bbe\u6211\u4eec\u6709\u4e00\u5927\u6279\u76f8\u4f3c\u7684\u6d4b\u8bd5\u6837\u4f8b\uff0c\u5176\u4e2d\u6709\u4e9b\u4f1a\u5bfc\u81f4\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6709\u4e9b\u4e0d\u4f1a\uff0c\u90a3\u4e48\u8fd9\u4e24\u7c7b\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u504f\u597d\u3002\u90a3\u4e48\u90a3\u4e9b\u66f4\u503e\u5411\u4e8e\u5728\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b\u4e2d\u6267\u884c\u7684\u6307\u4ee4\u66f4\u6709\u53ef\u80fd\u662froot cause\u3002
    2. \u4e8b\u540e\u5206\u6790\u65b9\u6cd5(Postmortem-based)\u3002\u76f4\u8bd1\u5c38\u68c0\u5206\u6790\uff0c\u5f62\u8c61\u7406\u89e3\u4e3a\u4ece\u7a0b\u5e8f\u5d29\u6e83\u540e\u7559\u4e0b\u7684\u201c\u5c38\u4f53\u201d\u5f00\u59cb\u5206\u6790\u3002\u5b83\u5047\u5b9a\u7a0b\u5e8f\u5d29\u6e83\u540e\u4f1a\u4ea7\u751f\u4e00\u4e2acoredump(\u6838\u5fc3\u8f6c\u50a8)\u6587\u4ef6\uff0c\u5305\u542b\u4e86\u5d29\u6e83\u70b9\u7684\u5185\u5b58\u5feb\u7167(memory snapshot)\uff0c\u4ee5\u53ca\u8fd9\u4e2a\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84(execution trace)\u3002\u524d\u8005\u7528\u4e8e\u63d0\u4f9b\u6570\u636e\u6d41\u4fe1\u606f(\u6bd4\u5982\u5185\u5b58\u503c\u3001\u5bc4\u5b58\u5668\u503c)\uff0c\u540e\u8005\u7528\u4e8e\u63d0\u4f9b\u63a7\u5236\u6d41\u4fe1\u606f(\u6c47\u7f16\u6307\u4ee4\u6267\u884c\u4e0e\u8df3\u8f6c)\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u4e00\u4e9b\u9006\u5411\u6267\u884c(reverse execution)\u548c\u540e\u5411\u6c61\u70b9\u5206\u6790(backward taint analysis)\u7684\u65b9\u6cd5\uff0c\u5b9a\u4f4d\u53ef\u80fd\u7684root cause\u3002
    3. \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5(Model-based)\u3002\u8fd9\u4e00\u7c7b\u65b9\u6cd5\u662f\u8fd1\u4e9b\u5e74\u63d0\u51fa\u7684\uff0c\u5b83\u901a\u8fc7\u5b9a\u4e49\u8bed\u4e49\u76f8\u5173\u7684\u6a21\u578b\uff0c\u5229\u7528\u673a\u5668\u5b66\u4e60\u6216\u6df1\u5ea6\u5b66\u4e60\u7684\u601d\u60f3\uff0c\u627e\u5230\u8bed\u4e49\u4e0a\u5bfc\u81f4\u5d29\u6e83\u7684root cause\u3002

    \u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002

    \u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002

    \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5

    \u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002

    \u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002

    "},{"location":"rca/#_2","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"

    \u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684

    "},{"location":"rca/#_3","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"

    \u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002

    "},{"location":"rca/#_4","title":"\u4e00\u4e9b\u60f3\u6cd5","text":"
    1. \u4ec0\u4e48\u662f\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\uff1f\u5047\u5982\u51fd\u6570A\u5185\u521b\u5efa\u4e34\u65f6\u53d8\u91cfx\u5e76\u8c03\u7528\u51fd\u6570B(x)\uff0c\u5728B\u5185\u5f15\u53d1crash\uff0c\u90a3\u4e48\u5e94\u8be5\u5f52\u548e\u4e3aA\u6ca1\u6709\u5904\u7406x\u5462\uff0c\u8fd8\u662fB\u6ca1\u6709\u68c0\u67e5x\u5462\uff1f\u8fd9\u662fAPI\u5b9e\u73b0\u7684\u95ee\u9898\uff0c\u8fd8\u662fAPI\u8bef\u7528\u7684\u95ee\u9898\uff1f(\u5f00\u53d1\u8005or\u7528\u6237)
    2. \u5bf9\u4e8e\u67d0\u4e00\u4e2acrash\uff0c\u5982\u679c\u5f00\u53d1\u4eba\u5458\u8fdb\u884c\u4e86\u4fee\u590d\uff0c\u90a3\u4e48\u8fd9\u4e2a\u4fee\u590d\u80fd\u62ff\u6765\u5f53root cause\u5417\uff1f\u4e0d\u540c\u5f00\u53d1\u4eba\u5458\u4fee\u590d\u7684\u98ce\u683c\u53ef\u80fd\u4e0d\u4e00\u6837\uff0c\u4fee\u590d\u4e5f\u672a\u5fc5\u662f\u5b8c\u5168\u7684\uff0croot cause\u5c31\u662f\u4e00\u4e2a\u4e3b\u89c2\u7684\u95ee\u9898\u4e86\u3002
    "},{"location":"rca/#_5","title":"\u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09","text":""},{"location":"rca/#_6","title":"\u53c2\u8003\u6587\u732e","text":"

    \u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba

    "},{"location":"readings/","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"readings/#_2","title":"\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","text":""},{"location":"readings/#_3","title":"\u4f1a\u8bae\u603b\u7ed3","text":""},{"location":"readings/#_4","title":"\u8f6f\u4ef6\u4f9b\u5e94\u94fe","text":""},{"location":"readings/#_5","title":"\u5927\u6a21\u578b","text":""},{"location":"readings/#google","title":"Google","text":""},{"location":"readings/#_6","title":"\u7f16\u7a0b\u8bed\u8a00","text":""},{"location":"reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":""},{"location":"reverse-advanced/#windows","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"

    DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker

    "},{"location":"reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"

    \u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002

    "},{"location":"reverse-basic/#_2","title":"\u8c03\u7528\u7ea6\u5b9a","text":"

    cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002

    stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002

    fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002

    "},{"location":"reverse-basic/#_3","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"

    call \u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c

    retn \u5373pop EIP

    test \u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668

    "},{"location":"reverse-basic/#nop","title":"NOP\u6307\u4ee4\u7684\u7528\u9014","text":"

    NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002

    "},{"location":"reverse-basic/#_4","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"

    \u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a

    push ebp\nmov ebp,esp\n

    \u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27

    "},{"location":"reverse-basic/#_5","title":"\u540d\u79f0\u4fee\u9970","text":"

    \u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a

    namespace wikipedia\n{\nclass article\n{\npublic:\nstd::string format();\n}\n}\n

    \u5176\u4e2d_Z\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002

    "},{"location":"reverse-basic/#pe","title":"PE\u6587\u4ef6","text":"

    PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002

    "},{"location":"reverse-basic/#pe_1","title":"PE\u6587\u4ef6\u7684\u6570\u636e\u8282","text":"

    #pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002

    "},{"location":"reverse-basic/#_6","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"

    \u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a\u6216.lib\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so\u6216.dll

    \u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c

    \u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef

    \u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o\uff0car crs libxx.a xx.o\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e

    "},{"location":"reverse-basic/#gdb","title":"gdb","text":"

    \u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002

    \u4f7f\u7528ulimit -c unlimited\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002

    "},{"location":"reverse-basic/#_7","title":"\u63a8\u8350\u9605\u8bfb","text":"

    Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5

    "},{"location":"sci-thoughts/","title":"\u79d1\u7814\u5fc3\u5f97","text":""},{"location":"sci-thoughts/#_2","title":"\u517b\u6210\u4e60\u60ef","text":"

    \u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002

    \u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002

    \u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002

    \u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002

    "},{"location":"sci-thoughts/#_3","title":"\u79d1\u7814\u5199\u4f5c","text":"

    \u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002

    \u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002

    "},{"location":"sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"

    \u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a

    \u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a

    \u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a

    \u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a

    \u63d0\u51fa\u672c\u6587novelty\uff1a

    \u63d0\u51fa\u672c\u6587insight\uff1a

    \u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a

    \u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a

    \u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a

    "},{"location":"tech-sslh/","title":"sslh \u9605\u8bfb\u7b14\u8bb0","text":"

    \u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002

    sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002

    "},{"location":"tech-sslh/#_1","title":"\u4fbf\u6377\u4e0a\u624b","text":"
    apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n

    \u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002

    \u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\"OK1\"\u6216\u8005\"OK2\"\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex\u3001ssh\u3001tls\u3001http\u3002

    \u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002

    protocols:\n(\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
    "},{"location":"tech-sslh/#sslh_1","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"

    \u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a

    1. \u8c03\u7528sslhcfg_cl_parse\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2
    2. \u8c03\u7528config_protocols\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219
    3. \u8c03\u7528start_listen_sockets\u5f00\u59cb\u76d1\u542csockets
    4. \u8c03\u7528main_loop\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570

    \u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002

    "},{"location":"tech-sslh/#_2","title":"\u534f\u8bae\u8bc6\u522b","text":"

    \u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002

    \u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a

    /* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n/* description  probe  */\n{ \"ssh\",        is_ssh_protocol},\n{ \"openvpn\",    is_openvpn_protocol },\n{ \"wireguard\",  is_wireguard_protocol },\n{ \"tinc\",       is_tinc_protocol },\n{ \"xmpp\",       is_xmpp_protocol },\n{ \"http\",       is_http_protocol },\n{ \"tls\",        is_tls_protocol },\n{ \"adb\",        is_adb_protocol },\n{ \"socks5\",     is_socks5_protocol },\n{ \"syslog\",     is_syslog_protocol },\n{ \"teamspeak\",  is_teamspeak_protocol },\n{ \"msrdp\",      is_msrdp_protocol },\n{ \"anyprot\",    is_true }\n};\n

    \u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol\u3001is_http_protocol\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a

    /* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nif (len < 4)\nreturn PROBE_AGAIN;\n\nreturn !strncmp(p, \"SSH-\", 4);\n}\n

    \u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\"SSH-\"\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002

    /* Is the buffer the beginning of an HTTP connection?  */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nint res;\n/* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\nif (memmem(p, len, \"HTTP\", 4))\nreturn PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n/* Otherwise it could be HTTP/1.0 without version: check if it's got an\n     * HTTP method (RFC2616 5.1.1) */\nPROBE_HTTP_METHOD(\"OPTIONS\");\nPROBE_HTTP_METHOD(\"GET\");\nPROBE_HTTP_METHOD(\"HEAD\");\nPROBE_HTTP_METHOD(\"POST\");\nPROBE_HTTP_METHOD(\"PUT\");\nPROBE_HTTP_METHOD(\"DELETE\");\nPROBE_HTTP_METHOD(\"TRACE\");\nPROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\nreturn PROBE_NEXT;\n}\n

    http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\"HTTP\"\u5b57\u7b26\u4e32\u3002

    \u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a

    /* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\nint i;\n\nfor (i = 0; i < ARRAY_SIZE(builtins); i++) {\nif (!strcmp(builtins[i].name, description)) {\nreturn builtins[i].probe;\n}\n}\n\n/* Special case of \"regex\" probe (we don't want to set it in builtins\n     * because builtins is also used to build the command-line options and\n     * regexp is not legal on the command line)*/\nif (!strcmp(description, \"regex\"))\nreturn regex_probe;\n\n/* Special case of \"timeout\" is allowed as a probe name in the\n     * configuration file even though it's not really a probe */\nif (!strcmp(description, \"timeout\"))\nreturn is_true;\n\nreturn NULL;\n}\n

    is_true\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002

    regex_probe\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002

    "},{"location":"tech-sslh/#tlsalpnsni","title":"TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb","text":"

    tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002

    \u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a

    # match BOTH ALPN/SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0;  tfo_ok: true },\n     { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ];  log_level: 0; tfo_ok: true },\n\n# just match SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0;  tfo_ok: true },\n     { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ];  log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n{ name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n{ name: \"tls\"; host: \"localhost\"; port: \"443\";  tfo_ok: true },\n

    alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002

    sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002

    sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002

    "},{"location":"try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":""},{"location":"try-chatgpt/#_1","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"

    linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f

    \u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002

    \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a

    wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
    \u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a

