diff --git a/java/index.html b/java/index.html
new file mode 100644
index 0000000..0067c0d
--- /dev/null
+++ b/java/index.html
@@ -0,0 +1,983 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Java - c01dkit's tech blog
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Java
+Java环境配置
+在https://www.oracle.com/java/technologies/downloads/ 下载对应系统的包。Linux选择Compressed Archive,解压缩以后配置下path;Windows可以用MSI Installer。对应的源码在lib/src.zip中。
+Java源码架构理解
+核心代码、主要功能在java.base/java目录下,其中包含了io、lang、util等多个关键模块。
+Java里有哪些数据结构类型?如何实现的?
+Java中常见的数据类型比如Set、Array、
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/linux-server/index.html b/linux-server/index.html
index 014dee1..31ad3f1 100644
--- a/linux-server/index.html
+++ b/linux-server/index.html
@@ -710,6 +710,13 @@
+ 打开文件数
+
+
+
+
+
+
参考资料
@@ -1045,6 +1052,13 @@
+ 打开文件数
+
+
+
+
+
+
参考资料
@@ -1179,7 +1193,10 @@ 系统服务
定时服务
定时程序执行失败的原因是多样的,可能是因为定时服务没启动,需要systemctl restart cron.service
,或者是cron服务坏掉了,先apt install cron --reinstall
强制重新安装下,再重启服务,或者是安装了别的依赖库但是没有重启cron导致运行失败,试试/etc/init.d/cron restart
。
-参考资料
+打开文件数
+https://www.baeldung.com/linux/list-open-file-descriptors
+Linux默认最多同时打开1024个文件,可以通过ulimit -n
查看。fuzzing等要注意关闭文件描述符,否则可能导致服务器故障(比如ssh连不上)。/proc//fd里列出了pid锁打开的文件。
+参考资料
systemd相关资料
diff --git a/readings/index.html b/readings/index.html
index 43fbc7a..2287c7a 100644
--- a/readings/index.html
+++ b/readings/index.html
@@ -306,6 +306,13 @@
编程语言
+
+
+
+
+ 磨刀不误砍柴工
+
+
@@ -1004,6 +1011,13 @@
编程语言
+
+
+
+
+ 磨刀不误砍柴工
+
+
@@ -1053,6 +1067,12 @@ 编程语言
多进程
进程池
+磨刀不误砍柴工
+
diff --git a/search/search_index.json b/search/search_index.json
index 0777a96..c20efe6 100644
--- a/search/search_index.json
+++ b/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to c01dkit's tech blog","text":"\u76ee\u5f55\u4e3a\u81ea\u52a8\u751f\u6210\uff0c\u53ef\u80fd\u6709\u8bef\u3002\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u65f6\u95f42023-12-18\u3002
\u6b22\u8fce\u63d0issue\u4ee5\u6307\u9519\u3001\u4ea4\u6d41\uff01
\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u5185\u5bb9\uff1a
\u5355\u72ec\u628actf\u9898\u76eewp\u5206\u6210\u4e00\u4e2a\u65b0\u7684\u7c7b "},{"location":"#_1","title":"\u6587\u7ae0\u9605\u8bfb","text":" \u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60 \u4f1a\u8bae\u603b\u7ed3 \u8f6f\u4ef6\u4f9b\u5e94\u94fe \u5927\u6a21\u578b Google \u7f16\u7a0b\u8bed\u8a00 "},{"location":"#ctf-pwn-college-cse-365-spring-2023","title":"CTF\u7b14\u8bb0 / pwn-college / CSE 365 - spring 2023","text":" Talking Web \u5b66\u4e60\u7b14\u8bb0 Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0 Building a Web Server \u5b66\u4e60\u7b14\u8bb0 Reverse Engineering \u5b66\u4e60\u7b14\u8bb0 Talking Web WriteUps Assembly Crash Course Writeups Building a Web Server Writeups Reverse Engineering Writeups \u603b\u7ed3 "},{"location":"#c","title":"\u7f16\u7a0b\u8bed\u8a00 / C\u8bed\u8a00","text":" \u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740 \u52a8\u6001\u94fe\u63a5\u5e93 "},{"location":"#go","title":"\u7f16\u7a0b\u8bed\u8a00 / Go","text":" go\u73af\u5883\u914d\u7f6e \u521b\u5efa\u5de5\u7a0b \u5feb\u901f\u5165\u95e8 "},{"location":"#python","title":"\u7f16\u7a0b\u8bed\u8a00 / Python","text":" \u4e00\u4e9b\u5c0f\u70b9 \u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027 \u53c2\u6570\u89e3\u6790\uff1aargparse \u914d\u7f6e\u8bfb\u53d6\uff1ayaml \u8f93\u51fa\u65e5\u5fd7\uff1alogging \u63a5\u53e3\u8bbe\u8ba1 \u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp \u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f \u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex \u53c2\u8003\u8d44\u6599 "},{"location":"#_2","title":"\u7f16\u7a0b\u8bed\u8a00 / \u4f18\u96c5\u7f16\u7a0b","text":" \u7a0b\u5e8f\u53d8\u91cf \u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5 \u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175 \u4f18\u5316\u8ba1\u7b97\u6548\u7387 \u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801 \u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41 \u5faa\u73af \u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf \u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad \u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868 \u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c \u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027 C "},{"location":"#python_1","title":"\u7f16\u7a0b\u5e94\u7528 / python\u722c\u866b","text":" Scrapy \u52a0\u56fd\u5185\u4ee3\u7406 application/json\u7c7b\u578b application/x-www-form-urlencoded\u7c7b\u578b Selenium "},{"location":"#ida","title":"\u7a0b\u5e8f\u9006\u5411 / IDA\u57fa\u7840","text":" \u53cd\u7f16\u8bd1ARM raw binary "},{"location":"#_3","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u57fa\u7840","text":" \u8c03\u7528\u7ea6\u5b9a \u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26 NOP\u6307\u4ee4\u7684\u7528\u9014 \u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad \u540d\u79f0\u4fee\u9970 PE\u6587\u4ef6 PE\u6587\u4ef6\u7684\u6570\u636e\u8282 \u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93 gdb \u63a8\u8350\u9605\u8bfb "},{"location":"#_4","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u9ad8\u9636","text":" Windows\u9006\u5411\u6280\u672f\u6982\u5ff5 "},{"location":"#autoconf","title":"\u5b66\u4e60\u7b14\u8bb0 / autoconf","text":" \u4e0d\u5206\u76ee\u5f55\u7ed3\u6784 \u533a\u5206\u76ee\u5f55\u7ed3\u6784 "},{"location":"#chatgpt","title":"\u5b66\u4e60\u7b14\u8bb0 / ChatGPT","text":" \u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d \u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb \u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60 "},{"location":"#docker","title":"\u5b66\u4e60\u7b14\u8bb0 / Docker","text":" \u5b89\u88c5docker \u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e \u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55 \u65b0\u5bb9\u5668\u521d\u59cb\u5316 \u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668 \u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668 "},{"location":"#ubuntu","title":"\u5b66\u4e60\u7b14\u8bb0 / Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":" \u6839\u636epid\u67e5\u8be2\u7ec6\u8282 \u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282 \u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361 \u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528 \u7edf\u8ba1\u78c1\u76d8\u7528\u91cf \u4fee\u6539DNS \u7cfb\u7edf\u670d\u52a1 \u5b9a\u65f6\u670d\u52a1 \u53c2\u8003\u8d44\u6599 "},{"location":"#git","title":"\u5b66\u4e60\u7b14\u8bb0 / Git","text":" \u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d \u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6 \u64a4\u56deadd \u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee \u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a \u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93 \u5b50\u6a21\u5757\u7684\u4e0b\u8f7d \u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539 \u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528 Github debug\u5408\u96c6 Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated. "},{"location":"#sslh","title":"\u5b66\u4e60\u7b14\u8bb0 / sslh","text":" \u4fbf\u6377\u4e0a\u624b sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316 \u534f\u8bae\u8bc6\u522b TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb "},{"location":"#_5","title":"\u5b66\u4e60\u7b14\u8bb0 / \u7aef\u53e3\u590d\u7528","text":" \u7aef\u53e3\u590d\u7528\u65b9\u6cd5 sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305 ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5 nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1 iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh https\u8bc1\u4e66 "},{"location":"#_6","title":"\u5b66\u4e60\u7b14\u8bb0 / \u73af\u5883\u914d\u7f6e","text":" \u66f4\u65b0\u57fa\u672c\u73af\u5883 rust\u5b89\u88c5\u4e0e\u66f4\u65b0 \u8bbe\u7f6egolang\u4ee3\u7406 \u5b89\u88c5ohmyzsh git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406 perf \u5b89\u88c5(ubuntu) \u9009\u62e9ssh\u5bc6\u94a5 Windows\u4e0b\u5b89\u88c5make \u53c2\u8003\u6587\u7ae0 "},{"location":"#_7","title":"\u5b66\u4e60\u7b14\u8bb0 / \u4ee3\u7406\u8f6c\u53d1","text":" \u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51 \u5185\u7f51\u7a7f\u900f \u5b50\u7f51\u8f6c\u53d1 "},{"location":"#latex","title":"\u79d1\u7814\u751f\u6d3b / latex\u57fa\u7840","text":" \u63a8\u8350\u5de5\u5177 \u82f1\u6587latex \u4e2d\u6587latex "},{"location":"#_8","title":"\u79d1\u7814\u751f\u6d3b / \u79d1\u7814\u5fc3\u5f97","text":" \u517b\u6210\u4e60\u60ef \u79d1\u7814\u5199\u4f5c "},{"location":"#_9","title":"\u79d1\u7814\u751f\u6d3b / \u6a21\u7cca\u6d4b\u8bd5","text":" \u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5 AFLNET STATEAFL NSFuzz IoTHunter \u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5 DATAFLOW "},{"location":"#_10","title":"\u79d1\u7814\u751f\u6d3b / \u6839\u56e0\u5206\u6790","text":" \u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf \u5206\u6790\u65f6\u95f4\u5f00\u9500 \u4e00\u4e9b\u60f3\u6cd5 \u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09 \u53c2\u8003\u6587\u732e "},{"location":"IDA/","title":"IDA\u4f7f\u7528","text":""},{"location":"IDA/#arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"\u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002
raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002
"},{"location":"autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"\u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49
"},{"location":"autoconf/#_1","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"\u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a
bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n
bin_PROGRAMS
\u7528\u4e8e\u7ed9\u9879\u76ee\u8d77\u540d\uff0c\u6bd4\u5982X\uff0c\u90a3\u4e48\u4e4b\u540e\u7684X_SOURCES\u5219\u7528\u6765\u6307\u5b9a\u4f7f\u7528\u7684\u6e90\u6587\u4ef6 \u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
"},{"location":"autoconf/#_2","title":"\u533a\u5206\u76ee\u5f55\u7ed3\u6784","text":"\u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002
\u7f16\u5199Makefile.am\u6587\u4ef6
\u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a
bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n
AM_CFLAGS
\u7528\u4e8e\u6dfb\u52a0\u7f16\u8bd1\u9009\u9879 \u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939
POMP\u7684\u4f8b\u5b50\uff1a
SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n
\u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\nsrc/Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
"},{"location":"c/","title":"C\u8bed\u8a00","text":""},{"location":"c/#_1","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"member_address - &(((TYPE *)0)->member);\n
\u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002
"},{"location":"c/#_2","title":"\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u7f16\u8bd1\u52a8\u6001\u94fe\u63a5\u5e93\u672c\u8eab
\u4f7f\u7528gcc\u7f16\u8bd1\u51fa\u52a8\u6001\u94fe\u63a5\u5e93\uff1a
gcc <source C file> -shared -fPIC -o lib<source>.so\n
\u7f16\u8bd1\u539f\u9879\u76ee\u65f6\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93
\u4f7f\u7528-l\u6307\u5b9a\u52a0\u8f7d\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002
\u6bd4\u5982gcc main.c -lcapstone
\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c
\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09
\u5982\u679c\u52a8\u6001\u94fe\u63a5\u5e93\u4e0d\u5728\u9ed8\u8ba4\u7684\u7cfb\u7edf\u5e93\u4e2d\uff0c\u53ef\u4ee5\u6dfb\u52a0-L
\u6765\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u4fdd\u5b58\u4f4d\u7f6e\u3002
\u8fd0\u884c\u9879\u76ee\u65f6\u52a0\u8f7d\u52a8\u6001\u94fe\u63a5\u5e93
\u5373\u4fbf\u7f16\u8bd1\u6210\u529f\uff0c\u8fd0\u884c\u53ef\u80fd\u62a5\u9519\u3002\u641c\u7d22\u987a\u5e8f\u4e3a\uff1a
\u5728\u7f16\u8bd1\u65f6\u6dfb\u52a0-Wl,-rpath=xxx
\u6765\u6307\u5b9a\u8fd0\u884c\u65f6\u6240\u9700\u7684\u52a8\u6001\u5e93\u6587\u4ef6 \u5728\u73af\u5883\u53d8\u91cfLD_LIBRARY_PATH
\u6307\u5b9a\u7684\u76ee\u5f55\u4e2d\u641c\u7d22 \u5728/etc/ld.so.conf
\u7ed9\u51fa\u7684\u76ee\u5f55\u4e2d\u641c\u7d22 \u5728\u9ed8\u8ba4\u7684\u641c\u7d22\u8def\u5f84/lib
\u3001/lib64
\u3001/usrlib
\u3001/usrlib64
\u7b49\u641c\u7d22 "},{"location":"code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"code-gracely/#_2","title":"\u7a0b\u5e8f\u53d8\u91cf","text":" \u6700\u597d\u5728\u58f0\u660e\u7684\u540c\u65f6\u521d\u59cb\u5316\uff0c\u5c24\u5176\u662f\u907f\u514d\u4ec5\u521d\u59cb\u5316\u5bf9\u8c61\u7684\u90e8\u5206\u6210\u5458 \u5c3d\u53ef\u80fd\u5730\u7f29\u77ed\u53d8\u91cf\u7684\u751f\u547d\u5468\u671f\u4e0e\u8de8\u5ea6\uff08\u5373\u5728\u4f7f\u7528\u524d\u5148\u521d\u59cb\u5316\u3001\u591a\u5b9a\u4e49\u53d8\u91cf\uff09 \u4e0d\u8981\u5728\u591a\u4e2a\u4ee3\u7801\u7247\u6bb5\u4e4b\u95f4\u4f7f\u7528temp\u7b49\u4e0d\u660e\u610f\u4e49\u7684\u547d\u540d\uff0c\u8fd9\u6837\u4f1a\u4f7f\u4e0d\u76f8\u5173\u7684\u4ee3\u7801\u770b\u8d77\u6765\u76f8\u5173 \u8b66\u60d5\u9690\u5f0f\u542b\u4e49\uff0c\u6bd4\u5982\u67d0\u53d8\u91cf\u4e3a\u6b63\u6570\u65f6\u4e3a\u6574\u6570\u7c7b\u578b\uff0c\u8d1f\u6570\u65f6\u8868\u793a\u9690\u542b\u7684\u201c\u51fa\u9519\u201d\uff08\u5373\u9690\u542b\u5e03\u5c14\u7c7b\u578b\uff09\uff0c\u6539\u7528\u591a\u4e2a\u53d8\u91cf \u786e\u4fdd\u6240\u6709\u58f0\u660e\u7684\u53d8\u91cf\u90fd\u4f7f\u7528\u8fc7 \u53d8\u91cf\u540d\u79f0\u8981\u63cf\u8ff0\u201c\u4ec0\u4e48\u201d\uff0c\u800c\u4e0d\u662f\u201c\u600e\u4e48\u201d\uff0c\u8981\u5177\u8c61 \u53d8\u91cf\u540d\u79f0\u957f\u5ea6\u57288-20\u4e2a\u5b57\u6bcd\u6bd4\u8f83\u9002\u5b9c Total\u3001Sum\u3001Max\u3001Record\u3001String\u3001Pointer\u7b49\u7b49\u9650\u5b9a\u8bcd\u8981\u52a0\u5230\u540d\u5b57\u6700\u540e i\u3001j\u3001k\u7b49\u7ea6\u5b9a\u901f\u6210\u7684\u53d8\u91cf\u540d\u9002\u7528\u4e8e\u7b80\u5355\u7684\u5faa\u73af\uff0c\u4e0d\u8981\u7528\u4e8e\u4efb\u4f55\u7b80\u5355\u5faa\u73af\u7684\u4e0b\u6807\u5faa\u73af\u4e4b\u5916\u7684\u4efb\u4f55\u573a\u5408 \u591a\u4e2a\u590d\u6742\u5faa\u73af\u5d4c\u5957\u65f6\uff0c\u6700\u597d\u4e0d\u8981\u4f7f\u7528i\u3001j\u3001k \u4e3a\u72b6\u6001\u53d8\u91cf\u8d77\u4e00\u4e2a\u6bd4flag\u66f4\u597d\u7684\u540d\u5b57\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528statusFlag\uff0c\u800c\u662fcharacterType\uff08\u66f4\u52a0\u5177\u4f53\u63cf\u8ff0\u662f\u4ec0\u4e48status\uff09 \u4f7f\u7528done\u3001error\u3001found\u3001ok\u7b49\u4e3a\u5e03\u5c14\u53d8\u91cf\u8d4b\u503c \u4e3a\u5e03\u5c14\u53d8\u91cf\u8d4b\u4e88\u9690\u542b\u771f\u5047\u610f\u4e49\u7684\u540d\u5b57\uff0c\u6bd4\u5982sourceFileAvailable\u3001sourceFileFound \u4f7f\u7528\u80af\u5b9a\u7684\u5e03\u5c14\u53d8\u91cf\u540d\uff0c\u4e0d\u8981\u5305\u542b\u201cnot\u201d\u4e4b\u7c7b\u7684\u5426\u5b9a\u542b\u4e49 \u5982\u679c\u679a\u4e3e\u7c7b\u578b\u53d8\u91cf\u4e0d\u9700\u8981\u6307\u5b9a\u57df\uff0c\u90a3\u4e48\u4f7f\u7528\u7c7b\u4f3cCOLOR_xxx\u7684\u524d\u7f00\u6765\u6307\u5b9a\u7c7b\u522b\u4f1a\u6bd4\u8f83\u597d "},{"location":"code-gracely/#_3","title":"\u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5","text":"\u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002
"},{"location":"code-gracely/#_4","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":" \u5c06\u51fa\u73b0\u9891\u7387\u9ad8\u7684\u60c5\u51b5\u653e\u5728\u4f18\u5148\u6267\u884c\u7684\u4f4d\u7f6e \u5faa\u73af\u4e2d\uff0c\u641c\u7d22\u5230\u76ee\u6807\u540e\u7acb\u5373\u9000\u51fa\u5faa\u73af \u5faa\u73af\u641c\u7d22\u65f6\uff0c\u4e5f\u53ef\u4ee5\u5c06\u641c\u7d22\u5bf9\u8c61\u653e\u5728\u6570\u7ec4\u6700\u540e\uff08\u989d\u5916\u7a7a\u95f4\uff09\uff0c\u6700\u540e\u68c0\u67e5\u4e0b\u6807\u3002\uff08\u672c\u8d28\u4e0a\u662f\u4fdd\u8bc1\u4e0d\u4f1a\u8d8a\u754c\u641c\u7d22\uff0c\u4e14\u4fdd\u8bc1\u5faa\u73af\u4e00\u5b9a\u6b63\u786e\u7ed3\u675f\uff09 "},{"location":"code-gracely/#_5","title":"\u4f18\u5316\u8ba1\u7b97\u6548\u7387","text":" \u7a0b\u5e8f\u6267\u884c\u524d\u8ba1\u7b97\u7ed3\u679c\uff0c\u901a\u8fc7\u5e38\u91cf\u4fdd\u5b58\u3001\u786c\u7f16\u7801\u3001\u6587\u4ef6\u4fdd\u5b58\u7684\u65b9\u6cd5\u6765\u907f\u514d\u91cd\u590d\u8ba1\u7b97 \u5c3d\u91cf\u51cf\u5c11\u5faa\u73af\u4f53\u5185\u7684\u8ba1\u7b97\u5de5\u4f5c\uff0c\u53ef\u4ee5\u5728\u4e4b\u524d\u8ba1\u7b97\u5b8c\u6bd5\u5e76\u4fdd\u5b58\uff0c\u4e4b\u540e\u5f15\u7528 \u516c\u5171\u5b50\u8868\u8fbe\u5f0f\u5e94\u5f53\u4fdd\u5b58\u5728\u53d8\u91cf\u91cc \u9002\u5f53\u5c06\u4e58\u6cd5\u91cd\u5199\u4e3a\u52a0\u6cd5\u3001\u5e42\u91cd\u5199\u4e3a\u4e58\u6cd5\u3001\u6574\u6570\u4ee3\u66ff\u6d6e\u70b9\u6570\u3001\u5355\u7cbe\u5ea6\u4ee3\u66ff\u53cc\u7cbe\u5ea6\u3001\u79fb\u4f4d\u64cd\u4f5c\u4ee3\u66ff\u4e58\u96642\u3001\u4e09\u89d2\u6052\u7b49\u5f0f\u4ee3\u66ff\u4e09\u89d2\u51fd\u6570 \u5c3d\u91cf\u51cf\u5c11\u6570\u7ec4\u7ef4\u5ea6\u4e0e\u6570\u7ec4\u5f15\u7528 \u591a\u91cd\u5faa\u73af\u65f6\uff0c\u5c06\u5faa\u73af\u6b21\u6570\u5c11\u7684\u653e\u5916\u5c42 "},{"location":"code-gracely/#_6","title":"\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801","text":" \u4f7f\u7528\u9ad8\u7ea7\u8bed\u8a00\u5b8c\u6210\u7a0b\u5e8f\u7f16\u5199 \u8fdb\u884c\u6d4b\u8bd5\uff0c\u9a8c\u8bc1\u6b63\u786e\u6027 \u8fdb\u884c\u7a0b\u5e8f\u5206\u6790\uff0c\u786e\u5b9a\u70ed\u70b9\u4ee3\u7801 \u5bf9\u70ed\u70b9\u4ee3\u7801\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u6539\u5199 "},{"location":"code-gracely/#_7","title":"\u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41","text":""},{"location":"code-gracely/#_8","title":"\u5faa\u73af","text":" \u5faa\u73af\u5c42\u6570\u6700\u597d\u4e0d\u8981\u8d85\u8fc7\u4e09\u5c42 \u77ed\u5faa\u73af\u53ef\u4ee5\u591a\u4f7f\u7528break\u3001continue\u7b49\u63a7\u5236\uff0c\u957f\u5faa\u73af\u5c3d\u91cf\u4fdd\u8bc1\u552f\u4e00\u51fa\u53e3 \u5faa\u73af\u9644\u8fd1\u4e0d\u8981\u5199\u91cd\u590d\u7684\u4ee3\u7801\uff08\u4fee\u6539\u9700\u8981\u540c\u6b65\u4fee\u6539\u591a\u5904\uff0c\u4e0d\u4fbf\u7ef4\u62a4\uff09 for\u9002\u5408\u4e0e\u201c\u6570\u91cf\u201d\u6709\u5173\u7684\u5faa\u73af\uff0c\u4e14\u4e0d\u8981\u5728\u5185\u90e8\u4fee\u6539\u4e0b\u6807\uff1bwhile\u9002\u5408\u4e0e\u201c\u6761\u4ef6\u201d\u6709\u5173\u7684\u5faa\u73af \u5faa\u73af\u4f53\u5e94\u5f53\u81ea\u6210\u5b50\u7a0b\u5e8f\uff0c\u5faa\u73af\u6761\u4ef6\u5e94\u5f53\u6e05\u6670\u6613\u8bfb \u591a\u4f7f\u7528for\u5faa\u73af\uff0c\u4f46\u4e0d\u8981\u628a\u4e0e\u5faa\u73af\u65e0\u5173\u7684\u8bed\u53e5\uff08\u6bd4\u5982\u521d\u59cb\u5316\u4e00\u4e2a\u4e0d\u7528\u4e8e\u5faa\u73af\u7684\u53d8\u91cf\uff09\u653e\u5728\u5faa\u73af\u5934 \u4e0d\u8981\u5199\u7a7a\u5faa\u73af\uff0c\u5c06\u7a7a\u5faa\u73af\u6539\u5199\u6210while\u5faa\u73af \u5982\u679c\u4e00\u4e2a\u5faa\u73af\u53ef\u4ee5\u505a\u4e24\u4ef6\u4e8b\u60c5\uff0c\u628a\u5b83\u4eec\u62c6\u6210\u4e24\u4e2a\u5faa\u73af\uff0c\u9664\u975e\u6ce8\u660e\u5728\u6027\u80fd\u4e0a\u6709\u6240\u63d0\u9ad8 \u4e0d\u8981\u5c06\u5faa\u73af\u4e0b\u6807\u4f5c\u4e3a\u7ed3\u679c\u8fd4\u56de\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\uff0c\u53ef\u4ee5\u5728\u5faa\u73af\u5f00\u59cb\u524d\u5b9a\u4e49\u65b0\u7684\u53d8\u91cf\uff0c\u7136\u540e\u5728\u5faa\u73af\u5185\u90e8\u5bf9\u8fd9\u4e00\u53d8\u91cf\u8fdb\u884c\u8d4b\u503c "},{"location":"code-gracely/#_9","title":"\u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf","text":""},{"location":"code-gracely/#if-else","title":"\u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad","text":"\u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a
\u4e0d\u6613\u9605\u8bfb \u4ee3\u7801\u91cd\u590d\u5ea6\u9ad8\uff0c\u65e0\u610f\u4e49 \u5bf9\u4e8e\u590d\u6742\u60c5\u51b5\uff0c\u5bb9\u6613\u6f0f\u6761\u4ef6 \u5224\u65ad\u903b\u8f91\u786c\u7f16\u7801\u5728\u4ee3\u7801\u4e2d\uff0c\u7ef4\u62a4\u4e0d\u4fbf \u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a
\u6613\u8bfb \u4ee3\u7801\u7b80\u6d01\u4e14\u9ad8\u6548 \u4e0d\u4f1a\u6f0f\u6389\u6761\u4ef6 \u53ef\u4ee5\u5c06\u8868\u653e\u5728\u5916\u90e8\u6587\u4ef6\u6216\u8005\u7edf\u4e00\u653e\u5728\u4e00\u8d77\uff0c\u4fbf\u4e8e\u7ef4\u62a4\uff1b\u53ef\u4ee5\u5728\u4e0d\u6539\u53d8\u7a0b\u5e8f\u7684\u60c5\u51b5\u4e0b\u4fee\u6b63\u8fd0\u884c\u7ed3\u679c \u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002
"},{"location":"code-gracely/#_10","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"\u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002
"},{"location":"code-gracely/#_11","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"\u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002
"},{"location":"code-gracely/#_12","title":"\u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027","text":""},{"location":"code-gracely/#c","title":"C","text":"\u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c
int arr[10] = {\n[0] = 1,\n[1 ... 4] = 2,\n[5 ... 7] = 4,\n};\n
\u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c
struct test {\nint a;\nint b;\nint c;\nint d;\n};\n\nint main(\nint argc, char const *argv[]\n)\n{\nstruct test t = {\n.a = 1,\n.b = 2,\n.c = 3,\n.d = 4,\n};\n\nreturn 0;\n}\n
"},{"location":"crawler/","title":"\u722c\u866b\u6a21\u677f","text":""},{"location":"crawler/#scrapy","title":"Scrapy","text":"\u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd
"},{"location":"crawler/#_2","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"\u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406
import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n \"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n yield scrapy.Request(\n headers = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n meta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n )\n
"},{"location":"crawler/#applicationjson","title":"application/json\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a
import json\nheaders = {\n \"Content-Type\": \"application/json\",\n \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n url=url, \n method='POST', \n headers=headers, \n body=data,\n callback=self.parse, \n meta={'period': t}, \n errback=self.err,\n cb_kwargs={'period': t,'page':0}\n)\n
"},{"location":"crawler/#applicationx-www-form-urlencoded","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a
post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n url=url,\n formdata=post_data,\n errback=self.err,\n callback = self.parse,\n cookies = cookies,\n cb_kwargs = {'id':'shixian','page':str(page)},\n )\n
\u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002
"},{"location":"crawler/#selenium","title":"Selenium","text":"\u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8
from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n cur = -1\n final = -1\n try:\n pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n except:\n print('Current page is not found')\n return cur,final\n\n for page in pages:\n if 'active' in page.get_attribute('class'):\n cur = int(page.text)\n if 'number' in page.get_attribute('class'):\n final = int(page.text)\n return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n\"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n \"\"\"\n global CURRENT_PAGE\n global CURRENT_TITLE\n titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n jscode = 'document.location = '+'\"'+config['url']+'\"'\n driver.execute_script(jscode)\n for title,svgs in zip(titles,icons):\n svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n continue\n skip = False\n for svg in svgs:\n # if visible \n if svg.get_attribute('style') == 'display: inline-block;':\n svg.click()\n time.sleep(7)\n cls = driver.window_handles\n if len(cls) > 1:\n time.sleep(20)\n ok = archive_file(title.text,config)\n if not ok:\n print(f'Failed to download {title.text}')\n while len(cls) > 1:\n driver.switch_to.window(cls[1])\n driver.close()\n driver.switch_to.window(cls[0])\n cls = driver.window_handles\n return (False, title.text)\n cls = driver.window_handles\n driver.switch_to.window(cls[0])\n CURRENT_TITLE = None\n CURRENT_PAGE += 1\n return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n
\u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a
import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n if op >= 200:\n print('failed 200 times!')\n break\n p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n op += 1\n\n time.sleep(30)\n if p.poll() == 0:\n break\n p.wait()\n
"},{"location":"docker/","title":"Docker\u4f7f\u7528\u7b14\u8bb0","text":""},{"location":"docker/#docker_1","title":"\u5b89\u88c5docker","text":"\u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef
"},{"location":"docker/#_1","title":"\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e","text":"\u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker
\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/lib/systemd/system/docker.service
\u7684-g\u53c2\u6570\u6765\u6307\u5b9a\u4f4d\u7f6e\u3002\u53ef\u4ee5\u901a\u8fc7docker info
\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002
\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker
\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002
\u53e6\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a
{\n\"data-root\": \"/home/docker\"\n}\n
\u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a
sudo cp -r /var/lib/docker /home/docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\nsudo systemctl status docker\n
"},{"location":"docker/#_2","title":"\u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55","text":"\u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8
docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
\u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d--user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002 \u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002
\u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002
\u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u
\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc
"},{"location":"docker/#_3","title":"\u65b0\u5bb9\u5668\u521d\u59cb\u5316","text":"apt-get update
\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential
"},{"location":"docker/#_4","title":"\u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668","text":"\u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5
"},{"location":"docker/#_5","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"docker exec -it <\u5bb9\u5668id> /bin/bash\n
\u53ef\u4ee5Ctrl+D\u9000\u51fa
"},{"location":"envs/","title":"\u73af\u5883\u914d\u7f6e","text":""},{"location":"envs/#_2","title":"\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"sudo apt update\nsudo apt install curl build-essential gcc make -y\n
"},{"location":"envs/#rust","title":"rust\u5b89\u88c5\u4e0e\u66f4\u65b0","text":"curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n
rustup update\n
\u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)
[source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
"},{"location":"envs/#golang","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"go env -w GOPROXY=https://goproxy.cn\n
"},{"location":"envs/#ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"sudo apt install zsh\n
curl\u548cwget\u4e8c\u9009\u4e00
sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
"},{"location":"envs/#git","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"\u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3
git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
"},{"location":"envs/#perf-ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"sudo apt-get install linux-tools-`uname -r`\n
"},{"location":"envs/#ssh","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
"},{"location":"envs/#windowsmake","title":"Windows\u4e0b\u5b89\u88c5make","text":"\u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make
"},{"location":"envs/#_3","title":"\u53c2\u8003\u6587\u7ae0","text":" \u5b89\u88c5rusthttps://hosthum.com/p/install-rust-lang/ \u5b89\u88c5ohmyzshhttps://ohmyz.sh/ \u914d\u7f6eIntel PThttps://carteryagemann.com/a-practical-beginners-guide-to-intel-processor-trace.html \u914d\u7f6essh-agenthttps://blog.csdn.net/shadow_zed/article/details/112260652 "},{"location":"fuzzing/","title":"\u6a21\u7cca\u6d4b\u8bd5\u57fa\u672c\u4ecb\u7ecd","text":"\u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f[^1]\uff1a
\u4f7f\u7528\u7f16\u8bd1\u5668\u5411\u57fa\u672c\u5757\u8fb9\u7f18\u63d2\u6869\uff0c\u53ef\u4ee5\u51c6\u786e\u5730\u63d2\u6869\u5e76\u6613\u4e8e\u4f18\u5316\uff0c\u4f46\u9700\u8981\u6e90\u7801\u5df2\u77e5\u3002 \u9759\u6001\u4e8c\u8fdb\u5236\u91cd\u5199\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u4ecd\u5728\u7814\u7a76\uff0c\u56e0\u4e3a\u9759\u6001\u4ee3\u7801\u63d2\u6869\u51c6\u786e\u6027\u96be\u4ee5\u4fdd\u8bc1\uff0c\u5e76\u4e14\u4f18\u5316\u80fd\u529b\u6709\u9650\u3002\u8fd9\u4e9b\u9650\u5236\u6761\u4ef6\u4f1a\u5f71\u54cd\u4ee3\u7801\u7387\u4fe1\u606f\u7684\u8d28\u91cf\u4e0e\u51c6\u786e\u6027\uff0c\u4ee5\u53ca\u4e8c\u8fdb\u5236\u91cd\u5199\u7684\u8868\u73b0\u3002 \u52a8\u6001\u4e8c\u8fdb\u5236\u63d2\u6869\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u53ef\u4ee5\u5bb9\u6613\u3001\u51c6\u786e\u63d2\u5165\u4ee3\u7801\uff0c\u4f46\u662f\u52a8\u6001\u7ffb\u8bd1\u4e8c\u8fdb\u5236\u7684\u5f00\u9500\u53ef\u80fd\u5927\u5230\u4e0d\u80fd\u63a5\u53d7\u3002 \u786c\u4ef6\u8f85\u52a9\u8ffd\u8e2a\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u5229\u7528\u5185\u7f6e\u7684\u786c\u4ef6\u8ffd\u8e2a\u6269\u5c55\uff0c\u5728\u8fd0\u884c\u65f6\u76f4\u63a5\u83b7\u53d6\u63a7\u5236\u6267\u884c\u6d41\u4fe1\u606f\u3002 \u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a[^2]\uff1a
Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.
