;================================================================================= ; sys_sigaction demonstration. ; ; Setups new handler function for SIGSEGV and tries to access an illegal memory ; location. Then handler function takes control and prints the faulting location ; address, prints the register dump, and exits. ; ; The LSCR Project. ;================================================================================= format ELF include '../macros.inc' include '../../include/symbols.inc' include '../../include/structs.inc' extrn error_chk extrn dd2ascii_hex extrn dw2ascii_hex section '.text' executable public _start _start: mov [sigaction.sa_handler], dword sigsegv_handler ; setup new handler for SIGSEGV mov [sigaction.sa_flags], SA_SIGINFO mov eax, SYS_SIGACTION mov ebx, SIGSEGV mov ecx, sigaction xor edx, edx int 0x80 ccall error_chk, <"SYS_SIGACTION has failed: ">, exit mov eax, SYS_WRITE mov ebx, STDOUT mov ecx, sigsegv_pre_s mov edx, sigsegv_pre_s_sz int 0x80 mov [0x12345678], eax ; generate SIGSEGV. ; now the execution will continue starting at sigsegv_handler mov eax, SYS_WRITE mov ebx, STDOUT mov ecx, error1_s mov edx, error1_s_sz int 0x80 exit: mov eax, SYS_EXIT xor ebx, ebx int 0x80 sigsegv_handler:;-----------------------; SIGSEGV handler. this function will receive: ; 1st argument - signal number ; 2nd argument - pointer to siginfo structure ; 3rd argument - pointer to ucontext structure mov ebx, [esp+8] ; retrieve 2nd argument ccall dd2ascii_hex, [ebx+siginfo._sigfault+sigfault._addr], fault_addr_s+58 ; print the faulting location mov eax, SYS_WRITE mov ebx, STDOUT mov ecx, fault_addr_s mov edx, fault_addr_s_sz int 0x80 mov ebx, [esp+12] ; retrieve 3rd argument ; print the registers as they were ; at the moment of faulty operation. ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.eax], reg_dump1+7 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.ebx], reg_dump1+27 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.ecx], reg_dump1+47 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.edx], reg_dump2+7 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.esi], reg_dump2+27 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.edi], reg_dump2+47 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.ebp], reg_dump3+7 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.esp], reg_dump3+27 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.eip], reg_dump3+47 ccall dd2ascii_hex, [ebx+ucontext.uc_mcontext.eflags], reg_dump4+10 mov ax, [ebx+ucontext.uc_mcontext.cs] ccall dw2ascii_hex, eax, reg_dump4+27 mov ax, [ebx+ucontext.uc_mcontext.es] ccall dw2ascii_hex, eax, reg_dump4+39 mov ax, [ebx+ucontext.uc_mcontext.ds] ccall dw2ascii_hex, eax, reg_dump4+51 mov ax, [ebx+ucontext.uc_mcontext.fs] ccall dw2ascii_hex, eax, reg_dump5+6 mov ax, [ebx+ucontext.uc_mcontext.ss] ccall dw2ascii_hex, eax, reg_dump5+18 mov eax, SYS_WRITE mov ebx, STDOUT mov ecx, reg_dump mov edx, reg_dump_sz int 0x80 mov [esp], dword exit ret section '.data' writeable error1_s db "Application has successfully accessed [0x12345678]. This can't be good." error1_s_sz = $-error1_s sigsegv_pre_s db "We are about to generate SIGSEGV by writing to a forbidden location", 0xa, 0xa sigsegv_pre_s_sz = $-sigsegv_pre_s fault_addr_s db "SIGSEGV has been generated due to an access attempt to [0x00000000]", 0xa fault_addr_s_sz = $-fault_addr_s reg_dump db "At the moment of segmentation fault registers were:",0xa reg_dump1 db "eax: 0x00000000 ebx: 0x00000000 ecx: 0x00000000",0xa reg_dump2 db "edx: 0x00000000 esi: 0x00000000 edi: 0x00000000",0xa reg_dump3 db "ebp: 0x00000000 esp: 0x00000000 eip: 0x00000000",0xa reg_dump4 db "eflags: 0x00000000 cs: 0x0000 es: 0x0000 ds: 0x0000",0xa reg_dump5 db "fs: 0x0000 ss: 0x0000",0xa,0xa reg_dump_sz = $-reg_dump sigaction old_sigaction