    --recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 --no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 --page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 --html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 --convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 --restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 --domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 --no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002

    \u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002

    \u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f

    \u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a

    \u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a

    wget --limit-rate=200k http://example.com\n

    \u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --tries \u548c --wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a

    wget --tries=10 --wait=5 http://example.com\n
    \u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a

    wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n

    \u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002

    "},{"location":"try-chatgpt/#gopythonrust","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"

    go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f

    \u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a

    Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002

    Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002

    Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002

    \u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002

    "},{"location":"try-chatgpt/#_2","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"

    \u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9

    \u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a

    OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002

    NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002

    SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002

    Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002

    SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002

    Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002

    GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002

    \u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01

    "},{"location":"word-learning/","title":"\u8bcd\u6c47\u5b66\u4e60","text":""}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to c01dkit's tech blog","text":"

    \u76ee\u5f55\u4e3a\u81ea\u52a8\u751f\u6210\uff0c\u53ef\u80fd\u6709\u8bef\u3002\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u65f6\u95f42023-12-18\u3002

    \u6b22\u8fce\u63d0issue\u4ee5\u6307\u9519\u3001\u4ea4\u6d41\uff01

    \u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u5185\u5bb9\uff1a

    "},{"location":"#_1","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"#ctf-pwn-college-cse-365-spring-2023","title":"CTF\u7b14\u8bb0 / pwn-college / CSE 365 - spring 2023","text":""},{"location":"#c","title":"\u7f16\u7a0b\u8bed\u8a00 / C\u8bed\u8a00","text":""},{"location":"#go","title":"\u7f16\u7a0b\u8bed\u8a00 / Go","text":""},{"location":"#python","title":"\u7f16\u7a0b\u8bed\u8a00 / Python","text":""},{"location":"#_2","title":"\u7f16\u7a0b\u8bed\u8a00 / \u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"#python_1","title":"\u7f16\u7a0b\u5e94\u7528 / python\u722c\u866b","text":""},{"location":"#ida","title":"\u7a0b\u5e8f\u9006\u5411 / IDA\u57fa\u7840","text":""},{"location":"#_3","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u57fa\u7840","text":""},{"location":"#_4","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u9ad8\u9636","text":""},{"location":"#autoconf","title":"\u5b66\u4e60\u7b14\u8bb0 / autoconf","text":""},{"location":"#chatgpt","title":"\u5b66\u4e60\u7b14\u8bb0 / ChatGPT","text":""},{"location":"#docker","title":"\u5b66\u4e60\u7b14\u8bb0 / Docker","text":""},{"location":"#ubuntu","title":"\u5b66\u4e60\u7b14\u8bb0 / Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"#git","title":"\u5b66\u4e60\u7b14\u8bb0 / Git","text":""},{"location":"#sslh","title":"\u5b66\u4e60\u7b14\u8bb0 / sslh","text":""},{"location":"#_5","title":"\u5b66\u4e60\u7b14\u8bb0 / \u7aef\u53e3\u590d\u7528","text":""},{"location":"#_6","title":"\u5b66\u4e60\u7b14\u8bb0 / \u73af\u5883\u914d\u7f6e","text":""},{"location":"#_7","title":"\u5b66\u4e60\u7b14\u8bb0 / \u4ee3\u7406\u8f6c\u53d1","text":""},{"location":"#latex","title":"\u79d1\u7814\u751f\u6d3b / latex\u57fa\u7840","text":""},{"location":"#_8","title":"\u79d1\u7814\u751f\u6d3b / \u79d1\u7814\u5fc3\u5f97","text":""},{"location":"#_9","title":"\u79d1\u7814\u751f\u6d3b / \u6a21\u7cca\u6d4b\u8bd5","text":""},{"location":"#_10","title":"\u79d1\u7814\u751f\u6d3b / \u6839\u56e0\u5206\u6790","text":""},{"location":"IDA/","title":"IDA\u4f7f\u7528","text":""},{"location":"IDA/#arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"

    \u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002

    raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002

    "},{"location":"autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"

    \u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49

    "},{"location":"autoconf/#_1","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a

    bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"autoconf/#_2","title":"\u533a\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002

    \u7f16\u5199Makefile.am\u6587\u4ef6

    \u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a

    bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n

    \u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939

    POMP\u7684\u4f8b\u5b50\uff1a

    SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\nsrc/Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"c/","title":"C\u8bed\u8a00","text":""},{"location":"c/#_1","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"
    member_address - &(((TYPE *)0)->member);\n

    \u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002

    "},{"location":"c/#_2","title":"\u52a8\u6001\u94fe\u63a5\u5e93","text":"

    \u7f16\u8bd1\u52a8\u6001\u94fe\u63a5\u5e93\u672c\u8eab

    \u4f7f\u7528gcc\u7f16\u8bd1\u51fa\u52a8\u6001\u94fe\u63a5\u5e93\uff1a

    gcc <source C file> -shared -fPIC -o lib<source>.so\n

    \u7f16\u8bd1\u539f\u9879\u76ee\u65f6\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93

    \u4f7f\u7528-l\u6307\u5b9a\u52a0\u8f7d\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002

    \u6bd4\u5982gcc main.c -lcapstone\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09

    \u5982\u679c\u52a8\u6001\u94fe\u63a5\u5e93\u4e0d\u5728\u9ed8\u8ba4\u7684\u7cfb\u7edf\u5e93\u4e2d\uff0c\u53ef\u4ee5\u6dfb\u52a0-L\u6765\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u4fdd\u5b58\u4f4d\u7f6e\u3002

    \u8fd0\u884c\u9879\u76ee\u65f6\u52a0\u8f7d\u52a8\u6001\u94fe\u63a5\u5e93

    \u5373\u4fbf\u7f16\u8bd1\u6210\u529f\uff0c\u8fd0\u884c\u53ef\u80fd\u62a5\u9519\u3002\u641c\u7d22\u987a\u5e8f\u4e3a\uff1a

    1. \u5728\u7f16\u8bd1\u65f6\u6dfb\u52a0-Wl,-rpath=xxx\u6765\u6307\u5b9a\u8fd0\u884c\u65f6\u6240\u9700\u7684\u52a8\u6001\u5e93\u6587\u4ef6
    2. \u5728\u73af\u5883\u53d8\u91cfLD_LIBRARY_PATH\u6307\u5b9a\u7684\u76ee\u5f55\u4e2d\u641c\u7d22
    3. \u5728/etc/ld.so.conf\u7ed9\u51fa\u7684\u76ee\u5f55\u4e2d\u641c\u7d22
    4. \u5728\u9ed8\u8ba4\u7684\u641c\u7d22\u8def\u5f84/lib\u3001/lib64\u3001/usrlib\u3001/usrlib64\u7b49\u641c\u7d22
    "},{"location":"code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"code-gracely/#_2","title":"\u7a0b\u5e8f\u53d8\u91cf","text":""},{"location":"code-gracely/#_3","title":"\u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5","text":"

    \u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002

    "},{"location":"code-gracely/#_4","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":""},{"location":"code-gracely/#_5","title":"\u4f18\u5316\u8ba1\u7b97\u6548\u7387","text":""},{"location":"code-gracely/#_6","title":"\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801","text":"
    1. \u4f7f\u7528\u9ad8\u7ea7\u8bed\u8a00\u5b8c\u6210\u7a0b\u5e8f\u7f16\u5199
    2. \u8fdb\u884c\u6d4b\u8bd5\uff0c\u9a8c\u8bc1\u6b63\u786e\u6027
    3. \u8fdb\u884c\u7a0b\u5e8f\u5206\u6790\uff0c\u786e\u5b9a\u70ed\u70b9\u4ee3\u7801
    4. \u5bf9\u70ed\u70b9\u4ee3\u7801\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u6539\u5199
    "},{"location":"code-gracely/#_7","title":"\u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41","text":""},{"location":"code-gracely/#_8","title":"\u5faa\u73af","text":""},{"location":"code-gracely/#_9","title":"\u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf","text":""},{"location":"code-gracely/#if-else","title":"\u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad","text":"

    \u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a

    \u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a

    \u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002

    "},{"location":"code-gracely/#_10","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"

    \u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002

    "},{"location":"code-gracely/#_11","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"

    \u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002

    "},{"location":"code-gracely/#_12","title":"\u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027","text":""},{"location":"code-gracely/#c","title":"C","text":"

    \u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c

    int arr[10] = {\n[0]       = 1,\n[1 ... 4] = 2,\n[5 ... 7] = 4,\n};\n

    \u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c

    struct test {\nint a;\nint b;\nint c;\nint d;\n};\n\nint main(\nint argc, char const *argv[]\n)\n{\nstruct test t = {\n.a = 1,\n.b = 2,\n.c = 3,\n.d = 4,\n};\n\nreturn 0;\n}\n
    "},{"location":"crawler/","title":"\u722c\u866b\u6a21\u677f","text":""},{"location":"crawler/#scrapy","title":"Scrapy","text":"

    \u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd

    "},{"location":"crawler/#_2","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"

    \u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406

    import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n    \"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n    yield scrapy.Request(\n        headers = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n        meta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n        )\n
    "},{"location":"crawler/#applicationjson","title":"application/json\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a

    import json\nheaders = {\n    \"Content-Type\": \"application/json\",\n    \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n    url=url, \n    method='POST', \n    headers=headers, \n    body=data,\n    callback=self.parse, \n    meta={'period': t}, \n    errback=self.err,\n    cb_kwargs={'period': t,'page':0}\n)\n
    "},{"location":"crawler/#applicationx-www-form-urlencoded","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a

    post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n    url=url,\n    formdata=post_data,\n    errback=self.err,\n    callback = self.parse,\n    cookies = cookies,\n    cb_kwargs = {'id':'shixian','page':str(page)},\n    )\n

    \u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002

    "},{"location":"crawler/#selenium","title":"Selenium","text":"

    \u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8

    from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n    cur = -1\n    final = -1\n    try:\n        pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n    except:\n        print('Current page is not found')\n        return cur,final\n\n    for page in pages:\n        if 'active' in page.get_attribute('class'):\n            cur = int(page.text)\n        if 'number' in page.get_attribute('class'):\n            final = int(page.text)\n    return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n\"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n    \"\"\"\n    global CURRENT_PAGE\n    global CURRENT_TITLE\n    titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n    icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n    jscode = 'document.location = '+'\"'+config['url']+'\"'\n    driver.execute_script(jscode)\n    for title,svgs in zip(titles,icons):\n        svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n        print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n        if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n            continue\n        skip = False\n        for svg in svgs:\n            # if visible \n            if svg.get_attribute('style') == 'display: inline-block;':\n                svg.click()\n                time.sleep(7)\n                cls = driver.window_handles\n                if len(cls) > 1:\n                    time.sleep(20)\n                ok = archive_file(title.text,config)\n                if not ok:\n                    print(f'Failed to download {title.text}')\n                    while len(cls) > 1:\n                        driver.switch_to.window(cls[1])\n                        driver.close()\n                        driver.switch_to.window(cls[0])\n                        cls = driver.window_handles\n                    return (False, title.text)\n                cls = driver.window_handles\n                driver.switch_to.window(cls[0])\n    CURRENT_TITLE = None\n    CURRENT_PAGE += 1\n    return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n    SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n    yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n