The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.
Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.
Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.
Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.
"},{"location":"fuzzing/#_2","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49
"},{"location":"fuzzing/#aflnet","title":"AFLNET","text":"\u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002
"},{"location":"fuzzing/#stateafl","title":"STATEAFL","text":"\u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002
"},{"location":"fuzzing/#nsfuzz","title":"NSFuzz","text":"\u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002
\u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002
\u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002
shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
"},{"location":"fuzzing/#iothunter","title":"IoTHunter","text":"\u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002
"},{"location":"fuzzing/#_3","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002
\u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002
\u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002
"},{"location":"fuzzing/#dataflow","title":"DATAFLOW","text":"\u6e90\u7801
\u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002
[^1]: FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE [^2]: Intrusive v.s. non-intrusive tracing
"},{"location":"git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"git/#github","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"\u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a
\u5df2\u5728github\u4e0a\u521b\u5efa\u540c\u540d\u7a7a\u4ed3\u5e93\uff08\u4e0d\u540c\u540d\u4e5f\u884c\uff09 \u5df2\u914d\u7f6e\u597dssh\u5bc6\u94a5 \u5df2\u5efa\u7acb\u597d\u672c\u5730\u4ed3\u5e93\uff08git init
+git add .
+git commit -m \"comments\"
) \u672c\u5730\u4ed3\u5e93\u4e3aclean\u72b6\u6001\uff08\u4f7f\u7528git status
\u67e5\u770b\uff09
\u8fdb\u5165\u672c\u5730git\u4ed3\u5e93\uff0c\u4f7f\u7528git remote add origin git@github.com:xxx(\u4ed3\u5e93\u7f51\u7ad9\u6bd4\u5982github\u63d0\u4f9b\u7684ssh\u5730\u5740)
\u4f7f\u7528git push -u origin master
\u5411\u8fdc\u7a0b\u4ed3\u5e93\u63d0\u4ea4\u4ee3\u7801\uff08\u540e\u6765\u542c\u8bf4github\u9ed8\u8ba4\u540d\u6539\u6210main\u4e86\uff1f\uff09 \u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force
\u53c2\u6570
"},{"location":"git/#gitignore","title":"\u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6","text":"\u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09
"},{"location":"git/#add","title":"\u64a4\u56deadd","text":"\u4f7f\u7528git add .
\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>
\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .
\u6765\u64a4\u56degit add .
\u3002\uff08\u4f7f\u7528git status
\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09
"},{"location":"git/#gitgithub","title":"\u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee","text":" \u4f7f\u7528git config --global user.name \"<yourname>\"
\u8bbe\u7f6e\u7528\u6237\u540d \u4f7f\u7528git config --global user.email \"<email>\"
\u8bbe\u7f6e\u90ae\u7bb1 \u4f7f\u7528ssh-keygen -t rsa -C \"<comments>\"
\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09 \u5728\u4e0a\u4e00\u6b65\u8fc7\u7a0b\u4e2d\u9ed8\u8ba4\u7684\u8def\u5f84\uff08\u6bd4\u5982~/.ssh\uff09\u627e\u5230id_rsa.pub\u6587\u4ef6\uff0c\u62f7\u8d1d\u5176\u5168\u90e8\u5185\u5bb9 \u6253\u5f00github\uff0c\u53f3\u4e0a\u89d2\u5934\u50cf\uff0csettings\uff0c\u5de6\u4fa7\u7684SSH and GPG keys\uff0c\u7136\u540e\u7ed9SSH\u6dfb\u52a0\u8fd9\u4e2a\u516c\u94a5\u5373\u53ef ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528
\u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)
\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile>
\u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l
\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002
\u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config
\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982
Host github.com\n HostName github.com\n IdentityFile ~/.ssh/id_ed25519_user_github\n
\u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002
"},{"location":"git/#_1","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"\u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>
\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09
"},{"location":"git/#_2","title":"\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93","text":"\u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002
\u9996\u5148\u53d6\u6d88\u539f\u6765\u7684\u8fdc\u7a0b\u5206\u652f\u8ddf\u8e2agit remote rm <remote repo name>
\u7136\u540e\u6dfb\u52a0\u81ea\u5df1\u7684\u4ed3\u5e93\u4f5c\u4e3a\u8fdc\u7a0bgit remote add <remote repo name> <repo url>
\u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>
\u8fd9\u91cc\u7684<remote repo name>
\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002
"},{"location":"git/#_3","title":"\u5b50\u6a21\u5757\u7684\u4e0b\u8f7d","text":"\u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002
\u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive
\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002
\u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull
\u3002
\u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>
\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6
"},{"location":"git/#_4","title":"\u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539","text":"\u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>
\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log
\u627e\u5230\u3002
\u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>
\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002
\u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>
\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>
"},{"location":"git/#_5","title":"\u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528","text":"\u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002
\u53ef\u4ee5\u4f7f\u7528git branch -a
\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*
\u7684\u662f\u5f53\u524dbranch\u3002
\u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name>
\u76f8\u5f53\u4e8e\u5148git branch <branch name>
\u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>
\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002
\u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>
\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a
-u
\u8868\u793a\u8bb0\u4f4f\u5f53\u524d\u8bbe\u5b9a\uff0c\u4e4b\u540e\u5728\u8fd9\u4e00\u5206\u652f\u4e0apush\u65f6\uff0c\u7b80\u5355\u4f7f\u7528git push
\u5c31\u4f1a\u63a8\u9001\uff0c\u4e0d\u9700\u8981\u518d\u6572\u8fd9\u4e48\u957f\u4e86\u3002 origin \u662f\u4e4b\u524dgit remote add origin
\u8bbe\u5b9a\u7684\u8fdc\u7a0b\u4e3b\u673a\u540d\u79f0\uff0c\u9700\u8981\u548c\u5b9e\u9645\u8bbe\u5b9a\u4e00\u6837\u3002\u56e0\u4e3a\u5927\u5bb6\u4f7f\u7528origin\u662f\u5728\u592a\u666e\u904d\u4e86\uff0c\u6240\u4ee5\u8fd9\u91cc\u6ca1\u6709\u7528<remote host name>
\u6765\u8868\u793a\uff0c\u610f\u4f1a\u5373\u53ef\u3002 local branch name\u548cremote branch name\u4e00\u822c\u60c5\u51b5\u662f\u76f8\u540c\u7684\u3002\u4f1a\u5728\u8fdc\u7a0b\u65b0\u5efaremote branch name \u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>
\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>
\u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>
\u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>
\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002
\u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>
\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002
\u53ef\u4ee5\u7528git fetch --all
\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch
\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master
\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"
\u3002
"},{"location":"git/#github-debug","title":"Github debug\u5408\u96c6","text":"\u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002
"},{"location":"git/#git-clonegnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"\u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy
\u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false
"},{"location":"go/","title":"go","text":""},{"location":"go/#go_1","title":"go\u73af\u5883\u914d\u7f6e","text":" \u4ecehttps://go.dev/dl/\u4e0b\u8f7dArchive\u7684\u5305\uff0c\u89e3\u538b\u7f29\uff08\u6bd4\u5982\u5230~/.local\uff09\uff0c\u6dfb\u52a0\u5176\u4e2d\u7684bin\u76ee\u5f55\u5230PATH\u8def\u5f84 \u56fd\u5185\u4f7f\u7528\u65f6\u8bbe\u7f6e\u4ee3\u7406 go env -w GO111MODULE=on\ngo env -w GOPROXY=https://goproxy.cn\n
"},{"location":"go/#_1","title":"\u521b\u5efa\u5de5\u7a0b","text":"\u5de5\u7a0b\u4fdd\u5b58\u5728xxx/go/src/xxx\u4e0b\uff0c\u5e76\u5c06GOPATH=xxx/go\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d
"},{"location":"go/#_2","title":"\u5feb\u901f\u5165\u95e8","text":"package main\nimport (\n\"fmt\"\n)\n\nfunc main() {\n//\u5faa\u73af\u8f93\u51fa\nfor i:=0; i<10; i++{\nfmt.Println(i)\n}\n}\n
"},{"location":"interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":" [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing \u4e0d\u6b63\u786e\u7684\u9519\u8bef\u5904\u7406\u51fd\u6570\u672c\u8eab\u53ef\u80fd\u4e5f\u4f1a\u5e26\u6765\u65b0\u7684\u9519\u8bef\uff0c\u5c24\u5176\u662f\u5728\u505a\u4e00\u4e9b\u524d\u671f\u6e05\u7406\u5de5\u4f5c\u65f6\uff0c\u6267\u884c\u987a\u5e8f\u4e0d\u6b63\u786e\u4f1a\u5e26\u6765\u63d0\u6743\u3001\u5d29\u6e83\u4e0eDoS\u3002\u672c\u6587\u5e0c\u671b\u63a8\u65ad\u51fa\u9884\u671f\u7684\u6e05\u7406\u51fd\u6570\u3002 [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck \u8003\u8651\u5230\u6570\u636e\u6d41\u5411\u7684\u5b9e\u4f53\uff0c\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u9690\u79c1\u89c4\u8303\u8fdb\u884c\u7814\u7a76\u5efa\u6a21\u3002 [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub\u4e0a\u7531\u4e8e\u4e00\u4e9b\u4e0d\u5f53\u64cd\u4f5c\u53ef\u80fd\u4f1a\u5bfc\u81f4API\u5bc6\u94a5\u6cc4\u9732\u3002\u672c\u6587\u7814\u7a76\u8868\u660e\u8fd9\u79cd\u6cc4\u9732\u975e\u5e38\u7316\u7357\uff0c\u5e76\u4e14\u8fdc\u6ca1\u6709\u89e3\u51b3\u95ee\u9898\u3002 "},{"location":"investigations/","title":"\u56db\u5927\u8c03\u67e5","text":" [Usenix Security 2022] \"I feel invaded, annoyed, anxious and I may protect myself\": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country [Usenix Security 2022] \"Like Lesbians Walking the Perimeter\": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice [Usenix Security 2022] How and Why People Use Virtual Private Networks [Usenix Security 2021] \"It's the Company, the Government, You and I\": User Perceptions of Responsibility for Smart Home Privacy and Security [Usenix Security 2021] \"Shhh...be quiet!\" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication [Usenix Security 2021] 'Passwords Keep Me Safe' \u2013 Understanding What Children Think about Passwords [Usenix Security 2021] \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online [Usenix Security 2021] \"Now I'm a bit angry:\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them [Usenix Security 2020] \"I am uncomfortable sharing what I can't see\": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It [Usenix Security 2020] An Observational Investigation of Reverse Engineers\u2019 Processes [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers [NDSS 2019] A First Look into the Facebook Advertising Ecosystem "},{"location":"latex/","title":"latex\u57fa\u7840","text":""},{"location":"latex/#_1","title":"\u63a8\u8350\u5de5\u5177","text":"\u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c
"},{"location":"latex/#latex_1","title":"\u82f1\u6587latex","text":"\\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
"},{"location":"latex/#latex_2","title":"\u4e2d\u6587latex","text":"\\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}} % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}} % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}} % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}} % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}} % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont} % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont} % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont} % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont} % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont} % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont} % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont} % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont} % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont} % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont} % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx} \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n \\begin{tikzpicture}\n \\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n \\draw (0,0) circle (#1);\n \\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
"},{"location":"linux-server/","title":"Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"linux-server/#pid","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"
sudo ls -lah /proc/<pid>\n
\u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f"},{"location":"linux-server/#_1","title":"\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"# \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u4e0d\u5e26echo\u81ea\u52a8\u52a0\u7684\u6362\u884c\necho -en '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program
"},{"location":"linux-server/#_2","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"\u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5
lspci | grep VGA\n
\u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09
nvidia-smi\n
"},{"location":"linux-server/#_3","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
"},{"location":"linux-server/#_4","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
"},{"location":"linux-server/#dns","title":"\u4fee\u6539DNS","text":"\u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf
\u9632\u6b62\u4fee\u6539\u3002
"},{"location":"linux-server/#_5","title":"\u7cfb\u7edf\u670d\u52a1","text":"systemctl status xxx
\u68c0\u67e5\u67d0\u4e9b\u670d\u52a1\u8fd0\u884c\u72b6\u6001\uff0c\u53ef\u4ee5ls -lah /etc/systemd/system
\u3001ls -lah /lib/systemd/system
\u67e5\u8be2\u6709\u54ea\u4e9b\u670d\u52a1\u3002\u8b66\u60d5\u5947\u602a\u7684\u6570\u5b57service\uff0c\u53ef\u80fd\u662f\u75c5\u6bd2\u3002
\u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1\u65f6\uff0c\u521b\u5efa/etc/systemd/system/xxx.service
\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u5185\u5bb9\uff0c\u6bd4\u5982\u4e0b\u9762\u7684socat.service\uff1a
[Unit]\nDescription=port forward 4320\n# \u542f\u52a8\u987a\u5e8f\uff08\u591a\u4e2a\u670d\u52a1\u4e2d\u95f4\u7528\u7a7a\u683c\u9694\u5f00\uff09\nAfter=network.target[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u540e\u542f\u52a8]\nBefore=[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u524d\u542f\u52a8]\n\n# \u4f9d\u8d56\u5173\u7cfb\nWants=[\u5f31\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\u4e0d\u5f71\u54cd\u5f53\u524d\u670d\u52a1]\nRequires=[\u5f3a\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\uff0c\u5f53\u524d\u670d\u52a1\u5fc5\u987b\u9000\u51fa]\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\nExecReload=[\u91cd\u542f\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStop=[\u505c\u6b62\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPre=[\u542f\u52a8\u670d\u52a1\u4e4b\u524d\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPost=[\u542f\u52a8\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\nExecStopPost=[\u505c\u6b62\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\n\n# \u542f\u52a8\u7c7b\u578b\n# simple\uff08\u9ed8\u8ba4\u503c\uff09\uff1aExecStart\u5b57\u6bb5\u542f\u52a8\u7684\u8fdb\u7a0b\u4e3a\u4e3b\u8fdb\u7a0b\n# forking\uff1aExecStart\u5b57\u6bb5\u5c06\u4ee5fork()\u65b9\u5f0f\u542f\u52a8\uff0c\u6b64\u65f6\u7236\u8fdb\u7a0b\u5c06\u4f1a\u9000\u51fa\uff0c\u5b50\u8fdb\u7a0b\u5c06\u6210\u4e3a\u4e3b\u8fdb\u7a0b\n# oneshot\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u53ea\u6267\u884c\u4e00\u6b21\uff0cSystemd \u4f1a\u7b49\u5b83\u6267\u884c\u5b8c\uff0c\u624d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# dbus\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u4f1a\u7b49\u5f85 D-Bus \u4fe1\u53f7\u540e\u542f\u52a8\n# notify\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u542f\u52a8\u7ed3\u675f\u540e\u4f1a\u53d1\u51fa\u901a\u77e5\u4fe1\u53f7\uff0c\u7136\u540e Systemd \u518d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# idle\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u662f\u8981\u7b49\u5230\u5176\u4ed6\u4efb\u52a1\u90fd\u6267\u884c\u5b8c\uff0c\u624d\u4f1a\u542f\u52a8\u8be5\u670d\u52a1\u3002\u4e00\u79cd\u4f7f\u7528\u573a\u5408\u662f\u4e3a\u8ba9\u8be5\u670d\u52a1\u7684\u8f93\u51fa\uff0c\u4e0d\u4e0e\u5176\u4ed6\u670d\u52a1\u7684\u8f93\u51fa\u76f8\u6df7\u5408\nType=[\u542f\u52a8\u7c7b\u578b]\n\n# \u5982\u4f55\u505c\u6b62\u670d\u52a1\n# control-group\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u5f53\u524d\u63a7\u5236\u7ec4\u91cc\u9762\u7684\u6240\u6709\u5b50\u8fdb\u7a0b\uff0c\u90fd\u4f1a\u88ab\u6740\u6389\n# process\uff1a\u53ea\u6740\u4e3b\u8fdb\u7a0b\n# mixed\uff1a\u4e3b\u8fdb\u7a0b\u5c06\u6536\u5230 SIGTERM \u4fe1\u53f7\uff0c\u5b50\u8fdb\u7a0b\u6536\u5230 SIGKILL \u4fe1\u53f7\n# none\uff1a\u6ca1\u6709\u8fdb\u7a0b\u4f1a\u88ab\u6740\u6389\uff0c\u53ea\u662f\u6267\u884c\u670d\u52a1\u7684 stop \u547d\u4ee4\u3002\nKillMode=[\u5982\u4f55\u505c\u6b62\u670d\u52a1]\n\n# \u91cd\u542f\u65b9\u5f0f\n# no\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u9000\u51fa\u540e\u4e0d\u4f1a\u91cd\u542f\n# on-success\uff1a\u53ea\u6709\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u4e3a0\uff09\uff0c\u624d\u4f1a\u91cd\u542f\n# on-failure\uff1a\u975e\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u975e0\uff09\uff0c\u5305\u62ec\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abnormal\uff1a\u53ea\u6709\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abort\uff1a\u53ea\u6709\u5728\u6536\u5230\u6ca1\u6709\u6355\u6349\u5230\u7684\u4fe1\u53f7\u7ec8\u6b62\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-watchdog\uff1a\u8d85\u65f6\u9000\u51fa\uff0c\u624d\u4f1a\u91cd\u542f\n# always\uff1a\u4e0d\u7ba1\u662f\u4ec0\u4e48\u9000\u51fa\u539f\u56e0\uff0c\u603b\u662f\u91cd\u542f\nRestart=[\u670d\u52a1\u9000\u51fa\u540e\uff0cSystemd \u7684\u91cd\u542f\u65b9\u5f0f]\n\nRestartSec=[\u8868\u793a Systemd \u91cd\u542f\u670d\u52a1\u4e4b\u524d\uff0c\u9700\u8981\u7b49\u5f85\u7684\u79d2\u6570]\n\n[Install]\nWantedBy=multi-user.target\n# \u6267\u884c sytemctl enable **.service\u547d\u4ee4\u65f6\uff0c**.service\u7684\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\uff0c\u5c31\u4f1a\u653e\u5728/etc/systemd/system/multi-user.target.wants\u5b50\u76ee\u5f55\u4e2d\n# \u6267\u884csystemctl get-default\u547d\u4ee4\uff0c\u83b7\u53d6\u9ed8\u8ba4\u542f\u52a8Target\n# multi-user.target\u7ec4\u4e2d\u7684\u670d\u52a1\u90fd\u5c06\u5f00\u673a\u542f\u52a8\n# \u5e38\u7528Target\uff0c1. multi-user.target-\u591a\u7528\u6237\u547d\u4ee4\u884c\uff1b2. graphical.target-\u56fe\u5f62\u754c\u9762\u6a21\u5f0f\nWantedBy=[\u8868\u793a\u8be5\u670d\u52a1\u6240\u5728\u7684Target]\n
\u542f\u52a8systemctl start **
\u5173\u95edsystemctl stop **
\u91cd\u542fsystemctl restart **
\u67e5\u770b\u8fd0\u884c\u72b6\u6001systemctl status **
Loaded\u884c\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u4f4d\u7f6e\uff0c\u662f\u5426\u8bbe\u4e3a\u5f00\u673a\u542f\u52a8\uff1b Active\u884c\uff1a\u8868\u793a\u6b63\u5728\u8fd0\u884c\uff1b Main\u884c\uff1a\u4e3b\u8fdb\u7a0bPID\uff1b Status\u884c\uff1a\u7531\u5e94\u7528\u672c\u8eab\u63d0\u4f9b\u7684\u8f6f\u4ef6\u5f53\u524d\u72b6\u6001\uff1b CGroup\u884c\uff1a\u5e94\u7528\u7684\u6240\u6709\u5b50\u8fdb\u7a0b \u65e5\u5fd7\u5757\uff1a\u5e94\u7528\u7684\u65e5\u5fd7 \u8bbe\u7f6e\u5f00\u673a\u81ea\u542fsystemctl enable **
enable\u547d\u4ee4\u76f8\u5f53\u4e8e\u5728\u76ee\u5f55\u91cc\u6dfb\u52a0\u4e86\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\u3002\u5f00\u673a\u65f6\uff0cSystemd\u4f1a\u6267\u884c/etc/systemd/system/\u76ee\u5f55\u91cc\u9762\u7684\u914d\u7f6e\u6587\u4ef6 \u7ed3\u675f\u670d\u52a1\u8fdb\u7a0bsystemctl kill **
\u67e5\u770b\u914d\u7f6e\u6587\u4ef6systemctl cat **
\u67e5\u770bmulti-user.target \u5305\u542b\u7684\u6240\u6709\u670d\u52a1systemctl list-dependencies multi-user.target
\u5207\u6362\u5230\u53e6\u4e00\u4e2a target systemctl isolate graphical.target
\u91cd\u65b0\u52a0\u8f7d\u914d\u7f6e\u6587\u4ef6systemctl daemon-reload
"},{"location":"linux-server/#_6","title":"\u5b9a\u65f6\u670d\u52a1","text":"\u5b9a\u65f6\u7a0b\u5e8f\u6267\u884c\u5931\u8d25\u7684\u539f\u56e0\u662f\u591a\u6837\u7684\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b9a\u65f6\u670d\u52a1\u6ca1\u542f\u52a8\uff0c\u9700\u8981systemctl restart cron.service
\uff0c\u6216\u8005\u662fcron\u670d\u52a1\u574f\u6389\u4e86\uff0c\u5148apt install cron --reinstall
\u5f3a\u5236\u91cd\u65b0\u5b89\u88c5\u4e0b\uff0c\u518d\u91cd\u542f\u670d\u52a1\uff0c\u6216\u8005\u662f\u5b89\u88c5\u4e86\u522b\u7684\u4f9d\u8d56\u5e93\u4f46\u662f\u6ca1\u6709\u91cd\u542fcron\u5bfc\u81f4\u8fd0\u884c\u5931\u8d25\uff0c\u8bd5\u8bd5/etc/init.d/cron restart
\u3002
"},{"location":"linux-server/#_7","title":"\u53c2\u8003\u8d44\u6599","text":" systemd\u76f8\u5173\u8d44\u6599 "},{"location":"openssh/","title":"OpenSSH\u9605\u8bfb\u7b14\u8bb0","text":""},{"location":"openssh/#_1","title":"\u51c6\u5907\u5de5\u4f5c","text":"(\u4ee5\u4e0b\u5747\u5728wsl\u7684root\u7528\u6237) ubuntu\u7cfb\u7edf\uff0c\u5148\u9884\u88c5\u4e0b\u73af\u5883\uff1a
apt install build-essential autoconf zlib1g-dev libssl-dev\n
\u4e0b\u8f7d\u6e90\u7801\uff0c\u76f4\u63a5\u4eceGithub\u94fe\u63a5\u4e0b\u8f7dzip\u5230\u672c\u5730\u89e3\u538b\uff0c\u4e5f\u53ef\u4ee5\u7528git clone\uff1a
git clone --depth 1 https://github.com/openssh/openssh-portable.git\n
\u4e3a\u4e86\u9632\u6b62\u4e4b\u540emake install\u51fa\u7684\u6587\u4ef6\u8986\u76d6\u7cfb\u7edf\u81ea\u5df1\u7684ssh\uff0c\u8fd9\u91cc\u6307\u5b9aconfigure\u5c06\u4e4b\u540e\u7f16\u8bd1\u51fa\u7684\u6587\u4ef6\u653e\u5230\u9879\u76ee\u7684/output\u6587\u4ef6\u5939\u4e0b\u3002\u6309readme\u7684Building from git\u7684\u65b9\u6cd5\uff0c\u8fdb\u5165openssh\u6240\u5728\u76ee\u5f55\u540e\uff0c\u8fd0\u884c\uff1a
autoreconf\n./configure --prefix=`pwd`/output\nmake\n
\u6b64\u65f6\u76f8\u5173\u53ef\u6267\u884c\u6587\u4ef6\u5df2\u7ecf\u7f16\u8bd1\u5b8c\u6bd5\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u6e05\u6670\u663e\u793a\uff0c\u53ef\u4ee5\u8fd0\u884cmake install
\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u7684output\u6587\u4ef6\u5939\u4e0b\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u7ed3\u6784\u3002
"},{"location":"picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)
In light of these limitations, we propose Investigator, a practical failure diagnosis framework on Arm to fulfill the three requirements. RR: A Fault Model for Efficient TEE Replication (NDSS 2023)
The correctness of replication protocols hinges on the property of quorum intersection. In quorum-based protocols, this property is enforced by ensuring that any pair of quorums intersects in at least one replica that does not deviate from its prescribed behavior. No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)
However, the process of manually collecting system-call traces, or writing descriptions is prone to human-error: the immediate coverage gains from descriptions and traces risk obscuring parts of the code that the fuzzer can no longer exercise meaningfully. FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)
While the prevalence and versatility of USB have made our daily life convenient, it has also attracted attackers seeking to exploit vulnerabilities within the USB ecosystem. Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer
Unfortunately, these more accurate analyses incur a high run-time penalty, impeding fuzzer throughput. Unlike DTA, which strives for accuracy, we take inspiration from popular greybox fuzzers (e.g., AFL) and embrace some imprecision in an effort to reduce overhead and thus maximize fuzzing throughput. A Survey on Adversarial Attacks for Malware Analysis
Adversarial attacks has now emerged as a serious concern, threatening to dismantle and undermine all the progress made in the machine learning domain. The fear of evolving adversarial attack is growing among the cyber security research community and has provoked the everlasting war between adversarial attackers and defenders. Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)
Orthogonal to our research is the analysis and deobfuscation of script-based malware. A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)
Using our framework and taxonomy, we study the evasive behaviors adopted by 45,375 malware samples observed in the wild between 2010 and 201* We harvest papers, reports, and blog posts from the security community estimating the influence of the public disclosure of evasive techniques on their adoption in the wild. Structural Attack against Graph Based Android Malware Detection (CCS 2021)
Graph-based detection methods extract features from graphs and use these features to train classifiers for malware detection. By contrast, structural attacks directly modify the graph features and thus they are more intrinsic and effective. Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)
In front of the increasing difficulties of Android malware detection, it is non-trivial to build a robust and transparent detecting model or system only by traditional machine learning techniques. Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)
We shed light on the relationship between feature space and problem space, and we introduce the concept of side-effect features as the byproduct of the inverse feature-mapping problem. This enables us to define and prove necessary and sufficient conditions for the existence of problem-space attacks. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)
The inapplicability of fuzzers on MCU boils down to the lack of a platform where firmware can execute while taking inputs from fuzzers. Although the register access patterns and the type identification method are purely empirical, we find that in practice they work fairly reliably and accurately across a wide range of peripheral devices. We attribute this practical and promising results to two factors. The instantiation is on-demand and interleaved with the firmware fuzzing/testing process. Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)
Unfortunately for security researchers, in stark contrast to the desktop and mobile ecosystems, market forces have not created any de facto standard for components, protocols, or software, hampering existing program analysis approaches, and making the understanding of each new device an independent, mostly manual, time-consuming effort. In this work, we develop an approach to re-hosting that achieves all of them, and propose a proof-of-concept system, called PRETENDER, which is able to observe hardware-firmware interactions and create models of hardware peripherals automatically. To deal with the plethora of software applications that need to be analyzed on desktop and mobile platforms, the security community has developed many techniques for enabling the scalable analysis of programs to find bugs and detect malice. Dynamic approaches typically rely on virtualization to enable parallel, scalable analyses, while symbolic approaches rely on function summarization of the underlying operating system to minimize the code that they need to execute. In order to use any of these tools, the analyst must take the program out of its original execution environment, and provide a suitable analysis environment able to execute it. This is a process referred to as re-hosting. REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)
Moreover, even though root cause diagnosis can help a developer determine the reasons behind a failure, developers often require a deeper understanding of the conditions and the state leading to a failure to fix a bug, which these systems do not provide. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)
As a result, silent memory corruptions occur more frequently on embedded devices than on traditional computer systems, creating a significant challenge for conducting fuzzing sessions on embedded systems software. Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)
As such, it is tedious and arduous for a software developer to plow through an execution trace to diagnose the root cause of a software failure. Given that backward taint analysis mimics how a software developer (or security analyst) typically diagnoses the root cause of a program failure, this observation indicates that POMP has a great potential to reduce manual efforts in failure diagnosis. POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis
Briefly speaking, postmortem program diagnosis is to identify the program statements pertaining to the crash, analyze these statements, and eventually figure out why a bad value was passed to the crash site. A Survey on Software Fault Localization (TSE 2016)
Furthermore, manual fault localization relies heavily on the software developer\u2019s experience, judgment, and intuition to identify and prioritize code that is likely to be faulty. "},{"location":"porting/","title":"\u6298\u817e\u7f51\u7ad9","text":""},{"location":"porting/#_2","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"\u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002
"},{"location":"porting/#sslh","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"\u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh
\uff1a
# Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --anyprot 127.0.0.1:2008 -F /etc/sslh/sslh.cfg --pidfile /var/run/sslh/sslh.pid\"\n
\u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service
\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS
\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002
\u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a
--listen 0.0.0.0:4684
\u8868\u793asslh\u8fd0\u884c\u57284684\u7aef\u53e3\uff0c\u5c06\u8fd9\u4e2a\u7aef\u53e3\u6536\u5230\u7684\u6570\u636e\u5305\u6309\u89c4\u5219\u8f6c\u53d1\u5230\u5176\u4ed6\u7aef\u53e3\u4e0a --ssh 127.0.0.1:5752
\u8868\u793a\u5c06\u6536\u5230\u7684ssh\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u57305752\u7aef\u53e3 --tls 127.0.0.1:443
\u8868\u793a\u5c06\u6536\u5230\u7684tls\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u5730443\u7aef\u53e3 --http 127.0.0.1:1284
\u8868\u793a\u5c06\u6536\u5230\u7684http\u8bf7\u6c42\u8f6c\u53d1\u5230\u672c\u57301284\u7aef\u53e3 --anyprot 127.0.0.1:2008
\u8868\u793a\u5c06\u5339\u914d\u90fd\u4e0d\u7b26\u5408\u7684\u5305\u53d1\u9001\u5230\u672c\u57302008\u7aef\u53e3 -F /etc/sslh/sslh.cfg
\u8868\u793a\u4f7f\u7528sslh.cfg\u8fd9\u4e2a\u6587\u4ef6\u4e2d\u7684\u8bbe\u5b9a\u8fdb\u884c\u66f4\u4e30\u5bcc\u7684\u914d\u7f6e \u7136\u540esystemctl enable sslh
\u3001systemctl start sslh
\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002
\u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot
\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk
\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F
\uff08\u6216--config
\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002
\u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002
config\u6587\u4ef6\u6307\u5b9a\u5339\u914d\u89c4\u5219\u7684\u4f8b\u5b50\u5982\u4e0b\u6240\u793a\uff08\u7247\u6bb5\uff09