    \u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a

    import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n    if op >= 200:\n        print('failed 200 times!')\n        break\n    p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n    print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n    op += 1\n\n    time.sleep(30)\n    if p.poll() == 0:\n        break\n    p.wait()\n
    "},{"location":"docker/","title":"Docker\u4f7f\u7528\u7b14\u8bb0","text":""},{"location":"docker/#docker_1","title":"\u5b89\u88c5docker","text":"

    \u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef

    "},{"location":"docker/#_1","title":"\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e","text":"

    \u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/lib/systemd/system/docker.service\u7684-g\u53c2\u6570\u6765\u6307\u5b9a\u4f4d\u7f6e\u3002\u53ef\u4ee5\u901a\u8fc7docker info\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002

    \u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002

    \u53e6\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a

    {\n\"data-root\": \"/home/docker\"\n}\n

    \u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a

    sudo cp -r /var/lib/docker /home/docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\nsudo systemctl status docker\n
    "},{"location":"docker/#_2","title":"\u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55","text":"

    \u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8

    docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx  -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
    \u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d--user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002

    \u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002

    \u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002

    \u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc

    "},{"location":"docker/#_3","title":"\u65b0\u5bb9\u5668\u521d\u59cb\u5316","text":"

    apt-get update\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential

    "},{"location":"docker/#_4","title":"\u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668","text":"

    \u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5

    "},{"location":"docker/#_5","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"
    docker exec -it <\u5bb9\u5668id> /bin/bash\n

    \u53ef\u4ee5Ctrl+D\u9000\u51fa

    "},{"location":"envs/","title":"\u73af\u5883\u914d\u7f6e","text":""},{"location":"envs/#_2","title":"\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"
    sudo apt update\nsudo apt install curl build-essential gcc make -y\n
    "},{"location":"envs/#rust","title":"rust\u5b89\u88c5\u4e0e\u66f4\u65b0","text":"
    curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n
    rustup update\n

    \u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)

    [source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
    "},{"location":"envs/#golang","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"
    go env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"envs/#ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"
    sudo apt install zsh\n

    curl\u548cwget\u4e8c\u9009\u4e00

    sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
    sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
    "},{"location":"envs/#git","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"

    \u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3

    git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
    "},{"location":"envs/#perf-ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"
    sudo apt-get install linux-tools-`uname -r`\n
    "},{"location":"envs/#ssh","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"
    evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
    "},{"location":"envs/#windowsmake","title":"Windows\u4e0b\u5b89\u88c5make","text":"

    \u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make

    "},{"location":"envs/#_3","title":"\u53c2\u8003\u6587\u7ae0","text":""},{"location":"fuzzing/","title":"\u6a21\u7cca\u6d4b\u8bd5\u57fa\u672c\u4ecb\u7ecd","text":"

    \u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f[^1]\uff1a

    1. \u4f7f\u7528\u7f16\u8bd1\u5668\u5411\u57fa\u672c\u5757\u8fb9\u7f18\u63d2\u6869\uff0c\u53ef\u4ee5\u51c6\u786e\u5730\u63d2\u6869\u5e76\u6613\u4e8e\u4f18\u5316\uff0c\u4f46\u9700\u8981\u6e90\u7801\u5df2\u77e5\u3002
    2. \u9759\u6001\u4e8c\u8fdb\u5236\u91cd\u5199\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u4ecd\u5728\u7814\u7a76\uff0c\u56e0\u4e3a\u9759\u6001\u4ee3\u7801\u63d2\u6869\u51c6\u786e\u6027\u96be\u4ee5\u4fdd\u8bc1\uff0c\u5e76\u4e14\u4f18\u5316\u80fd\u529b\u6709\u9650\u3002\u8fd9\u4e9b\u9650\u5236\u6761\u4ef6\u4f1a\u5f71\u54cd\u4ee3\u7801\u7387\u4fe1\u606f\u7684\u8d28\u91cf\u4e0e\u51c6\u786e\u6027\uff0c\u4ee5\u53ca\u4e8c\u8fdb\u5236\u91cd\u5199\u7684\u8868\u73b0\u3002
    3. \u52a8\u6001\u4e8c\u8fdb\u5236\u63d2\u6869\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u53ef\u4ee5\u5bb9\u6613\u3001\u51c6\u786e\u63d2\u5165\u4ee3\u7801\uff0c\u4f46\u662f\u52a8\u6001\u7ffb\u8bd1\u4e8c\u8fdb\u5236\u7684\u5f00\u9500\u53ef\u80fd\u5927\u5230\u4e0d\u80fd\u63a5\u53d7\u3002
    4. \u786c\u4ef6\u8f85\u52a9\u8ffd\u8e2a\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u5229\u7528\u5185\u7f6e\u7684\u786c\u4ef6\u8ffd\u8e2a\u6269\u5c55\uff0c\u5728\u8fd0\u884c\u65f6\u76f4\u63a5\u83b7\u53d6\u63a7\u5236\u6267\u884c\u6d41\u4fe1\u606f\u3002

    \u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a[^2]\uff1a

    Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.

    The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.

    Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.

    Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.

    Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.

    "},{"location":"fuzzing/#_2","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49

    "},{"location":"fuzzing/#aflnet","title":"AFLNET","text":"

    \u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002

    "},{"location":"fuzzing/#stateafl","title":"STATEAFL","text":"

    \u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002

    "},{"location":"fuzzing/#nsfuzz","title":"NSFuzz","text":"

    \u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002

    \u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002

    \u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002

    shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
    "},{"location":"fuzzing/#iothunter","title":"IoTHunter","text":"

    \u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002

    "},{"location":"fuzzing/#_3","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002

    \u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002

    \u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002

    "},{"location":"fuzzing/#dataflow","title":"DATAFLOW","text":"

    \u6e90\u7801

    \u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002

    [^1]: FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE [^2]: Intrusive v.s. non-intrusive tracing

    "},{"location":"git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"git/#github","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"

    \u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a

    \u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force\u53c2\u6570

    "},{"location":"git/#gitignore","title":"\u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6","text":"

    \u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09

    "},{"location":"git/#add","title":"\u64a4\u56deadd","text":"

    \u4f7f\u7528git add .\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .\u6765\u64a4\u56degit add . \u3002\uff08\u4f7f\u7528git status\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09

    "},{"location":"git/#gitgithub","title":"\u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee","text":"
    1. \u4f7f\u7528git config --global user.name \"<yourname>\"\u8bbe\u7f6e\u7528\u6237\u540d
    2. \u4f7f\u7528git config --global user.email \"<email>\"\u8bbe\u7f6e\u90ae\u7bb1
    3. \u4f7f\u7528ssh-keygen -t rsa -C \"<comments>\"\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09
    4. \u5728\u4e0a\u4e00\u6b65\u8fc7\u7a0b\u4e2d\u9ed8\u8ba4\u7684\u8def\u5f84\uff08\u6bd4\u5982~/.ssh\uff09\u627e\u5230id_rsa.pub\u6587\u4ef6\uff0c\u62f7\u8d1d\u5176\u5168\u90e8\u5185\u5bb9
    5. \u6253\u5f00github\uff0c\u53f3\u4e0a\u89d2\u5934\u50cf\uff0csettings\uff0c\u5de6\u4fa7\u7684SSH and GPG keys\uff0c\u7136\u540e\u7ed9SSH\u6dfb\u52a0\u8fd9\u4e2a\u516c\u94a5\u5373\u53ef

    ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528

    \u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile> \u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002

    \u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982

    Host github.com\n    HostName github.com\n    IdentityFile ~/.ssh/id_ed25519_user_github\n

    \u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002

    "},{"location":"git/#_1","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"

    \u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09

    "},{"location":"git/#_2","title":"\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93","text":"

    \u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002

    1. \u9996\u5148\u53d6\u6d88\u539f\u6765\u7684\u8fdc\u7a0b\u5206\u652f\u8ddf\u8e2agit remote rm <remote repo name>
    2. \u7136\u540e\u6dfb\u52a0\u81ea\u5df1\u7684\u4ed3\u5e93\u4f5c\u4e3a\u8fdc\u7a0bgit remote add <remote repo name> <repo url>

    \u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>

    \u8fd9\u91cc\u7684<remote repo name>\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002

    "},{"location":"git/#_3","title":"\u5b50\u6a21\u5757\u7684\u4e0b\u8f7d","text":"

    \u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002

    \u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002

    \u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull\u3002

    \u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6

    "},{"location":"git/#_4","title":"\u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539","text":"

    \u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log\u627e\u5230\u3002

    \u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002

    \u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>

    "},{"location":"git/#_5","title":"\u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528","text":"

    \u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002

    \u53ef\u4ee5\u4f7f\u7528git branch -a\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*\u7684\u662f\u5f53\u524dbranch\u3002

    \u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name> \u76f8\u5f53\u4e8e\u5148git branch <branch name> \u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002

    \u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a

    \u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>

    \u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>

    \u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002

    \u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002

    \u53ef\u4ee5\u7528git fetch --all\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"\u3002

    "},{"location":"git/#github-debug","title":"Github debug\u5408\u96c6","text":"

    \u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002

    "},{"location":"git/#git-clonegnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"

    \u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy

    \u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false

    "},{"location":"go/","title":"go","text":""},{"location":"go/#go_1","title":"go\u73af\u5883\u914d\u7f6e","text":"
    1. \u4ecehttps://go.dev/dl/\u4e0b\u8f7dArchive\u7684\u5305\uff0c\u89e3\u538b\u7f29\uff08\u6bd4\u5982\u5230~/.local\uff09\uff0c\u6dfb\u52a0\u5176\u4e2d\u7684bin\u76ee\u5f55\u5230PATH\u8def\u5f84
    2. \u56fd\u5185\u4f7f\u7528\u65f6\u8bbe\u7f6e\u4ee3\u7406
    go env -w GO111MODULE=on\ngo env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"go/#_1","title":"\u521b\u5efa\u5de5\u7a0b","text":"

    \u5de5\u7a0b\u4fdd\u5b58\u5728xxx/go/src/xxx\u4e0b\uff0c\u5e76\u5c06GOPATH=xxx/go\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d

    "},{"location":"go/#_2","title":"\u5feb\u901f\u5165\u95e8","text":"
    package main\nimport (\n\"fmt\"\n)\n\nfunc main() {\n//\u5faa\u73af\u8f93\u51fa\nfor i:=0; i<10; i++{\nfmt.Println(i)\n}\n}\n
    "},{"location":"interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":"
    1. [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing \u4e0d\u6b63\u786e\u7684\u9519\u8bef\u5904\u7406\u51fd\u6570\u672c\u8eab\u53ef\u80fd\u4e5f\u4f1a\u5e26\u6765\u65b0\u7684\u9519\u8bef\uff0c\u5c24\u5176\u662f\u5728\u505a\u4e00\u4e9b\u524d\u671f\u6e05\u7406\u5de5\u4f5c\u65f6\uff0c\u6267\u884c\u987a\u5e8f\u4e0d\u6b63\u786e\u4f1a\u5e26\u6765\u63d0\u6743\u3001\u5d29\u6e83\u4e0eDoS\u3002\u672c\u6587\u5e0c\u671b\u63a8\u65ad\u51fa\u9884\u671f\u7684\u6e05\u7406\u51fd\u6570\u3002
    2. [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck \u8003\u8651\u5230\u6570\u636e\u6d41\u5411\u7684\u5b9e\u4f53\uff0c\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u9690\u79c1\u89c4\u8303\u8fdb\u884c\u7814\u7a76\u5efa\u6a21\u3002
    3. [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub\u4e0a\u7531\u4e8e\u4e00\u4e9b\u4e0d\u5f53\u64cd\u4f5c\u53ef\u80fd\u4f1a\u5bfc\u81f4API\u5bc6\u94a5\u6cc4\u9732\u3002\u672c\u6587\u7814\u7a76\u8868\u660e\u8fd9\u79cd\u6cc4\u9732\u975e\u5e38\u7316\u7357\uff0c\u5e76\u4e14\u8fdc\u6ca1\u6709\u89e3\u51b3\u95ee\u9898\u3002
    "},{"location":"investigations/","title":"\u56db\u5927\u8c03\u67e5","text":"
    1. [Usenix Security 2022] \"I feel invaded, annoyed, anxious and I may protect myself\": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country
    2. [Usenix Security 2022] \"Like Lesbians Walking the Perimeter\": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
    3. [Usenix Security 2022] How and Why People Use Virtual Private Networks
    4. [Usenix Security 2021] \"It's the Company, the Government, You and I\": User Perceptions of Responsibility for Smart Home Privacy and Security
    5. [Usenix Security 2021] \"Shhh...be quiet!\" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
    6. [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
    7. [Usenix Security 2021] 'Passwords Keep Me Safe' \u2013 Understanding What Children Think about Passwords
    8. [Usenix Security 2021] \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
    9. [Usenix Security 2021] \"Now I'm a bit angry:\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
    10. [Usenix Security 2020] \"I am uncomfortable sharing what I can't see\": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications
    11. [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
    12. [Usenix Security 2020] An Observational Investigation of Reverse Engineers\u2019 Processes
    13. [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers
    14. [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports
    15. [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
    16. [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
    17. [NDSS 2019] A First Look into the Facebook Advertising Ecosystem
    "},{"location":"java/","title":"Java","text":""},{"location":"java/#java_1","title":"Java\u73af\u5883\u914d\u7f6e","text":"

    \u5728https://www.oracle.com/java/technologies/downloads/\u4e0b\u8f7d\u5bf9\u5e94\u7cfb\u7edf\u7684\u5305\u3002Linux\u9009\u62e9Compressed Archive\uff0c\u89e3\u538b\u7f29\u4ee5\u540e\u914d\u7f6e\u4e0bpath\uff1bWindows\u53ef\u4ee5\u7528MSI Installer\u3002\u5bf9\u5e94\u7684\u6e90\u7801\u5728lib/src.zip\u4e2d\u3002

    "},{"location":"java/#java_2","title":"Java\u6e90\u7801\u67b6\u6784\u7406\u89e3","text":"

    \u6838\u5fc3\u4ee3\u7801\u3001\u4e3b\u8981\u529f\u80fd\u5728java.base/java\u76ee\u5f55\u4e0b\uff0c\u5176\u4e2d\u5305\u542b\u4e86io\u3001lang\u3001util\u7b49\u591a\u4e2a\u5173\u952e\u6a21\u5757\u3002

    "},{"location":"java/#java_3","title":"Java\u91cc\u6709\u54ea\u4e9b\u6570\u636e\u7ed3\u6784\u7c7b\u578b\uff1f\u5982\u4f55\u5b9e\u73b0\u7684\uff1f","text":"

    Java\u4e2d\u5e38\u89c1\u7684\u6570\u636e\u7c7b\u578b\u6bd4\u5982Set\u3001Array\u3001

    "},{"location":"latex/","title":"latex\u57fa\u7840","text":""},{"location":"latex/#_1","title":"\u63a8\u8350\u5de5\u5177","text":"

    \u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c

    "},{"location":"latex/#latex_1","title":"\u82f1\u6587latex","text":"
    \\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
    "},{"location":"latex/#latex_2","title":"\u4e2d\u6587latex","text":"
    \\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}}    % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}}             % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}}          % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}}         % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}}               % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont}           % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont}          % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont}          % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont}        % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont}        % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont}            % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont}    % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont}            % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont}       % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont}    % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx}  \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n    \\begin{tikzpicture}\n    \\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n    \\draw (0,0) circle (#1);\n    \\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
    "},{"location":"linux-server/","title":"Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"linux-server/#pid","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"

    sudo ls -lah /proc/<pid>\n
    \u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f

    "},{"location":"linux-server/#_1","title":"\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"
    # \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u4e0d\u5e26echo\u81ea\u52a8\u52a0\u7684\u6362\u884c\necho -en '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program 
    "},{"location":"linux-server/#_2","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"

    \u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5

    lspci | grep VGA\n

    \u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09

    nvidia-smi\n
    "},{"location":"linux-server/#_3","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"
    htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
    "},{"location":"linux-server/#_4","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"
    ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
    "},{"location":"linux-server/#dns","title":"\u4fee\u6539DNS","text":"

    \u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf\u9632\u6b62\u4fee\u6539\u3002

    "},{"location":"linux-server/#_5","title":"\u7cfb\u7edf\u670d\u52a1","text":"

    systemctl status xxx\u68c0\u67e5\u67d0\u4e9b\u670d\u52a1\u8fd0\u884c\u72b6\u6001\uff0c\u53ef\u4ee5ls -lah /etc/systemd/system\u3001ls -lah /lib/systemd/system\u67e5\u8be2\u6709\u54ea\u4e9b\u670d\u52a1\u3002\u8b66\u60d5\u5947\u602a\u7684\u6570\u5b57service\uff0c\u53ef\u80fd\u662f\u75c5\u6bd2\u3002

    \u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1\u65f6\uff0c\u521b\u5efa/etc/systemd/system/xxx.service\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u5185\u5bb9\uff0c\u6bd4\u5982\u4e0b\u9762\u7684socat.service\uff1a

    [Unit]\nDescription=port forward 4320\n# \u542f\u52a8\u987a\u5e8f\uff08\u591a\u4e2a\u670d\u52a1\u4e2d\u95f4\u7528\u7a7a\u683c\u9694\u5f00\uff09\nAfter=network.target[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u540e\u542f\u52a8]\nBefore=[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u524d\u542f\u52a8]\n\n# \u4f9d\u8d56\u5173\u7cfb\nWants=[\u5f31\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\u4e0d\u5f71\u54cd\u5f53\u524d\u670d\u52a1]\nRequires=[\u5f3a\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\uff0c\u5f53\u524d\u670d\u52a1\u5fc5\u987b\u9000\u51fa]\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\nExecReload=[\u91cd\u542f\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStop=[\u505c\u6b62\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPre=[\u542f\u52a8\u670d\u52a1\u4e4b\u524d\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPost=[\u542f\u52a8\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\nExecStopPost=[\u505c\u6b62\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\n\n# \u542f\u52a8\u7c7b\u578b\n# simple\uff08\u9ed8\u8ba4\u503c\uff09\uff1aExecStart\u5b57\u6bb5\u542f\u52a8\u7684\u8fdb\u7a0b\u4e3a\u4e3b\u8fdb\u7a0b\n# forking\uff1aExecStart\u5b57\u6bb5\u5c06\u4ee5fork()\u65b9\u5f0f\u542f\u52a8\uff0c\u6b64\u65f6\u7236\u8fdb\u7a0b\u5c06\u4f1a\u9000\u51fa\uff0c\u5b50\u8fdb\u7a0b\u5c06\u6210\u4e3a\u4e3b\u8fdb\u7a0b\n# oneshot\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u53ea\u6267\u884c\u4e00\u6b21\uff0cSystemd \u4f1a\u7b49\u5b83\u6267\u884c\u5b8c\uff0c\u624d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# dbus\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u4f1a\u7b49\u5f85 D-Bus \u4fe1\u53f7\u540e\u542f\u52a8\n# notify\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u542f\u52a8\u7ed3\u675f\u540e\u4f1a\u53d1\u51fa\u901a\u77e5\u4fe1\u53f7\uff0c\u7136\u540e Systemd \u518d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# idle\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u662f\u8981\u7b49\u5230\u5176\u4ed6\u4efb\u52a1\u90fd\u6267\u884c\u5b8c\uff0c\u624d\u4f1a\u542f\u52a8\u8be5\u670d\u52a1\u3002\u4e00\u79cd\u4f7f\u7528\u573a\u5408\u662f\u4e3a\u8ba9\u8be5\u670d\u52a1\u7684\u8f93\u51fa\uff0c\u4e0d\u4e0e\u5176\u4ed6\u670d\u52a1\u7684\u8f93\u51fa\u76f8\u6df7\u5408\nType=[\u542f\u52a8\u7c7b\u578b]\n\n# \u5982\u4f55\u505c\u6b62\u670d\u52a1\n# control-group\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u5f53\u524d\u63a7\u5236\u7ec4\u91cc\u9762\u7684\u6240\u6709\u5b50\u8fdb\u7a0b\uff0c\u90fd\u4f1a\u88ab\u6740\u6389\n# process\uff1a\u53ea\u6740\u4e3b\u8fdb\u7a0b\n# mixed\uff1a\u4e3b\u8fdb\u7a0b\u5c06\u6536\u5230 SIGTERM \u4fe1\u53f7\uff0c\u5b50\u8fdb\u7a0b\u6536\u5230 SIGKILL \u4fe1\u53f7\n# none\uff1a\u6ca1\u6709\u8fdb\u7a0b\u4f1a\u88ab\u6740\u6389\uff0c\u53ea\u662f\u6267\u884c\u670d\u52a1\u7684 stop \u547d\u4ee4\u3002\nKillMode=[\u5982\u4f55\u505c\u6b62\u670d\u52a1]\n\n# \u91cd\u542f\u65b9\u5f0f\n# no\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u9000\u51fa\u540e\u4e0d\u4f1a\u91cd\u542f\n# on-success\uff1a\u53ea\u6709\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u4e3a0\uff09\uff0c\u624d\u4f1a\u91cd\u542f\n# on-failure\uff1a\u975e\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u975e0\uff09\uff0c\u5305\u62ec\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abnormal\uff1a\u53ea\u6709\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abort\uff1a\u53ea\u6709\u5728\u6536\u5230\u6ca1\u6709\u6355\u6349\u5230\u7684\u4fe1\u53f7\u7ec8\u6b62\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-watchdog\uff1a\u8d85\u65f6\u9000\u51fa\uff0c\u624d\u4f1a\u91cd\u542f\n# always\uff1a\u4e0d\u7ba1\u662f\u4ec0\u4e48\u9000\u51fa\u539f\u56e0\uff0c\u603b\u662f\u91cd\u542f\nRestart=[\u670d\u52a1\u9000\u51fa\u540e\uff0cSystemd \u7684\u91cd\u542f\u65b9\u5f0f]\n\nRestartSec=[\u8868\u793a Systemd \u91cd\u542f\u670d\u52a1\u4e4b\u524d\uff0c\u9700\u8981\u7b49\u5f85\u7684\u79d2\u6570]\n\n[Install]\nWantedBy=multi-user.target\n# \u6267\u884c sytemctl enable **.service\u547d\u4ee4\u65f6\uff0c**.service\u7684\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\uff0c\u5c31\u4f1a\u653e\u5728/etc/systemd/system/multi-user.target.wants\u5b50\u76ee\u5f55\u4e2d\n# \u6267\u884csystemctl get-default\u547d\u4ee4\uff0c\u83b7\u53d6\u9ed8\u8ba4\u542f\u52a8Target\n# multi-user.target\u7ec4\u4e2d\u7684\u670d\u52a1\u90fd\u5c06\u5f00\u673a\u542f\u52a8\n# \u5e38\u7528Target\uff0c1. multi-user.target-\u591a\u7528\u6237\u547d\u4ee4\u884c\uff1b2. graphical.target-\u56fe\u5f62\u754c\u9762\u6a21\u5f0f\nWantedBy=[\u8868\u793a\u8be5\u670d\u52a1\u6240\u5728\u7684Target]\n
    "},{"location":"linux-server/#_6","title":"\u5b9a\u65f6\u670d\u52a1","text":"