protocols:\n(\n{ name: \"http\"; host: \"127.0.0.1\"; port: \"808\"; },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"443\"; sni_hostnames: [ \"remote.c01dkit.com\" ]; tfo_ok: true },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"7000\"; sni_hostnames: [ \"project-frp\" ]; tfo_ok: true },\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"60000\"; regex_patterns: [ \"^SSH-2.0-Go\\x0d$\", \"^SSH-2.0-OpenSSH\\x0d$\" ]; },\n);\n
"},{"location":"porting/#ssh","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"\u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config
\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002
Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
"},{"location":"porting/#nginxhttphttps","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"\u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a
user c01dkit;\nworker_processes 1;\n\nevents {\n worker_connections 1024;\n}\n\nhttp {\n include mime.types;\n default_type application/octet-stream;\n sendfile on;\n keepalive_timeout 65;\n server_tokens off;\n server {\n listen 1284;\n listen 127.0.0.1:1284;\n charset utf-8;\n server_name xxxx.c01dkit.com;\n if ($scheme = http ) {\n return 301 https://$host:xxxx$request_uri; \n }\n error_page 404 /404.html;\n }\n\n server {\n listen 127.0.0.1:443 ssl ;\n listen 443 ssl ;\n listen [::]:443 ssl ;\n server_name xxxx.c01dkit.com;\n charset utf-8;\n ssl_certificate xxxx/fullchain.pem;\n ssl_certificate_key xxxx/privkey.pem;\n\n ssl_session_cache shared:SSL:1m;\n ssl_session_timeout 5m;\n\n ssl_ciphers HIGH:!aNULL:!MD5;\n ssl_prefer_server_ciphers on;\n\n location / {\n root xxxxx;\n index index.html index.htm;\n error_page 404 /404.html;\n\n }\n location ~ \\.php$ {\n fastcgi_pass unix:/run/php/php8.1-fpm.sock;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME xxxx/www$fastcgi_script_name;\n include fastcgi_params;\n error_page 404 /404.html;\n }\n }\n\n}\n
\u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66
\u7ae0\u8282\u3002
\u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a
nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n
\u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063
"},{"location":"porting/#iptablessslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"\u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002
\u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a
# Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h dom mon dow command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002
"},{"location":"porting/#https","title":"https\u8bc1\u4e66","text":"\u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot
\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot
\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx
\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns
\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002
\u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh
\u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a
echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n
\u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002
\u6b64\u5916\uff0c\u65b0\u627e\u5230\u4e00\u4e2a\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728web\u7aef\u914d\u7f6e\u65b0\u8bc1\u4e66\u7684\u7f51\u7ad9\uff1ahttps://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html
"},{"location":"proxy/","title":"\u4ee3\u7406\u8f6c\u53d1","text":""},{"location":"proxy/#_2","title":"\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","text":"\u53ef\u4ee5\u4f7f\u7528zerotier\uff0c\u767b\u5f55\u4ee5\u540e\u521b\u5efa\u4e00\u4e2a\u7f51\u7edc\u3002\u7136\u540e\u9700\u8981\u7ec4\u5c40\u57df\u7f51\u7684\u8bbe\u5907\u4e0b\u8f7dzerotier\u4ee5\u540ejoin\u4e0a\u5c31\u884c\u4e86\u3002
"},{"location":"proxy/#_3","title":"\u5185\u7f51\u7a7f\u900f","text":"\u9700\u8981\u516c\u7f51\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u5728\u963f\u91cc\u4e91\u79df\u4e00\u4e2a
\u4e00\u79cd\u65b9\u6cd5\u662ffrp
\u53e6\u4e00\u79cd\u65b9\u6cd5\u662fssh\u6b63\u5411\u8fde\u63a5\u914d\u5408\u53cd\u5411\u8fde\u63a5\uff1a
\u9996\u5148\u5185\u7f51\u670d\u52a1\u5668\u5f00\u4e2ascreen\u8fd0\u884cssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port
\u8fde\u63a5\u5230\u4e91\u670d\u52a1\u5668\u4e0a\u3002\u8fd9\u6837\u7684\u8bdd\u670d\u52a1\u5668\u8bbf\u95ee127.0.0.1:1234\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u5185\u7f51\u7684127.0.0.1:22\u3002\u7136\u540e\u9700\u8981\u8fde\u63a5\u5185\u7f51\u7684\u4e3b\u673a\u4e5f\u5f00\u4e2ascreen\u8fd0\u884cssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port
\uff0c\u8fd9\u6837\u7684\u8bdd\u8be5\u4e3b\u673a\u8bbf\u95ee\u81ea\u5df1127.0.0.1:2345\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u4e91\u670d\u52a1\u5668\u7684127.0.0.1:1234\u3002\u7136\u540e\u8be5\u4e3b\u673a\u518d\u5f00\u4e00\u4e2a\u7ec8\u7aef\uff0cssh user@127.0.0.1 -p 2345
\u5373\u53ef\u3002
"},{"location":"proxy/#_4","title":"\u5b50\u7f51\u8f6c\u53d1","text":"\u5e0c\u671b\u5c06\u67d0\u7aef\u53e3\u6536\u5230\u7684\u6d88\u606f\u8f6c\u53d1\u5230\u5176\u4ed6\u4e3b\u673a\u7684\u67d0\u4e00\u7aef\u53e3\uff0c\u53ef\u4ee5\u8bd5\u8bd5socat\uff0c\u6bd4\u5982socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80
\uff0c\u53ef\u4ee5\u628a4320\u7aef\u53e3\u6536\u5230\u7684TCP4\u6570\u636e\u5305\u8f6c\u53d1\u5230\u5b50\u7f5110.244.55.25\u768480\u7aef\u53e3\uff0c\u914d\u5408zerotier\u53ef\u4ee5\u5b9e\u73b0\u5185\u7f51\u5bf9\u5916\u5f00\u653e\u7aef\u53e3\u3002
"},{"location":"pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"\u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college
\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b
"},{"location":"pwn-college-cse365-spring2023/#talking-web","title":"Talking Web \u5b66\u4e60\u7b14\u8bb0","text":"\u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF
\u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF
\u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a
GET\uff1a\u83b7\u53d6\u4fe1\u606f\uff0c\u5982\u679cURI\u662f\u5904\u7406\u7a0b\u5e8f\uff0c\u5219\u83b7\u53d6\u7a0b\u5e8f\u8fd0\u884c\u540e\u7684\u7ed3\u679c\uff08\u800c\u4e0d\u662f\u6e90\u7801\uff09 HEAD\uff1a\u548cGET\u7c7b\u4f3c\uff0c\u4f46\u662fresponse\u4e0d\u8fd4\u56debody\uff0c\u4e00\u822c\u7528\u4e8e\u6d4b\u8bd5\u8d44\u6e90\u662f\u5426\u5b58\u5728\u3001\u4fee\u6539\u65f6\u95f4\uff0c\u83b7\u53d6\u8d44\u6e90\u5143\u6570\u636e\u7b49 POST\uff1a\u63d0\u4ea4\u989d\u5916\u7684\u4fe1\u606f\u7528\u4e8e\u670d\u52a1\u7aef\u5904\u7406 HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment
scheme \u8bbf\u95ee\u8d44\u6e90\u7684\u534f\u8bae\uff0c\u6bd4\u5982http host \u6301\u6709\u8d44\u6e90\u7684\u4e3b\u673a port \u63d0\u4f9b\u670d\u52a1\u7684\u7a0b\u5e8f\u4f7f\u7528\u7684\u7aef\u53e3 path \u786e\u5b9a\u7279\u5b9a\u8d44\u6e90 query \u8d44\u6e90\u53ef\u4ee5\u5229\u7528\u7684\u989d\u5916\u4fe1\u606f fragment \u5ba2\u6237\u7aef\u6709\u5173\u8fd9\u4e00\u8d44\u6e90\u7684\u4fe1\u606f\uff08\u4e0d\u4f1a\u4f20\u7ed9\u670d\u52a1\u5668\uff1f\uff09 \u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding
POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type
Content-Type: application/x-www-form-urlencoded Content-Type: application/json \u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\"a\":\"xx\"}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob
RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002
"},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"pwn-college-cse365-spring2023/#building-a-web-server","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"\u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002
\u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a
// int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n * uint16_t sa_family;\n * uint8_t sa_data[14]; \n * }\n * \n * struct sockaddr_in {\n * uint16_t sin_family;\n * uint16_t sin_port;\n * uint32_t sin_addr;\n * uint8_t __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
"},{"location":"pwn-college-cse365-spring2023/#reverse-engineering","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":" start
\u5728main\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884c starti
\u5728_start\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884c run
\u4e0d\u6253\u65ad\u70b9\uff0c\u76f4\u63a5\u8fd0\u884c attach <PID>
\u5c06gdb\u9644\u7740\u5230\u4e00\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0b core <PATH>
\u5206\u6790\u4e00\u4e2a\u7a0b\u5e8f\u8fd0\u884c\u540e\u4ea7\u751f\u7684coredump\u6587\u4ef6 start <ARG1> <ARG2> < <STDIN_PATH>
\u8fd0\u884c\u5e26\u6709\u53c2\u6570\u7684\u7a0b\u5e8f\uff0c\u548cshell\u91cc\u8f93\u547d\u4ee4\u4e00\u6837 info registers
\u53ef\u4ee5\u67e5\u770b\u5bc4\u5b58\u5668\u7684\u503c\uff08\u6216\u8005\u7b80\u5355\u7684i r
\uff09 print
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u8005\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u6bd4\u5982p/x $rdi
\u4ee516\u8fdb\u5236\u6253\u5370rdi\u5bc4\u5b58\u5668\u7684\u503c x/<n><u><f> <address>
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u7edd\u5bf9\u5730\u5740\u7684\u5185\u5bb9\u3002n
\u8868\u793anumber\uff0c\u4e5f\u5c31\u662f\u8bf4\u8981\u6253\u5370\u51e0\u4e2a\u5355\u5143\uff1bu
\u8868\u793aunit size\uff0c\u6bcf\u4e2a\u5355\u5143\u7684\u5b57\u8282\u957f\u5ea6\uff0c\u53ef\u53d6b/h/w/g
\uff0c\u5206\u522b\u8868\u793a1\uff0c2\uff0c4\uff0c8\u5b57\u8282\uff1bf
\u8868\u793a\u8f93\u51fa\u683c\u5f0f\uff0c\u53ef\u53d6d/x/s/i
\uff0c\u5206\u522b\u8868\u793a\u5341\u8fdb\u5236\u3001\u5341\u516d\u8fdb\u5236\u3001\u5b57\u7b26\u4e32\u3001\u6c47\u7f16\u6307\u4ee4\u3002address\u8868\u793a\u8981\u6253\u5370\u7684\u5730\u5740\uff0c\u53ef\u4ee5\u5199\u6210\u6570\u5b66\u8868\u8fbe\u5f0f\u3002 set disassembly-flavor intel
\u7528\u6765\u4fee\u6539\u6c47\u7f16\u6307\u4ee4\u7684\u8868\u793a\u5f62\u5f0f\uff0c\u8fd9\u91cc\u662fintel\u6307\u4ee4\u3002 \u4f7f\u7528stepi <n>
\u6b65\u5165n\u6761\u6c47\u7f16\u6307\u4ee4\uff0cnexti <n>
\u6b65\u8fc7n\u6761\u6c47\u7f16\u6307\u4ee4\uff1b\u5206\u522b\u7b80\u5199\u4e3asi
\u4e0eni
\u4f7f\u7528finish
\u6267\u884c\u5230\u5f53\u524d\u51fd\u6570\u7ed3\u675f\u5e76\u8fd4\u56de \u4f7f\u7528break *<addres>
\u5728address\u5904\u6253\u65ad\u70b9\uff0c\u53ef\u4ee5\u7b80\u5199\u4e3ab *<address>
\u4f7f\u7528display/<n><u><f>
\u6765\u5728\u6bcf\u4e00\u6761\u64cd\u4f5c\u7ed3\u675f\u540e\u663e\u793a\u67d0\u4e9b\u6570\u503c\u3002nuf\u7684\u7528\u6cd5\u548cx
\u6253\u5370\u5185\u5b58\u5730\u5740\u4e00\u6837 \u6709\u5173\u811a\u672c\u7f16\u5199\uff0c\u53ef\u4ee5\u9884\u5148\u7528gdb\u8bed\u6cd5\u5199\u597d\u811a\u672c\u6587\u4ef6xxx.gdb\uff0c\u7136\u540e\u542f\u52a8gdb\u7684\u65f6\u5019\u52a0\u4e0a\u53c2\u6570-x xxx.gdb
\uff0c\u5c31\u53ef\u4ee5\u5728gdb\u542f\u52a8\u540e\u81ea\u52a8\u5316\u8fd0\u884c\u811a\u672c ~/.gdbinit
\u5728\u521d\u59cb\u5316gdb\u4f1a\u8bdd\u65f6\u81ea\u52a8\u8fd0\u884c \u4f7f\u7528call
\u76f4\u63a5\u8c03\u7528\u51fd\u6570\uff0c\u6bd4\u5982call (void)win()
\u4f7f\u7528set pagination off
\u5173\u95ed\u5206\u9875\u786e\u8ba4 \u4ee5\u4e0b\u662f\u4e2agdb\u811a\u672c\u7684\u4f8b\u5b50\uff0csilent
\u7528\u4e8e\u5728\u9047\u5230\u65ad\u70b9\u65f6\u51cf\u5c11\u8f93\u51fa\u4fe1\u606f\uff0c\u4ee5\u53ca\u4f7f\u7528set
\u548cprintf
\u8bbe\u7f6e\u53d8\u91cf\u3001\u6253\u5370\u503c\u3002 start\nbreak *main+42\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x32)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
\u4f7f\u7528if
\u3001catch
\u6765\u52ab\u6301systemcall\uff0c\u6bd4\u5982\uff1a start\ncatch syscall read\ncommands\n silent\n if ($rdi == 42)\nset $rdi = 0\nend\n continue\nend\ncontinue\n
"},{"location":"pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run
\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002
\u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a
curl\u662f\u901a\u8fc7\u4e00\u4e9b\u53c2\u6570\u6765\u52a0\u8bbe\u5b9a nc\u9700\u8981\u751f\u5199http\u8bf7\u6c42\u5185\u5bb9 python\u53ef\u4ee5\u7528requests\u6765\u505a \u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002
Level 1
Send an HTTP request using curl
curl http://127.0.0.1\n
Level 2
Send an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\n
Level 3
Send an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 4
Set the host header in an HTTP request using curl
curl -H 'host:xxxxx' http://127.0.0.1\n
Level 5
Set the host header in an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n
Level 6
Set the host header in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n
Level 7
Set the path in an HTTP request using curl
curl http://127.0.0.1/xxxxx\n
Level 8
Set the path in an HTTP request using nc
nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n
Level 9
Set the path in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n
Level 10~12
URL encode a path in an HTTP request using curl/nc/python
\u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef
Level 13~15
Specify an argument in an HTTP request using curl/nc/python
GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef
nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762
Level 16~18
Specify multiple arguments in an HTTP request using curl/nc/python
\u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389
Level 19~21
Include form data in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n
Level 22~24
Include form data with multiple fields in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n
Level 25~27
Include json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n
Level 28~30
Include complex json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n
Level 31~33
Follow an HTTP redirect from HTTP response using curl/nc/python
#curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 34~36
Include a cookie from HTTP response using curl/nc/python
#curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 37~39
Make multiple requests in response to stateful HTTP responses using curl/nc/python
#curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v #nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
"},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002
Level 1
In this level you will work with registers_use! Please set the following: rdi = 0x1337
from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
\u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run
\u5373\u53ef\u3002 Level 2
asm('add rdi,0x331337')\n
Level 3
asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n
Level 4
\u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg
\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002
asm('mov rax, rdi;div rsi')\n
Level 5
asm('mov rax, rdi;div rsi;mov rax, rdx')\n
Level 6
\u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002
asm('mov al, dil;mov bx, si')\n
Level 7
shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09
asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n
Level 8
and reg1, reg2
\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002
asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n
Level 9
\u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002
asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n
Level 10
\u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]
\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg
\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002
asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n
Level 11
\u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002
asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n
Level 12
\u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002
asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n
Level 13
asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n
Level 14
asm('pop rax;sub rax,rdi; push rax')\n
Level 15
\u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668
asm('push rdi; push rsi; pop rdi; pop rsi')\n
Level 16
\u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09
asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n
Level 17
\u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002
asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n
Level 18
\u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n add eax, [rdi+8]\n add eax, [rdi+12]\n jmp done\ncase2:\n sub eax, [rdi+8]\n sub eax, [rdi+12]\n jmp done\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 19
jmp [reg + offset]
\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002
asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n
Level 20
\u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n cmp rcx, rsi\n je done\n add rax, [rdi + 8 * rcx]\n add rcx, 1\n jmp loop\ndone:\n div rsi\n\"\"\"\n\nprint(asm(payload))\n
Level 21
\u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 22
\u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9
\u8fdb\u884c\u4f20\u53c2\u3001rax
\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n mov bl, [rdx]\n test bl,bl\n jz done\n cmp bl, 0x5a\n jg notif\n mov rax, 0x403000\n xor rdi, rdi\n mov dil, bl\n call rax\n mov [rdx], al\n add rcx, 1\nnotif:\n add rdx, 1\n jmp loop\ndone:\n mov rax, rcx\n ret\n\"\"\"\n\nprint(asm(payload))\n
Level 23
\u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]
\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002
from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n cmp rcx, rdx\n jg loop1_end\n mov al, [rdi + rcx]\n mov r8, rbp\n mov r9, rax\n imul r9, 4\n sub r8, r9\n mov ebx, [r8]\n add ebx, 1\n mov [r8], ebx\n add rcx, 1\n jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n cmp rcx, 0xff\n jg loop2_end\n mov r8, rbp\n mov r9, rcx\n imul r9, 4\n sub r8, r9\n mov edx, [r8]\n cmp edx, ebx\n jle loop2_conti\n mov rbx, rdx\n mov rax, rcx\nloop2_conti:\n add rcx, 1\n jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
"},{"location":"pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"\u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002
\u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c
Level 1
\u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a
===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0) = ?\n+++ exited with 0 +++\n
\u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server
\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002
\u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s
\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o
\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server
\u5373\u53ef\u3002
\u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002
\u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a
hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n
\u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86
Level 2
In this challenge you will create a socket.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n\n push rax\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n
Level 3
In this challenge you will bind an address to a socket.
\u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n
\u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\npush rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, rax # socket_fd\npush 0x50000002 # AF_INET(2) and PORT(80) in big endian\nmov rsi, rsp # sockaddr_in\npush 0x0 # IP(0.0.0.0)\npush 0x0 # padding\npush 0x0 # padding\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n
Level 4
In this challenge you will listen on a socket.
\u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 5
In this challenge you will accept a connection.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 6
In this challenge you will respond to an http request.
\u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\nrequest: .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 7
In this challenge you will respond to a GET request for the contents of a specified file.
\u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002
open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e\\0\uff09\u3002
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0) = 0\n[\u2713] accept(3, NULL, NULL) = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY) = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5) = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n
\u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 8
In this challenge you will accept multiple requests.
\u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 9
In this challenge you will concurrently accept multiple requests.
\u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 10
In this challenge you will respond to a POST request with a specified file and update its contents.
\u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\"\\r\\n\\r\\n\"\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 11
In this challenge you will respond to multiple concurrent GET and POST requests.
\u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# check GET or POST\nmov eax, request\nmov ebx, requestget\ncmp eax, ebx\nje handle_get\nmov ebx, requestpost\ncmp eax, ebx\nje handle_post\n\njmp program_exit\n\nhandle_get:\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\njmp program_exit\n\nhandle_post:\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\nprogram_exit:\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
"},{"location":"pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"Level 1
\u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run
\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002
Level 2
\u672c\u5173run\u4ee5\u540ep/x $r12
\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002
Level 3
\u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp
\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002
Level 4
\u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc
\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0
\uff0cset $pc=xxx
\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002
Level 5
\u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002
run\u540e\u5148disas $pc
\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a
0x000055981a8ccd40 <+666>: mov esi,0x0\n0x000055981a8ccd45 <+671>: lea rdi,[rip+0xd5e] # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>: mov eax,0x0\n0x000055981a8ccd51 <+683>: call 0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>: mov ecx,eax\n0x000055981a8ccd58 <+690>: lea rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>: mov edx,0x8\n0x000055981a8ccd61 <+699>: mov rsi,rax\n0x000055981a8ccd64 <+702>: mov edi,ecx\n0x000055981a8ccd66 <+704>: call 0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>: lea rdi,[rip+0xd46] # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>: call 0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>: lea rdi,[rip+0xd5a] # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>: mov eax,0x0\n0x000055981a8ccd83 <+733>: call 0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>: lea rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>: mov rsi,rax\n0x000055981a8ccd8f <+745>: lea rdi,[rip+0xd51] # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>: mov eax,0x0\n0x000055981a8ccd9b <+757>: call 0x55981a8cc260 <__isoc99_scanf@plt>\n
\u731c\u6d4b\u57280x000055981a8ccd51
\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66
\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72
\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002
\u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002
start\nbreak *main+716\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x18)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
\u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002
Level 6
\u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715
\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002
Level 7
\uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f
Level 8
\u76f4\u63a5\u8c03\u7528call (void)win()
\uff0c\u53ef\u4ee5disas *win
\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002
0x0000556609b49951 <+0>: endbr64\n0x0000556609b49955 <+4>: push rbp\n0x0000556609b49956 <+5>: mov rbp,rsp\n0x0000556609b49959 <+8>: sub rsp,0x10\n0x0000556609b4995d <+12>: mov QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>: mov eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>: lea edx,[rax+0x1]\n0x0000556609b4996e <+29>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>: mov DWORD PTR [rax],edx\n0x0000556609b49974 <+35>: lea rdi,[rip+0x73e] # 0x556609b4a0b9\n0x0000556609b4997b <+42>: call 0x556609b49180 <puts@plt>\n
\u53ef\u89c1\u57280x0000556609b49969
\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002
\u4f9d\u6b21\u6267\u884c\uff1abreak *win
\uff0ccall (void)win()
\uff0cset $rip=*win+35
\uff0cc
\u5373\u53ef\u3002
Level 1.0
Reverse engineer this challenge to find the correct license key.
\u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002
\u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]
\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002
Level 1.1
Reverse engineer this challenge to find the correct license key.
\u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c
\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt
\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)
\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX
\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5c <address>
\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002
\u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002
Level 2.0
Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.
\u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002
Level 2.1
\u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a
0x5584f463251f: lea rax,[rbp-0xe]\n0x5584f4632523: mov edx,0x5\n0x5584f4632528: mov rsi,rax\n0x5584f463252b: mov edi,0x0\n0x5584f4632530: call 0x5584f46321a0 <read@plt>\n0x5584f4632535: movzx eax,BYTE PTR [rbp-0xe]\n0x5584f4632539: mov BYTE PTR [rbp-0x10],al\n0x5584f463253c: movzx eax,BYTE PTR [rbp-0xd]\n0x5584f4632540: mov BYTE PTR [rbp-0xf],al\n0x5584f4632543: movzx eax,BYTE PTR [rbp-0xf]\n0x5584f4632547: mov BYTE PTR [rbp-0xe],al\n0x5584f463254a: movzx eax,BYTE PTR [rbp-0x10]\n0x5584f463254e: mov BYTE PTR [rbp-0xd],al\n0x5584f4632551: lea rdi,[rip+0xdb0] # 0x5584f4633308\n0x5584f4632558: call 0x5584f4632140 <puts@plt>\n0x5584f463255d: lea rax,[rbp-0xe]\n0x5584f4632561: mov edx,0x5\n0x5584f4632566: lea rsi,[rip+0x2aa3] # 0x5584f4635010\n0x5584f463256d: mov rdi,rax\n0x5584f4632570: call 0x5584f46321b0 <memcmp@plt>\n
\u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5c 0x5584f4635010
\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002
Level 3.0-3.1
\u8fd0\u884c\u7a0b\u5e8f\uff0c\u968f\u4fbf\u8f93\u51e0\u4e2a\u6570\u3002\u663e\u5f0f\u544a\u8bc9\u4e86\u89c4\u5219\u662f\u9006\u5e8f\uff0c\u53c8\u628a\u6b63\u786e\u7b54\u6848\u6253\u5370\u51fa\u6765\u4e86\u3002
3.1\u731c\u6d4b\u548c3.0\u4e00\u6837\u4e5f\u662f\u9006\u5e8f\u3002\u76f4\u63a5\u63092.1\u7684\u65b9\u6cd5\u770b\u4e00\u4e0b[rbp-0xe]\u5904\u7684\u503c\u7136\u540e\u9006\u5e8f\u8f93\u5165\u5c31\u884c\u3002
Level 4.0-4.1
\u89c4\u5219\u662f\u8fdb\u884c\u9012\u589e\u6392\u5e8f\u3002\u8fd9\u4e0b\u53ea\u9700\u8981\u5305\u542b\u8fd9\u4e9b\u5b57\u6bcd\u5c31\u884c\u3002\uff08\u8fd9\u4e0d\u662f\u66f4\u7b80\u5355\u4e86\u2026\u2026\uff09
Level 5.0-5.1
\u8fd9\u9053\u9898\u662f\u5bf9\u8f93\u5165\u5b57\u7b26\u8fdb\u884c\u5f02\u6216\u3002\u7b80\u5355\u5199\u4e86\u4e2apython\uff0c\u5728\u63a7\u5236\u53f0\u4ea4\u4e92\u65f6\u8fd0\u884c\u4e0b\uff1a
tx = lambda x:int(x,16)\n''.join([chr(i^0xb8) for i in [tx(a) for a in 'd6 d5 d6 cf da'.split() ]])\n
5.1\u548c5.0\u7c7b\u4f3c\uff0c\u4eff\u7167\u4e4b\u524d\u7684\u65b9\u6cd5\u53ef\u4ee5\u770b\u5230\u5f02\u6216\u7528\u7684\u662f0x1c\u3002
Level 6.0
\u8fd9\u9053\u9898\u7ed3\u5408\u4e86\u4ea4\u6362\u3001\u5f02\u6216\u3001\u9006\u5e8f\u4e09\u79cd\u64cd\u4f5c\uff0c\u5e72\u8106\u5199\u4e2a\u811a\u672c\u5904\u7406\u4e0b\u5427\u3002
def do_reverse(li):\n return li[::-1]\n\ndef do_swap(li, idx1, idx2):\n li[idx1], li[idx2] = li[idx2], li[idx1]\n return li\n\ndef do_xor(li, key):\n xor_li = []\n while key > 0:\n xor_li.insert(0, key & 0xff)\n key >>= 8\n for i in range(len(li)):\n li[i] ^= xor_li[i % len(xor_li)]\n return li\n\ndef do_sort(li):\n li.sort()\n return li\n\ndef sanitize(s):\n if type(s) is str:\n f = lambda tx: int(tx,16)\n return [f(i) for i in s.split()]\n if type(s) is list:\n return ''.join([chr(i) for i in s])\n\nprint(sanitize(do_swap(do_xor(do_reverse(sanitize('51 90 52 86 58 98 4d 81 4b 84 4f 9a 57 8c 51 91 56')),0x3ef5),5,6)))\n
6.1\u6709\u70b9\u5947\u602a\uff0c\u770b\u6c47\u7f16\u597d\u50cf\u662f\u5148\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9010\u5b57\u8282\u4e0e0xbb\u5f02\u6216\u3002\u597d\u50cf\u548c5.0\u7684\u7f6e\u6362-\u5f02\u6216-\u9006\u5e8f\u4e0d\u4e00\u6837\u7684\uff1f\u53ef\u80fd\u662f\u968f\u673a\u9009\u62e9\u7b56\u7565\u5427\u3002
Level 7.0-7.1
7.0\u7528\u4e0a\u4e00\u4e2a\u811a\u672c\u5373\u53ef\u3002
print(sanitize(do_swap(do_sort(do_xor(do_swap(do_xor(sanitize(' 16 34 42 00 13 31 46 0d 1c 3b 4e 15 05 22 52 10 04 22 54 1c 0f 2e 59 1d 0e 2f 5b'),0x85a4d396),13,16),0xf2)),7,10)))\n
7.1\u662f\u5148\u548c0x15ca\u5f02\u6216\uff0c\u7136\u540e\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9012\u589e\u6392\u5e8f
print(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0x15ca)))\nprint(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0xca15)))\n\n#u\u00abq\u00acr\u00a6e\u00bad\u00beb\u00b6i\u00b7jo\u00b0o\u00bda\u00bee\u00a5y\u00ads\u00afq\n#\u00aat\u00aes\u00ady\u00bae\u00bba\u00bdi\u00b6h\u00b5\u00b0o\u00b0b\u00bea\u00baz\u00a6r\u00acp\u00ae\n#\u7136\u540e\u628a\u4e24\u4e2a\u7ed3\u679c\u4e2d\u5b57\u6bcd\u6392\u8d77\u6765\n#utqsryeedabiihjooobaaezyrspq\n
"},{"location":"pwn-college-cse365-spring2023/#_1","title":"\u603b\u7ed3","text":"CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01
"},{"location":"python/","title":"Python","text":""},{"location":"python/#_1","title":"\u4e00\u4e9b\u5c0f\u70b9","text":" \u5bf9\u5b57\u7b26\u4e32\u53bb\u9664\u7a7a\u767d\u7b26\u65f6\uff0c\u7528split()\u4e0d\u52a0\u53c2\u6570\u3002\u6ce8\u610fsplit(' ')\u6309\u7a7a\u683c\u5206\u9694\u65f6\uff0c\u5982\u679c\u5b58\u5728\u8fde\u7eed\u7684\u7a7a\u683c\uff0c\u90a3\u4e48\u7ed3\u679c\u91cc\u4f1a\u6709\u7a7a\u5b57\u7b26\u4e32''\u3002 "},{"location":"python/#_2","title":"\u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027","text":"obj.__dir__() \u6216\u8005dir(obj)
\u89e3\u6790\u547d\u4ee4\u884c\u53c2\u6570\uff1aargparse \u65e5\u5fd7\u8f93\u51fa\uff1alogging \u89e3\u6790yml\u914d\u7f6e\u6587\u4ef6\uff1ayaml python\u8c03\u7528C\u5e93\uff1actypes.cdll.LoadLibrary \u8bbe\u5b9a\u8ba1\u65f6\u4fe1\u53f7\uff1asignal.alarm "},{"location":"python/#argparse","title":"\u53c2\u6570\u89e3\u6790\uff1aargparse","text":"\u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install --upgrade, pip3 install --force-reinstall\u7b49\u7b49\u3002
import argparse\n\ndef populate_parser(parser):\n parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n # Verbosity switches\n parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
"},{"location":"python/#yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"\u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305
import yaml\n\nwith open('config.yml', 'rb') as f:\n data = yaml.load(f, Loader=yaml.FullLoader)\n print(data)\n
\u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09
\u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6
item:\ntest1: 1\ntest2: 2\ntest2.1: TRUE\ntest2.2: true\ntest2.3: True\nmatters:\ntest3: 3\n3: 333\ntest4: 4\ntest5: ${item.test1}\ntest6: a b c d\ntest7:
\u4f1a\u88ab\u8bc6\u522b\u4e3a
{'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
"},{"location":"python/#logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"\u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002
import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n
\u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f
import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n
\u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)
"},{"location":"python/#_3","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"\u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002
import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n event_id, pc, cnt = bb_regex.match(line).groups()\n\n event_id = int(event_id, 16)\n pc = int(pc, 16)\n cnt = int(cnt)\n\n return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n pc, addr, mode = line.split(\" \")\n return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n try:\n with open(filename, \"r\") as f:\n return [line_parser(line) for line in f.readlines() if line]\n except FileNotFoundError:\n return []\n\ndef parse_bbl_trace(filename):\n return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n return _parse_file(filename, parse_mmio_set_line)\n
"},{"location":"python/#capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"Cap'n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a
// test.capnp\nstruct TraceEvent {\nunion {\nbasicBlock @0 :BasicBlock;\naccess @1 :Access;\n}\n}\n\nstruct BasicBlock {\npc @0 :UInt32;\nlr @1 :UInt32;\n}\n\nstruct Access {\ntarget @0 :AccessTarget;\ntype @1 :AccessType;\nsize @2 :UInt8;\npc @3 :UInt32;\n}\n\nenum AccessTarget {\nram @0;\nmmio @1;\n}\nenum AccessType {\nread @0;\nwrite @1;\n}\n
\u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n if event.which() == 'basicBlock':\n print(event.basicBlock.pc)\ntrace_file.close()\n
"},{"location":"python/#_4","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"\u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal
pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n if timeout_seconds != 0:\n def handler(signal_no, stack_frame):\n pipeline.request_shutdown()\n\n # spin up an alarm for the time\n signal.signal(signal.SIGALRM, handler)\n signal.alarm(timeout_seconds)\n\n pipeline.start()\nexcept Exception as e:\n logger.error(f\"Got exception, shutting down pipeline: {e}\")\n import traceback\n traceback.print_exc()\n status = 1\n
"},{"location":"python/#hexintelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc
from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n 0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n 0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n # Check if the address is consecutive with the current data\n if current_address is None or address == current_address + len(current_data):\n if current_address is None:\n current_address = address\n current_data += bytes([ih[address]])\n else:\n # Save the previous data and start a new block\n restored_data[current_address] = current_data\n current_address = address\n current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
"},{"location":"python/#_5","title":"\u53c2\u8003\u8d44\u6599","text":" (USENIX Security 2022)Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing Cap'n Proto "},{"location":"rca/","title":"\u6839\u56e0\u5206\u6790","text":"\u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002
\u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002
\u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002
\u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a
\u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5(Spectrum-based)\u3002\u5927\u6982\u601d\u8def\u662f\u4e0d\u9700\u8981\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u7684\u8bed\u4e49\u4fe1\u606f\uff0c\u5229\u7528\u4e00\u4e9b\u7edf\u8ba1\u5b66\u7684\u65b9\u6cd5\u6765\u5206\u6790\u54ea\u4e9b\u6307\u4ee4\u6709\u95ee\u9898\u3002\u8fd9\u7c7b\u65b9\u6cd5\u57fa\u4e8e\u8fd9\u6837\u4e00\u4e2a\u573a\u666f\uff1a\u5047\u8bbe\u6211\u4eec\u6709\u4e00\u5927\u6279\u76f8\u4f3c\u7684\u6d4b\u8bd5\u6837\u4f8b\uff0c\u5176\u4e2d\u6709\u4e9b\u4f1a\u5bfc\u81f4\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6709\u4e9b\u4e0d\u4f1a\uff0c\u90a3\u4e48\u8fd9\u4e24\u7c7b\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u504f\u597d\u3002\u90a3\u4e48\u90a3\u4e9b\u66f4\u503e\u5411\u4e8e\u5728\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b\u4e2d\u6267\u884c\u7684\u6307\u4ee4\u66f4\u6709\u53ef\u80fd\u662froot cause\u3002 \u4e8b\u540e\u5206\u6790\u65b9\u6cd5(Postmortem-based)\u3002\u76f4\u8bd1\u5c38\u68c0\u5206\u6790\uff0c\u5f62\u8c61\u7406\u89e3\u4e3a\u4ece\u7a0b\u5e8f\u5d29\u6e83\u540e\u7559\u4e0b\u7684\u201c\u5c38\u4f53\u201d\u5f00\u59cb\u5206\u6790\u3002\u5b83\u5047\u5b9a\u7a0b\u5e8f\u5d29\u6e83\u540e\u4f1a\u4ea7\u751f\u4e00\u4e2acoredump(\u6838\u5fc3\u8f6c\u50a8)\u6587\u4ef6\uff0c\u5305\u542b\u4e86\u5d29\u6e83\u70b9\u7684\u5185\u5b58\u5feb\u7167(memory snapshot)\uff0c\u4ee5\u53ca\u8fd9\u4e2a\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84(execution trace)\u3002\u524d\u8005\u7528\u4e8e\u63d0\u4f9b\u6570\u636e\u6d41\u4fe1\u606f(\u6bd4\u5982\u5185\u5b58\u503c\u3001\u5bc4\u5b58\u5668\u503c)\uff0c\u540e\u8005\u7528\u4e8e\u63d0\u4f9b\u63a7\u5236\u6d41\u4fe1\u606f(\u6c47\u7f16\u6307\u4ee4\u6267\u884c\u4e0e\u8df3\u8f6c)\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u4e00\u4e9b\u9006\u5411\u6267\u884c(reverse execution)\u548c\u540e\u5411\u6c61\u70b9\u5206\u6790(backward taint analysis)\u7684\u65b9\u6cd5\uff0c\u5b9a\u4f4d\u53ef\u80fd\u7684root cause\u3002 \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5(Model-based)\u3002\u8fd9\u4e00\u7c7b\u65b9\u6cd5\u662f\u8fd1\u4e9b\u5e74\u63d0\u51fa\u7684\uff0c\u5b83\u901a\u8fc7\u5b9a\u4e49\u8bed\u4e49\u76f8\u5173\u7684\u6a21\u578b\uff0c\u5229\u7528\u673a\u5668\u5b66\u4e60\u6216\u6df1\u5ea6\u5b66\u4e60\u7684\u601d\u60f3\uff0c\u627e\u5230\u8bed\u4e49\u4e0a\u5bfc\u81f4\u5d29\u6e83\u7684root cause\u3002 \u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002
\u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002
\u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5
\u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002
\u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002
"},{"location":"rca/#_2","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"\u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684
"},{"location":"rca/#_3","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"\u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002
"},{"location":"rca/#_4","title":"\u4e00\u4e9b\u60f3\u6cd5","text":" \u4ec0\u4e48\u662f\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\uff1f\u5047\u5982\u51fd\u6570A\u5185\u521b\u5efa\u4e34\u65f6\u53d8\u91cfx\u5e76\u8c03\u7528\u51fd\u6570B(x)\uff0c\u5728B\u5185\u5f15\u53d1crash\uff0c\u90a3\u4e48\u5e94\u8be5\u5f52\u548e\u4e3aA\u6ca1\u6709\u5904\u7406x\u5462\uff0c\u8fd8\u662fB\u6ca1\u6709\u68c0\u67e5x\u5462\uff1f\u8fd9\u662fAPI\u5b9e\u73b0\u7684\u95ee\u9898\uff0c\u8fd8\u662fAPI\u8bef\u7528\u7684\u95ee\u9898\uff1f(\u5f00\u53d1\u8005or\u7528\u6237) \u5bf9\u4e8e\u67d0\u4e00\u4e2acrash\uff0c\u5982\u679c\u5f00\u53d1\u4eba\u5458\u8fdb\u884c\u4e86\u4fee\u590d\uff0c\u90a3\u4e48\u8fd9\u4e2a\u4fee\u590d\u80fd\u62ff\u6765\u5f53root cause\u5417\uff1f\u4e0d\u540c\u5f00\u53d1\u4eba\u5458\u4fee\u590d\u7684\u98ce\u683c\u53ef\u80fd\u4e0d\u4e00\u6837\uff0c\u4fee\u590d\u4e5f\u672a\u5fc5\u662f\u5b8c\u5168\u7684\uff0croot cause\u5c31\u662f\u4e00\u4e2a\u4e3b\u89c2\u7684\u95ee\u9898\u4e86\u3002 "},{"location":"rca/#_5","title":"\u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09","text":" \u201c\u4f20\u7edf\u7684SFL\u65b9\u6cd5\u6548\u679c\u5728Defects4J\u7b49\u90e8\u5206\u6570\u636e\u96c6\u53ef\u80fd\u8fdc\u4f18\u4e8eDLFL\u65b9\u6cd5\uff0c\u53ef\u80fd\u662f\u57fa\u51c6\u5b9e\u9a8c\u7684\u8fc7\u62df\u5408\u95ee\u9898\u3002\u201d\u4f20\u7edf\u65b9\u6cd5\u7684\u8fc7\u62df\u5408\u6307\u7684\u662f\u4ec0\u4e48\uff1fDLFL\u4e3a\u4ec0\u4e48\u5728\u57fa\u51c6\u6d4b\u8bd5\u96c6\u53d6\u5f97\u548c\u522b\u7684\u6570\u636e\u96c6\u4e00\u6837\u597d\u7684\u6548\u679c\uff1f\u4f20\u7edf\u65b9\u6cd5\u5728\u4e0d\u540c\u6d4b\u8bd5\u96c6\u7684\u8868\u73b0\u5dee\u5f02\u662f\u65b9\u6cd5\u7684\u95ee\u9898\u8fd8\u662f\u6d4b\u8bd5\u96c6\u7684\u95ee\u9898\uff1f\uff08A Universal Data Augmentation Approach for Fault Localization, ICSE 2022\uff09 \u4e0d\u540c\u79cd\u7c7b\u7684FL\u65b9\u6cd5\u5728\u65f6\u95f4\u5f00\u9500\u4e0a\u6570\u91cf\u7ea7\u662f\u4e0d\u540c\u7684\u3002\u6d4b\u8bd5\u7684\u65f6\u5019\u5982\u679c\u96c6\u6210\u4e0a\u8f83\u4f4e\u6570\u91cf\u7ea7\u5f00\u9500\u7684\u65b9\u6cd5\uff0c\u4e0d\u4f1a\u5bf9\u8fd0\u884c\u65f6\u95f4\u6709\u5f88\u5927\u5f71\u54cd\uff0c\u4f46\u53ef\u4ee5\u63d0\u5347\u6548\u7387\u3002\u4e0d\u540c\u79cd\u7c7bFL\u65b9\u6cd5\u76f8\u5173\u6027\u4e0d\u9ad8\uff0c\u53ef\u4ee5\u8003\u8651\u7ed3\u5408\u4f7f\u7528\u3002\uff08An Empirical Study of Fault Localization Families and Their Combinations, TSE 2021\uff09 \u8c03\u7528\u6808\u505aFL\u5206\u6790\u65f6\uff0c\u5982\u679c\u6839\u56e0\u5728\u6808\u4e0a\u7684\u8bdd\uff0c40%\u662f\u7b2c\u4e00\u4e2a\u6808\u5e27\uff0c90%\u5728\u524d10\u4e2a\u6808\u5e27\u91cc\u3002\uff08Do stack traces help developers fix bugs? Mining Softw. Repositories, 2010\uff09 "},{"location":"rca/#_6","title":"\u53c2\u8003\u6587\u732e","text":" Scaffle: Bug Localization on Millions of Files, ISSTA 2020 Probabilistic reasoning in diagnosing causes of program failures, STVR 2016 Practitioners\u2019 expectations on automated fault localization, ISSTA 2016 \u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba
"},{"location":"readings/","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"readings/#_2","title":"\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","text":" AWS\u5bf9\u5404\u7c7b\u6280\u672f\u540d\u5b57\u7684\u4ecb\u7ecd MDN\u7f51\u7edc\u670d\u52a1\u8bcd\u6c47\u8868 "},{"location":"readings/#_3","title":"\u4f1a\u8bae\u603b\u7ed3","text":" ESEC/FSE 2022\u7f51\u5b89\u6e05\u5355 "},{"location":"readings/#_4","title":"\u8f6f\u4ef6\u4f9b\u5e94\u94fe","text":" \u8f6f\u4ef6\u4f9b\u5e94\u94fe\u68c0\u6d4b\u5de5\u5177\u73b0\u72b6\u5206\u6790 "},{"location":"readings/#_5","title":"\u5927\u6a21\u578b","text":" \u667a\u80fd\u5b89\u5168\u8fd0\u8425\uff1a\u5927\u6a21\u578b\u5de5\u5177\u534f\u540c\u4e0e\u5b66\u4e60\u6846\u67b6 "},{"location":"readings/#google","title":"Google","text":" The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 2022 0-day In-the-Wild Exploitation\u2026so far "},{"location":"readings/#_6","title":"\u7f16\u7a0b\u8bed\u8a00","text":" Python\u591a\u8fdb\u7a0b\u5e76\u53d1\u6700\u4f73\u89e3\u51b3\u65b9\u6848 \u591a\u8fdb\u7a0b \u8fdb\u7a0b\u6c60 "},{"location":"reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":""},{"location":"reverse-advanced/#windows","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker
"},{"location":"reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"\u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002
"},{"location":"reverse-basic/#_2","title":"\u8c03\u7528\u7ea6\u5b9a","text":"cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002
stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X
\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002
fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002
"},{"location":"reverse-basic/#_3","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"call
\u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c
retn
\u5373pop EIP
test
\u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668
"},{"location":"reverse-basic/#nop","title":"NOP\u6307\u4ee4\u7684\u7528\u9014","text":"NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002
"},{"location":"reverse-basic/#_4","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"\u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a
push ebp\nmov ebp,esp\n
\u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27
"},{"location":"reverse-basic/#_5","title":"\u540d\u79f0\u4fee\u9970","text":"\u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv
\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a
namespace wikipedia\n{\nclass article\n{\npublic:\nstd::string format();\n}\n}\n
\u5176\u4e2d_Z
\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN
\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E
\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002
"},{"location":"reverse-basic/#pe","title":"PE\u6587\u4ef6","text":"PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002
\u53ef\u6267\u884cPE\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3aexe\uff0csrc \u5e93\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3adll\uff0cocx\uff0ccpl\uff0cdrv \u9a71\u52a8\u7a0b\u5e8f\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3asys\uff0cvxd \u5bf9\u8c61\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3aobj "},{"location":"reverse-basic/#pe_1","title":"PE\u6587\u4ef6\u7684\u6570\u636e\u8282","text":" .text \u4ee3\u7801\u8282\uff0c\u5b58\u653e\u4e8c\u8fdb\u5236\u673a\u5668\u7801 .data \u521d\u59cb\u5316\u6570\u636e\u8282\uff0c\u5982\u5b8f\u5b9a\u4e49\u3001\u5168\u5c40\u53d8\u91cf\u3001\u9759\u6001\u53d8\u91cf .idata \u53ef\u6267\u884c\u6587\u4ef6\u4f7f\u7528\u7684\u52a8\u6001\u94fe\u63a5\u5e93\u7b49\u5916\u90e8\u51fd\u6570\u4e0e\u6587\u4ef6\uff0c\u5373\u8f93\u5165\u8868 .rsrc \u7a0b\u5e8f\u8d44\u6e90\u8282\uff0c\u5305\u62ec\u56fe\u6807\u3001\u83dc\u5355\u7b49 #pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002
"},{"location":"reverse-basic/#_6","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a
\u6216.lib
\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so
\u6216.dll
\u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c
\u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef
\u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o
\uff0car crs libxx.a xx.o
\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC
\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e
"},{"location":"reverse-basic/#gdb","title":"gdb","text":"\u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr
\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g
\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2
)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file
\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002
\u4f7f\u7528ulimit -c unlimited
\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern
\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g
\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>
\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002
"},{"location":"reverse-basic/#_7","title":"\u63a8\u8350\u9605\u8bfb","text":"Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5
"},{"location":"sci-thoughts/","title":"\u79d1\u7814\u5fc3\u5f97","text":""},{"location":"sci-thoughts/#_2","title":"\u517b\u6210\u4e60\u60ef","text":"\u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002
\u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002
\u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002
\u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002
"},{"location":"sci-thoughts/#_3","title":"\u79d1\u7814\u5199\u4f5c","text":"\u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002
\u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002
"},{"location":"sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"\u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a
In this paper, we propose a novel approach to fault localization, SmartFL, that considers the four factors via efficient probabilistic modeling of the program semantics. In this work, we propose POMP++, a system to address the above limitations in analyzing a post-crash artifact and pinpointing statements pertaining to the crash. In this paper, we present REPT, a practical system that enables reverse debugging of software failures in deployed systems. \u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a
During program debugging, fault localization is the activity of identifying the exact locations of program faults. \u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a
However, identifying the bug-inducing commit precisely for a bug-revealing test can be non-trivial due to the following reasons. \u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a
We design and implement REPT, deploy it on Microsoft Windows, and integrate it into WinDbg. We evaluate REPT on 16 real-world bugs and show that it can recover data values accurately (92% on average) and efficiently (in less than 20 seconds) for these bugs. We also show that it enables effective reverse debugging for 14 bugs. \u63d0\u51fa\u672c\u6587novelty\uff1a
The novelty of this work lies in two aspects. First, we propose a new VSA-based approach for memory alias verification. xxx. Second, we develop new schemes to incorporate our customized VSA to POMP. xxx. \u63d0\u51fa\u672c\u6587insight\uff1a
Our core insight is that the probability of a fault in the current program element leads to the current test results can be efficiently estimated by analyzing the following: \u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a
In this section, we elaborate on the technical details of our xxx approach. First, we describe how to xxx. Second, we discuss how to xxx. Finally, we discuss how to xxx. As we elaborate below, the reasons behind this are two folds. \u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a
However, it inevitably detours the fuzzing program away from the critical objects. Existing approaches either consider the full semantics of the program (e.g., mutation-based fault localization and angelic debugging), leading to scalability issues, or ignore the semantics of the program (e.g., spectrum-based fault localization), leading to imprecise localization results. However, all existing approaches only consider whether a program entity exists in samples but neglect the execution times of the entities in a certain sample and the sequence of their executions. As demonstrated in Section 5, without such sequence information, program spectrum-based fault localization would inevitably introduce imprecision. \u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a
In our work, we manually annotate all these sinks based on their naming patterns. "},{"location":"tech-sslh/","title":"sslh \u9605\u8bfb\u7b14\u8bb0","text":"\u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002
sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002
"},{"location":"tech-sslh/#_1","title":"\u4fbf\u6377\u4e0a\u624b","text":"apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n
\u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg
\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002
\u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\"OK1\"\u6216\u8005\"OK2\"\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex
\u3001ssh
\u3001tls
\u3001http
\u3002
\u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002
protocols:\n(\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
"},{"location":"tech-sslh/#sslh_1","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"\u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c
\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a
\u8c03\u7528sslhcfg_cl_parse
\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2 \u8c03\u7528config_protocols
\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe
\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219 \u8c03\u7528start_listen_sockets
\u5f00\u59cb\u76d1\u542csockets \u8c03\u7528main_loop
\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570 \u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener
\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept
\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler
\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002
"},{"location":"tech-sslh/#_2","title":"\u534f\u8bae\u8bc6\u522b","text":"\u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol
\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer
\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)
\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002
\u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a
/* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n/* description probe */\n{ \"ssh\", is_ssh_protocol},\n{ \"openvpn\", is_openvpn_protocol },\n{ \"wireguard\", is_wireguard_protocol },\n{ \"tinc\", is_tinc_protocol },\n{ \"xmpp\", is_xmpp_protocol },\n{ \"http\", is_http_protocol },\n{ \"tls\", is_tls_protocol },\n{ \"adb\", is_adb_protocol },\n{ \"socks5\", is_socks5_protocol },\n{ \"syslog\", is_syslog_protocol },\n{ \"teamspeak\", is_teamspeak_protocol },\n{ \"msrdp\", is_msrdp_protocol },\n{ \"anyprot\", is_true }\n};\n
\u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol
\u3001is_http_protocol
\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a
/* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nif (len < 4)\nreturn PROBE_AGAIN;\n\nreturn !strncmp(p, \"SSH-\", 4);\n}\n
\u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\"SSH-\"\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002
/* Is the buffer the beginning of an HTTP connection? */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nint res;\n/* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\nif (memmem(p, len, \"HTTP\", 4))\nreturn PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n/* Otherwise it could be HTTP/1.0 without version: check if it's got an\n * HTTP method (RFC2616 5.1.1) */\nPROBE_HTTP_METHOD(\"OPTIONS\");\nPROBE_HTTP_METHOD(\"GET\");\nPROBE_HTTP_METHOD(\"HEAD\");\nPROBE_HTTP_METHOD(\"POST\");\nPROBE_HTTP_METHOD(\"PUT\");\nPROBE_HTTP_METHOD(\"DELETE\");\nPROBE_HTTP_METHOD(\"TRACE\");\nPROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\nreturn PROBE_NEXT;\n}\n
http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\"HTTP\"\u5b57\u7b26\u4e32\u3002
\u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a
/* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\nint i;\n\nfor (i = 0; i < ARRAY_SIZE(builtins); i++) {\nif (!strcmp(builtins[i].name, description)) {\nreturn builtins[i].probe;\n}\n}\n\n/* Special case of \"regex\" probe (we don't want to set it in builtins\n * because builtins is also used to build the command-line options and\n * regexp is not legal on the command line)*/\nif (!strcmp(description, \"regex\"))\nreturn regex_probe;\n\n/* Special case of \"timeout\" is allowed as a probe name in the\n * configuration file even though it's not really a probe */\nif (!strcmp(description, \"timeout\"))\nreturn is_true;\n\nreturn NULL;\n}\n
is_true
\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002
regex_probe
\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002
"},{"location":"tech-sslh/#tlsalpnsni","title":"TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb","text":"tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002
\u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a
# match BOTH ALPN/SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ]; log_level: 0; tfo_ok: true },\n\n# just match SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n{ name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; tfo_ok: true },\n
alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002
sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002
sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002
"},{"location":"try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":""},{"location":"try-chatgpt/#_1","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f
\u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a
wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
\u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a --recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 --no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 --page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 --html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 --convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 --restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 --domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 --no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002
\u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002
\u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f
\u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a
\u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a
wget --limit-rate=200k http://example.com\n
\u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --tries \u548c --wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a
wget --tries=10 --wait=5 http://example.com\n
\u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n
\u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002
"},{"location":"try-chatgpt/#gopythonrust","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f
\u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a
Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002
Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002
Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002
\u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002
"},{"location":"try-chatgpt/#_2","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"\u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9
\u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a
OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002
NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002
SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002
Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002
SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002
Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002
GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002
\u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01
"},{"location":"word-learning/","title":"\u8bcd\u6c47\u5b66\u4e60","text":" encyclopedic \u5e7f\u535a\u7684 unprecedented \u53f2\u65e0\u524d\u4f8b\u7684\uff0c\u7a7a\u524d\u7684 bluntly \u76f4\u8a00\u4e0d\u8bb3\u5730 as per some estimates \u6839\u636e\u4e00\u4e9b\u4f30\u8ba1 indispensable \u5fc5\u4e0d\u53ef\u5c11\u7684 to name just a few \u4ec5\u4e3e\u51e0\u4f8b discriminate \u9274\u522b\uff0c\u533a\u522b\uff1b\u6709\u533a\u522b\u7684 remediation \u6574\u6cbb cumbersome \u7e41\u7410\u7684 drastically \u5267\u70c8\u5730 impede \u963b\u788d stochastic \u968f\u673a\u7684 sharp-edged plateau saturating \u9971\u548c\u7684 avert \u907f\u514d\uff0c\u7ebe\u89e3 delineation \u5212\u5b9a nuisance \u6ecb\u6270 menace \u5a01\u80c1\uff0c\u5371\u9669\u7684\u4eba\u6216\u7269 dismantle \u62c6\u5f00\uff0c\u62c6\u5378\uff0c\u5e9f\u9664 undermine \u6697\u4e2d\u7834\u574f\uff0c\u4ece\u6839\u57fa\u5904\u635f\u574f provoke \u6fc0\u8d77\uff0c\u5f15\u8d77 ransomware \u52d2\u7d22\u8f6f\u4ef6 withstand \u62b5\u6321\uff0c\u7ecf\u53d7\u4f4f\uff0c\u62b5\u6297 camouflage \u4f2a\u88c5\uff0c\u9690\u853d\uff0c\u6b3a\u7792 influx \u5927\u91cf\u6d8c\u5165\uff0c\u6c47\u96c6 nullify \u4f7f\u65e0\u6548\uff0c\u4f5c\u5e9f\uff0c\u53d6\u6d88 calibrate \u6821\u51c6 ameliorate \u6539\u5584\uff0c\u6539\u826f prolifical \u591a\u4ea7\u7684 henceforth \u4ece\u4eca\u4ee5\u540e\uff0c\u4eca\u540e surmise \u63a8\u6d4b smuggle \u8d70\u79c1 prudent \u8c28\u614e\u7684 intriguing \u6709\u8da3\u7684\uff0c\u8ff7\u4eba\u7684 byproduct \u526f\u4ea7\u54c1\uff0c\u610f\u5916\u7ed3\u679c inconspicuous \u4e0d\u660e\u663e\u7684 \u4e0d\u5f15\u4eba\u6ce8\u76ee\u7684 brittle \u6613\u788e\u7684\uff0c\u96be\u4ee5\u76f8\u5904\u7684\uff0c\u5c16\u523b\u66b4\u8e81\u7684\uff0c\u51b7\u6de1\u7684 deceive \u6b3a\u9a97\uff0c\u8bef\u5bfc versatility \u591a\u624d\u591a\u827a\uff0c\u591a\u7528\u9014\uff0c\u6613\u53d8\uff0c\u53ef\u8f6c\u52a8\u6027 inflate \u4f7f\u81a8\u80c0\uff0c\u4f7f\u5145\u6c14\uff0c\u7269\u4ef7\u4e0a\u6da8 conflate \u5408\u5e76\uff0c\u6df7\u5408 incentive \u52a8\u673a\uff0c\u523a\u6fc0\uff0c\u8bf1\u56e0\uff0c\u9f13\u52b1 bounty \u8d4f\u91d1\uff0c\u5956\u91d1\uff0c\u8d60\u7269 exacerbate \u4f7f\u6076\u5316\uff0c\u4f7f\u52a0\u91cd fluctuation \u6ce2\u52a8\uff0c\u6da8\u843d\uff0c\u8d77\u4f0f susceptible \u6613\u53d7\u5f71\u54cd\u7684\uff0c\u6613\u53d7\u611f\u67d3\u7684\uff0c\u53ef\u4ee5\u63a5\u53d7\u6216\u5141\u8bb8\u7684 extraneous \u5916\u6765\u7684\uff0c\u5916\u90e8\u7684\uff0c\u65e0\u5173\u7684 amenable \uff08\u5bf9\u6cd5\u5f8b\u7b49\uff09\u8d1f\u8d23\u7684\uff0c\u6613\u63a7\u5236\u7684\uff1b\u7ecf\u5f97\u8d77\u68c0\u9a8c\u6216\u8003\u67e5\u7684 vicinity \u9644\u8fd1\uff0c\u4e34\u8fd1\uff0c\u9644\u8fd1\u5730\u533a\uff0c\u5927\u7ea6\u7684\u7a0b\u5ea6\u6216\u6570\u91cf retention \u4fdd\u7559\uff0c\u8bb0\u5fc6\u529b\uff0c\u4fdd\u6301\u529b\uff0c\u6ede\u7559\uff0c\u6263\u7559 suffice \u8db3\u591f\uff0c\u6709\u80fd\u529b\uff0c\u6ee1\u8db3\u2026\u2026\u7684\u9700\u8981\uff0c\u4f7f\u6ee1\u8db3 rudimentary \u7b80\u964b\u7684 inadvertently \u6f2b\u4e0d\u7ecf\u5fc3\u5730\uff0c\u758f\u5ffd\u5730 cease \u505c\u6b62\uff0c\u7ec8\u6b62 collectively \u5168\u4f53\u5730\uff0c\u5171\u540c\u5730 daunting \u4ee4\u4eba\u754f\u60e7\u7684\uff0c\u4f7f\u4eba\u6c14\u9981\u7684 encompass \u56f4\u7ed5\uff0c\u5305\u56f4\uff0c\u5305\u542b\uff0c\u5305\u62ec devastating \u6bc1\u706d\u6027\u7684\uff0c\u4ee4\u4eba\u9707\u60ca\u7684 retrofit \u7ed9\u673a\u5668\u8bbe\u5907\u88c5\u914d\uff08\u65b0\u90e8\u4ef6\uff09\uff0c\u7ffb\u65b0\uff0c\u6539\u578b yield to \u8ba9\u6b65\u4e8e\uff0c\u4f7f\u81ea\u5df1\u53d7\u5230xxx\u7684\u652f\u914d sterilizer \u6d88\u6bd2\u8005\uff0c\u6d88\u6bd2\u5668 salient \u663e\u8457\u7684\uff0c\u7a81\u51fa\u7684\uff0c\u8df3\u8dc3\u7684\uff0c\uff08\u89d2\uff09\u51f8\u51fa\u7684 nuanced \u6709\u7ec6\u5fae\u5dee\u522b\u7684 discern \u5bdf\u89c9\u51fa\uff0c\u4e86\u89e3\uff1b\u5206\u8fa8\u51fa subsidised \u8865\u8d34\u7684 culprit \u72af\u4eba\uff0c\u7f6a\u72af holistic \u5168\u76d8\u7684\uff0c\u6574\u4f53\u7684\uff0c\u529f\u80fd\u6574\u4f53\u6027\u7684 endeavor \u52aa\u529b\uff0c\u5c3d\u529b influx \u6ce8\u5165\uff0c\u6d41\u5165\uff0c\u6c47\u96c6 plausible \u8c8c\u4f3c\u771f\u5b9e\u7684\uff0c\u8c8c\u4f3c\u6709\u7406\u7684\uff0c\u82b1\u8a00\u5de7\u8bed\u7684 pertain \u6709\u5173\uff0c\u5b58\u5728\uff0c\u9002\u7528 obsolescence \u5e9f\u5f03\uff0c\u9648\u65e7\u8fc7\u65f6\uff0c\uff08\u5668\u5b98\uff09\u5e9f\u9000 resort to \u8bc9\u8bf8\uff0c\u4f9d\u9760\uff0c\u6c42\u52a9\u4e8e discrepancy \u5dee\u5f02\uff0c\u4e0d\u4e00\u81f4\uff0c\u533a\u522b impair \u635f\u5bb3\uff0c\u524a\u5f31 hefty \u91cd\u7684\uff0c\u5065\u58ee\u7684\uff0c\u5f02\u5e38\u5927\u7684\uff0c\u91cd\u91cf\u7ea7\u7684 paucity \u5c11\u91cf\uff0c\u7f3a\u4e4f\uff0c\u4e0d\u8db3\uff0c\u7f3a\u5c11 obstruct \u963b\u788d\uff0c\u963b\u6b62\uff0c\u59a8\u788d retention \u4fdd\u7559\uff0c\u8bb0\u5fc6\u529b\uff0c\u6ede\u7559\uff0c\u6263\u7559 envision \u8bbe\u60f3\uff0c\u9884\u60f3 vt. remediate \u8865\u6551\uff0c\u6cbb\u7597\uff0c\u77eb\u6b63\uff0c\u4fee\u590d conundrum \u8c1c\u8bed\uff0c\u96be\u89e3\u7684\u95ee\u9898 depict \u5c55\u793a\uff0c\u63cf\u8ff0\uff0c\u663e\u793a expedite \u52a0\u5feb\u8fdb\u5c55 remedy \u6cbb\u7597\u6cd5\uff0c\u6539\u6b63\uff0c\u6539\u8fdb\uff0c\u8865\u6551 instinctive reaction \u672c\u80fd\u53cd\u5e94 deem \u8ba4\u4e3a\uff0c\u89c6\u4e3a\uff0c\u76f8\u4fe1 detour \u7ed5\u8def\uff0c\u7ed5\u9053\uff0c\u5f2f\u8def futile \u65e0\u6548\u7684\uff0c\u6ca1\u7528\u7684 the hassle of sth. \u67d0\u4e8b\u5e26\u6765\u7684\u9ebb\u70e6 unencumbered \u6ca1\u6709\u963b\u788d\u7684\uff0c\u4e0d\u53d7\u59a8\u788d\u7684\uff0c\u65e0\u8d1f\u62c5\u7684 idiosyncrasy \uff08\u67d0\u4eba\u7279\u6709\u7684\uff09\u6c14\u8d28\uff0c\u4e60\u6027\uff0c\u7656\u597d crowdsource \u4f17\u5305 stabilize \u56fa\u5b9a\uff0c\u9632\u6b62\u2026\u2026\u6ce2\u52a8 encompass \u56f4\u7ed5\uff0c\u5305\u56f4\uff0c\u5b8c\u6210 obviate \u907f\u514d\uff0c\u6d88\u9664\uff08\u8d2b\u56f0\u3001\u4e0d\u65b9\u4fbf\u7b49\uff09 conducive to\u6709\u52a9\u4e8e\u2026\u2026\u7684\uff0c\u6709\u76ca\u4e8e\u2026\u2026\u7684 pertain to \u6709\u5173\uff0c\u5173\u4e8e arduous \u52aa\u529b\u7684\uff0c\u8270\u5de8\u7684\uff0c\u96be\u514b\u670d\u7684 plow \u7281\uff0c\u8015\uff0c \u8d39\u529b\u7a7f\u8fc7 imperative \u5fc5\u8981\u7684\uff0c\u4e0d\u53ef\u907f\u514d\u7684\uff1b\u5fc5\u8981\u7684\u4e8b\uff0c\u547d\u4ee4\uff0c\u89c4\u5219 notoriously \u81ed\u540d\u662d\u8457\u5730\uff0c\u4f17\u6240\u5468\u77e5\u5730 culprit \u72af\u4eba\uff0c\u7f6a\u72af\uff0c\u88ab\u544a\u4eba\uff0c\u8087\u4e8b\u8005 succinct \u7b80\u6d01\u7684 reciprocal \u4e92\u60e0\u7684\uff0c\u5012\u6570 inadvertent \u4e0d\u7ecf\u610f\u7684\uff0c\u758f\u5ffd\u7684 disseminate \u6563\u5e03\uff0c\u4f20\u64ad\uff08\u95ee\u5377\u7b49\uff09 elicitation \u5f15\u51fa\uff0c\u542f\u53d1 obsolete \u5e9f\u5f03\u7684\uff0c\u8001\u5f0f\u7684\uff0c\u5df2\u8fc7\u65f6\u7684 In particular, it works like SBFL, where a bug-inducing commit and a non-inducing commit are analogous\uff08\u76f8\u4f3c\u7684\uff0c\u53ef\u6bd4\u62df\u7684\uff09 to a failing test and a passing test in SBFL, respectively. The effectiveness of recurrent neural network is marginally\uff08\u7565\u5fae\u5730\uff09 higher than multi-layer perceptron. "}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to c01dkit's tech blog","text":"\u76ee\u5f55\u4e3a\u81ea\u52a8\u751f\u6210\uff0c\u53ef\u80fd\u6709\u8bef\u3002\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u65f6\u95f42023-12-18\u3002