    \u5b9a\u65f6\u7a0b\u5e8f\u6267\u884c\u5931\u8d25\u7684\u539f\u56e0\u662f\u591a\u6837\u7684\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b9a\u65f6\u670d\u52a1\u6ca1\u542f\u52a8\uff0c\u9700\u8981systemctl restart cron.service\uff0c\u6216\u8005\u662fcron\u670d\u52a1\u574f\u6389\u4e86\uff0c\u5148apt install cron --reinstall\u5f3a\u5236\u91cd\u65b0\u5b89\u88c5\u4e0b\uff0c\u518d\u91cd\u542f\u670d\u52a1\uff0c\u6216\u8005\u662f\u5b89\u88c5\u4e86\u522b\u7684\u4f9d\u8d56\u5e93\u4f46\u662f\u6ca1\u6709\u91cd\u542fcron\u5bfc\u81f4\u8fd0\u884c\u5931\u8d25\uff0c\u8bd5\u8bd5/etc/init.d/cron restart\u3002

    "},{"location":"linux-server/#_7","title":"\u6253\u5f00\u6587\u4ef6\u6570","text":"

    https://www.baeldung.com/linux/list-open-file-descriptors

    Linux\u9ed8\u8ba4\u6700\u591a\u540c\u65f6\u6253\u5f001024\u4e2a\u6587\u4ef6\uff0c\u53ef\u4ee5\u901a\u8fc7ulimit -n\u67e5\u770b\u3002fuzzing\u7b49\u8981\u6ce8\u610f\u5173\u95ed\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5426\u5219\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u6545\u969c\uff08\u6bd4\u5982ssh\u8fde\u4e0d\u4e0a\uff09\u3002/proc//fd\u91cc\u5217\u51fa\u4e86pid\u9501\u6253\u5f00\u7684\u6587\u4ef6\u3002"},{"location":"linux-server/#_8","title":"\u53c2\u8003\u8d44\u6599","text":"

    1. systemd\u76f8\u5173\u8d44\u6599
    "},{"location":"openssh/","title":"OpenSSH\u9605\u8bfb\u7b14\u8bb0","text":""},{"location":"openssh/#_1","title":"\u51c6\u5907\u5de5\u4f5c","text":"

    (\u4ee5\u4e0b\u5747\u5728wsl\u7684root\u7528\u6237) ubuntu\u7cfb\u7edf\uff0c\u5148\u9884\u88c5\u4e0b\u73af\u5883\uff1a

    apt install build-essential autoconf zlib1g-dev libssl-dev\n

    \u4e0b\u8f7d\u6e90\u7801\uff0c\u76f4\u63a5\u4eceGithub\u94fe\u63a5\u4e0b\u8f7dzip\u5230\u672c\u5730\u89e3\u538b\uff0c\u4e5f\u53ef\u4ee5\u7528git clone\uff1a

    git clone --depth 1 https://github.com/openssh/openssh-portable.git\n

    \u4e3a\u4e86\u9632\u6b62\u4e4b\u540emake install\u51fa\u7684\u6587\u4ef6\u8986\u76d6\u7cfb\u7edf\u81ea\u5df1\u7684ssh\uff0c\u8fd9\u91cc\u6307\u5b9aconfigure\u5c06\u4e4b\u540e\u7f16\u8bd1\u51fa\u7684\u6587\u4ef6\u653e\u5230\u9879\u76ee\u7684/output\u6587\u4ef6\u5939\u4e0b\u3002\u6309readme\u7684Building from git\u7684\u65b9\u6cd5\uff0c\u8fdb\u5165openssh\u6240\u5728\u76ee\u5f55\u540e\uff0c\u8fd0\u884c\uff1a

    autoreconf\n./configure --prefix=`pwd`/output\nmake\n

    \u6b64\u65f6\u76f8\u5173\u53ef\u6267\u884c\u6587\u4ef6\u5df2\u7ecf\u7f16\u8bd1\u5b8c\u6bd5\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u6e05\u6670\u663e\u793a\uff0c\u53ef\u4ee5\u8fd0\u884cmake install\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u7684output\u6587\u4ef6\u5939\u4e0b\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u7ed3\u6784\u3002

    "},{"location":"picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"

    Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)

    RR: A Fault Model for Efficient TEE Replication (NDSS 2023)

    No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)

    FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)

    Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer

    A Survey on Adversarial Attacks for Malware Analysis

    Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)

    A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)

    Structural Attack against Graph Based Android Malware Detection (CCS 2021)

    Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)

    Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)

    P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)

    Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)

    REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)

    What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)

    Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)

    POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis

    A Survey on Software Fault Localization (TSE 2016)

    "},{"location":"porting/","title":"\u6298\u817e\u7f51\u7ad9","text":""},{"location":"porting/#_2","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"

    \u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002

    "},{"location":"porting/#sslh","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"

    \u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh\uff1a

    # Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --anyprot 127.0.0.1:2008 -F /etc/sslh/sslh.cfg --pidfile /var/run/sslh/sslh.pid\"\n

    \u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002

    \u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a

    \u7136\u540esystemctl enable sslh\u3001systemctl start sslh\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002

    \u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F\uff08\u6216--config\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002

    \u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002

    config\u6587\u4ef6\u6307\u5b9a\u5339\u914d\u89c4\u5219\u7684\u4f8b\u5b50\u5982\u4e0b\u6240\u793a\uff08\u7247\u6bb5\uff09

    protocols:\n(\n{ name: \"http\"; host: \"127.0.0.1\"; port: \"808\"; },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"443\"; sni_hostnames: [ \"remote.c01dkit.com\" ]; tfo_ok: true },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"7000\"; sni_hostnames: [ \"project-frp\" ]; tfo_ok: true },\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"60000\"; regex_patterns: [ \"^SSH-2.0-Go\\x0d$\", \"^SSH-2.0-OpenSSH\\x0d$\" ]; },\n);\n
    "},{"location":"porting/#ssh","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"

    \u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002

    Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
    "},{"location":"porting/#nginxhttphttps","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"

    \u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a

    user  c01dkit;\nworker_processes  1;\n\nevents {\n    worker_connections  1024;\n}\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n    sendfile        on;\n    keepalive_timeout  65;\n    server_tokens off;\n    server {\n        listen       1284;\n        listen       127.0.0.1:1284;\n        charset utf-8;\n        server_name  xxxx.c01dkit.com;\n        if ($scheme = http ) {\n            return 301 https://$host:xxxx$request_uri;  \n        }\n        error_page  404              /404.html;\n    }\n\n    server {\n        listen       127.0.0.1:443 ssl ;\n        listen       443 ssl ;\n        listen       [::]:443 ssl ;\n        server_name  xxxx.c01dkit.com;\n        charset utf-8;\n        ssl_certificate      xxxx/fullchain.pem;\n        ssl_certificate_key  xxxx/privkey.pem;\n\n        ssl_session_cache    shared:SSL:1m;\n        ssl_session_timeout  5m;\n\n        ssl_ciphers  HIGH:!aNULL:!MD5;\n        ssl_prefer_server_ciphers  on;\n\n        location / {\n            root   xxxxx;\n            index  index.html index.htm;\n            error_page  404              /404.html;\n\n        }\n        location ~ \\.php$ {\n            fastcgi_pass   unix:/run/php/php8.1-fpm.sock;\n            fastcgi_index  index.php;\n            fastcgi_param  SCRIPT_FILENAME  xxxx/www$fastcgi_script_name;\n            include        fastcgi_params;\n            error_page  404              /404.html;\n        }\n    }\n\n}\n

    \u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66\u7ae0\u8282\u3002

    \u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a

    nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n

    \u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063

    "},{"location":"porting/#iptablessslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"

    \u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002

    iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002

    \u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a

    # Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h  dom mon dow   command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002

    "},{"location":"porting/#https","title":"https\u8bc1\u4e66","text":"

    \u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002

    \u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh \u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a

    echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n

    \u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002

    \u6b64\u5916\uff0c\u65b0\u627e\u5230\u4e00\u4e2a\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728web\u7aef\u914d\u7f6e\u65b0\u8bc1\u4e66\u7684\u7f51\u7ad9\uff1ahttps://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html

    "},{"location":"proxy/","title":"\u4ee3\u7406\u8f6c\u53d1","text":""},{"location":"proxy/#_2","title":"\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","text":"

    \u53ef\u4ee5\u4f7f\u7528zerotier\uff0c\u767b\u5f55\u4ee5\u540e\u521b\u5efa\u4e00\u4e2a\u7f51\u7edc\u3002\u7136\u540e\u9700\u8981\u7ec4\u5c40\u57df\u7f51\u7684\u8bbe\u5907\u4e0b\u8f7dzerotier\u4ee5\u540ejoin\u4e0a\u5c31\u884c\u4e86\u3002

    "},{"location":"proxy/#_3","title":"\u5185\u7f51\u7a7f\u900f","text":"

    \u9700\u8981\u516c\u7f51\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u5728\u963f\u91cc\u4e91\u79df\u4e00\u4e2a

    \u4e00\u79cd\u65b9\u6cd5\u662ffrp

    \u53e6\u4e00\u79cd\u65b9\u6cd5\u662fssh\u6b63\u5411\u8fde\u63a5\u914d\u5408\u53cd\u5411\u8fde\u63a5\uff1a

    \u9996\u5148\u5185\u7f51\u670d\u52a1\u5668\u5f00\u4e2ascreen\u8fd0\u884cssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port\u8fde\u63a5\u5230\u4e91\u670d\u52a1\u5668\u4e0a\u3002\u8fd9\u6837\u7684\u8bdd\u670d\u52a1\u5668\u8bbf\u95ee127.0.0.1:1234\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u5185\u7f51\u7684127.0.0.1:22\u3002\u7136\u540e\u9700\u8981\u8fde\u63a5\u5185\u7f51\u7684\u4e3b\u673a\u4e5f\u5f00\u4e2ascreen\u8fd0\u884cssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port\uff0c\u8fd9\u6837\u7684\u8bdd\u8be5\u4e3b\u673a\u8bbf\u95ee\u81ea\u5df1127.0.0.1:2345\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u4e91\u670d\u52a1\u5668\u7684127.0.0.1:1234\u3002\u7136\u540e\u8be5\u4e3b\u673a\u518d\u5f00\u4e00\u4e2a\u7ec8\u7aef\uff0cssh user@127.0.0.1 -p 2345\u5373\u53ef\u3002

    "},{"location":"proxy/#_4","title":"\u5b50\u7f51\u8f6c\u53d1","text":"

    \u5e0c\u671b\u5c06\u67d0\u7aef\u53e3\u6536\u5230\u7684\u6d88\u606f\u8f6c\u53d1\u5230\u5176\u4ed6\u4e3b\u673a\u7684\u67d0\u4e00\u7aef\u53e3\uff0c\u53ef\u4ee5\u8bd5\u8bd5socat\uff0c\u6bd4\u5982socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\uff0c\u53ef\u4ee5\u628a4320\u7aef\u53e3\u6536\u5230\u7684TCP4\u6570\u636e\u5305\u8f6c\u53d1\u5230\u5b50\u7f5110.244.55.25\u768480\u7aef\u53e3\uff0c\u914d\u5408zerotier\u53ef\u4ee5\u5b9e\u73b0\u5185\u7f51\u5bf9\u5916\u5f00\u653e\u7aef\u53e3\u3002

    "},{"location":"pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"

    \u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b

    "},{"location":"pwn-college-cse365-spring2023/#talking-web","title":"Talking Web \u5b66\u4e60\u7b14\u8bb0","text":"

    \u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF

    \u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF

    \u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a

    HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment

    \u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding

    POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type

    \u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\"a\":\"xx\"}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob

    RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002

    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"pwn-college-cse365-spring2023/#building-a-web-server","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"