\u6b22\u8fce\u63d0issue\u4ee5\u6307\u9519\u3001\u4ea4\u6d41\uff01
\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u5185\u5bb9\uff1a
\u5355\u72ec\u628actf\u9898\u76eewp\u5206\u6210\u4e00\u4e2a\u65b0\u7684\u7c7b "},{"location":"#_1","title":"\u6587\u7ae0\u9605\u8bfb","text":" \u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60 \u4f1a\u8bae\u603b\u7ed3 \u8f6f\u4ef6\u4f9b\u5e94\u94fe \u5927\u6a21\u578b Google \u7f16\u7a0b\u8bed\u8a00 "},{"location":"#ctf-pwn-college-cse-365-spring-2023","title":"CTF\u7b14\u8bb0 / pwn-college / CSE 365 - spring 2023","text":" Talking Web \u5b66\u4e60\u7b14\u8bb0 Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0 Building a Web Server \u5b66\u4e60\u7b14\u8bb0 Reverse Engineering \u5b66\u4e60\u7b14\u8bb0 Talking Web WriteUps Assembly Crash Course Writeups Building a Web Server Writeups Reverse Engineering Writeups \u603b\u7ed3 "},{"location":"#c","title":"\u7f16\u7a0b\u8bed\u8a00 / C\u8bed\u8a00","text":" \u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740 \u52a8\u6001\u94fe\u63a5\u5e93 "},{"location":"#go","title":"\u7f16\u7a0b\u8bed\u8a00 / Go","text":" go\u73af\u5883\u914d\u7f6e \u521b\u5efa\u5de5\u7a0b \u5feb\u901f\u5165\u95e8 "},{"location":"#python","title":"\u7f16\u7a0b\u8bed\u8a00 / Python","text":" \u4e00\u4e9b\u5c0f\u70b9 \u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027 \u53c2\u6570\u89e3\u6790\uff1aargparse \u914d\u7f6e\u8bfb\u53d6\uff1ayaml \u8f93\u51fa\u65e5\u5fd7\uff1alogging \u63a5\u53e3\u8bbe\u8ba1 \u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp \u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f \u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex \u53c2\u8003\u8d44\u6599 "},{"location":"#_2","title":"\u7f16\u7a0b\u8bed\u8a00 / \u4f18\u96c5\u7f16\u7a0b","text":" \u7a0b\u5e8f\u53d8\u91cf \u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5 \u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175 \u4f18\u5316\u8ba1\u7b97\u6548\u7387 \u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801 \u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41 \u5faa\u73af \u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf \u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad \u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868 \u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c \u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027 C "},{"location":"#python_1","title":"\u7f16\u7a0b\u5e94\u7528 / python\u722c\u866b","text":" Scrapy \u52a0\u56fd\u5185\u4ee3\u7406 application/json\u7c7b\u578b application/x-www-form-urlencoded\u7c7b\u578b Selenium "},{"location":"#ida","title":"\u7a0b\u5e8f\u9006\u5411 / IDA\u57fa\u7840","text":" \u53cd\u7f16\u8bd1ARM raw binary "},{"location":"#_3","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u57fa\u7840","text":" \u8c03\u7528\u7ea6\u5b9a \u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26 NOP\u6307\u4ee4\u7684\u7528\u9014 \u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad \u540d\u79f0\u4fee\u9970 PE\u6587\u4ef6 PE\u6587\u4ef6\u7684\u6570\u636e\u8282 \u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93 gdb \u63a8\u8350\u9605\u8bfb "},{"location":"#_4","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u9ad8\u9636","text":" Windows\u9006\u5411\u6280\u672f\u6982\u5ff5 "},{"location":"#autoconf","title":"\u5b66\u4e60\u7b14\u8bb0 / autoconf","text":" \u4e0d\u5206\u76ee\u5f55\u7ed3\u6784 \u533a\u5206\u76ee\u5f55\u7ed3\u6784 "},{"location":"#chatgpt","title":"\u5b66\u4e60\u7b14\u8bb0 / ChatGPT","text":" \u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d \u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb \u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60 "},{"location":"#docker","title":"\u5b66\u4e60\u7b14\u8bb0 / Docker","text":" \u5b89\u88c5docker \u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e \u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55 \u65b0\u5bb9\u5668\u521d\u59cb\u5316 \u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668 \u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668 "},{"location":"#ubuntu","title":"\u5b66\u4e60\u7b14\u8bb0 / Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":" \u6839\u636epid\u67e5\u8be2\u7ec6\u8282 \u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282 \u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361 \u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528 \u7edf\u8ba1\u78c1\u76d8\u7528\u91cf \u4fee\u6539DNS \u7cfb\u7edf\u670d\u52a1 \u5b9a\u65f6\u670d\u52a1 \u53c2\u8003\u8d44\u6599 "},{"location":"#git","title":"\u5b66\u4e60\u7b14\u8bb0 / Git","text":" \u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d \u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6 \u64a4\u56deadd \u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee \u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a \u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93 \u5b50\u6a21\u5757\u7684\u4e0b\u8f7d \u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539 \u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528 Github debug\u5408\u96c6 Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated. "},{"location":"#sslh","title":"\u5b66\u4e60\u7b14\u8bb0 / sslh","text":" \u4fbf\u6377\u4e0a\u624b sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316 \u534f\u8bae\u8bc6\u522b TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb "},{"location":"#_5","title":"\u5b66\u4e60\u7b14\u8bb0 / \u7aef\u53e3\u590d\u7528","text":" \u7aef\u53e3\u590d\u7528\u65b9\u6cd5 sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305 ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5 nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1 iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh https\u8bc1\u4e66 "},{"location":"#_6","title":"\u5b66\u4e60\u7b14\u8bb0 / \u73af\u5883\u914d\u7f6e","text":" \u66f4\u65b0\u57fa\u672c\u73af\u5883 rust\u5b89\u88c5\u4e0e\u66f4\u65b0 \u8bbe\u7f6egolang\u4ee3\u7406 \u5b89\u88c5ohmyzsh git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406 perf \u5b89\u88c5(ubuntu) \u9009\u62e9ssh\u5bc6\u94a5 Windows\u4e0b\u5b89\u88c5make \u53c2\u8003\u6587\u7ae0 "},{"location":"#_7","title":"\u5b66\u4e60\u7b14\u8bb0 / \u4ee3\u7406\u8f6c\u53d1","text":" \u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51 \u5185\u7f51\u7a7f\u900f \u5b50\u7f51\u8f6c\u53d1 "},{"location":"#latex","title":"\u79d1\u7814\u751f\u6d3b / latex\u57fa\u7840","text":" \u63a8\u8350\u5de5\u5177 \u82f1\u6587latex \u4e2d\u6587latex "},{"location":"#_8","title":"\u79d1\u7814\u751f\u6d3b / \u79d1\u7814\u5fc3\u5f97","text":" \u517b\u6210\u4e60\u60ef \u79d1\u7814\u5199\u4f5c "},{"location":"#_9","title":"\u79d1\u7814\u751f\u6d3b / \u6a21\u7cca\u6d4b\u8bd5","text":" \u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5 AFLNET STATEAFL NSFuzz IoTHunter \u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5 DATAFLOW "},{"location":"#_10","title":"\u79d1\u7814\u751f\u6d3b / \u6839\u56e0\u5206\u6790","text":" \u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf \u5206\u6790\u65f6\u95f4\u5f00\u9500 \u4e00\u4e9b\u60f3\u6cd5 \u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09 \u53c2\u8003\u6587\u732e "},{"location":"IDA/","title":"IDA\u4f7f\u7528","text":""},{"location":"IDA/#arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"\u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002
raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002
"},{"location":"autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"\u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49
"},{"location":"autoconf/#_1","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"\u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a
bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n
bin_PROGRAMS
\u7528\u4e8e\u7ed9\u9879\u76ee\u8d77\u540d\uff0c\u6bd4\u5982X\uff0c\u90a3\u4e48\u4e4b\u540e\u7684X_SOURCES\u5219\u7528\u6765\u6307\u5b9a\u4f7f\u7528\u7684\u6e90\u6587\u4ef6 \u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
"},{"location":"autoconf/#_2","title":"\u533a\u5206\u76ee\u5f55\u7ed3\u6784","text":"\u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002
\u7f16\u5199Makefile.am\u6587\u4ef6
\u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a
bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n
AM_CFLAGS
\u7528\u4e8e\u6dfb\u52a0\u7f16\u8bd1\u9009\u9879 \u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939
POMP\u7684\u4f8b\u5b50\uff1a
SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n
\u6267\u884cautoscan
\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a
# -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\nsrc/Makefile])\nAC_OUTPUT\n
\u6267\u884caclocal && autoheader && autoconf
\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure
\u8fd0\u884cautomake --add-missing
\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in
\u8fd0\u884c./configure
\u751f\u6210makefile
\u8fd0\u884cmake
\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801
"},{"location":"c/","title":"C\u8bed\u8a00","text":""},{"location":"c/#_1","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"member_address - &(((TYPE *)0)->member);\n
\u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002
"},{"location":"c/#_2","title":"\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u7f16\u8bd1\u52a8\u6001\u94fe\u63a5\u5e93\u672c\u8eab
\u4f7f\u7528gcc\u7f16\u8bd1\u51fa\u52a8\u6001\u94fe\u63a5\u5e93\uff1a
gcc <source C file> -shared -fPIC -o lib<source>.so\n
\u7f16\u8bd1\u539f\u9879\u76ee\u65f6\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93
\u4f7f\u7528-l\u6307\u5b9a\u52a0\u8f7d\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002
\u6bd4\u5982gcc main.c -lcapstone
\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c
\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09
\u5982\u679c\u52a8\u6001\u94fe\u63a5\u5e93\u4e0d\u5728\u9ed8\u8ba4\u7684\u7cfb\u7edf\u5e93\u4e2d\uff0c\u53ef\u4ee5\u6dfb\u52a0-L
\u6765\u6307\u5b9a\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u4fdd\u5b58\u4f4d\u7f6e\u3002
\u8fd0\u884c\u9879\u76ee\u65f6\u52a0\u8f7d\u52a8\u6001\u94fe\u63a5\u5e93
\u5373\u4fbf\u7f16\u8bd1\u6210\u529f\uff0c\u8fd0\u884c\u53ef\u80fd\u62a5\u9519\u3002\u641c\u7d22\u987a\u5e8f\u4e3a\uff1a
\u5728\u7f16\u8bd1\u65f6\u6dfb\u52a0-Wl,-rpath=xxx
\u6765\u6307\u5b9a\u8fd0\u884c\u65f6\u6240\u9700\u7684\u52a8\u6001\u5e93\u6587\u4ef6 \u5728\u73af\u5883\u53d8\u91cfLD_LIBRARY_PATH
\u6307\u5b9a\u7684\u76ee\u5f55\u4e2d\u641c\u7d22 \u5728/etc/ld.so.conf
\u7ed9\u51fa\u7684\u76ee\u5f55\u4e2d\u641c\u7d22 \u5728\u9ed8\u8ba4\u7684\u641c\u7d22\u8def\u5f84/lib
\u3001/lib64
\u3001/usrlib
\u3001/usrlib64
\u7b49\u641c\u7d22 "},{"location":"code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"code-gracely/#_2","title":"\u7a0b\u5e8f\u53d8\u91cf","text":" \u6700\u597d\u5728\u58f0\u660e\u7684\u540c\u65f6\u521d\u59cb\u5316\uff0c\u5c24\u5176\u662f\u907f\u514d\u4ec5\u521d\u59cb\u5316\u5bf9\u8c61\u7684\u90e8\u5206\u6210\u5458 \u5c3d\u53ef\u80fd\u5730\u7f29\u77ed\u53d8\u91cf\u7684\u751f\u547d\u5468\u671f\u4e0e\u8de8\u5ea6\uff08\u5373\u5728\u4f7f\u7528\u524d\u5148\u521d\u59cb\u5316\u3001\u591a\u5b9a\u4e49\u53d8\u91cf\uff09 \u4e0d\u8981\u5728\u591a\u4e2a\u4ee3\u7801\u7247\u6bb5\u4e4b\u95f4\u4f7f\u7528temp\u7b49\u4e0d\u660e\u610f\u4e49\u7684\u547d\u540d\uff0c\u8fd9\u6837\u4f1a\u4f7f\u4e0d\u76f8\u5173\u7684\u4ee3\u7801\u770b\u8d77\u6765\u76f8\u5173 \u8b66\u60d5\u9690\u5f0f\u542b\u4e49\uff0c\u6bd4\u5982\u67d0\u53d8\u91cf\u4e3a\u6b63\u6570\u65f6\u4e3a\u6574\u6570\u7c7b\u578b\uff0c\u8d1f\u6570\u65f6\u8868\u793a\u9690\u542b\u7684\u201c\u51fa\u9519\u201d\uff08\u5373\u9690\u542b\u5e03\u5c14\u7c7b\u578b\uff09\uff0c\u6539\u7528\u591a\u4e2a\u53d8\u91cf \u786e\u4fdd\u6240\u6709\u58f0\u660e\u7684\u53d8\u91cf\u90fd\u4f7f\u7528\u8fc7 \u53d8\u91cf\u540d\u79f0\u8981\u63cf\u8ff0\u201c\u4ec0\u4e48\u201d\uff0c\u800c\u4e0d\u662f\u201c\u600e\u4e48\u201d\uff0c\u8981\u5177\u8c61 \u53d8\u91cf\u540d\u79f0\u957f\u5ea6\u57288-20\u4e2a\u5b57\u6bcd\u6bd4\u8f83\u9002\u5b9c Total\u3001Sum\u3001Max\u3001Record\u3001String\u3001Pointer\u7b49\u7b49\u9650\u5b9a\u8bcd\u8981\u52a0\u5230\u540d\u5b57\u6700\u540e i\u3001j\u3001k\u7b49\u7ea6\u5b9a\u901f\u6210\u7684\u53d8\u91cf\u540d\u9002\u7528\u4e8e\u7b80\u5355\u7684\u5faa\u73af\uff0c\u4e0d\u8981\u7528\u4e8e\u4efb\u4f55\u7b80\u5355\u5faa\u73af\u7684\u4e0b\u6807\u5faa\u73af\u4e4b\u5916\u7684\u4efb\u4f55\u573a\u5408 \u591a\u4e2a\u590d\u6742\u5faa\u73af\u5d4c\u5957\u65f6\uff0c\u6700\u597d\u4e0d\u8981\u4f7f\u7528i\u3001j\u3001k \u4e3a\u72b6\u6001\u53d8\u91cf\u8d77\u4e00\u4e2a\u6bd4flag\u66f4\u597d\u7684\u540d\u5b57\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528statusFlag\uff0c\u800c\u662fcharacterType\uff08\u66f4\u52a0\u5177\u4f53\u63cf\u8ff0\u662f\u4ec0\u4e48status\uff09 \u4f7f\u7528done\u3001error\u3001found\u3001ok\u7b49\u4e3a\u5e03\u5c14\u53d8\u91cf\u8d4b\u503c \u4e3a\u5e03\u5c14\u53d8\u91cf\u8d4b\u4e88\u9690\u542b\u771f\u5047\u610f\u4e49\u7684\u540d\u5b57\uff0c\u6bd4\u5982sourceFileAvailable\u3001sourceFileFound \u4f7f\u7528\u80af\u5b9a\u7684\u5e03\u5c14\u53d8\u91cf\u540d\uff0c\u4e0d\u8981\u5305\u542b\u201cnot\u201d\u4e4b\u7c7b\u7684\u5426\u5b9a\u542b\u4e49 \u5982\u679c\u679a\u4e3e\u7c7b\u578b\u53d8\u91cf\u4e0d\u9700\u8981\u6307\u5b9a\u57df\uff0c\u90a3\u4e48\u4f7f\u7528\u7c7b\u4f3cCOLOR_xxx\u7684\u524d\u7f00\u6765\u6307\u5b9a\u7c7b\u522b\u4f1a\u6bd4\u8f83\u597d "},{"location":"code-gracely/#_3","title":"\u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5","text":"\u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002
"},{"location":"code-gracely/#_4","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":" \u5c06\u51fa\u73b0\u9891\u7387\u9ad8\u7684\u60c5\u51b5\u653e\u5728\u4f18\u5148\u6267\u884c\u7684\u4f4d\u7f6e \u5faa\u73af\u4e2d\uff0c\u641c\u7d22\u5230\u76ee\u6807\u540e\u7acb\u5373\u9000\u51fa\u5faa\u73af \u5faa\u73af\u641c\u7d22\u65f6\uff0c\u4e5f\u53ef\u4ee5\u5c06\u641c\u7d22\u5bf9\u8c61\u653e\u5728\u6570\u7ec4\u6700\u540e\uff08\u989d\u5916\u7a7a\u95f4\uff09\uff0c\u6700\u540e\u68c0\u67e5\u4e0b\u6807\u3002\uff08\u672c\u8d28\u4e0a\u662f\u4fdd\u8bc1\u4e0d\u4f1a\u8d8a\u754c\u641c\u7d22\uff0c\u4e14\u4fdd\u8bc1\u5faa\u73af\u4e00\u5b9a\u6b63\u786e\u7ed3\u675f\uff09 "},{"location":"code-gracely/#_5","title":"\u4f18\u5316\u8ba1\u7b97\u6548\u7387","text":" \u7a0b\u5e8f\u6267\u884c\u524d\u8ba1\u7b97\u7ed3\u679c\uff0c\u901a\u8fc7\u5e38\u91cf\u4fdd\u5b58\u3001\u786c\u7f16\u7801\u3001\u6587\u4ef6\u4fdd\u5b58\u7684\u65b9\u6cd5\u6765\u907f\u514d\u91cd\u590d\u8ba1\u7b97 \u5c3d\u91cf\u51cf\u5c11\u5faa\u73af\u4f53\u5185\u7684\u8ba1\u7b97\u5de5\u4f5c\uff0c\u53ef\u4ee5\u5728\u4e4b\u524d\u8ba1\u7b97\u5b8c\u6bd5\u5e76\u4fdd\u5b58\uff0c\u4e4b\u540e\u5f15\u7528 \u516c\u5171\u5b50\u8868\u8fbe\u5f0f\u5e94\u5f53\u4fdd\u5b58\u5728\u53d8\u91cf\u91cc \u9002\u5f53\u5c06\u4e58\u6cd5\u91cd\u5199\u4e3a\u52a0\u6cd5\u3001\u5e42\u91cd\u5199\u4e3a\u4e58\u6cd5\u3001\u6574\u6570\u4ee3\u66ff\u6d6e\u70b9\u6570\u3001\u5355\u7cbe\u5ea6\u4ee3\u66ff\u53cc\u7cbe\u5ea6\u3001\u79fb\u4f4d\u64cd\u4f5c\u4ee3\u66ff\u4e58\u96642\u3001\u4e09\u89d2\u6052\u7b49\u5f0f\u4ee3\u66ff\u4e09\u89d2\u51fd\u6570 \u5c3d\u91cf\u51cf\u5c11\u6570\u7ec4\u7ef4\u5ea6\u4e0e\u6570\u7ec4\u5f15\u7528 \u591a\u91cd\u5faa\u73af\u65f6\uff0c\u5c06\u5faa\u73af\u6b21\u6570\u5c11\u7684\u653e\u5916\u5c42 "},{"location":"code-gracely/#_6","title":"\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801","text":" \u4f7f\u7528\u9ad8\u7ea7\u8bed\u8a00\u5b8c\u6210\u7a0b\u5e8f\u7f16\u5199 \u8fdb\u884c\u6d4b\u8bd5\uff0c\u9a8c\u8bc1\u6b63\u786e\u6027 \u8fdb\u884c\u7a0b\u5e8f\u5206\u6790\uff0c\u786e\u5b9a\u70ed\u70b9\u4ee3\u7801 \u5bf9\u70ed\u70b9\u4ee3\u7801\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u6539\u5199 "},{"location":"code-gracely/#_7","title":"\u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41","text":""},{"location":"code-gracely/#_8","title":"\u5faa\u73af","text":" \u5faa\u73af\u5c42\u6570\u6700\u597d\u4e0d\u8981\u8d85\u8fc7\u4e09\u5c42 \u77ed\u5faa\u73af\u53ef\u4ee5\u591a\u4f7f\u7528break\u3001continue\u7b49\u63a7\u5236\uff0c\u957f\u5faa\u73af\u5c3d\u91cf\u4fdd\u8bc1\u552f\u4e00\u51fa\u53e3 \u5faa\u73af\u9644\u8fd1\u4e0d\u8981\u5199\u91cd\u590d\u7684\u4ee3\u7801\uff08\u4fee\u6539\u9700\u8981\u540c\u6b65\u4fee\u6539\u591a\u5904\uff0c\u4e0d\u4fbf\u7ef4\u62a4\uff09 for\u9002\u5408\u4e0e\u201c\u6570\u91cf\u201d\u6709\u5173\u7684\u5faa\u73af\uff0c\u4e14\u4e0d\u8981\u5728\u5185\u90e8\u4fee\u6539\u4e0b\u6807\uff1bwhile\u9002\u5408\u4e0e\u201c\u6761\u4ef6\u201d\u6709\u5173\u7684\u5faa\u73af \u5faa\u73af\u4f53\u5e94\u5f53\u81ea\u6210\u5b50\u7a0b\u5e8f\uff0c\u5faa\u73af\u6761\u4ef6\u5e94\u5f53\u6e05\u6670\u6613\u8bfb \u591a\u4f7f\u7528for\u5faa\u73af\uff0c\u4f46\u4e0d\u8981\u628a\u4e0e\u5faa\u73af\u65e0\u5173\u7684\u8bed\u53e5\uff08\u6bd4\u5982\u521d\u59cb\u5316\u4e00\u4e2a\u4e0d\u7528\u4e8e\u5faa\u73af\u7684\u53d8\u91cf\uff09\u653e\u5728\u5faa\u73af\u5934 \u4e0d\u8981\u5199\u7a7a\u5faa\u73af\uff0c\u5c06\u7a7a\u5faa\u73af\u6539\u5199\u6210while\u5faa\u73af \u5982\u679c\u4e00\u4e2a\u5faa\u73af\u53ef\u4ee5\u505a\u4e24\u4ef6\u4e8b\u60c5\uff0c\u628a\u5b83\u4eec\u62c6\u6210\u4e24\u4e2a\u5faa\u73af\uff0c\u9664\u975e\u6ce8\u660e\u5728\u6027\u80fd\u4e0a\u6709\u6240\u63d0\u9ad8 \u4e0d\u8981\u5c06\u5faa\u73af\u4e0b\u6807\u4f5c\u4e3a\u7ed3\u679c\u8fd4\u56de\u3002\u5982\u679c\u9700\u8981\u4f7f\u7528\uff0c\u53ef\u4ee5\u5728\u5faa\u73af\u5f00\u59cb\u524d\u5b9a\u4e49\u65b0\u7684\u53d8\u91cf\uff0c\u7136\u540e\u5728\u5faa\u73af\u5185\u90e8\u5bf9\u8fd9\u4e00\u53d8\u91cf\u8fdb\u884c\u8d4b\u503c "},{"location":"code-gracely/#_9","title":"\u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf","text":""},{"location":"code-gracely/#if-else","title":"\u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad","text":"\u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a
\u4e0d\u6613\u9605\u8bfb \u4ee3\u7801\u91cd\u590d\u5ea6\u9ad8\uff0c\u65e0\u610f\u4e49 \u5bf9\u4e8e\u590d\u6742\u60c5\u51b5\uff0c\u5bb9\u6613\u6f0f\u6761\u4ef6 \u5224\u65ad\u903b\u8f91\u786c\u7f16\u7801\u5728\u4ee3\u7801\u4e2d\uff0c\u7ef4\u62a4\u4e0d\u4fbf \u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a
\u6613\u8bfb \u4ee3\u7801\u7b80\u6d01\u4e14\u9ad8\u6548 \u4e0d\u4f1a\u6f0f\u6389\u6761\u4ef6 \u53ef\u4ee5\u5c06\u8868\u653e\u5728\u5916\u90e8\u6587\u4ef6\u6216\u8005\u7edf\u4e00\u653e\u5728\u4e00\u8d77\uff0c\u4fbf\u4e8e\u7ef4\u62a4\uff1b\u53ef\u4ee5\u5728\u4e0d\u6539\u53d8\u7a0b\u5e8f\u7684\u60c5\u51b5\u4e0b\u4fee\u6b63\u8fd0\u884c\u7ed3\u679c \u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002
"},{"location":"code-gracely/#_10","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"\u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002
"},{"location":"code-gracely/#_11","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"\u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002
"},{"location":"code-gracely/#_12","title":"\u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027","text":""},{"location":"code-gracely/#c","title":"C","text":"\u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c
int arr[10] = {\n[0] = 1,\n[1 ... 4] = 2,\n[5 ... 7] = 4,\n};\n
\u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c
struct test {\nint a;\nint b;\nint c;\nint d;\n};\n\nint main(\nint argc, char const *argv[]\n)\n{\nstruct test t = {\n.a = 1,\n.b = 2,\n.c = 3,\n.d = 4,\n};\n\nreturn 0;\n}\n
"},{"location":"crawler/","title":"\u722c\u866b\u6a21\u677f","text":""},{"location":"crawler/#scrapy","title":"Scrapy","text":"\u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd
"},{"location":"crawler/#_2","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"\u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406
import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n \"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n yield scrapy.Request(\n headers = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n meta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n )\n
"},{"location":"crawler/#applicationjson","title":"application/json\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a
import json\nheaders = {\n \"Content-Type\": \"application/json\",\n \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n url=url, \n method='POST', \n headers=headers, \n body=data,\n callback=self.parse, \n meta={'period': t}, \n errback=self.err,\n cb_kwargs={'period': t,'page':0}\n)\n
"},{"location":"crawler/#applicationx-www-form-urlencoded","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"\u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a
post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n url=url,\n formdata=post_data,\n errback=self.err,\n callback = self.parse,\n cookies = cookies,\n cb_kwargs = {'id':'shixian','page':str(page)},\n )\n
\u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002
"},{"location":"crawler/#selenium","title":"Selenium","text":"\u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8
from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n cur = -1\n final = -1\n try:\n pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n except:\n print('Current page is not found')\n return cur,final\n\n for page in pages:\n if 'active' in page.get_attribute('class'):\n cur = int(page.text)\n if 'number' in page.get_attribute('class'):\n final = int(page.text)\n return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n\"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n \"\"\"\n global CURRENT_PAGE\n global CURRENT_TITLE\n titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n jscode = 'document.location = '+'\"'+config['url']+'\"'\n driver.execute_script(jscode)\n for title,svgs in zip(titles,icons):\n svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n continue\n skip = False\n for svg in svgs:\n # if visible \n if svg.get_attribute('style') == 'display: inline-block;':\n svg.click()\n time.sleep(7)\n cls = driver.window_handles\n if len(cls) > 1:\n time.sleep(20)\n ok = archive_file(title.text,config)\n if not ok:\n print(f'Failed to download {title.text}')\n while len(cls) > 1:\n driver.switch_to.window(cls[1])\n driver.close()\n driver.switch_to.window(cls[0])\n cls = driver.window_handles\n return (False, title.text)\n cls = driver.window_handles\n driver.switch_to.window(cls[0])\n CURRENT_TITLE = None\n CURRENT_PAGE += 1\n return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n
\u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a
import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n if op >= 200:\n print('failed 200 times!')\n break\n p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n op += 1\n\n time.sleep(30)\n if p.poll() == 0:\n break\n p.wait()\n
"},{"location":"docker/","title":"Docker\u4f7f\u7528\u7b14\u8bb0","text":""},{"location":"docker/#docker_1","title":"\u5b89\u88c5docker","text":"\u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef
"},{"location":"docker/#_1","title":"\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e","text":"\u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker
\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/lib/systemd/system/docker.service
\u7684-g\u53c2\u6570\u6765\u6307\u5b9a\u4f4d\u7f6e\u3002\u53ef\u4ee5\u901a\u8fc7docker info
\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002
\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker
\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002
\u53e6\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a
{\n\"data-root\": \"/home/docker\"\n}\n
\u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a
sudo cp -r /var/lib/docker /home/docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\nsudo systemctl status docker\n
"},{"location":"docker/#_2","title":"\u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55","text":"\u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8
docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
\u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d--user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002 \u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002
\u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002
\u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u
\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc
"},{"location":"docker/#_3","title":"\u65b0\u5bb9\u5668\u521d\u59cb\u5316","text":"apt-get update
\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential
"},{"location":"docker/#_4","title":"\u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668","text":"\u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5
"},{"location":"docker/#_5","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"docker exec -it <\u5bb9\u5668id> /bin/bash\n
\u53ef\u4ee5Ctrl+D\u9000\u51fa
"},{"location":"envs/","title":"\u73af\u5883\u914d\u7f6e","text":""},{"location":"envs/#_2","title":"\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"sudo apt update\nsudo apt install curl build-essential gcc make -y\n
"},{"location":"envs/#rust","title":"rust\u5b89\u88c5\u4e0e\u66f4\u65b0","text":"curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n
rustup update\n
\u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)
[source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
"},{"location":"envs/#golang","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"go env -w GOPROXY=https://goproxy.cn\n
"},{"location":"envs/#ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"sudo apt install zsh\n
curl\u548cwget\u4e8c\u9009\u4e00
sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
"},{"location":"envs/#git","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"\u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3
git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
"},{"location":"envs/#perf-ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"sudo apt-get install linux-tools-`uname -r`\n
"},{"location":"envs/#ssh","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
"},{"location":"envs/#windowsmake","title":"Windows\u4e0b\u5b89\u88c5make","text":"\u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make
"},{"location":"envs/#_3","title":"\u53c2\u8003\u6587\u7ae0","text":" \u5b89\u88c5rusthttps://hosthum.com/p/install-rust-lang/ \u5b89\u88c5ohmyzshhttps://ohmyz.sh/ \u914d\u7f6eIntel PThttps://carteryagemann.com/a-practical-beginners-guide-to-intel-processor-trace.html \u914d\u7f6essh-agenthttps://blog.csdn.net/shadow_zed/article/details/112260652 "},{"location":"fuzzing/","title":"\u6a21\u7cca\u6d4b\u8bd5\u57fa\u672c\u4ecb\u7ecd","text":"\u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f[^1]\uff1a
\u4f7f\u7528\u7f16\u8bd1\u5668\u5411\u57fa\u672c\u5757\u8fb9\u7f18\u63d2\u6869\uff0c\u53ef\u4ee5\u51c6\u786e\u5730\u63d2\u6869\u5e76\u6613\u4e8e\u4f18\u5316\uff0c\u4f46\u9700\u8981\u6e90\u7801\u5df2\u77e5\u3002 \u9759\u6001\u4e8c\u8fdb\u5236\u91cd\u5199\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u4ecd\u5728\u7814\u7a76\uff0c\u56e0\u4e3a\u9759\u6001\u4ee3\u7801\u63d2\u6869\u51c6\u786e\u6027\u96be\u4ee5\u4fdd\u8bc1\uff0c\u5e76\u4e14\u4f18\u5316\u80fd\u529b\u6709\u9650\u3002\u8fd9\u4e9b\u9650\u5236\u6761\u4ef6\u4f1a\u5f71\u54cd\u4ee3\u7801\u7387\u4fe1\u606f\u7684\u8d28\u91cf\u4e0e\u51c6\u786e\u6027\uff0c\u4ee5\u53ca\u4e8c\u8fdb\u5236\u91cd\u5199\u7684\u8868\u73b0\u3002 \u52a8\u6001\u4e8c\u8fdb\u5236\u63d2\u6869\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u53ef\u4ee5\u5bb9\u6613\u3001\u51c6\u786e\u63d2\u5165\u4ee3\u7801\uff0c\u4f46\u662f\u52a8\u6001\u7ffb\u8bd1\u4e8c\u8fdb\u5236\u7684\u5f00\u9500\u53ef\u80fd\u5927\u5230\u4e0d\u80fd\u63a5\u53d7\u3002 \u786c\u4ef6\u8f85\u52a9\u8ffd\u8e2a\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u5229\u7528\u5185\u7f6e\u7684\u786c\u4ef6\u8ffd\u8e2a\u6269\u5c55\uff0c\u5728\u8fd0\u884c\u65f6\u76f4\u63a5\u83b7\u53d6\u63a7\u5236\u6267\u884c\u6d41\u4fe1\u606f\u3002 \u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a[^2]\uff1a
Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.
The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.
Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.
Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.
Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.
"},{"location":"fuzzing/#_2","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49
"},{"location":"fuzzing/#aflnet","title":"AFLNET","text":"\u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002
"},{"location":"fuzzing/#stateafl","title":"STATEAFL","text":"\u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002
\u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002
"},{"location":"fuzzing/#nsfuzz","title":"NSFuzz","text":"\u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002
\u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002
\u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002
shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
"},{"location":"fuzzing/#iothunter","title":"IoTHunter","text":"\u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002
"},{"location":"fuzzing/#_3","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"\u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002
\u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002
\u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002
"},{"location":"fuzzing/#dataflow","title":"DATAFLOW","text":"\u6e90\u7801
\u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002
[^1]: FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE [^2]: Intrusive v.s. non-intrusive tracing
"},{"location":"git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"git/#github","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"\u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a
\u5df2\u5728github\u4e0a\u521b\u5efa\u540c\u540d\u7a7a\u4ed3\u5e93\uff08\u4e0d\u540c\u540d\u4e5f\u884c\uff09 \u5df2\u914d\u7f6e\u597dssh\u5bc6\u94a5 \u5df2\u5efa\u7acb\u597d\u672c\u5730\u4ed3\u5e93\uff08git init
+git add .
+git commit -m \"comments\"
) \u672c\u5730\u4ed3\u5e93\u4e3aclean\u72b6\u6001\uff08\u4f7f\u7528git status
\u67e5\u770b\uff09
\u8fdb\u5165\u672c\u5730git\u4ed3\u5e93\uff0c\u4f7f\u7528git remote add origin git@github.com:xxx(\u4ed3\u5e93\u7f51\u7ad9\u6bd4\u5982github\u63d0\u4f9b\u7684ssh\u5730\u5740)
\u4f7f\u7528git push -u origin master
\u5411\u8fdc\u7a0b\u4ed3\u5e93\u63d0\u4ea4\u4ee3\u7801\uff08\u540e\u6765\u542c\u8bf4github\u9ed8\u8ba4\u540d\u6539\u6210main\u4e86\uff1f\uff09 \u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force
\u53c2\u6570
"},{"location":"git/#gitignore","title":"\u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6","text":"\u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09
"},{"location":"git/#add","title":"\u64a4\u56deadd","text":"\u4f7f\u7528git add .
\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>
\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .
\u6765\u64a4\u56degit add .
\u3002\uff08\u4f7f\u7528git status
\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09
"},{"location":"git/#gitgithub","title":"\u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee","text":" \u4f7f\u7528git config --global user.name \"<yourname>\"
\u8bbe\u7f6e\u7528\u6237\u540d \u4f7f\u7528git config --global user.email \"<email>\"
\u8bbe\u7f6e\u90ae\u7bb1 \u4f7f\u7528ssh-keygen -t rsa -C \"<comments>\"
\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09 \u5728\u4e0a\u4e00\u6b65\u8fc7\u7a0b\u4e2d\u9ed8\u8ba4\u7684\u8def\u5f84\uff08\u6bd4\u5982~/.ssh\uff09\u627e\u5230id_rsa.pub\u6587\u4ef6\uff0c\u62f7\u8d1d\u5176\u5168\u90e8\u5185\u5bb9 \u6253\u5f00github\uff0c\u53f3\u4e0a\u89d2\u5934\u50cf\uff0csettings\uff0c\u5de6\u4fa7\u7684SSH and GPG keys\uff0c\u7136\u540e\u7ed9SSH\u6dfb\u52a0\u8fd9\u4e2a\u516c\u94a5\u5373\u53ef ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528
\u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)
\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile>
\u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l
\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002
\u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config
\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982
Host github.com\n HostName github.com\n IdentityFile ~/.ssh/id_ed25519_user_github\n
\u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002
"},{"location":"git/#_1","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"\u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>
\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09
"},{"location":"git/#_2","title":"\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93","text":"\u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002
\u9996\u5148\u53d6\u6d88\u539f\u6765\u7684\u8fdc\u7a0b\u5206\u652f\u8ddf\u8e2agit remote rm <remote repo name>
\u7136\u540e\u6dfb\u52a0\u81ea\u5df1\u7684\u4ed3\u5e93\u4f5c\u4e3a\u8fdc\u7a0bgit remote add <remote repo name> <repo url>
\u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>
\u8fd9\u91cc\u7684<remote repo name>
\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002
"},{"location":"git/#_3","title":"\u5b50\u6a21\u5757\u7684\u4e0b\u8f7d","text":"\u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002
\u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive
\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002
\u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull
\u3002
\u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>
\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6
"},{"location":"git/#_4","title":"\u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539","text":"\u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>
\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log
\u627e\u5230\u3002
\u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>
\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002
\u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>
\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>
"},{"location":"git/#_5","title":"\u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528","text":"\u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002
\u53ef\u4ee5\u4f7f\u7528git branch -a
\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*
\u7684\u662f\u5f53\u524dbranch\u3002
\u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name>
\u76f8\u5f53\u4e8e\u5148git branch <branch name>
\u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>
\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002
\u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>
\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a
-u
\u8868\u793a\u8bb0\u4f4f\u5f53\u524d\u8bbe\u5b9a\uff0c\u4e4b\u540e\u5728\u8fd9\u4e00\u5206\u652f\u4e0apush\u65f6\uff0c\u7b80\u5355\u4f7f\u7528git push
\u5c31\u4f1a\u63a8\u9001\uff0c\u4e0d\u9700\u8981\u518d\u6572\u8fd9\u4e48\u957f\u4e86\u3002 origin \u662f\u4e4b\u524dgit remote add origin
\u8bbe\u5b9a\u7684\u8fdc\u7a0b\u4e3b\u673a\u540d\u79f0\uff0c\u9700\u8981\u548c\u5b9e\u9645\u8bbe\u5b9a\u4e00\u6837\u3002\u56e0\u4e3a\u5927\u5bb6\u4f7f\u7528origin\u662f\u5728\u592a\u666e\u904d\u4e86\uff0c\u6240\u4ee5\u8fd9\u91cc\u6ca1\u6709\u7528<remote host name>
\u6765\u8868\u793a\uff0c\u610f\u4f1a\u5373\u53ef\u3002 local branch name\u548cremote branch name\u4e00\u822c\u60c5\u51b5\u662f\u76f8\u540c\u7684\u3002\u4f1a\u5728\u8fdc\u7a0b\u65b0\u5efaremote branch name \u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>
\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>
\u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>
\u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>
\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002
\u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>
\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002
\u53ef\u4ee5\u7528git fetch --all
\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch
\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master
\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"
\u3002
"},{"location":"git/#github-debug","title":"Github debug\u5408\u96c6","text":"\u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002
"},{"location":"git/#git-clonegnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"\u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy
\u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false
"},{"location":"go/","title":"go","text":""},{"location":"go/#go_1","title":"go\u73af\u5883\u914d\u7f6e","text":" \u4ecehttps://go.dev/dl/\u4e0b\u8f7dArchive\u7684\u5305\uff0c\u89e3\u538b\u7f29\uff08\u6bd4\u5982\u5230~/.local\uff09\uff0c\u6dfb\u52a0\u5176\u4e2d\u7684bin\u76ee\u5f55\u5230PATH\u8def\u5f84 \u56fd\u5185\u4f7f\u7528\u65f6\u8bbe\u7f6e\u4ee3\u7406 go env -w GO111MODULE=on\ngo env -w GOPROXY=https://goproxy.cn\n
"},{"location":"go/#_1","title":"\u521b\u5efa\u5de5\u7a0b","text":"\u5de5\u7a0b\u4fdd\u5b58\u5728xxx/go/src/xxx\u4e0b\uff0c\u5e76\u5c06GOPATH=xxx/go\u52a0\u5230\u73af\u5883\u53d8\u91cf\u4e2d
"},{"location":"go/#_2","title":"\u5feb\u901f\u5165\u95e8","text":"package main\nimport (\n\"fmt\"\n)\n\nfunc main() {\n//\u5faa\u73af\u8f93\u51fa\nfor i:=0; i<10; i++{\nfmt.Println(i)\n}\n}\n
"},{"location":"interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":" [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing \u4e0d\u6b63\u786e\u7684\u9519\u8bef\u5904\u7406\u51fd\u6570\u672c\u8eab\u53ef\u80fd\u4e5f\u4f1a\u5e26\u6765\u65b0\u7684\u9519\u8bef\uff0c\u5c24\u5176\u662f\u5728\u505a\u4e00\u4e9b\u524d\u671f\u6e05\u7406\u5de5\u4f5c\u65f6\uff0c\u6267\u884c\u987a\u5e8f\u4e0d\u6b63\u786e\u4f1a\u5e26\u6765\u63d0\u6743\u3001\u5d29\u6e83\u4e0eDoS\u3002\u672c\u6587\u5e0c\u671b\u63a8\u65ad\u51fa\u9884\u671f\u7684\u6e05\u7406\u51fd\u6570\u3002 [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck \u8003\u8651\u5230\u6570\u636e\u6d41\u5411\u7684\u5b9e\u4f53\uff0c\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u9690\u79c1\u89c4\u8303\u8fdb\u884c\u7814\u7a76\u5efa\u6a21\u3002 [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub\u4e0a\u7531\u4e8e\u4e00\u4e9b\u4e0d\u5f53\u64cd\u4f5c\u53ef\u80fd\u4f1a\u5bfc\u81f4API\u5bc6\u94a5\u6cc4\u9732\u3002\u672c\u6587\u7814\u7a76\u8868\u660e\u8fd9\u79cd\u6cc4\u9732\u975e\u5e38\u7316\u7357\uff0c\u5e76\u4e14\u8fdc\u6ca1\u6709\u89e3\u51b3\u95ee\u9898\u3002 "},{"location":"investigations/","title":"\u56db\u5927\u8c03\u67e5","text":" [Usenix Security 2022] \"I feel invaded, annoyed, anxious and I may protect myself\": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country [Usenix Security 2022] \"Like Lesbians Walking the Perimeter\": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice [Usenix Security 2022] How and Why People Use Virtual Private Networks [Usenix Security 2021] \"It's the Company, the Government, You and I\": User Perceptions of Responsibility for Smart Home Privacy and Security [Usenix Security 2021] \"Shhh...be quiet!\" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication [Usenix Security 2021] 'Passwords Keep Me Safe' \u2013 Understanding What Children Think about Passwords [Usenix Security 2021] \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online [Usenix Security 2021] \"Now I'm a bit angry:\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them [Usenix Security 2020] \"I am uncomfortable sharing what I can't see\": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It [Usenix Security 2020] An Observational Investigation of Reverse Engineers\u2019 Processes [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers [NDSS 2019] A First Look into the Facebook Advertising Ecosystem "},{"location":"java/","title":"Java","text":""},{"location":"java/#java_1","title":"Java\u73af\u5883\u914d\u7f6e","text":"\u5728https://www.oracle.com/java/technologies/downloads/\u4e0b\u8f7d\u5bf9\u5e94\u7cfb\u7edf\u7684\u5305\u3002Linux\u9009\u62e9Compressed Archive\uff0c\u89e3\u538b\u7f29\u4ee5\u540e\u914d\u7f6e\u4e0bpath\uff1bWindows\u53ef\u4ee5\u7528MSI Installer\u3002\u5bf9\u5e94\u7684\u6e90\u7801\u5728lib/src.zip\u4e2d\u3002
"},{"location":"java/#java_2","title":"Java\u6e90\u7801\u67b6\u6784\u7406\u89e3","text":"\u6838\u5fc3\u4ee3\u7801\u3001\u4e3b\u8981\u529f\u80fd\u5728java.base/java\u76ee\u5f55\u4e0b\uff0c\u5176\u4e2d\u5305\u542b\u4e86io\u3001lang\u3001util\u7b49\u591a\u4e2a\u5173\u952e\u6a21\u5757\u3002
"},{"location":"java/#java_3","title":"Java\u91cc\u6709\u54ea\u4e9b\u6570\u636e\u7ed3\u6784\u7c7b\u578b\uff1f\u5982\u4f55\u5b9e\u73b0\u7684\uff1f","text":"Java\u4e2d\u5e38\u89c1\u7684\u6570\u636e\u7c7b\u578b\u6bd4\u5982Set\u3001Array\u3001
"},{"location":"latex/","title":"latex\u57fa\u7840","text":""},{"location":"latex/#_1","title":"\u63a8\u8350\u5de5\u5177","text":"\u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c
"},{"location":"latex/#latex_1","title":"\u82f1\u6587latex","text":"\\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
"},{"location":"latex/#latex_2","title":"\u4e2d\u6587latex","text":"\\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}} % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}} % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}} % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}} % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}} % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont} % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont} % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont} % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont} % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont} % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont} % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont} % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont} % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont} % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont} % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour}, \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false, \n breaklines=true, \n captionpos=b, \n keepspaces=true,\n numbers=left, %% \u884c\u53f7 \n % numbersep=2pt, \n showspaces=false, \n showstringspaces=false,\n showtabs=false, \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx} \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n \\begin{tikzpicture}\n \\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n \\draw (0,0) circle (#1);\n \\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
"},{"location":"linux-server/","title":"Ubuntu\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"linux-server/#pid","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"
sudo ls -lah /proc/<pid>\n
\u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f"},{"location":"linux-server/#_1","title":"\u5728\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"# \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u4e0d\u5e26echo\u81ea\u52a8\u52a0\u7684\u6362\u884c\necho -en '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program
"},{"location":"linux-server/#_2","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"\u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5
lspci | grep VGA\n
\u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09
nvidia-smi\n
"},{"location":"linux-server/#_3","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
"},{"location":"linux-server/#_4","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
"},{"location":"linux-server/#dns","title":"\u4fee\u6539DNS","text":"\u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf
\u9632\u6b62\u4fee\u6539\u3002
"},{"location":"linux-server/#_5","title":"\u7cfb\u7edf\u670d\u52a1","text":"systemctl status xxx
\u68c0\u67e5\u67d0\u4e9b\u670d\u52a1\u8fd0\u884c\u72b6\u6001\uff0c\u53ef\u4ee5ls -lah /etc/systemd/system
\u3001ls -lah /lib/systemd/system
\u67e5\u8be2\u6709\u54ea\u4e9b\u670d\u52a1\u3002\u8b66\u60d5\u5947\u602a\u7684\u6570\u5b57service\uff0c\u53ef\u80fd\u662f\u75c5\u6bd2\u3002
\u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1\u65f6\uff0c\u521b\u5efa/etc/systemd/system/xxx.service
\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u5185\u5bb9\uff0c\u6bd4\u5982\u4e0b\u9762\u7684socat.service\uff1a
[Unit]\nDescription=port forward 4320\n# \u542f\u52a8\u987a\u5e8f\uff08\u591a\u4e2a\u670d\u52a1\u4e2d\u95f4\u7528\u7a7a\u683c\u9694\u5f00\uff09\nAfter=network.target[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u540e\u542f\u52a8]\nBefore=[\u5f53\u524d\u670d\u52a1\u5728\u6307\u5b9a\u670d\u52a1\u4e4b\u524d\u542f\u52a8]\n\n# \u4f9d\u8d56\u5173\u7cfb\nWants=[\u5f31\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\u4e0d\u5f71\u54cd\u5f53\u524d\u670d\u52a1]\nRequires=[\u5f3a\u4f9d\u8d56\u5173\u7cfb\u670d\u52a1\uff0c\u6307\u5b9a\u670d\u52a1\u53d1\u751f\u5f02\u5e38\uff0c\u5f53\u524d\u670d\u52a1\u5fc5\u987b\u9000\u51fa]\n\n[Service]\nUser=nobody\nExecStart=/usr/bin/socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80\nExecReload=[\u91cd\u542f\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStop=[\u505c\u6b62\u670d\u52a1\u65f6\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPre=[\u542f\u52a8\u670d\u52a1\u4e4b\u524d\u6267\u884c\u7684\u547d\u4ee4]\nExecStartPost=[\u542f\u52a8\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\nExecStopPost=[\u505c\u6b62\u670d\u52a1\u4e4b\u540e\u6267\u884c\u7684\u547d\u4ee4]\n\n# \u542f\u52a8\u7c7b\u578b\n# simple\uff08\u9ed8\u8ba4\u503c\uff09\uff1aExecStart\u5b57\u6bb5\u542f\u52a8\u7684\u8fdb\u7a0b\u4e3a\u4e3b\u8fdb\u7a0b\n# forking\uff1aExecStart\u5b57\u6bb5\u5c06\u4ee5fork()\u65b9\u5f0f\u542f\u52a8\uff0c\u6b64\u65f6\u7236\u8fdb\u7a0b\u5c06\u4f1a\u9000\u51fa\uff0c\u5b50\u8fdb\u7a0b\u5c06\u6210\u4e3a\u4e3b\u8fdb\u7a0b\n# oneshot\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u53ea\u6267\u884c\u4e00\u6b21\uff0cSystemd \u4f1a\u7b49\u5b83\u6267\u884c\u5b8c\uff0c\u624d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# dbus\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u4f1a\u7b49\u5f85 D-Bus \u4fe1\u53f7\u540e\u542f\u52a8\n# notify\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u542f\u52a8\u7ed3\u675f\u540e\u4f1a\u53d1\u51fa\u901a\u77e5\u4fe1\u53f7\uff0c\u7136\u540e Systemd \u518d\u542f\u52a8\u5176\u4ed6\u670d\u52a1\n# idle\uff1a\u7c7b\u4f3c\u4e8esimple\uff0c\u4f46\u662f\u8981\u7b49\u5230\u5176\u4ed6\u4efb\u52a1\u90fd\u6267\u884c\u5b8c\uff0c\u624d\u4f1a\u542f\u52a8\u8be5\u670d\u52a1\u3002\u4e00\u79cd\u4f7f\u7528\u573a\u5408\u662f\u4e3a\u8ba9\u8be5\u670d\u52a1\u7684\u8f93\u51fa\uff0c\u4e0d\u4e0e\u5176\u4ed6\u670d\u52a1\u7684\u8f93\u51fa\u76f8\u6df7\u5408\nType=[\u542f\u52a8\u7c7b\u578b]\n\n# \u5982\u4f55\u505c\u6b62\u670d\u52a1\n# control-group\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u5f53\u524d\u63a7\u5236\u7ec4\u91cc\u9762\u7684\u6240\u6709\u5b50\u8fdb\u7a0b\uff0c\u90fd\u4f1a\u88ab\u6740\u6389\n# process\uff1a\u53ea\u6740\u4e3b\u8fdb\u7a0b\n# mixed\uff1a\u4e3b\u8fdb\u7a0b\u5c06\u6536\u5230 SIGTERM \u4fe1\u53f7\uff0c\u5b50\u8fdb\u7a0b\u6536\u5230 SIGKILL \u4fe1\u53f7\n# none\uff1a\u6ca1\u6709\u8fdb\u7a0b\u4f1a\u88ab\u6740\u6389\uff0c\u53ea\u662f\u6267\u884c\u670d\u52a1\u7684 stop \u547d\u4ee4\u3002\nKillMode=[\u5982\u4f55\u505c\u6b62\u670d\u52a1]\n\n# \u91cd\u542f\u65b9\u5f0f\n# no\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u9000\u51fa\u540e\u4e0d\u4f1a\u91cd\u542f\n# on-success\uff1a\u53ea\u6709\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u4e3a0\uff09\uff0c\u624d\u4f1a\u91cd\u542f\n# on-failure\uff1a\u975e\u6b63\u5e38\u9000\u51fa\u65f6\uff08\u9000\u51fa\u72b6\u6001\u7801\u975e0\uff09\uff0c\u5305\u62ec\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abnormal\uff1a\u53ea\u6709\u88ab\u4fe1\u53f7\u7ec8\u6b62\u548c\u8d85\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-abort\uff1a\u53ea\u6709\u5728\u6536\u5230\u6ca1\u6709\u6355\u6349\u5230\u7684\u4fe1\u53f7\u7ec8\u6b62\u65f6\uff0c\u624d\u4f1a\u91cd\u542f\n# on-watchdog\uff1a\u8d85\u65f6\u9000\u51fa\uff0c\u624d\u4f1a\u91cd\u542f\n# always\uff1a\u4e0d\u7ba1\u662f\u4ec0\u4e48\u9000\u51fa\u539f\u56e0\uff0c\u603b\u662f\u91cd\u542f\nRestart=[\u670d\u52a1\u9000\u51fa\u540e\uff0cSystemd \u7684\u91cd\u542f\u65b9\u5f0f]\n\nRestartSec=[\u8868\u793a Systemd \u91cd\u542f\u670d\u52a1\u4e4b\u524d\uff0c\u9700\u8981\u7b49\u5f85\u7684\u79d2\u6570]\n\n[Install]\nWantedBy=multi-user.target\n# \u6267\u884c sytemctl enable **.service\u547d\u4ee4\u65f6\uff0c**.service\u7684\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\uff0c\u5c31\u4f1a\u653e\u5728/etc/systemd/system/multi-user.target.wants\u5b50\u76ee\u5f55\u4e2d\n# \u6267\u884csystemctl get-default\u547d\u4ee4\uff0c\u83b7\u53d6\u9ed8\u8ba4\u542f\u52a8Target\n# multi-user.target\u7ec4\u4e2d\u7684\u670d\u52a1\u90fd\u5c06\u5f00\u673a\u542f\u52a8\n# \u5e38\u7528Target\uff0c1. multi-user.target-\u591a\u7528\u6237\u547d\u4ee4\u884c\uff1b2. graphical.target-\u56fe\u5f62\u754c\u9762\u6a21\u5f0f\nWantedBy=[\u8868\u793a\u8be5\u670d\u52a1\u6240\u5728\u7684Target]\n
\u542f\u52a8systemctl start **
\u5173\u95edsystemctl stop **
\u91cd\u542fsystemctl restart **
\u67e5\u770b\u8fd0\u884c\u72b6\u6001systemctl status **
Loaded\u884c\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u4f4d\u7f6e\uff0c\u662f\u5426\u8bbe\u4e3a\u5f00\u673a\u542f\u52a8\uff1b Active\u884c\uff1a\u8868\u793a\u6b63\u5728\u8fd0\u884c\uff1b Main\u884c\uff1a\u4e3b\u8fdb\u7a0bPID\uff1b Status\u884c\uff1a\u7531\u5e94\u7528\u672c\u8eab\u63d0\u4f9b\u7684\u8f6f\u4ef6\u5f53\u524d\u72b6\u6001\uff1b CGroup\u884c\uff1a\u5e94\u7528\u7684\u6240\u6709\u5b50\u8fdb\u7a0b \u65e5\u5fd7\u5757\uff1a\u5e94\u7528\u7684\u65e5\u5fd7 \u8bbe\u7f6e\u5f00\u673a\u81ea\u542fsystemctl enable **
enable\u547d\u4ee4\u76f8\u5f53\u4e8e\u5728\u76ee\u5f55\u91cc\u6dfb\u52a0\u4e86\u4e00\u4e2a\u7b26\u53f7\u94fe\u63a5\u3002\u5f00\u673a\u65f6\uff0cSystemd\u4f1a\u6267\u884c/etc/systemd/system/\u76ee\u5f55\u91cc\u9762\u7684\u914d\u7f6e\u6587\u4ef6 \u7ed3\u675f\u670d\u52a1\u8fdb\u7a0bsystemctl kill **
\u67e5\u770b\u914d\u7f6e\u6587\u4ef6systemctl cat **
\u67e5\u770bmulti-user.target \u5305\u542b\u7684\u6240\u6709\u670d\u52a1systemctl list-dependencies multi-user.target
\u5207\u6362\u5230\u53e6\u4e00\u4e2a target systemctl isolate graphical.target
\u91cd\u65b0\u52a0\u8f7d\u914d\u7f6e\u6587\u4ef6systemctl daemon-reload
"},{"location":"linux-server/#_6","title":"\u5b9a\u65f6\u670d\u52a1","text":"\u5b9a\u65f6\u7a0b\u5e8f\u6267\u884c\u5931\u8d25\u7684\u539f\u56e0\u662f\u591a\u6837\u7684\uff0c\u53ef\u80fd\u662f\u56e0\u4e3a\u5b9a\u65f6\u670d\u52a1\u6ca1\u542f\u52a8\uff0c\u9700\u8981systemctl restart cron.service
\uff0c\u6216\u8005\u662fcron\u670d\u52a1\u574f\u6389\u4e86\uff0c\u5148apt install cron --reinstall
\u5f3a\u5236\u91cd\u65b0\u5b89\u88c5\u4e0b\uff0c\u518d\u91cd\u542f\u670d\u52a1\uff0c\u6216\u8005\u662f\u5b89\u88c5\u4e86\u522b\u7684\u4f9d\u8d56\u5e93\u4f46\u662f\u6ca1\u6709\u91cd\u542fcron\u5bfc\u81f4\u8fd0\u884c\u5931\u8d25\uff0c\u8bd5\u8bd5/etc/init.d/cron restart
\u3002
"},{"location":"linux-server/#_7","title":"\u6253\u5f00\u6587\u4ef6\u6570","text":"https://www.baeldung.com/linux/list-open-file-descriptors
Linux\u9ed8\u8ba4\u6700\u591a\u540c\u65f6\u6253\u5f001024\u4e2a\u6587\u4ef6\uff0c\u53ef\u4ee5\u901a\u8fc7ulimit -n
\u67e5\u770b\u3002fuzzing\u7b49\u8981\u6ce8\u610f\u5173\u95ed\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5426\u5219\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u5668\u6545\u969c\uff08\u6bd4\u5982ssh\u8fde\u4e0d\u4e0a\uff09\u3002/proc//fd\u91cc\u5217\u51fa\u4e86pid\u9501\u6253\u5f00\u7684\u6587\u4ef6\u3002"},{"location":"linux-server/#_8","title":"\u53c2\u8003\u8d44\u6599","text":"
systemd\u76f8\u5173\u8d44\u6599 "},{"location":"openssh/","title":"OpenSSH\u9605\u8bfb\u7b14\u8bb0","text":""},{"location":"openssh/#_1","title":"\u51c6\u5907\u5de5\u4f5c","text":"(\u4ee5\u4e0b\u5747\u5728wsl\u7684root\u7528\u6237) ubuntu\u7cfb\u7edf\uff0c\u5148\u9884\u88c5\u4e0b\u73af\u5883\uff1a
apt install build-essential autoconf zlib1g-dev libssl-dev\n
\u4e0b\u8f7d\u6e90\u7801\uff0c\u76f4\u63a5\u4eceGithub\u94fe\u63a5\u4e0b\u8f7dzip\u5230\u672c\u5730\u89e3\u538b\uff0c\u4e5f\u53ef\u4ee5\u7528git clone\uff1a
git clone --depth 1 https://github.com/openssh/openssh-portable.git\n
\u4e3a\u4e86\u9632\u6b62\u4e4b\u540emake install\u51fa\u7684\u6587\u4ef6\u8986\u76d6\u7cfb\u7edf\u81ea\u5df1\u7684ssh\uff0c\u8fd9\u91cc\u6307\u5b9aconfigure\u5c06\u4e4b\u540e\u7f16\u8bd1\u51fa\u7684\u6587\u4ef6\u653e\u5230\u9879\u76ee\u7684/output\u6587\u4ef6\u5939\u4e0b\u3002\u6309readme\u7684Building from git\u7684\u65b9\u6cd5\uff0c\u8fdb\u5165openssh\u6240\u5728\u76ee\u5f55\u540e\uff0c\u8fd0\u884c\uff1a
autoreconf\n./configure --prefix=`pwd`/output\nmake\n
\u6b64\u65f6\u76f8\u5173\u53ef\u6267\u884c\u6587\u4ef6\u5df2\u7ecf\u7f16\u8bd1\u5b8c\u6bd5\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u6e05\u6670\u663e\u793a\uff0c\u53ef\u4ee5\u8fd0\u884cmake install
\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u7684output\u6587\u4ef6\u5939\u4e0b\u4f1a\u751f\u6210\u5bf9\u5e94\u7684\u7ed3\u6784\u3002
"},{"location":"picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)
In light of these limitations, we propose Investigator, a practical failure diagnosis framework on Arm to fulfill the three requirements. RR: A Fault Model for Efficient TEE Replication (NDSS 2023)
The correctness of replication protocols hinges on the property of quorum intersection. In quorum-based protocols, this property is enforced by ensuring that any pair of quorums intersects in at least one replica that does not deviate from its prescribed behavior. No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)
However, the process of manually collecting system-call traces, or writing descriptions is prone to human-error: the immediate coverage gains from descriptions and traces risk obscuring parts of the code that the fuzzer can no longer exercise meaningfully. FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)
While the prevalence and versatility of USB have made our daily life convenient, it has also attracted attackers seeking to exploit vulnerabilities within the USB ecosystem. Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer
Unfortunately, these more accurate analyses incur a high run-time penalty, impeding fuzzer throughput. Unlike DTA, which strives for accuracy, we take inspiration from popular greybox fuzzers (e.g., AFL) and embrace some imprecision in an effort to reduce overhead and thus maximize fuzzing throughput. A Survey on Adversarial Attacks for Malware Analysis
Adversarial attacks has now emerged as a serious concern, threatening to dismantle and undermine all the progress made in the machine learning domain. The fear of evolving adversarial attack is growing among the cyber security research community and has provoked the everlasting war between adversarial attackers and defenders. Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)
Orthogonal to our research is the analysis and deobfuscation of script-based malware. A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)
Using our framework and taxonomy, we study the evasive behaviors adopted by 45,375 malware samples observed in the wild between 2010 and 201* We harvest papers, reports, and blog posts from the security community estimating the influence of the public disclosure of evasive techniques on their adoption in the wild. Structural Attack against Graph Based Android Malware Detection (CCS 2021)
Graph-based detection methods extract features from graphs and use these features to train classifiers for malware detection. By contrast, structural attacks directly modify the graph features and thus they are more intrinsic and effective. Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)
In front of the increasing difficulties of Android malware detection, it is non-trivial to build a robust and transparent detecting model or system only by traditional machine learning techniques. Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)
We shed light on the relationship between feature space and problem space, and we introduce the concept of side-effect features as the byproduct of the inverse feature-mapping problem. This enables us to define and prove necessary and sufficient conditions for the existence of problem-space attacks. P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)
The inapplicability of fuzzers on MCU boils down to the lack of a platform where firmware can execute while taking inputs from fuzzers. Although the register access patterns and the type identification method are purely empirical, we find that in practice they work fairly reliably and accurately across a wide range of peripheral devices. We attribute this practical and promising results to two factors. The instantiation is on-demand and interleaved with the firmware fuzzing/testing process. Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)
Unfortunately for security researchers, in stark contrast to the desktop and mobile ecosystems, market forces have not created any de facto standard for components, protocols, or software, hampering existing program analysis approaches, and making the understanding of each new device an independent, mostly manual, time-consuming effort. In this work, we develop an approach to re-hosting that achieves all of them, and propose a proof-of-concept system, called PRETENDER, which is able to observe hardware-firmware interactions and create models of hardware peripherals automatically. To deal with the plethora of software applications that need to be analyzed on desktop and mobile platforms, the security community has developed many techniques for enabling the scalable analysis of programs to find bugs and detect malice. Dynamic approaches typically rely on virtualization to enable parallel, scalable analyses, while symbolic approaches rely on function summarization of the underlying operating system to minimize the code that they need to execute. In order to use any of these tools, the analyst must take the program out of its original execution environment, and provide a suitable analysis environment able to execute it. This is a process referred to as re-hosting. REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)
Moreover, even though root cause diagnosis can help a developer determine the reasons behind a failure, developers often require a deeper understanding of the conditions and the state leading to a failure to fix a bug, which these systems do not provide. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)
As a result, silent memory corruptions occur more frequently on embedded devices than on traditional computer systems, creating a significant challenge for conducting fuzzing sessions on embedded systems software. Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)
As such, it is tedious and arduous for a software developer to plow through an execution trace to diagnose the root cause of a software failure. Given that backward taint analysis mimics how a software developer (or security analyst) typically diagnoses the root cause of a program failure, this observation indicates that POMP has a great potential to reduce manual efforts in failure diagnosis. POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis
Briefly speaking, postmortem program diagnosis is to identify the program statements pertaining to the crash, analyze these statements, and eventually figure out why a bad value was passed to the crash site. A Survey on Software Fault Localization (TSE 2016)
Furthermore, manual fault localization relies heavily on the software developer\u2019s experience, judgment, and intuition to identify and prioritize code that is likely to be faulty. "},{"location":"porting/","title":"\u6298\u817e\u7f51\u7ad9","text":""},{"location":"porting/#_2","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"\u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002
"},{"location":"porting/#sslh","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"\u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh
\uff1a
# Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --anyprot 127.0.0.1:2008 -F /etc/sslh/sslh.cfg --pidfile /var/run/sslh/sslh.pid\"\n
\u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service
\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS
\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002
\u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a
--listen 0.0.0.0:4684
\u8868\u793asslh\u8fd0\u884c\u57284684\u7aef\u53e3\uff0c\u5c06\u8fd9\u4e2a\u7aef\u53e3\u6536\u5230\u7684\u6570\u636e\u5305\u6309\u89c4\u5219\u8f6c\u53d1\u5230\u5176\u4ed6\u7aef\u53e3\u4e0a --ssh 127.0.0.1:5752
\u8868\u793a\u5c06\u6536\u5230\u7684ssh\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u57305752\u7aef\u53e3 --tls 127.0.0.1:443
\u8868\u793a\u5c06\u6536\u5230\u7684tls\u6570\u636e\u5305\u8f6c\u53d1\u5230\u672c\u5730443\u7aef\u53e3 --http 127.0.0.1:1284
\u8868\u793a\u5c06\u6536\u5230\u7684http\u8bf7\u6c42\u8f6c\u53d1\u5230\u672c\u57301284\u7aef\u53e3 --anyprot 127.0.0.1:2008
\u8868\u793a\u5c06\u5339\u914d\u90fd\u4e0d\u7b26\u5408\u7684\u5305\u53d1\u9001\u5230\u672c\u57302008\u7aef\u53e3 -F /etc/sslh/sslh.cfg
\u8868\u793a\u4f7f\u7528sslh.cfg\u8fd9\u4e2a\u6587\u4ef6\u4e2d\u7684\u8bbe\u5b9a\u8fdb\u884c\u66f4\u4e30\u5bcc\u7684\u914d\u7f6e \u7136\u540esystemctl enable sslh
\u3001systemctl start sslh
\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002
\u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot
\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk
\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F
\uff08\u6216--config
\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002
\u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002
config\u6587\u4ef6\u6307\u5b9a\u5339\u914d\u89c4\u5219\u7684\u4f8b\u5b50\u5982\u4e0b\u6240\u793a\uff08\u7247\u6bb5\uff09
protocols:\n(\n{ name: \"http\"; host: \"127.0.0.1\"; port: \"808\"; },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"443\"; sni_hostnames: [ \"remote.c01dkit.com\" ]; tfo_ok: true },\n{ name: \"tls\"; host: \"127.0.0.1\"; port: \"7000\"; sni_hostnames: [ \"project-frp\" ]; tfo_ok: true },\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"60000\"; regex_patterns: [ \"^SSH-2.0-Go\\x0d$\", \"^SSH-2.0-OpenSSH\\x0d$\" ]; },\n);\n
"},{"location":"porting/#ssh","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"\u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config
\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002
Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
"},{"location":"porting/#nginxhttphttps","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"\u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a
user c01dkit;\nworker_processes 1;\n\nevents {\n worker_connections 1024;\n}\n\nhttp {\n include mime.types;\n default_type application/octet-stream;\n sendfile on;\n keepalive_timeout 65;\n server_tokens off;\n server {\n listen 1284;\n listen 127.0.0.1:1284;\n charset utf-8;\n server_name xxxx.c01dkit.com;\n if ($scheme = http ) {\n return 301 https://$host:xxxx$request_uri; \n }\n error_page 404 /404.html;\n }\n\n server {\n listen 127.0.0.1:443 ssl ;\n listen 443 ssl ;\n listen [::]:443 ssl ;\n server_name xxxx.c01dkit.com;\n charset utf-8;\n ssl_certificate xxxx/fullchain.pem;\n ssl_certificate_key xxxx/privkey.pem;\n\n ssl_session_cache shared:SSL:1m;\n ssl_session_timeout 5m;\n\n ssl_ciphers HIGH:!aNULL:!MD5;\n ssl_prefer_server_ciphers on;\n\n location / {\n root xxxxx;\n index index.html index.htm;\n error_page 404 /404.html;\n\n }\n location ~ \\.php$ {\n fastcgi_pass unix:/run/php/php8.1-fpm.sock;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME xxxx/www$fastcgi_script_name;\n include fastcgi_params;\n error_page 404 /404.html;\n }\n }\n\n}\n
\u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66
\u7ae0\u8282\u3002
\u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a
nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n
\u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063
"},{"location":"porting/#iptablessslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"\u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002