    \u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002

    \u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a

    // int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n *   uint16_t sa_family;\n *   uint8_t  sa_data[14];   \n * }\n * \n * struct sockaddr_in {\n *   uint16_t sin_family;\n *   uint16_t sin_port;\n *   uint32_t sin_addr;\n *   uint8_t  __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":"
    start\nbreak *main+42\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x32)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
    start\ncatch syscall read\ncommands\n    silent\n    if ($rdi == 42)\nset $rdi = 0\nend\n    continue\nend\ncontinue\n
    "},{"location":"pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002

    \u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a

    \u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002

    Level 1

    Send an HTTP request using curl

    curl http://127.0.0.1\n

    Level 2

    Send an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\n

    Level 3

    Send an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 4

    Set the host header in an HTTP request using curl

    curl -H 'host:xxxxx' http://127.0.0.1\n

    Level 5

    Set the host header in an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n

    Level 6

    Set the host header in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n

    Level 7

    Set the path in an HTTP request using curl

    curl http://127.0.0.1/xxxxx\n

    Level 8

    Set the path in an HTTP request using nc

    nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n

    Level 9

    Set the path in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n

    Level 10~12

    URL encode a path in an HTTP request using curl/nc/python

    \u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef

    Level 13~15

    Specify an argument in an HTTP request using curl/nc/python

    GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef

    nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762

    Level 16~18

    Specify multiple arguments in an HTTP request using curl/nc/python

    \u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389

    Level 19~21

    Include form data in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n

    Level 22~24

    Include form data with multiple fields in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n

    Level 25~27

    Include json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' |  nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n

    Level 28~30

    Include complex json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n

    Level 31~33

    Follow an HTTP redirect from HTTP response using curl/nc/python

    #curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 34~36

    Include a cookie from HTTP response using curl/nc/python

    #curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 37~39

    Make multiple requests in response to stateful HTTP responses using curl/nc/python

    #curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v #nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002

    Level 1

    In this level you will work with registers_use! Please set the following: rdi = 0x1337

    from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
    \u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run\u5373\u53ef\u3002

    Level 2

    asm('add rdi,0x331337')\n

    Level 3

    asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n

    Level 4

    \u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002

    asm('mov rax, rdi;div rsi')\n

    Level 5

    asm('mov rax, rdi;div rsi;mov rax, rdx')\n

    Level 6

    \u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002

    asm('mov al, dil;mov bx, si')\n

    Level 7

    shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09

    asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n

    Level 8

    and reg1, reg2\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002

    asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n

    Level 9

    \u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002

    asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n

    Level 10

    \u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002

    asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n

    Level 11

    \u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002

    asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n

    Level 12

    \u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002

    asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n

    Level 13

    asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n

    Level 14

    asm('pop rax;sub rax,rdi; push rax')\n

    Level 15

    \u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668

    asm('push rdi; push rsi; pop rdi; pop rsi')\n

    Level 16

    \u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09

    asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n

    Level 17

    \u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002

    asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n

    Level 18

    \u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n    add eax, [rdi+8]\n    add eax, [rdi+12]\n    jmp done\ncase2:\n    sub eax, [rdi+8]\n    sub eax, [rdi+12]\n    jmp done\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 19

    jmp [reg + offset]\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002

    asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n

    Level 20

    \u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n    cmp rcx, rsi\n    je done\n    add rax, [rdi + 8 * rcx]\n    add rcx, 1\n    jmp loop\ndone:\n    div rsi\n\"\"\"\n\nprint(asm(payload))\n

    Level 21

    \u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 22

    \u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9\u8fdb\u884c\u4f20\u53c2\u3001rax\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n    mov bl, [rdx]\n    test bl,bl\n    jz done\n    cmp bl, 0x5a\n    jg notif\n    mov rax, 0x403000\n    xor rdi, rdi\n    mov dil, bl\n    call rax\n    mov [rdx], al\n    add rcx, 1\nnotif:\n    add rdx, 1\n    jmp loop\ndone:\n    mov rax, rcx\n    ret\n\"\"\"\n\nprint(asm(payload))\n

    Level 23

    \u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002

    from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n    cmp rcx, rdx\n    jg loop1_end\n    mov al, [rdi + rcx]\n    mov r8, rbp\n    mov r9, rax\n    imul r9, 4\n    sub r8, r9\n    mov ebx, [r8]\n    add ebx, 1\n    mov [r8], ebx\n    add rcx, 1\n    jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n    cmp rcx, 0xff\n    jg loop2_end\n    mov r8, rbp\n    mov r9, rcx\n    imul r9, 4\n    sub r8, r9\n    mov edx, [r8]\n    cmp edx, ebx\n    jle loop2_conti\n    mov rbx, rdx\n    mov rax, rcx\nloop2_conti:\n    add rcx, 1\n    jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
    "},{"location":"pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"

    \u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002

    \u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c

    Level 1

    \u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a

    ===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0)                                 = ?\n+++ exited with 0 +++\n

    \u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002

    \u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server\u5373\u53ef\u3002

    \u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002

    \u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a

    hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n

    \u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86

    Level 2

    In this challenge you will create a socket.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    # create a socket\n    mov rdi, 2 # AF_INET\n    mov rsi, 1 # SOCK_STREAM\n    mov rdx, 0 # IPPROTO_IP\n    mov rax, 41 # sys_socket\n    syscall\n\n    push rax\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n

    Level 3

    In this challenge you will bind an address to a socket.

    \u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n

    \u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\npush rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, rax # socket_fd\npush 0x50000002 # AF_INET(2) and PORT(80) in big endian\nmov rsi, rsp # sockaddr_in\npush 0x0 # IP(0.0.0.0)\npush 0x0 # padding\npush 0x0 # padding\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n

    Level 4

    In this challenge you will listen on a socket.

    \u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 5

    In this challenge you will accept a connection.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 6

    In this challenge you will respond to an http request.

    \u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\nrequest:  .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 7

    In this challenge you will respond to a GET request for the contents of a specified file.

    \u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002

    open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e\\0\uff09\u3002

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0)                            = 0\n[\u2713] accept(3, NULL, NULL)                   = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY)      = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5)                                = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4)                                = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n

    \u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 8

    In this challenge you will accept multiple requests.

    \u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 9

    In this challenge you will concurrently accept multiple requests.

    \u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 10

    In this challenge you will respond to a POST request with a specified file and update its contents.

    \u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\"\\r\\n\\r\\n\"\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 11

    In this challenge you will respond to multiple concurrent GET and POST requests.

    \u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# check GET or POST\nmov eax, request\nmov ebx, requestget\ncmp eax, ebx\nje handle_get\nmov ebx, requestpost\ncmp eax, ebx\nje handle_post\n\njmp program_exit\n\nhandle_get:\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\njmp program_exit\n\nhandle_post:\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\nprogram_exit:\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"

    Level 1

    \u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002

    Level 2

    \u672c\u5173run\u4ee5\u540ep/x $r12\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002

    Level 3

    \u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002

    Level 4

    \u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0\uff0cset $pc=xxx\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002

    Level 5

    \u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002

    run\u540e\u5148disas $pc\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a

    0x000055981a8ccd40 <+666>:   mov    esi,0x0\n0x000055981a8ccd45 <+671>:   lea    rdi,[rip+0xd5e]        # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>:   mov    eax,0x0\n0x000055981a8ccd51 <+683>:   call   0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>:   mov    ecx,eax\n0x000055981a8ccd58 <+690>:   lea    rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>:   mov    edx,0x8\n0x000055981a8ccd61 <+699>:   mov    rsi,rax\n0x000055981a8ccd64 <+702>:   mov    edi,ecx\n0x000055981a8ccd66 <+704>:   call   0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>:   lea    rdi,[rip+0xd46]        # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>:   call   0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>:   lea    rdi,[rip+0xd5a]        # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>:   mov    eax,0x0\n0x000055981a8ccd83 <+733>:   call   0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>:   lea    rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>:   mov    rsi,rax\n0x000055981a8ccd8f <+745>:   lea    rdi,[rip+0xd51]        # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>:   mov    eax,0x0\n0x000055981a8ccd9b <+757>:   call   0x55981a8cc260 <__isoc99_scanf@plt>\n

    \u731c\u6d4b\u57280x000055981a8ccd51\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002

    \u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002

    start\nbreak *main+716\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x18)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n

    \u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002

    Level 6

    \u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002

    Level 7

    \uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f

    Level 8

    \u76f4\u63a5\u8c03\u7528call (void)win()\uff0c\u53ef\u4ee5disas *win\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002

    0x0000556609b49951 <+0>:     endbr64\n0x0000556609b49955 <+4>:     push   rbp\n0x0000556609b49956 <+5>:     mov    rbp,rsp\n0x0000556609b49959 <+8>:     sub    rsp,0x10\n0x0000556609b4995d <+12>:    mov    QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>:    mov    eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>:    lea    edx,[rax+0x1]\n0x0000556609b4996e <+29>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>:    mov    DWORD PTR [rax],edx\n0x0000556609b49974 <+35>:    lea    rdi,[rip+0x73e]        # 0x556609b4a0b9\n0x0000556609b4997b <+42>:    call   0x556609b49180 <puts@plt>\n

    \u53ef\u89c1\u57280x0000556609b49969\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002

    \u4f9d\u6b21\u6267\u884c\uff1abreak *win\uff0ccall (void)win()\uff0cset $rip=*win+35\uff0cc\u5373\u53ef\u3002

    Level 1.0

    Reverse engineer this challenge to find the correct license key.

    \u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002

    \u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002

    Level 1.1

    Reverse engineer this challenge to find the correct license key.

    \u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5c <address>\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002

    \u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002

    Level 2.0

    Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

    \u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002

    Level 2.1

    \u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a

    0x5584f463251f:      lea    rax,[rbp-0xe]\n0x5584f4632523:      mov    edx,0x5\n0x5584f4632528:      mov    rsi,rax\n0x5584f463252b:      mov    edi,0x0\n0x5584f4632530:      call   0x5584f46321a0 <read@plt>\n0x5584f4632535:      movzx  eax,BYTE PTR [rbp-0xe]\n0x5584f4632539:      mov    BYTE PTR [rbp-0x10],al\n0x5584f463253c:      movzx  eax,BYTE PTR [rbp-0xd]\n0x5584f4632540:      mov    BYTE PTR [rbp-0xf],al\n0x5584f4632543:      movzx  eax,BYTE PTR [rbp-0xf]\n0x5584f4632547:      mov    BYTE PTR [rbp-0xe],al\n0x5584f463254a:      movzx  eax,BYTE PTR [rbp-0x10]\n0x5584f463254e:      mov    BYTE PTR [rbp-0xd],al\n0x5584f4632551:      lea    rdi,[rip+0xdb0]        # 0x5584f4633308\n0x5584f4632558:      call   0x5584f4632140 <puts@plt>\n0x5584f463255d:      lea    rax,[rbp-0xe]\n0x5584f4632561:      mov    edx,0x5\n0x5584f4632566:      lea    rsi,[rip+0x2aa3]        # 0x5584f4635010\n0x5584f463256d:      mov    rdi,rax\n0x5584f4632570:      call   0x5584f46321b0 <memcmp@plt>\n

    \u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5c 0x5584f4635010\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002

    Level 3.0-3.1

    \u8fd0\u884c\u7a0b\u5e8f\uff0c\u968f\u4fbf\u8f93\u51e0\u4e2a\u6570\u3002\u663e\u5f0f\u544a\u8bc9\u4e86\u89c4\u5219\u662f\u9006\u5e8f\uff0c\u53c8\u628a\u6b63\u786e\u7b54\u6848\u6253\u5370\u51fa\u6765\u4e86\u3002

    3.1\u731c\u6d4b\u548c3.0\u4e00\u6837\u4e5f\u662f\u9006\u5e8f\u3002\u76f4\u63a5\u63092.1\u7684\u65b9\u6cd5\u770b\u4e00\u4e0b[rbp-0xe]\u5904\u7684\u503c\u7136\u540e\u9006\u5e8f\u8f93\u5165\u5c31\u884c\u3002

    Level 4.0-4.1

    \u89c4\u5219\u662f\u8fdb\u884c\u9012\u589e\u6392\u5e8f\u3002\u8fd9\u4e0b\u53ea\u9700\u8981\u5305\u542b\u8fd9\u4e9b\u5b57\u6bcd\u5c31\u884c\u3002\uff08\u8fd9\u4e0d\u662f\u66f4\u7b80\u5355\u4e86\u2026\u2026\uff09

    Level 5.0-5.1

    \u8fd9\u9053\u9898\u662f\u5bf9\u8f93\u5165\u5b57\u7b26\u8fdb\u884c\u5f02\u6216\u3002\u7b80\u5355\u5199\u4e86\u4e2apython\uff0c\u5728\u63a7\u5236\u53f0\u4ea4\u4e92\u65f6\u8fd0\u884c\u4e0b\uff1a

    tx = lambda x:int(x,16)\n''.join([chr(i^0xb8) for i in [tx(a) for a in 'd6 d5 d6 cf da'.split() ]])\n

    5.1\u548c5.0\u7c7b\u4f3c\uff0c\u4eff\u7167\u4e4b\u524d\u7684\u65b9\u6cd5\u53ef\u4ee5\u770b\u5230\u5f02\u6216\u7528\u7684\u662f0x1c\u3002

    Level 6.0

    \u8fd9\u9053\u9898\u7ed3\u5408\u4e86\u4ea4\u6362\u3001\u5f02\u6216\u3001\u9006\u5e8f\u4e09\u79cd\u64cd\u4f5c\uff0c\u5e72\u8106\u5199\u4e2a\u811a\u672c\u5904\u7406\u4e0b\u5427\u3002

    def do_reverse(li):\n    return li[::-1]\n\ndef do_swap(li, idx1, idx2):\n    li[idx1], li[idx2] = li[idx2], li[idx1]\n    return li\n\ndef do_xor(li, key):\n    xor_li = []\n    while key > 0:\n        xor_li.insert(0, key & 0xff)\n        key >>= 8\n    for i in range(len(li)):\n        li[i] ^= xor_li[i % len(xor_li)]\n    return li\n\ndef do_sort(li):\n    li.sort()\n    return li\n\ndef sanitize(s):\n    if type(s) is str:\n        f = lambda tx: int(tx,16)\n        return [f(i) for i in s.split()]\n    if type(s) is list:\n        return ''.join([chr(i) for i in s])\n\nprint(sanitize(do_swap(do_xor(do_reverse(sanitize('51 90 52 86 58 98 4d 81 4b 84 4f 9a 57 8c 51 91 56')),0x3ef5),5,6)))\n

    6.1\u6709\u70b9\u5947\u602a\uff0c\u770b\u6c47\u7f16\u597d\u50cf\u662f\u5148\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9010\u5b57\u8282\u4e0e0xbb\u5f02\u6216\u3002\u597d\u50cf\u548c5.0\u7684\u7f6e\u6362-\u5f02\u6216-\u9006\u5e8f\u4e0d\u4e00\u6837\u7684\uff1f\u53ef\u80fd\u662f\u968f\u673a\u9009\u62e9\u7b56\u7565\u5427\u3002

    Level 7.0-7.1

    7.0\u7528\u4e0a\u4e00\u4e2a\u811a\u672c\u5373\u53ef\u3002

    print(sanitize(do_swap(do_sort(do_xor(do_swap(do_xor(sanitize(' 16 34 42 00 13 31 46 0d 1c 3b 4e 15 05 22 52 10 04 22 54 1c 0f 2e 59 1d 0e 2f 5b'),0x85a4d396),13,16),0xf2)),7,10)))\n

    7.1\u662f\u5148\u548c0x15ca\u5f02\u6216\uff0c\u7136\u540e\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9012\u589e\u6392\u5e8f

    print(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0x15ca)))\nprint(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0xca15)))\n\n#u\u00abq\u00acr\u00a6e\u00bad\u00beb\u00b6i\u00b7jo\u00b0o\u00bda\u00bee\u00a5y\u00ads\u00afq\n#\u00aat\u00aes\u00ady\u00bae\u00bba\u00bdi\u00b6h\u00b5\u00b0o\u00b0b\u00bea\u00baz\u00a6r\u00acp\u00ae\n#\u7136\u540e\u628a\u4e24\u4e2a\u7ed3\u679c\u4e2d\u5b57\u6bcd\u6392\u8d77\u6765\n#utqsryeedabiihjooobaaezyrspq\n
    "},{"location":"pwn-college-cse365-spring2023/#_1","title":"\u603b\u7ed3","text":"

    CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01

    "},{"location":"python/","title":"Python","text":""},{"location":"python/#_1","title":"\u4e00\u4e9b\u5c0f\u70b9","text":""},{"location":"python/#_2","title":"\u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027","text":"

    obj.__dir__() \u6216\u8005dir(obj)

    "},{"location":"python/#argparse","title":"\u53c2\u6570\u89e3\u6790\uff1aargparse","text":"

    \u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install --upgrade, pip3 install --force-reinstall\u7b49\u7b49\u3002

    import argparse\n\ndef populate_parser(parser):\n    parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n    parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n    parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n    # Verbosity switches\n    parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n    parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
    "},{"location":"python/#yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"

    \u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305

    import yaml\n\nwith open('config.yml', 'rb') as f:\n    data = yaml.load(f, Loader=yaml.FullLoader)\n    print(data)\n

    \u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09

    \u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6

    item:\ntest1: 1\ntest2: 2\ntest2.1: TRUE\ntest2.2: true\ntest2.3: True\nmatters:\ntest3: 3\n3: 333\ntest4: 4\ntest5: ${item.test1}\ntest6: a b c d\ntest7: 

    \u4f1a\u88ab\u8bc6\u522b\u4e3a

    {'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
    "},{"location":"python/#logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"

    \u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002

    import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n

    \u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f

    import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n

    \u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)

    "},{"location":"python/#_3","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"

    \u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002

    import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n    event_id, pc, cnt = bb_regex.match(line).groups()\n\n    event_id = int(event_id, 16)\n    pc = int(pc, 16)\n    cnt = int(cnt)\n\n    return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n    pc, addr, mode = line.split(\" \")\n    return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n    try:\n        with open(filename, \"r\") as f:\n            return [line_parser(line) for line in f.readlines() if line]\n    except FileNotFoundError:\n        return []\n\ndef parse_bbl_trace(filename):\n    return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n    return _parse_file(filename, parse_mmio_set_line)\n
    "},{"location":"python/#capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"

    Cap'n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a

    // test.capnp\nstruct TraceEvent {\nunion {\nbasicBlock @0 :BasicBlock;\naccess @1 :Access;\n}\n}\n\nstruct BasicBlock {\npc @0 :UInt32;\nlr @1 :UInt32;\n}\n\nstruct Access {\ntarget @0 :AccessTarget;\ntype @1 :AccessType;\nsize @2 :UInt8;\npc @3 :UInt32;\n}\n\nenum AccessTarget {\nram @0;\nmmio @1;\n}\nenum AccessType {\nread @0;\nwrite @1;\n}\n
    \u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a

    import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n    if event.which() == 'basicBlock':\n        print(event.basicBlock.pc)\ntrace_file.close()\n
    "},{"location":"python/#_4","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"

    \u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal

    pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n    if timeout_seconds != 0:\n        def handler(signal_no, stack_frame):\n            pipeline.request_shutdown()\n\n        # spin up an alarm for the time\n        signal.signal(signal.SIGALRM, handler)\n        signal.alarm(timeout_seconds)\n\n    pipeline.start()\nexcept Exception as e:\n    logger.error(f\"Got exception, shutting down pipeline: {e}\")\n    import traceback\n    traceback.print_exc()\n    status = 1\n
    "},{"location":"python/#hexintelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"

    fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc

    from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n    0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n    0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n    ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n    ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n    # Check if the address is consecutive with the current data\n    if current_address is None or address == current_address + len(current_data):\n        if current_address is None:\n            current_address = address\n        current_data += bytes([ih[address]])\n    else:\n        # Save the previous data and start a new block\n        restored_data[current_address] = current_data\n        current_address = address\n        current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n    restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
    "},{"location":"python/#_5","title":"\u53c2\u8003\u8d44\u6599","text":""},{"location":"rca/","title":"\u6839\u56e0\u5206\u6790","text":"

    \u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002

    \u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002

    \u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002

    \u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a

    1. \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5(Spectrum-based)\u3002\u5927\u6982\u601d\u8def\u662f\u4e0d\u9700\u8981\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u7684\u8bed\u4e49\u4fe1\u606f\uff0c\u5229\u7528\u4e00\u4e9b\u7edf\u8ba1\u5b66\u7684\u65b9\u6cd5\u6765\u5206\u6790\u54ea\u4e9b\u6307\u4ee4\u6709\u95ee\u9898\u3002\u8fd9\u7c7b\u65b9\u6cd5\u57fa\u4e8e\u8fd9\u6837\u4e00\u4e2a\u573a\u666f\uff1a\u5047\u8bbe\u6211\u4eec\u6709\u4e00\u5927\u6279\u76f8\u4f3c\u7684\u6d4b\u8bd5\u6837\u4f8b\uff0c\u5176\u4e2d\u6709\u4e9b\u4f1a\u5bfc\u81f4\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6709\u4e9b\u4e0d\u4f1a\uff0c\u90a3\u4e48\u8fd9\u4e24\u7c7b\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u504f\u597d\u3002\u90a3\u4e48\u90a3\u4e9b\u66f4\u503e\u5411\u4e8e\u5728\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b\u4e2d\u6267\u884c\u7684\u6307\u4ee4\u66f4\u6709\u53ef\u80fd\u662froot cause\u3002
    2. \u4e8b\u540e\u5206\u6790\u65b9\u6cd5(Postmortem-based)\u3002\u76f4\u8bd1\u5c38\u68c0\u5206\u6790\uff0c\u5f62\u8c61\u7406\u89e3\u4e3a\u4ece\u7a0b\u5e8f\u5d29\u6e83\u540e\u7559\u4e0b\u7684\u201c\u5c38\u4f53\u201d\u5f00\u59cb\u5206\u6790\u3002\u5b83\u5047\u5b9a\u7a0b\u5e8f\u5d29\u6e83\u540e\u4f1a\u4ea7\u751f\u4e00\u4e2acoredump(\u6838\u5fc3\u8f6c\u50a8)\u6587\u4ef6\uff0c\u5305\u542b\u4e86\u5d29\u6e83\u70b9\u7684\u5185\u5b58\u5feb\u7167(memory snapshot)\uff0c\u4ee5\u53ca\u8fd9\u4e2a\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84(execution trace)\u3002\u524d\u8005\u7528\u4e8e\u63d0\u4f9b\u6570\u636e\u6d41\u4fe1\u606f(\u6bd4\u5982\u5185\u5b58\u503c\u3001\u5bc4\u5b58\u5668\u503c)\uff0c\u540e\u8005\u7528\u4e8e\u63d0\u4f9b\u63a7\u5236\u6d41\u4fe1\u606f(\u6c47\u7f16\u6307\u4ee4\u6267\u884c\u4e0e\u8df3\u8f6c)\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u4e00\u4e9b\u9006\u5411\u6267\u884c(reverse execution)\u548c\u540e\u5411\u6c61\u70b9\u5206\u6790(backward taint analysis)\u7684\u65b9\u6cd5\uff0c\u5b9a\u4f4d\u53ef\u80fd\u7684root cause\u3002
    3. \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5(Model-based)\u3002\u8fd9\u4e00\u7c7b\u65b9\u6cd5\u662f\u8fd1\u4e9b\u5e74\u63d0\u51fa\u7684\uff0c\u5b83\u901a\u8fc7\u5b9a\u4e49\u8bed\u4e49\u76f8\u5173\u7684\u6a21\u578b\uff0c\u5229\u7528\u673a\u5668\u5b66\u4e60\u6216\u6df1\u5ea6\u5b66\u4e60\u7684\u601d\u60f3\uff0c\u627e\u5230\u8bed\u4e49\u4e0a\u5bfc\u81f4\u5d29\u6e83\u7684root cause\u3002