\u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a
# Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h dom mon dow command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n
\u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002
"},{"location":"porting/#https","title":"https\u8bc1\u4e66","text":"\u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot
\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot
\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx
\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns
\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002
\u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh
\u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a
echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n
\u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002
\u6b64\u5916\uff0c\u65b0\u627e\u5230\u4e00\u4e2a\u53ef\u4ee5\u65b9\u4fbf\u5730\u5728web\u7aef\u914d\u7f6e\u65b0\u8bc1\u4e66\u7684\u7f51\u7ad9\uff1ahttps://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html
"},{"location":"proxy/","title":"\u4ee3\u7406\u8f6c\u53d1","text":""},{"location":"proxy/#_2","title":"\u591a\u53f0\u7535\u8111\u7ec4\u5c40\u57df\u7f51","text":"\u53ef\u4ee5\u4f7f\u7528zerotier\uff0c\u767b\u5f55\u4ee5\u540e\u521b\u5efa\u4e00\u4e2a\u7f51\u7edc\u3002\u7136\u540e\u9700\u8981\u7ec4\u5c40\u57df\u7f51\u7684\u8bbe\u5907\u4e0b\u8f7dzerotier\u4ee5\u540ejoin\u4e0a\u5c31\u884c\u4e86\u3002
"},{"location":"proxy/#_3","title":"\u5185\u7f51\u7a7f\u900f","text":"\u9700\u8981\u516c\u7f51\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u5728\u963f\u91cc\u4e91\u79df\u4e00\u4e2a
\u4e00\u79cd\u65b9\u6cd5\u662ffrp
\u53e6\u4e00\u79cd\u65b9\u6cd5\u662fssh\u6b63\u5411\u8fde\u63a5\u914d\u5408\u53cd\u5411\u8fde\u63a5\uff1a
\u9996\u5148\u5185\u7f51\u670d\u52a1\u5668\u5f00\u4e2ascreen\u8fd0\u884cssh -R 127.0.0.1:1234:127.0.0.1:22 user@ip -p port
\u8fde\u63a5\u5230\u4e91\u670d\u52a1\u5668\u4e0a\u3002\u8fd9\u6837\u7684\u8bdd\u670d\u52a1\u5668\u8bbf\u95ee127.0.0.1:1234\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u5185\u7f51\u7684127.0.0.1:22\u3002\u7136\u540e\u9700\u8981\u8fde\u63a5\u5185\u7f51\u7684\u4e3b\u673a\u4e5f\u5f00\u4e2ascreen\u8fd0\u884cssh -L 127.0.0.1:2345:127.0.0.1:1234 user@ip -p port
\uff0c\u8fd9\u6837\u7684\u8bdd\u8be5\u4e3b\u673a\u8bbf\u95ee\u81ea\u5df1127.0.0.1:2345\u5c31\u76f8\u5f53\u4e8e\u8bbf\u95ee\u4e91\u670d\u52a1\u5668\u7684127.0.0.1:1234\u3002\u7136\u540e\u8be5\u4e3b\u673a\u518d\u5f00\u4e00\u4e2a\u7ec8\u7aef\uff0cssh user@127.0.0.1 -p 2345
\u5373\u53ef\u3002
"},{"location":"proxy/#_4","title":"\u5b50\u7f51\u8f6c\u53d1","text":"\u5e0c\u671b\u5c06\u67d0\u7aef\u53e3\u6536\u5230\u7684\u6d88\u606f\u8f6c\u53d1\u5230\u5176\u4ed6\u4e3b\u673a\u7684\u67d0\u4e00\u7aef\u53e3\uff0c\u53ef\u4ee5\u8bd5\u8bd5socat\uff0c\u6bd4\u5982socat TCP4-LISTEN:4320,fork TCP4:10.244.55.25:80
\uff0c\u53ef\u4ee5\u628a4320\u7aef\u53e3\u6536\u5230\u7684TCP4\u6570\u636e\u5305\u8f6c\u53d1\u5230\u5b50\u7f5110.244.55.25\u768480\u7aef\u53e3\uff0c\u914d\u5408zerotier\u53ef\u4ee5\u5b9e\u73b0\u5185\u7f51\u5bf9\u5916\u5f00\u653e\u7aef\u53e3\u3002
"},{"location":"pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"\u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college
\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b
"},{"location":"pwn-college-cse365-spring2023/#talking-web","title":"Talking Web \u5b66\u4e60\u7b14\u8bb0","text":"\u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF
\u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF
\u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a
GET\uff1a\u83b7\u53d6\u4fe1\u606f\uff0c\u5982\u679cURI\u662f\u5904\u7406\u7a0b\u5e8f\uff0c\u5219\u83b7\u53d6\u7a0b\u5e8f\u8fd0\u884c\u540e\u7684\u7ed3\u679c\uff08\u800c\u4e0d\u662f\u6e90\u7801\uff09 HEAD\uff1a\u548cGET\u7c7b\u4f3c\uff0c\u4f46\u662fresponse\u4e0d\u8fd4\u56debody\uff0c\u4e00\u822c\u7528\u4e8e\u6d4b\u8bd5\u8d44\u6e90\u662f\u5426\u5b58\u5728\u3001\u4fee\u6539\u65f6\u95f4\uff0c\u83b7\u53d6\u8d44\u6e90\u5143\u6570\u636e\u7b49 POST\uff1a\u63d0\u4ea4\u989d\u5916\u7684\u4fe1\u606f\u7528\u4e8e\u670d\u52a1\u7aef\u5904\u7406 HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment
scheme \u8bbf\u95ee\u8d44\u6e90\u7684\u534f\u8bae\uff0c\u6bd4\u5982http host \u6301\u6709\u8d44\u6e90\u7684\u4e3b\u673a port \u63d0\u4f9b\u670d\u52a1\u7684\u7a0b\u5e8f\u4f7f\u7528\u7684\u7aef\u53e3 path \u786e\u5b9a\u7279\u5b9a\u8d44\u6e90 query \u8d44\u6e90\u53ef\u4ee5\u5229\u7528\u7684\u989d\u5916\u4fe1\u606f fragment \u5ba2\u6237\u7aef\u6709\u5173\u8fd9\u4e00\u8d44\u6e90\u7684\u4fe1\u606f\uff08\u4e0d\u4f1a\u4f20\u7ed9\u670d\u52a1\u5668\uff1f\uff09 \u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding
POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type
Content-Type: application/x-www-form-urlencoded Content-Type: application/json \u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\"a\":\"xx\"}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob
RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002
"},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"pwn-college-cse365-spring2023/#building-a-web-server","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"\u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002
\u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a
// int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n * uint16_t sa_family;\n * uint8_t sa_data[14]; \n * }\n * \n * struct sockaddr_in {\n * uint16_t sin_family;\n * uint16_t sin_port;\n * uint32_t sin_addr;\n * uint8_t __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
"},{"location":"pwn-college-cse365-spring2023/#reverse-engineering","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":" start
\u5728main\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884c starti
\u5728_start\u51fd\u6570\u6253\u65ad\u70b9\u5e76\u8fd0\u884c run
\u4e0d\u6253\u65ad\u70b9\uff0c\u76f4\u63a5\u8fd0\u884c attach <PID>
\u5c06gdb\u9644\u7740\u5230\u4e00\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0b core <PATH>
\u5206\u6790\u4e00\u4e2a\u7a0b\u5e8f\u8fd0\u884c\u540e\u4ea7\u751f\u7684coredump\u6587\u4ef6 start <ARG1> <ARG2> < <STDIN_PATH>
\u8fd0\u884c\u5e26\u6709\u53c2\u6570\u7684\u7a0b\u5e8f\uff0c\u548cshell\u91cc\u8f93\u547d\u4ee4\u4e00\u6837 info registers
\u53ef\u4ee5\u67e5\u770b\u5bc4\u5b58\u5668\u7684\u503c\uff08\u6216\u8005\u7b80\u5355\u7684i r
\uff09 print
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u8005\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u6bd4\u5982p/x $rdi
\u4ee516\u8fdb\u5236\u6253\u5370rdi\u5bc4\u5b58\u5668\u7684\u503c x/<n><u><f> <address>
\u7528\u6765\u6253\u5370\u53d8\u91cf\u6216\u7edd\u5bf9\u5730\u5740\u7684\u5185\u5bb9\u3002n
\u8868\u793anumber\uff0c\u4e5f\u5c31\u662f\u8bf4\u8981\u6253\u5370\u51e0\u4e2a\u5355\u5143\uff1bu
\u8868\u793aunit size\uff0c\u6bcf\u4e2a\u5355\u5143\u7684\u5b57\u8282\u957f\u5ea6\uff0c\u53ef\u53d6b/h/w/g
\uff0c\u5206\u522b\u8868\u793a1\uff0c2\uff0c4\uff0c8\u5b57\u8282\uff1bf
\u8868\u793a\u8f93\u51fa\u683c\u5f0f\uff0c\u53ef\u53d6d/x/s/i
\uff0c\u5206\u522b\u8868\u793a\u5341\u8fdb\u5236\u3001\u5341\u516d\u8fdb\u5236\u3001\u5b57\u7b26\u4e32\u3001\u6c47\u7f16\u6307\u4ee4\u3002address\u8868\u793a\u8981\u6253\u5370\u7684\u5730\u5740\uff0c\u53ef\u4ee5\u5199\u6210\u6570\u5b66\u8868\u8fbe\u5f0f\u3002 set disassembly-flavor intel
\u7528\u6765\u4fee\u6539\u6c47\u7f16\u6307\u4ee4\u7684\u8868\u793a\u5f62\u5f0f\uff0c\u8fd9\u91cc\u662fintel\u6307\u4ee4\u3002 \u4f7f\u7528stepi <n>
\u6b65\u5165n\u6761\u6c47\u7f16\u6307\u4ee4\uff0cnexti <n>
\u6b65\u8fc7n\u6761\u6c47\u7f16\u6307\u4ee4\uff1b\u5206\u522b\u7b80\u5199\u4e3asi
\u4e0eni
\u4f7f\u7528finish
\u6267\u884c\u5230\u5f53\u524d\u51fd\u6570\u7ed3\u675f\u5e76\u8fd4\u56de \u4f7f\u7528break *<addres>
\u5728address\u5904\u6253\u65ad\u70b9\uff0c\u53ef\u4ee5\u7b80\u5199\u4e3ab *<address>
\u4f7f\u7528display/<n><u><f>
\u6765\u5728\u6bcf\u4e00\u6761\u64cd\u4f5c\u7ed3\u675f\u540e\u663e\u793a\u67d0\u4e9b\u6570\u503c\u3002nuf\u7684\u7528\u6cd5\u548cx
\u6253\u5370\u5185\u5b58\u5730\u5740\u4e00\u6837 \u6709\u5173\u811a\u672c\u7f16\u5199\uff0c\u53ef\u4ee5\u9884\u5148\u7528gdb\u8bed\u6cd5\u5199\u597d\u811a\u672c\u6587\u4ef6xxx.gdb\uff0c\u7136\u540e\u542f\u52a8gdb\u7684\u65f6\u5019\u52a0\u4e0a\u53c2\u6570-x xxx.gdb
\uff0c\u5c31\u53ef\u4ee5\u5728gdb\u542f\u52a8\u540e\u81ea\u52a8\u5316\u8fd0\u884c\u811a\u672c ~/.gdbinit
\u5728\u521d\u59cb\u5316gdb\u4f1a\u8bdd\u65f6\u81ea\u52a8\u8fd0\u884c \u4f7f\u7528call
\u76f4\u63a5\u8c03\u7528\u51fd\u6570\uff0c\u6bd4\u5982call (void)win()
\u4f7f\u7528set pagination off
\u5173\u95ed\u5206\u9875\u786e\u8ba4 \u4ee5\u4e0b\u662f\u4e2agdb\u811a\u672c\u7684\u4f8b\u5b50\uff0csilent
\u7528\u4e8e\u5728\u9047\u5230\u65ad\u70b9\u65f6\u51cf\u5c11\u8f93\u51fa\u4fe1\u606f\uff0c\u4ee5\u53ca\u4f7f\u7528set
\u548cprintf
\u8bbe\u7f6e\u53d8\u91cf\u3001\u6253\u5370\u503c\u3002 start\nbreak *main+42\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x32)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
\u4f7f\u7528if
\u3001catch
\u6765\u52ab\u6301systemcall\uff0c\u6bd4\u5982\uff1a start\ncatch syscall read\ncommands\n silent\n if ($rdi == 42)\nset $rdi = 0\nend\n continue\nend\ncontinue\n
"},{"location":"pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run
\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002
\u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a
curl\u662f\u901a\u8fc7\u4e00\u4e9b\u53c2\u6570\u6765\u52a0\u8bbe\u5b9a nc\u9700\u8981\u751f\u5199http\u8bf7\u6c42\u5185\u5bb9 python\u53ef\u4ee5\u7528requests\u6765\u505a \u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002
Level 1
Send an HTTP request using curl
curl http://127.0.0.1\n
Level 2
Send an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\n
Level 3
Send an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 4
Set the host header in an HTTP request using curl
curl -H 'host:xxxxx' http://127.0.0.1\n
Level 5
Set the host header in an HTTP request using nc
nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n
Level 6
Set the host header in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n
Level 7
Set the path in an HTTP request using curl
curl http://127.0.0.1/xxxxx\n
Level 8
Set the path in an HTTP request using nc
nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n
Level 9
Set the path in an HTTP request using python
import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n
Level 10~12
URL encode a path in an HTTP request using curl/nc/python
\u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef
Level 13~15
Specify an argument in an HTTP request using curl/nc/python
GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef
nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762
Level 16~18
Specify multiple arguments in an HTTP request using curl/nc/python
\u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389
Level 19~21
Include form data in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n
Level 22~24
Include form data with multiple fields in an HTTP request using curl/nc/python
#curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n
Level 25~27
Include json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n
Level 28~30
Include complex json data in an HTTP request using curl/nc/python
#curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n
Level 31~33
Follow an HTTP redirect from HTTP response using curl/nc/python
#curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 34~36
Include a cookie from HTTP response using curl/nc/python
#curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
Level 37~39
Make multiple requests in response to stateful HTTP responses using curl/nc/python
#curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v #nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
"},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"\u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002
Level 1
In this level you will work with registers_use! Please set the following: rdi = 0x1337
from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
\u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run
\u5373\u53ef\u3002 Level 2
asm('add rdi,0x331337')\n
Level 3
asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n
Level 4
\u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg
\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002
asm('mov rax, rdi;div rsi')\n
Level 5
asm('mov rax, rdi;div rsi;mov rax, rdx')\n
Level 6
\u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002
asm('mov al, dil;mov bx, si')\n
Level 7
shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09
asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n
Level 8
and reg1, reg2
\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002
asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n
Level 9
\u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002
asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n
Level 10
\u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]
\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg
\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002
asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n
Level 11
\u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002
asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n
Level 12
\u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002
asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n
Level 13
asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n
Level 14
asm('pop rax;sub rax,rdi; push rax')\n
Level 15
\u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668
asm('push rdi; push rsi; pop rdi; pop rsi')\n
Level 16
\u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09
asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n
Level 17
\u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002
asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n
Level 18
\u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n add eax, [rdi+8]\n add eax, [rdi+12]\n jmp done\ncase2:\n sub eax, [rdi+8]\n sub eax, [rdi+12]\n jmp done\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 19
jmp [reg + offset]
\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002
asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n
Level 20
\u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570
from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n cmp rcx, rsi\n je done\n add rax, [rdi + 8 * rcx]\n add rcx, 1\n jmp loop\ndone:\n div rsi\n\"\"\"\n\nprint(asm(payload))\n
Level 21
\u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n nop\n\"\"\"\n\nprint(asm(payload))\n
Level 22
\u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9
\u8fdb\u884c\u4f20\u53c2\u3001rax
\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002
from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n mov bl, [rdx]\n test bl,bl\n jz done\n cmp bl, 0x5a\n jg notif\n mov rax, 0x403000\n xor rdi, rdi\n mov dil, bl\n call rax\n mov [rdx], al\n add rcx, 1\nnotif:\n add rdx, 1\n jmp loop\ndone:\n mov rax, rcx\n ret\n\"\"\"\n\nprint(asm(payload))\n
Level 23
\u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]
\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002
from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n cmp rcx, rdx\n jg loop1_end\n mov al, [rdi + rcx]\n mov r8, rbp\n mov r9, rax\n imul r9, 4\n sub r8, r9\n mov ebx, [r8]\n add ebx, 1\n mov [r8], ebx\n add rcx, 1\n jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n cmp rcx, 0xff\n jg loop2_end\n mov r8, rbp\n mov r9, rcx\n imul r9, 4\n sub r8, r9\n mov edx, [r8]\n cmp edx, ebx\n jle loop2_conti\n mov rbx, rdx\n mov rax, rcx\nloop2_conti:\n add rcx, 1\n jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
"},{"location":"pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"\u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002
\u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c
Level 1
\u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a
===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0) = ?\n+++ exited with 0 +++\n
\u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server
\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002
\u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s
\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o
\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server
\u5373\u53ef\u3002
\u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002
\u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a
hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n
\u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86
Level 2
In this challenge you will create a socket.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n # create a socket\n mov rdi, 2 # AF_INET\n mov rsi, 1 # SOCK_STREAM\n mov rdx, 0 # IPPROTO_IP\n mov rax, 41 # sys_socket\n syscall\n\n push rax\n mov rdi, 0\n mov rax, 60 # SYS_exit\n syscall\n\n.section .data\n
Level 3
In this challenge you will bind an address to a socket.
\u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n
\u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\npush rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, rax # socket_fd\npush 0x50000002 # AF_INET(2) and PORT(80) in big endian\nmov rsi, rsp # sockaddr_in\npush 0x0 # IP(0.0.0.0)\npush 0x0 # padding\npush 0x0 # padding\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n
Level 4
In this challenge you will listen on a socket.
\u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 5
In this challenge you will accept a connection.
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd: .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 6
In this challenge you will respond to an http request.
\u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\nrequest: .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 7
In this challenge you will respond to a GET request for the contents of a specified file.
\u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002
open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e\\0\uff09\u3002
===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n - Bind to port 80\n - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0) = 0\n[\u2713] accept(3, NULL, NULL) = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY) = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5) = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4) = 0\n[\u2713] exit(0) = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n
\u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 8
In this challenge you will accept multiple requests.
\u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 9
In this challenge you will concurrently accept multiple requests.
\u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequest: .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 10
In this challenge you will respond to a POST request with a specified file and update its contents.
\u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\"\\r\\n\\r\\n\"\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
Level 11
In this challenge you will respond to multiple concurrent GET and POST requests.
\u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002
.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# check GET or POST\nmov eax, request\nmov ebx, requestget\ncmp eax, ebx\nje handle_get\nmov ebx, requestpost\ncmp eax, ebx\nje handle_post\n\njmp program_exit\n\nhandle_get:\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\njmp program_exit\n\nhandle_post:\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\nprogram_exit:\n# exit\nmov rdi, 0\nmov rax, 60 # SYS_exit\nsyscall\n\n.section .data\n\nsockfd: .quad 0\ntunnel: .quad 0\ntxtfile: .quad 0\nfilecnt: .quad 0\nrequestlen: .quad 0\nrequest: .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
"},{"location":"pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"Level 1
\u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run
\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002
Level 2
\u672c\u5173run\u4ee5\u540ep/x $r12
\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002
Level 3
\u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp
\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002
Level 4
\u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc
\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0
\uff0cset $pc=xxx
\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002
Level 5
\u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002
run\u540e\u5148disas $pc
\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a
0x000055981a8ccd40 <+666>: mov esi,0x0\n0x000055981a8ccd45 <+671>: lea rdi,[rip+0xd5e] # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>: mov eax,0x0\n0x000055981a8ccd51 <+683>: call 0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>: mov ecx,eax\n0x000055981a8ccd58 <+690>: lea rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>: mov edx,0x8\n0x000055981a8ccd61 <+699>: mov rsi,rax\n0x000055981a8ccd64 <+702>: mov edi,ecx\n0x000055981a8ccd66 <+704>: call 0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>: lea rdi,[rip+0xd46] # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>: call 0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>: lea rdi,[rip+0xd5a] # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>: mov eax,0x0\n0x000055981a8ccd83 <+733>: call 0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>: lea rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>: mov rsi,rax\n0x000055981a8ccd8f <+745>: lea rdi,[rip+0xd51] # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>: mov eax,0x0\n0x000055981a8ccd9b <+757>: call 0x55981a8cc260 <__isoc99_scanf@plt>\n
\u731c\u6d4b\u57280x000055981a8ccd51
\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66
\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72
\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002
\u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002
start\nbreak *main+716\ncommands\n silent\n set $local_variable = *(unsigned long long*)($rbp-0x18)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
\u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002
Level 6
\u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715
\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002
Level 7
\uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f
Level 8
\u76f4\u63a5\u8c03\u7528call (void)win()
\uff0c\u53ef\u4ee5disas *win
\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002
0x0000556609b49951 <+0>: endbr64\n0x0000556609b49955 <+4>: push rbp\n0x0000556609b49956 <+5>: mov rbp,rsp\n0x0000556609b49959 <+8>: sub rsp,0x10\n0x0000556609b4995d <+12>: mov QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>: mov eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>: lea edx,[rax+0x1]\n0x0000556609b4996e <+29>: mov rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>: mov DWORD PTR [rax],edx\n0x0000556609b49974 <+35>: lea rdi,[rip+0x73e] # 0x556609b4a0b9\n0x0000556609b4997b <+42>: call 0x556609b49180 <puts@plt>\n
\u53ef\u89c1\u57280x0000556609b49969
\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002
\u4f9d\u6b21\u6267\u884c\uff1abreak *win
\uff0ccall (void)win()
\uff0cset $rip=*win+35
\uff0cc
\u5373\u53ef\u3002
Level 1.0
Reverse engineer this challenge to find the correct license key.
\u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002
\u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]
\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002
Level 1.1
Reverse engineer this challenge to find the correct license key.
\u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c
\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt
\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)
\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX
\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5c <address>
\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002
\u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002
Level 2.0
Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.
\u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002
Level 2.1
\u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a
0x5584f463251f: lea rax,[rbp-0xe]\n0x5584f4632523: mov edx,0x5\n0x5584f4632528: mov rsi,rax\n0x5584f463252b: mov edi,0x0\n0x5584f4632530: call 0x5584f46321a0 <read@plt>\n0x5584f4632535: movzx eax,BYTE PTR [rbp-0xe]\n0x5584f4632539: mov BYTE PTR [rbp-0x10],al\n0x5584f463253c: movzx eax,BYTE PTR [rbp-0xd]\n0x5584f4632540: mov BYTE PTR [rbp-0xf],al\n0x5584f4632543: movzx eax,BYTE PTR [rbp-0xf]\n0x5584f4632547: mov BYTE PTR [rbp-0xe],al\n0x5584f463254a: movzx eax,BYTE PTR [rbp-0x10]\n0x5584f463254e: mov BYTE PTR [rbp-0xd],al\n0x5584f4632551: lea rdi,[rip+0xdb0] # 0x5584f4633308\n0x5584f4632558: call 0x5584f4632140 <puts@plt>\n0x5584f463255d: lea rax,[rbp-0xe]\n0x5584f4632561: mov edx,0x5\n0x5584f4632566: lea rsi,[rip+0x2aa3] # 0x5584f4635010\n0x5584f463256d: mov rdi,rax\n0x5584f4632570: call 0x5584f46321b0 <memcmp@plt>\n
\u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5c 0x5584f4635010
\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002
Level 3.0-3.1
\u8fd0\u884c\u7a0b\u5e8f\uff0c\u968f\u4fbf\u8f93\u51e0\u4e2a\u6570\u3002\u663e\u5f0f\u544a\u8bc9\u4e86\u89c4\u5219\u662f\u9006\u5e8f\uff0c\u53c8\u628a\u6b63\u786e\u7b54\u6848\u6253\u5370\u51fa\u6765\u4e86\u3002
3.1\u731c\u6d4b\u548c3.0\u4e00\u6837\u4e5f\u662f\u9006\u5e8f\u3002\u76f4\u63a5\u63092.1\u7684\u65b9\u6cd5\u770b\u4e00\u4e0b[rbp-0xe]\u5904\u7684\u503c\u7136\u540e\u9006\u5e8f\u8f93\u5165\u5c31\u884c\u3002
Level 4.0-4.1
\u89c4\u5219\u662f\u8fdb\u884c\u9012\u589e\u6392\u5e8f\u3002\u8fd9\u4e0b\u53ea\u9700\u8981\u5305\u542b\u8fd9\u4e9b\u5b57\u6bcd\u5c31\u884c\u3002\uff08\u8fd9\u4e0d\u662f\u66f4\u7b80\u5355\u4e86\u2026\u2026\uff09
Level 5.0-5.1
\u8fd9\u9053\u9898\u662f\u5bf9\u8f93\u5165\u5b57\u7b26\u8fdb\u884c\u5f02\u6216\u3002\u7b80\u5355\u5199\u4e86\u4e2apython\uff0c\u5728\u63a7\u5236\u53f0\u4ea4\u4e92\u65f6\u8fd0\u884c\u4e0b\uff1a
tx = lambda x:int(x,16)\n''.join([chr(i^0xb8) for i in [tx(a) for a in 'd6 d5 d6 cf da'.split() ]])\n
5.1\u548c5.0\u7c7b\u4f3c\uff0c\u4eff\u7167\u4e4b\u524d\u7684\u65b9\u6cd5\u53ef\u4ee5\u770b\u5230\u5f02\u6216\u7528\u7684\u662f0x1c\u3002
Level 6.0
\u8fd9\u9053\u9898\u7ed3\u5408\u4e86\u4ea4\u6362\u3001\u5f02\u6216\u3001\u9006\u5e8f\u4e09\u79cd\u64cd\u4f5c\uff0c\u5e72\u8106\u5199\u4e2a\u811a\u672c\u5904\u7406\u4e0b\u5427\u3002
def do_reverse(li):\n return li[::-1]\n\ndef do_swap(li, idx1, idx2):\n li[idx1], li[idx2] = li[idx2], li[idx1]\n return li\n\ndef do_xor(li, key):\n xor_li = []\n while key > 0:\n xor_li.insert(0, key & 0xff)\n key >>= 8\n for i in range(len(li)):\n li[i] ^= xor_li[i % len(xor_li)]\n return li\n\ndef do_sort(li):\n li.sort()\n return li\n\ndef sanitize(s):\n if type(s) is str:\n f = lambda tx: int(tx,16)\n return [f(i) for i in s.split()]\n if type(s) is list:\n return ''.join([chr(i) for i in s])\n\nprint(sanitize(do_swap(do_xor(do_reverse(sanitize('51 90 52 86 58 98 4d 81 4b 84 4f 9a 57 8c 51 91 56')),0x3ef5),5,6)))\n
6.1\u6709\u70b9\u5947\u602a\uff0c\u770b\u6c47\u7f16\u597d\u50cf\u662f\u5148\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9006\u5e8f\u4e00\u904d\uff0c\u518d\u9010\u5b57\u8282\u4e0e0xbb\u5f02\u6216\u3002\u597d\u50cf\u548c5.0\u7684\u7f6e\u6362-\u5f02\u6216-\u9006\u5e8f\u4e0d\u4e00\u6837\u7684\uff1f\u53ef\u80fd\u662f\u968f\u673a\u9009\u62e9\u7b56\u7565\u5427\u3002
Level 7.0-7.1
7.0\u7528\u4e0a\u4e00\u4e2a\u811a\u672c\u5373\u53ef\u3002
print(sanitize(do_swap(do_sort(do_xor(do_swap(do_xor(sanitize(' 16 34 42 00 13 31 46 0d 1c 3b 4e 15 05 22 52 10 04 22 54 1c 0f 2e 59 1d 0e 2f 5b'),0x85a4d396),13,16),0xf2)),7,10)))\n
7.1\u662f\u5148\u548c0x15ca\u5f02\u6216\uff0c\u7136\u540e\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9006\u5e8f\uff0c\u7136\u540e\u518d\u9012\u589e\u6392\u5e8f
print(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0x15ca)))\nprint(sanitize(do_xor(sanitize('60 61 64 66 67 6c 70 70 71 74 77 7c 7c 7d 7f a5 a5 a5 a8 ab ab af b0 b3 b8 b9 ba bb'),0xca15)))\n\n#u\u00abq\u00acr\u00a6e\u00bad\u00beb\u00b6i\u00b7jo\u00b0o\u00bda\u00bee\u00a5y\u00ads\u00afq\n#\u00aat\u00aes\u00ady\u00bae\u00bba\u00bdi\u00b6h\u00b5\u00b0o\u00b0b\u00bea\u00baz\u00a6r\u00acp\u00ae\n#\u7136\u540e\u628a\u4e24\u4e2a\u7ed3\u679c\u4e2d\u5b57\u6bcd\u6392\u8d77\u6765\n#utqsryeedabiihjooobaaezyrspq\n
"},{"location":"pwn-college-cse365-spring2023/#_1","title":"\u603b\u7ed3","text":"CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01
"},{"location":"python/","title":"Python","text":""},{"location":"python/#_1","title":"\u4e00\u4e9b\u5c0f\u70b9","text":" \u5bf9\u5b57\u7b26\u4e32\u53bb\u9664\u7a7a\u767d\u7b26\u65f6\uff0c\u7528split()\u4e0d\u52a0\u53c2\u6570\u3002\u6ce8\u610fsplit(' ')\u6309\u7a7a\u683c\u5206\u9694\u65f6\uff0c\u5982\u679c\u5b58\u5728\u8fde\u7eed\u7684\u7a7a\u683c\uff0c\u90a3\u4e48\u7ed3\u679c\u91cc\u4f1a\u6709\u7a7a\u5b57\u7b26\u4e32''\u3002 "},{"location":"python/#_2","title":"\u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027","text":"obj.__dir__() \u6216\u8005dir(obj)
\u89e3\u6790\u547d\u4ee4\u884c\u53c2\u6570\uff1aargparse \u65e5\u5fd7\u8f93\u51fa\uff1alogging \u89e3\u6790yml\u914d\u7f6e\u6587\u4ef6\uff1ayaml python\u8c03\u7528C\u5e93\uff1actypes.cdll.LoadLibrary \u8bbe\u5b9a\u8ba1\u65f6\u4fe1\u53f7\uff1asignal.alarm "},{"location":"python/#argparse","title":"\u53c2\u6570\u89e3\u6790\uff1aargparse","text":"\u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install --upgrade, pip3 install --force-reinstall\u7b49\u7b49\u3002
import argparse\n\ndef populate_parser(parser):\n parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n # Verbosity switches\n parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
"},{"location":"python/#yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"\u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305
import yaml\n\nwith open('config.yml', 'rb') as f:\n data = yaml.load(f, Loader=yaml.FullLoader)\n print(data)\n
\u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09
\u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6
item:\ntest1: 1\ntest2: 2\ntest2.1: TRUE\ntest2.2: true\ntest2.3: True\nmatters:\ntest3: 3\n3: 333\ntest4: 4\ntest5: ${item.test1}\ntest6: a b c d\ntest7:
\u4f1a\u88ab\u8bc6\u522b\u4e3a
{'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
"},{"location":"python/#logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"\u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002
import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n
\u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f
import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n
\u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)
"},{"location":"python/#_3","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"\u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002
import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n event_id, pc, cnt = bb_regex.match(line).groups()\n\n event_id = int(event_id, 16)\n pc = int(pc, 16)\n cnt = int(cnt)\n\n return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n pc, addr, mode = line.split(\" \")\n return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n try:\n with open(filename, \"r\") as f:\n return [line_parser(line) for line in f.readlines() if line]\n except FileNotFoundError:\n return []\n\ndef parse_bbl_trace(filename):\n return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n return _parse_file(filename, parse_mmio_set_line)\n
"},{"location":"python/#capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"Cap'n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a
// test.capnp\nstruct TraceEvent {\nunion {\nbasicBlock @0 :BasicBlock;\naccess @1 :Access;\n}\n}\n\nstruct BasicBlock {\npc @0 :UInt32;\nlr @1 :UInt32;\n}\n\nstruct Access {\ntarget @0 :AccessTarget;\ntype @1 :AccessType;\nsize @2 :UInt8;\npc @3 :UInt32;\n}\n\nenum AccessTarget {\nram @0;\nmmio @1;\n}\nenum AccessType {\nread @0;\nwrite @1;\n}\n
\u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n if event.which() == 'basicBlock':\n print(event.basicBlock.pc)\ntrace_file.close()\n
"},{"location":"python/#_4","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"\u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal
pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n if timeout_seconds != 0:\n def handler(signal_no, stack_frame):\n pipeline.request_shutdown()\n\n # spin up an alarm for the time\n signal.signal(signal.SIGALRM, handler)\n signal.alarm(timeout_seconds)\n\n pipeline.start()\nexcept Exception as e:\n logger.error(f\"Got exception, shutting down pipeline: {e}\")\n import traceback\n traceback.print_exc()\n status = 1\n
"},{"location":"python/#hexintelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc
from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n 0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n 0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n # Check if the address is consecutive with the current data\n if current_address is None or address == current_address + len(current_data):\n if current_address is None:\n current_address = address\n current_data += bytes([ih[address]])\n else:\n # Save the previous data and start a new block\n restored_data[current_address] = current_data\n current_address = address\n current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
"},{"location":"python/#_5","title":"\u53c2\u8003\u8d44\u6599","text":" (USENIX Security 2022)Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing Cap'n Proto "},{"location":"rca/","title":"\u6839\u56e0\u5206\u6790","text":"\u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002
\u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002
\u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002
\u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a
\u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5(Spectrum-based)\u3002\u5927\u6982\u601d\u8def\u662f\u4e0d\u9700\u8981\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u7684\u8bed\u4e49\u4fe1\u606f\uff0c\u5229\u7528\u4e00\u4e9b\u7edf\u8ba1\u5b66\u7684\u65b9\u6cd5\u6765\u5206\u6790\u54ea\u4e9b\u6307\u4ee4\u6709\u95ee\u9898\u3002\u8fd9\u7c7b\u65b9\u6cd5\u57fa\u4e8e\u8fd9\u6837\u4e00\u4e2a\u573a\u666f\uff1a\u5047\u8bbe\u6211\u4eec\u6709\u4e00\u5927\u6279\u76f8\u4f3c\u7684\u6d4b\u8bd5\u6837\u4f8b\uff0c\u5176\u4e2d\u6709\u4e9b\u4f1a\u5bfc\u81f4\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6709\u4e9b\u4e0d\u4f1a\uff0c\u90a3\u4e48\u8fd9\u4e24\u7c7b\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u504f\u597d\u3002\u90a3\u4e48\u90a3\u4e9b\u66f4\u503e\u5411\u4e8e\u5728\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b\u4e2d\u6267\u884c\u7684\u6307\u4ee4\u66f4\u6709\u53ef\u80fd\u662froot cause\u3002 \u4e8b\u540e\u5206\u6790\u65b9\u6cd5(Postmortem-based)\u3002\u76f4\u8bd1\u5c38\u68c0\u5206\u6790\uff0c\u5f62\u8c61\u7406\u89e3\u4e3a\u4ece\u7a0b\u5e8f\u5d29\u6e83\u540e\u7559\u4e0b\u7684\u201c\u5c38\u4f53\u201d\u5f00\u59cb\u5206\u6790\u3002\u5b83\u5047\u5b9a\u7a0b\u5e8f\u5d29\u6e83\u540e\u4f1a\u4ea7\u751f\u4e00\u4e2acoredump(\u6838\u5fc3\u8f6c\u50a8)\u6587\u4ef6\uff0c\u5305\u542b\u4e86\u5d29\u6e83\u70b9\u7684\u5185\u5b58\u5feb\u7167(memory snapshot)\uff0c\u4ee5\u53ca\u8fd9\u4e2a\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84(execution trace)\u3002\u524d\u8005\u7528\u4e8e\u63d0\u4f9b\u6570\u636e\u6d41\u4fe1\u606f(\u6bd4\u5982\u5185\u5b58\u503c\u3001\u5bc4\u5b58\u5668\u503c)\uff0c\u540e\u8005\u7528\u4e8e\u63d0\u4f9b\u63a7\u5236\u6d41\u4fe1\u606f(\u6c47\u7f16\u6307\u4ee4\u6267\u884c\u4e0e\u8df3\u8f6c)\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u4e00\u4e9b\u9006\u5411\u6267\u884c(reverse execution)\u548c\u540e\u5411\u6c61\u70b9\u5206\u6790(backward taint analysis)\u7684\u65b9\u6cd5\uff0c\u5b9a\u4f4d\u53ef\u80fd\u7684root cause\u3002 \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5(Model-based)\u3002\u8fd9\u4e00\u7c7b\u65b9\u6cd5\u662f\u8fd1\u4e9b\u5e74\u63d0\u51fa\u7684\uff0c\u5b83\u901a\u8fc7\u5b9a\u4e49\u8bed\u4e49\u76f8\u5173\u7684\u6a21\u578b\uff0c\u5229\u7528\u673a\u5668\u5b66\u4e60\u6216\u6df1\u5ea6\u5b66\u4e60\u7684\u601d\u60f3\uff0c\u627e\u5230\u8bed\u4e49\u4e0a\u5bfc\u81f4\u5d29\u6e83\u7684root cause\u3002 \u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002
\u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002
\u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5
\u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002
\u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002
"},{"location":"rca/#_2","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"\u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684
"},{"location":"rca/#_3","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"\u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002
\u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002
"},{"location":"rca/#_4","title":"\u4e00\u4e9b\u60f3\u6cd5","text":" \u4ec0\u4e48\u662f\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\uff1f\u5047\u5982\u51fd\u6570A\u5185\u521b\u5efa\u4e34\u65f6\u53d8\u91cfx\u5e76\u8c03\u7528\u51fd\u6570B(x)\uff0c\u5728B\u5185\u5f15\u53d1crash\uff0c\u90a3\u4e48\u5e94\u8be5\u5f52\u548e\u4e3aA\u6ca1\u6709\u5904\u7406x\u5462\uff0c\u8fd8\u662fB\u6ca1\u6709\u68c0\u67e5x\u5462\uff1f\u8fd9\u662fAPI\u5b9e\u73b0\u7684\u95ee\u9898\uff0c\u8fd8\u662fAPI\u8bef\u7528\u7684\u95ee\u9898\uff1f(\u5f00\u53d1\u8005or\u7528\u6237) \u5bf9\u4e8e\u67d0\u4e00\u4e2acrash\uff0c\u5982\u679c\u5f00\u53d1\u4eba\u5458\u8fdb\u884c\u4e86\u4fee\u590d\uff0c\u90a3\u4e48\u8fd9\u4e2a\u4fee\u590d\u80fd\u62ff\u6765\u5f53root cause\u5417\uff1f\u4e0d\u540c\u5f00\u53d1\u4eba\u5458\u4fee\u590d\u7684\u98ce\u683c\u53ef\u80fd\u4e0d\u4e00\u6837\uff0c\u4fee\u590d\u4e5f\u672a\u5fc5\u662f\u5b8c\u5168\u7684\uff0croot cause\u5c31\u662f\u4e00\u4e2a\u4e3b\u89c2\u7684\u95ee\u9898\u4e86\u3002 "},{"location":"rca/#_5","title":"\u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09","text":" \u201c\u4f20\u7edf\u7684SFL\u65b9\u6cd5\u6548\u679c\u5728Defects4J\u7b49\u90e8\u5206\u6570\u636e\u96c6\u53ef\u80fd\u8fdc\u4f18\u4e8eDLFL\u65b9\u6cd5\uff0c\u53ef\u80fd\u662f\u57fa\u51c6\u5b9e\u9a8c\u7684\u8fc7\u62df\u5408\u95ee\u9898\u3002\u201d\u4f20\u7edf\u65b9\u6cd5\u7684\u8fc7\u62df\u5408\u6307\u7684\u662f\u4ec0\u4e48\uff1fDLFL\u4e3a\u4ec0\u4e48\u5728\u57fa\u51c6\u6d4b\u8bd5\u96c6\u53d6\u5f97\u548c\u522b\u7684\u6570\u636e\u96c6\u4e00\u6837\u597d\u7684\u6548\u679c\uff1f\u4f20\u7edf\u65b9\u6cd5\u5728\u4e0d\u540c\u6d4b\u8bd5\u96c6\u7684\u8868\u73b0\u5dee\u5f02\u662f\u65b9\u6cd5\u7684\u95ee\u9898\u8fd8\u662f\u6d4b\u8bd5\u96c6\u7684\u95ee\u9898\uff1f\uff08A Universal Data Augmentation Approach for Fault Localization, ICSE 2022\uff09 \u4e0d\u540c\u79cd\u7c7b\u7684FL\u65b9\u6cd5\u5728\u65f6\u95f4\u5f00\u9500\u4e0a\u6570\u91cf\u7ea7\u662f\u4e0d\u540c\u7684\u3002\u6d4b\u8bd5\u7684\u65f6\u5019\u5982\u679c\u96c6\u6210\u4e0a\u8f83\u4f4e\u6570\u91cf\u7ea7\u5f00\u9500\u7684\u65b9\u6cd5\uff0c\u4e0d\u4f1a\u5bf9\u8fd0\u884c\u65f6\u95f4\u6709\u5f88\u5927\u5f71\u54cd\uff0c\u4f46\u53ef\u4ee5\u63d0\u5347\u6548\u7387\u3002\u4e0d\u540c\u79cd\u7c7bFL\u65b9\u6cd5\u76f8\u5173\u6027\u4e0d\u9ad8\uff0c\u53ef\u4ee5\u8003\u8651\u7ed3\u5408\u4f7f\u7528\u3002\uff08An Empirical Study of Fault Localization Families and Their Combinations, TSE 2021\uff09 \u8c03\u7528\u6808\u505aFL\u5206\u6790\u65f6\uff0c\u5982\u679c\u6839\u56e0\u5728\u6808\u4e0a\u7684\u8bdd\uff0c40%\u662f\u7b2c\u4e00\u4e2a\u6808\u5e27\uff0c90%\u5728\u524d10\u4e2a\u6808\u5e27\u91cc\u3002\uff08Do stack traces help developers fix bugs? Mining Softw. Repositories, 2010\uff09 "},{"location":"rca/#_6","title":"\u53c2\u8003\u6587\u732e","text":" Scaffle: Bug Localization on Millions of Files, ISSTA 2020 Probabilistic reasoning in diagnosing causes of program failures, STVR 2016 Practitioners\u2019 expectations on automated fault localization, ISSTA 2016 \u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba
"},{"location":"readings/","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"readings/#_2","title":"\u7efc\u5408\u6027\u77e5\u8bc6\u5b66\u4e60","text":" AWS\u5bf9\u5404\u7c7b\u6280\u672f\u540d\u5b57\u7684\u4ecb\u7ecd MDN\u7f51\u7edc\u670d\u52a1\u8bcd\u6c47\u8868 "},{"location":"readings/#_3","title":"\u4f1a\u8bae\u603b\u7ed3","text":" ESEC/FSE 2022\u7f51\u5b89\u6e05\u5355 "},{"location":"readings/#_4","title":"\u8f6f\u4ef6\u4f9b\u5e94\u94fe","text":" \u8f6f\u4ef6\u4f9b\u5e94\u94fe\u68c0\u6d4b\u5de5\u5177\u73b0\u72b6\u5206\u6790 "},{"location":"readings/#_5","title":"\u5927\u6a21\u578b","text":" \u667a\u80fd\u5b89\u5168\u8fd0\u8425\uff1a\u5927\u6a21\u578b\u5de5\u5177\u534f\u540c\u4e0e\u5b66\u4e60\u6846\u67b6 "},{"location":"readings/#google","title":"Google","text":" The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 2022 0-day In-the-Wild Exploitation\u2026so far "},{"location":"readings/#_6","title":"\u7f16\u7a0b\u8bed\u8a00","text":" Python\u591a\u8fdb\u7a0b\u5e76\u53d1\u6700\u4f73\u89e3\u51b3\u65b9\u6848 \u591a\u8fdb\u7a0b \u8fdb\u7a0b\u6c60 "},{"location":"readings/#_7","title":"\u78e8\u5200\u4e0d\u8bef\u780d\u67f4\u5de5","text":" Teach Yourself Programming in Ten Years The Key To Accelerating Your Coding Skills What are some of the most basic things every programmer should know? "},{"location":"reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":""},{"location":"reverse-advanced/#windows","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker
"},{"location":"reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"\u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002
"},{"location":"reverse-basic/#_2","title":"\u8c03\u7528\u7ea6\u5b9a","text":"cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002
stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X
\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002
fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002
"},{"location":"reverse-basic/#_3","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"call
\u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c
retn
\u5373pop EIP
test
\u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668
"},{"location":"reverse-basic/#nop","title":"NOP\u6307\u4ee4\u7684\u7528\u9014","text":"NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002
"},{"location":"reverse-basic/#_4","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"\u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a
push ebp\nmov ebp,esp\n
\u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27
"},{"location":"reverse-basic/#_5","title":"\u540d\u79f0\u4fee\u9970","text":"\u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv
\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a
namespace wikipedia\n{\nclass article\n{\npublic:\nstd::string format();\n}\n}\n
\u5176\u4e2d_Z
\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN
\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E
\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002
"},{"location":"reverse-basic/#pe","title":"PE\u6587\u4ef6","text":"PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002
\u53ef\u6267\u884cPE\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3aexe\uff0csrc \u5e93\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3adll\uff0cocx\uff0ccpl\uff0cdrv \u9a71\u52a8\u7a0b\u5e8f\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3asys\uff0cvxd \u5bf9\u8c61\u6587\u4ef6\u6269\u5c55\u540d\u4e00\u822c\u4e3aobj "},{"location":"reverse-basic/#pe_1","title":"PE\u6587\u4ef6\u7684\u6570\u636e\u8282","text":" .text \u4ee3\u7801\u8282\uff0c\u5b58\u653e\u4e8c\u8fdb\u5236\u673a\u5668\u7801 .data \u521d\u59cb\u5316\u6570\u636e\u8282\uff0c\u5982\u5b8f\u5b9a\u4e49\u3001\u5168\u5c40\u53d8\u91cf\u3001\u9759\u6001\u53d8\u91cf .idata \u53ef\u6267\u884c\u6587\u4ef6\u4f7f\u7528\u7684\u52a8\u6001\u94fe\u63a5\u5e93\u7b49\u5916\u90e8\u51fd\u6570\u4e0e\u6587\u4ef6\uff0c\u5373\u8f93\u5165\u8868 .rsrc \u7a0b\u5e8f\u8d44\u6e90\u8282\uff0c\u5305\u62ec\u56fe\u6807\u3001\u83dc\u5355\u7b49 #pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002
"},{"location":"reverse-basic/#_6","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"\u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a
\u6216.lib
\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so
\u6216.dll
\u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c
\u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef
\u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o
\uff0car crs libxx.a xx.o
\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC
\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e
"},{"location":"reverse-basic/#gdb","title":"gdb","text":"\u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr
\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g
\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2
)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file
\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002
\u4f7f\u7528ulimit -c unlimited
\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern
\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g
\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>
\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002
"},{"location":"reverse-basic/#_7","title":"\u63a8\u8350\u9605\u8bfb","text":"Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5
"},{"location":"sci-thoughts/","title":"\u79d1\u7814\u5fc3\u5f97","text":""},{"location":"sci-thoughts/#_2","title":"\u517b\u6210\u4e60\u60ef","text":"\u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002
\u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002
\u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002
\u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002
"},{"location":"sci-thoughts/#_3","title":"\u79d1\u7814\u5199\u4f5c","text":"\u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002
\u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002
"},{"location":"sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"\u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a
In this paper, we propose a novel approach to fault localization, SmartFL, that considers the four factors via efficient probabilistic modeling of the program semantics. In this work, we propose POMP++, a system to address the above limitations in analyzing a post-crash artifact and pinpointing statements pertaining to the crash. In this paper, we present REPT, a practical system that enables reverse debugging of software failures in deployed systems. \u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a
During program debugging, fault localization is the activity of identifying the exact locations of program faults. \u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a
However, identifying the bug-inducing commit precisely for a bug-revealing test can be non-trivial due to the following reasons. \u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a
We design and implement REPT, deploy it on Microsoft Windows, and integrate it into WinDbg. We evaluate REPT on 16 real-world bugs and show that it can recover data values accurately (92% on average) and efficiently (in less than 20 seconds) for these bugs. We also show that it enables effective reverse debugging for 14 bugs. \u63d0\u51fa\u672c\u6587novelty\uff1a
The novelty of this work lies in two aspects. First, we propose a new VSA-based approach for memory alias verification. xxx. Second, we develop new schemes to incorporate our customized VSA to POMP. xxx. \u63d0\u51fa\u672c\u6587insight\uff1a
Our core insight is that the probability of a fault in the current program element leads to the current test results can be efficiently estimated by analyzing the following: \u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a
In this section, we elaborate on the technical details of our xxx approach. First, we describe how to xxx. Second, we discuss how to xxx. Finally, we discuss how to xxx. As we elaborate below, the reasons behind this are two folds. \u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a
However, it inevitably detours the fuzzing program away from the critical objects. Existing approaches either consider the full semantics of the program (e.g., mutation-based fault localization and angelic debugging), leading to scalability issues, or ignore the semantics of the program (e.g., spectrum-based fault localization), leading to imprecise localization results. However, all existing approaches only consider whether a program entity exists in samples but neglect the execution times of the entities in a certain sample and the sequence of their executions. As demonstrated in Section 5, without such sequence information, program spectrum-based fault localization would inevitably introduce imprecision. \u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a
In our work, we manually annotate all these sinks based on their naming patterns. "},{"location":"tech-sslh/","title":"sslh \u9605\u8bfb\u7b14\u8bb0","text":"\u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002
sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002
"},{"location":"tech-sslh/#_1","title":"\u4fbf\u6377\u4e0a\u624b","text":"apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n
\u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg
\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002
\u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\"OK1\"\u6216\u8005\"OK2\"\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex
\u3001ssh
\u3001tls
\u3001http
\u3002
\u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002
protocols:\n(\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
"},{"location":"tech-sslh/#sslh_1","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"\u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c
\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a
\u8c03\u7528sslhcfg_cl_parse
\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2 \u8c03\u7528config_protocols
\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe
\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219 \u8c03\u7528start_listen_sockets
\u5f00\u59cb\u76d1\u542csockets \u8c03\u7528main_loop
\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570 \u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener
\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept
\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler
\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002
"},{"location":"tech-sslh/#_2","title":"\u534f\u8bae\u8bc6\u522b","text":"\u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol
\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer
\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)
\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002
\u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a
/* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n/* description probe */\n{ \"ssh\", is_ssh_protocol},\n{ \"openvpn\", is_openvpn_protocol },\n{ \"wireguard\", is_wireguard_protocol },\n{ \"tinc\", is_tinc_protocol },\n{ \"xmpp\", is_xmpp_protocol },\n{ \"http\", is_http_protocol },\n{ \"tls\", is_tls_protocol },\n{ \"adb\", is_adb_protocol },\n{ \"socks5\", is_socks5_protocol },\n{ \"syslog\", is_syslog_protocol },\n{ \"teamspeak\", is_teamspeak_protocol },\n{ \"msrdp\", is_msrdp_protocol },\n{ \"anyprot\", is_true }\n};\n
\u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol
\u3001is_http_protocol
\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a
/* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nif (len < 4)\nreturn PROBE_AGAIN;\n\nreturn !strncmp(p, \"SSH-\", 4);\n}\n
\u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\"SSH-\"\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002
/* Is the buffer the beginning of an HTTP connection? */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nint res;\n/* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\nif (memmem(p, len, \"HTTP\", 4))\nreturn PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n/* Otherwise it could be HTTP/1.0 without version: check if it's got an\n * HTTP method (RFC2616 5.1.1) */\nPROBE_HTTP_METHOD(\"OPTIONS\");\nPROBE_HTTP_METHOD(\"GET\");\nPROBE_HTTP_METHOD(\"HEAD\");\nPROBE_HTTP_METHOD(\"POST\");\nPROBE_HTTP_METHOD(\"PUT\");\nPROBE_HTTP_METHOD(\"DELETE\");\nPROBE_HTTP_METHOD(\"TRACE\");\nPROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\nreturn PROBE_NEXT;\n}\n
http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\"HTTP\"\u5b57\u7b26\u4e32\u3002
\u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a
/* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\nint i;\n\nfor (i = 0; i < ARRAY_SIZE(builtins); i++) {\nif (!strcmp(builtins[i].name, description)) {\nreturn builtins[i].probe;\n}\n}\n\n/* Special case of \"regex\" probe (we don't want to set it in builtins\n * because builtins is also used to build the command-line options and\n * regexp is not legal on the command line)*/\nif (!strcmp(description, \"regex\"))\nreturn regex_probe;\n\n/* Special case of \"timeout\" is allowed as a probe name in the\n * configuration file even though it's not really a probe */\nif (!strcmp(description, \"timeout\"))\nreturn is_true;\n\nreturn NULL;\n}\n
is_true
\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002
regex_probe
\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002
"},{"location":"tech-sslh/#tlsalpnsni","title":"TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb","text":"tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002
\u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a
# match BOTH ALPN/SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ]; log_level: 0; tfo_ok: true },\n\n# just match SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ]; log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n{ name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; tfo_ok: true },\n
alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002
sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002
sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002
"},{"location":"try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":""},{"location":"try-chatgpt/#_1","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f
\u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002
\u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a
wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
\u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a --recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 --no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 --page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 --html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 --convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 --restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 --domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 --no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002
\u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002
\u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f
\u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a
\u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a
wget --limit-rate=200k http://example.com\n
\u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --tries \u548c --wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a
wget --tries=10 --wait=5 http://example.com\n
\u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n
\u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002
"},{"location":"try-chatgpt/#gopythonrust","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f
\u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a
Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002
Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002
Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002
\u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002
"},{"location":"try-chatgpt/#_2","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"\u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9
\u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a
OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002
NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002
SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002
Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002
SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002
Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002
GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002
\u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01
"},{"location":"word-learning/","title":"\u8bcd\u6c47\u5b66\u4e60","text":" encyclopedic \u5e7f\u535a\u7684 unprecedented \u53f2\u65e0\u524d\u4f8b\u7684\uff0c\u7a7a\u524d\u7684 bluntly \u76f4\u8a00\u4e0d\u8bb3\u5730 as per some estimates \u6839\u636e\u4e00\u4e9b\u4f30\u8ba1 indispensable \u5fc5\u4e0d\u53ef\u5c11\u7684 to name just a few \u4ec5\u4e3e\u51e0\u4f8b discriminate \u9274\u522b\uff0c\u533a\u522b\uff1b\u6709\u533a\u522b\u7684 remediation \u6574\u6cbb cumbersome \u7e41\u7410\u7684 drastically \u5267\u70c8\u5730 impede \u963b\u788d stochastic \u968f\u673a\u7684 sharp-edged plateau saturating \u9971\u548c\u7684 avert \u907f\u514d\uff0c\u7ebe\u89e3 delineation \u5212\u5b9a nuisance \u6ecb\u6270 menace \u5a01\u80c1\uff0c\u5371\u9669\u7684\u4eba\u6216\u7269 dismantle \u62c6\u5f00\uff0c\u62c6\u5378\uff0c\u5e9f\u9664 undermine \u6697\u4e2d\u7834\u574f\uff0c\u4ece\u6839\u57fa\u5904\u635f\u574f provoke \u6fc0\u8d77\uff0c\u5f15\u8d77 ransomware \u52d2\u7d22\u8f6f\u4ef6 withstand \u62b5\u6321\uff0c\u7ecf\u53d7\u4f4f\uff0c\u62b5\u6297 camouflage \u4f2a\u88c5\uff0c\u9690\u853d\uff0c\u6b3a\u7792 influx \u5927\u91cf\u6d8c\u5165\uff0c\u6c47\u96c6 nullify \u4f7f\u65e0\u6548\uff0c\u4f5c\u5e9f\uff0c\u53d6\u6d88 calibrate \u6821\u51c6 ameliorate \u6539\u5584\uff0c\u6539\u826f prolifical \u591a\u4ea7\u7684 henceforth \u4ece\u4eca\u4ee5\u540e\uff0c\u4eca\u540e surmise \u63a8\u6d4b smuggle \u8d70\u79c1 prudent \u8c28\u614e\u7684 intriguing \u6709\u8da3\u7684\uff0c\u8ff7\u4eba\u7684 byproduct \u526f\u4ea7\u54c1\uff0c\u610f\u5916\u7ed3\u679c inconspicuous \u4e0d\u660e\u663e\u7684 \u4e0d\u5f15\u4eba\u6ce8\u76ee\u7684 brittle \u6613\u788e\u7684\uff0c\u96be\u4ee5\u76f8\u5904\u7684\uff0c\u5c16\u523b\u66b4\u8e81\u7684\uff0c\u51b7\u6de1\u7684 deceive \u6b3a\u9a97\uff0c\u8bef\u5bfc versatility \u591a\u624d\u591a\u827a\uff0c\u591a\u7528\u9014\uff0c\u6613\u53d8\uff0c\u53ef\u8f6c\u52a8\u6027 inflate \u4f7f\u81a8\u80c0\uff0c\u4f7f\u5145\u6c14\uff0c\u7269\u4ef7\u4e0a\u6da8 conflate \u5408\u5e76\uff0c\u6df7\u5408 incentive \u52a8\u673a\uff0c\u523a\u6fc0\uff0c\u8bf1\u56e0\uff0c\u9f13\u52b1 bounty \u8d4f\u91d1\uff0c\u5956\u91d1\uff0c\u8d60\u7269 exacerbate \u4f7f\u6076\u5316\uff0c\u4f7f\u52a0\u91cd fluctuation \u6ce2\u52a8\uff0c\u6da8\u843d\uff0c\u8d77\u4f0f susceptible \u6613\u53d7\u5f71\u54cd\u7684\uff0c\u6613\u53d7\u611f\u67d3\u7684\uff0c\u53ef\u4ee5\u63a5\u53d7\u6216\u5141\u8bb8\u7684 extraneous \u5916\u6765\u7684\uff0c\u5916\u90e8\u7684\uff0c\u65e0\u5173\u7684 amenable \uff08\u5bf9\u6cd5\u5f8b\u7b49\uff09\u8d1f\u8d23\u7684\uff0c\u6613\u63a7\u5236\u7684\uff1b\u7ecf\u5f97\u8d77\u68c0\u9a8c\u6216\u8003\u67e5\u7684 vicinity \u9644\u8fd1\uff0c\u4e34\u8fd1\uff0c\u9644\u8fd1\u5730\u533a\uff0c\u5927\u7ea6\u7684\u7a0b\u5ea6\u6216\u6570\u91cf retention \u4fdd\u7559\uff0c\u8bb0\u5fc6\u529b\uff0c\u4fdd\u6301\u529b\uff0c\u6ede\u7559\uff0c\u6263\u7559 suffice \u8db3\u591f\uff0c\u6709\u80fd\u529b\uff0c\u6ee1\u8db3\u2026\u2026\u7684\u9700\u8981\uff0c\u4f7f\u6ee1\u8db3 rudimentary \u7b80\u964b\u7684 inadvertently \u6f2b\u4e0d\u7ecf\u5fc3\u5730\uff0c\u758f\u5ffd\u5730 cease \u505c\u6b62\uff0c\u7ec8\u6b62 collectively \u5168\u4f53\u5730\uff0c\u5171\u540c\u5730 daunting \u4ee4\u4eba\u754f\u60e7\u7684\uff0c\u4f7f\u4eba\u6c14\u9981\u7684 encompass \u56f4\u7ed5\uff0c\u5305\u56f4\uff0c\u5305\u542b\uff0c\u5305\u62ec devastating \u6bc1\u706d\u6027\u7684\uff0c\u4ee4\u4eba\u9707\u60ca\u7684 retrofit \u7ed9\u673a\u5668\u8bbe\u5907\u88c5\u914d\uff08\u65b0\u90e8\u4ef6\uff09\uff0c\u7ffb\u65b0\uff0c\u6539\u578b yield to \u8ba9\u6b65\u4e8e\uff0c\u4f7f\u81ea\u5df1\u53d7\u5230xxx\u7684\u652f\u914d sterilizer \u6d88\u6bd2\u8005\uff0c\u6d88\u6bd2\u5668 salient \u663e\u8457\u7684\uff0c\u7a81\u51fa\u7684\uff0c\u8df3\u8dc3\u7684\uff0c\uff08\u89d2\uff09\u51f8\u51fa\u7684 nuanced \u6709\u7ec6\u5fae\u5dee\u522b\u7684 discern \u5bdf\u89c9\u51fa\uff0c\u4e86\u89e3\uff1b\u5206\u8fa8\u51fa subsidised \u8865\u8d34\u7684 culprit \u72af\u4eba\uff0c\u7f6a\u72af holistic \u5168\u76d8\u7684\uff0c\u6574\u4f53\u7684\uff0c\u529f\u80fd\u6574\u4f53\u6027\u7684 endeavor \u52aa\u529b\uff0c\u5c3d\u529b influx \u6ce8\u5165\uff0c\u6d41\u5165\uff0c\u6c47\u96c6 plausible \u8c8c\u4f3c\u771f\u5b9e\u7684\uff0c\u8c8c\u4f3c\u6709\u7406\u7684\uff0c\u82b1\u8a00\u5de7\u8bed\u7684 pertain \u6709\u5173\uff0c\u5b58\u5728\uff0c\u9002\u7528 obsolescence \u5e9f\u5f03\uff0c\u9648\u65e7\u8fc7\u65f6\uff0c\uff08\u5668\u5b98\uff09\u5e9f\u9000 resort to \u8bc9\u8bf8\uff0c\u4f9d\u9760\uff0c\u6c42\u52a9\u4e8e discrepancy \u5dee\u5f02\uff0c\u4e0d\u4e00\u81f4\uff0c\u533a\u522b impair \u635f\u5bb3\uff0c\u524a\u5f31 hefty \u91cd\u7684\uff0c\u5065\u58ee\u7684\uff0c\u5f02\u5e38\u5927\u7684\uff0c\u91cd\u91cf\u7ea7\u7684 paucity \u5c11\u91cf\uff0c\u7f3a\u4e4f\uff0c\u4e0d\u8db3\uff0c\u7f3a\u5c11 obstruct \u963b\u788d\uff0c\u963b\u6b62\uff0c\u59a8\u788d retention \u4fdd\u7559\uff0c\u8bb0\u5fc6\u529b\uff0c\u6ede\u7559\uff0c\u6263\u7559 envision \u8bbe\u60f3\uff0c\u9884\u60f3 vt. remediate \u8865\u6551\uff0c\u6cbb\u7597\uff0c\u77eb\u6b63\uff0c\u4fee\u590d conundrum \u8c1c\u8bed\uff0c\u96be\u89e3\u7684\u95ee\u9898 depict \u5c55\u793a\uff0c\u63cf\u8ff0\uff0c\u663e\u793a expedite \u52a0\u5feb\u8fdb\u5c55 remedy \u6cbb\u7597\u6cd5\uff0c\u6539\u6b63\uff0c\u6539\u8fdb\uff0c\u8865\u6551 instinctive reaction \u672c\u80fd\u53cd\u5e94 deem \u8ba4\u4e3a\uff0c\u89c6\u4e3a\uff0c\u76f8\u4fe1 detour \u7ed5\u8def\uff0c\u7ed5\u9053\uff0c\u5f2f\u8def futile \u65e0\u6548\u7684\uff0c\u6ca1\u7528\u7684 the hassle of sth. \u67d0\u4e8b\u5e26\u6765\u7684\u9ebb\u70e6 unencumbered \u6ca1\u6709\u963b\u788d\u7684\uff0c\u4e0d\u53d7\u59a8\u788d\u7684\uff0c\u65e0\u8d1f\u62c5\u7684 idiosyncrasy \uff08\u67d0\u4eba\u7279\u6709\u7684\uff09\u6c14\u8d28\uff0c\u4e60\u6027\uff0c\u7656\u597d crowdsource \u4f17\u5305 stabilize \u56fa\u5b9a\uff0c\u9632\u6b62\u2026\u2026\u6ce2\u52a8 encompass \u56f4\u7ed5\uff0c\u5305\u56f4\uff0c\u5b8c\u6210 obviate \u907f\u514d\uff0c\u6d88\u9664\uff08\u8d2b\u56f0\u3001\u4e0d\u65b9\u4fbf\u7b49\uff09 conducive to\u6709\u52a9\u4e8e\u2026\u2026\u7684\uff0c\u6709\u76ca\u4e8e\u2026\u2026\u7684 pertain to \u6709\u5173\uff0c\u5173\u4e8e arduous \u52aa\u529b\u7684\uff0c\u8270\u5de8\u7684\uff0c\u96be\u514b\u670d\u7684 plow \u7281\uff0c\u8015\uff0c \u8d39\u529b\u7a7f\u8fc7 imperative \u5fc5\u8981\u7684\uff0c\u4e0d\u53ef\u907f\u514d\u7684\uff1b\u5fc5\u8981\u7684\u4e8b\uff0c\u547d\u4ee4\uff0c\u89c4\u5219 notoriously \u81ed\u540d\u662d\u8457\u5730\uff0c\u4f17\u6240\u5468\u77e5\u5730 culprit \u72af\u4eba\uff0c\u7f6a\u72af\uff0c\u88ab\u544a\u4eba\uff0c\u8087\u4e8b\u8005 succinct \u7b80\u6d01\u7684 reciprocal \u4e92\u60e0\u7684\uff0c\u5012\u6570 inadvertent \u4e0d\u7ecf\u610f\u7684\uff0c\u758f\u5ffd\u7684 disseminate \u6563\u5e03\uff0c\u4f20\u64ad\uff08\u95ee\u5377\u7b49\uff09 elicitation \u5f15\u51fa\uff0c\u542f\u53d1 obsolete \u5e9f\u5f03\u7684\uff0c\u8001\u5f0f\u7684\uff0c\u5df2\u8fc7\u65f6\u7684 In particular, it works like SBFL, where a bug-inducing commit and a non-inducing commit are analogous\uff08\u76f8\u4f3c\u7684\uff0c\u53ef\u6bd4\u62df\u7684\uff09 to a failing test and a passing test in SBFL, respectively. The effectiveness of recurrent neural network is marginally\uff08\u7565\u5fae\u5730\uff09 higher than multi-layer perceptron. "}]}
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index 4e4adc7..b3f4377 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,152 +2,157 @@
https://tech.c01dkit.com/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/IDA/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/autoconf/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/c/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/code-gracely/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/crawler/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/docker/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/envs/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/fuzzing/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/git/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/go/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/interesting-articles/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/investigations/
- 2023-12-18
+ 2024-01-22
+ daily
+
+
+ https://tech.c01dkit.com/java/
+ 2024-01-22
daily
https://tech.c01dkit.com/latex/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/linux-server/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/openssh/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/picking-ups/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/porting/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/proxy/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/pwn-college-cse365-spring2023/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/python/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/rca/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/readings/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/reverse-advanced/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/reverse-basic/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/sci-thoughts/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/sentence-templates/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/tech-sslh/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/try-chatgpt/
- 2023-12-18
+ 2024-01-22
daily
https://tech.c01dkit.com/word-learning/
- 2023-12-18
+ 2024-01-22
daily
\ No newline at end of file
diff --git a/sitemap.xml.gz b/sitemap.xml.gz
index e3dd9e6..2ecc397 100644
Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