    \u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002

    \u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002

    \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5

    \u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002

    \u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002

    "},{"location":"rca/#_2","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"

    \u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684

    "},{"location":"rca/#_3","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"

    \u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002

    "},{"location":"rca/#_4","title":"\u4e00\u4e9b\u60f3\u6cd5","text":"
    1. \u4ec0\u4e48\u662f\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\uff1f\u5047\u5982\u51fd\u6570A\u5185\u521b\u5efa\u4e34\u65f6\u53d8\u91cfx\u5e76\u8c03\u7528\u51fd\u6570B(x)\uff0c\u5728B\u5185\u5f15\u53d1crash\uff0c\u90a3\u4e48\u5e94\u8be5\u5f52\u548e\u4e3aA\u6ca1\u6709\u5904\u7406x\u5462\uff0c\u8fd8\u662fB\u6ca1\u6709\u68c0\u67e5x\u5462\uff1f\u8fd9\u662fAPI\u5b9e\u73b0\u7684\u95ee\u9898\uff0c\u8fd8\u662fAPI\u8bef\u7528\u7684\u95ee\u9898\uff1f(\u5f00\u53d1\u8005or\u7528\u6237)
    2. \u5bf9\u4e8e\u67d0\u4e00\u4e2acrash\uff0c\u5982\u679c\u5f00\u53d1\u4eba\u5458\u8fdb\u884c\u4e86\u4fee\u590d\uff0c\u90a3\u4e48\u8fd9\u4e2a\u4fee\u590d\u80fd\u62ff\u6765\u5f53root cause\u5417\uff1f\u4e0d\u540c\u5f00\u53d1\u4eba\u5458\u4fee\u590d\u7684\u98ce\u683c\u53ef\u80fd\u4e0d\u4e00\u6837\uff0c\u4fee\u590d\u4e5f\u672a\u5fc5\u662f\u5b8c\u5168\u7684\uff0croot cause\u5c31\u662f\u4e00\u4e2a\u4e3b\u89c2\u7684\u95ee\u9898\u4e86\u3002
    "},{"location":"rca/#_5","title":"\u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09","text":""},{"location":"rca/#_6","title":"\u53c2\u8003\u6587\u732e","text":"

    \u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba

    "},{"location":"readings/","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"readings/#_2","title":"\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","text":""},{"location":"readings/#_3","title":"\u4f1a\u8bae\u603b\u7ed3","text":""},{"location":"readings/#_4","title":"\u8f6f\u4ef6\u4f9b\u5e94\u94fe","text":""},{"location":"readings/#_5","title":"\u5927\u6a21\u578b","text":""},{"location":"readings/#google","title":"Google","text":""},{"location":"readings/#_6","title":"\u7f16\u7a0b\u8bed\u8a00","text":""},{"location":"readings/#_7","title":"\u78e8\u5200\u4e0d\u8bef\u780d\u67f4\u5de5","text":""},{"location":"reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":""},{"location":"reverse-advanced/#windows","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"

    DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker

    "},{"location":"reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"

    \u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002

    "},{"location":"reverse-basic/#_2","title":"\u8c03\u7528\u7ea6\u5b9a","text":"

    cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002

    stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002

    fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002

    "},{"location":"reverse-basic/#_3","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"

    call \u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c

    retn \u5373pop EIP

    test \u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668

    "},{"location":"reverse-basic/#nop","title":"NOP\u6307\u4ee4\u7684\u7528\u9014","text":"

    NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002

    "},{"location":"reverse-basic/#_4","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"

    \u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a

    push ebp\nmov ebp,esp\n

    \u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27

    "},{"location":"reverse-basic/#_5","title":"\u540d\u79f0\u4fee\u9970","text":"

    \u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a

    namespace wikipedia\n{\nclass article\n{\npublic:\nstd::string format();\n}\n}\n

    \u5176\u4e2d_Z\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002

    "},{"location":"reverse-basic/#pe","title":"PE\u6587\u4ef6","text":"

    PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002

    "},{"location":"reverse-basic/#pe_1","title":"PE\u6587\u4ef6\u7684\u6570\u636e\u8282","text":"

    #pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002

    "},{"location":"reverse-basic/#_6","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"

    \u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a\u6216.lib\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so\u6216.dll

    \u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c

    \u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef

    \u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o\uff0car crs libxx.a xx.o\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e

    "},{"location":"reverse-basic/#gdb","title":"gdb","text":"

    \u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002

    \u4f7f\u7528ulimit -c unlimited\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002

    "},{"location":"reverse-basic/#_7","title":"\u63a8\u8350\u9605\u8bfb","text":"

    Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5

    "},{"location":"sci-thoughts/","title":"\u79d1\u7814\u5fc3\u5f97","text":""},{"location":"sci-thoughts/#_2","title":"\u517b\u6210\u4e60\u60ef","text":"

    \u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002

    \u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002

    \u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002

    \u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002

    "},{"location":"sci-thoughts/#_3","title":"\u79d1\u7814\u5199\u4f5c","text":"

    \u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002

    \u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002

    "},{"location":"sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"

    \u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a

    \u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a

    \u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a

    \u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a

    \u63d0\u51fa\u672c\u6587novelty\uff1a

    \u63d0\u51fa\u672c\u6587insight\uff1a

    \u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a

    \u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a

    \u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a

    "},{"location":"tech-sslh/","title":"sslh \u9605\u8bfb\u7b14\u8bb0","text":"

    \u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002

    sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002

    "},{"location":"tech-sslh/#_1","title":"\u4fbf\u6377\u4e0a\u624b","text":"
    apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n

    \u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002

    \u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\"OK1\"\u6216\u8005\"OK2\"\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex\u3001ssh\u3001tls\u3001http\u3002

    \u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002

    protocols:\n(\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
    "},{"location":"tech-sslh/#sslh_1","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"

    \u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a

    1. \u8c03\u7528sslhcfg_cl_parse\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2
    2. \u8c03\u7528config_protocols\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219
    3. \u8c03\u7528start_listen_sockets\u5f00\u59cb\u76d1\u542csockets
    4. \u8c03\u7528main_loop\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570

    \u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002

    "},{"location":"tech-sslh/#_2","title":"\u534f\u8bae\u8bc6\u522b","text":"

    \u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002

    \u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a

    /* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n/* description  probe  */\n{ \"ssh\",        is_ssh_protocol},\n{ \"openvpn\",    is_openvpn_protocol },\n{ \"wireguard\",  is_wireguard_protocol },\n{ \"tinc\",       is_tinc_protocol },\n{ \"xmpp\",       is_xmpp_protocol },\n{ \"http\",       is_http_protocol },\n{ \"tls\",        is_tls_protocol },\n{ \"adb\",        is_adb_protocol },\n{ \"socks5\",     is_socks5_protocol },\n{ \"syslog\",     is_syslog_protocol },\n{ \"teamspeak\",  is_teamspeak_protocol },\n{ \"msrdp\",      is_msrdp_protocol },\n{ \"anyprot\",    is_true }\n};\n

    \u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol\u3001is_http_protocol\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a

    /* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nif (len < 4)\nreturn PROBE_AGAIN;\n\nreturn !strncmp(p, \"SSH-\", 4);\n}\n

    \u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\"SSH-\"\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002

    /* Is the buffer the beginning of an HTTP connection?  */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nint res;\n/* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\nif (memmem(p, len, \"HTTP\", 4))\nreturn PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n/* Otherwise it could be HTTP/1.0 without version: check if it's got an\n     * HTTP method (RFC2616 5.1.1) */\nPROBE_HTTP_METHOD(\"OPTIONS\");\nPROBE_HTTP_METHOD(\"GET\");\nPROBE_HTTP_METHOD(\"HEAD\");\nPROBE_HTTP_METHOD(\"POST\");\nPROBE_HTTP_METHOD(\"PUT\");\nPROBE_HTTP_METHOD(\"DELETE\");\nPROBE_HTTP_METHOD(\"TRACE\");\nPROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\nreturn PROBE_NEXT;\n}\n

    http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\"HTTP\"\u5b57\u7b26\u4e32\u3002

    \u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a

    /* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\nint i;\n\nfor (i = 0; i < ARRAY_SIZE(builtins); i++) {\nif (!strcmp(builtins[i].name, description)) {\nreturn builtins[i].probe;\n}\n}\n\n/* Special case of \"regex\" probe (we don't want to set it in builtins\n     * because builtins is also used to build the command-line options and\n     * regexp is not legal on the command line)*/\nif (!strcmp(description, \"regex\"))\nreturn regex_probe;\n\n/* Special case of \"timeout\" is allowed as a probe name in the\n     * configuration file even though it's not really a probe */\nif (!strcmp(description, \"timeout\"))\nreturn is_true;\n\nreturn NULL;\n}\n

    is_true\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002

    regex_probe\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002

    "},{"location":"tech-sslh/#tlsalpnsni","title":"TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb","text":"

    tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002

    \u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a

    # match BOTH ALPN/SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0;  tfo_ok: true },\n     { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ];  log_level: 0; tfo_ok: true },\n\n# just match SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0;  tfo_ok: true },\n     { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ];  log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n{ name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n{ name: \"tls\"; host: \"localhost\"; port: \"443\";  tfo_ok: true },\n

    alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002

    sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002

    sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002

    "},{"location":"try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":""},{"location":"try-chatgpt/#_1","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"

    linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f

    \u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002

    \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a

    wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
    \u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a

    --recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 --no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 --page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 --html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 --convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 --restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 --domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 --no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002

    \u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002

    \u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f

    \u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a

    \u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a

    wget --limit-rate=200k http://example.com\n

    \u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --tries \u548c --wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a

    wget --tries=10 --wait=5 http://example.com\n
    \u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a

    wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n

    \u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002

    "},{"location":"try-chatgpt/#gopythonrust","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"

    go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f

    \u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a

    Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002

    Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002

    Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002

    \u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002

    "},{"location":"try-chatgpt/#_2","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"

    \u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9

    \u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a

    OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002

    NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002

    SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002

    Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002

    SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002

    Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002

    GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002

    \u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01

    "},{"location":"word-learning/","title":"\u8bcd\u6c47\u5b66\u4e60","text":""}]} \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml index 4e4adc7..b3f4377 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,152 +2,157 @@ https://tech.c01dkit.com/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/IDA/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/autoconf/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/c/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/code-gracely/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/crawler/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/docker/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/envs/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/fuzzing/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/git/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/go/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/interesting-articles/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/investigations/ - 2023-12-18 + 2024-01-22 + daily + + + https://tech.c01dkit.com/java/ + 2024-01-22 daily https://tech.c01dkit.com/latex/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/linux-server/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/openssh/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/picking-ups/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/porting/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/proxy/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/pwn-college-cse365-spring2023/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/python/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/rca/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/readings/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/reverse-advanced/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/reverse-basic/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/sci-thoughts/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/sentence-templates/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/tech-sslh/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/try-chatgpt/ - 2023-12-18 + 2024-01-22 daily https://tech.c01dkit.com/word-learning/ - 2023-12-18 + 2024-01-22 daily \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index e3dd9e6..2ecc397 100644 Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