I want to know the value of m flag and o flag of recently received Router Advertisement. From the kernel source code I came to know that m flag and o flag are stored.
/*
* Remember the managed/otherconf flags from most recently
* received RA message (RFC 2462) -- yoshfuji
*/
in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
IF_RA_OTHERCONF)) |
(ra_msg->icmph.icmp6_addrconf_managed ?
IF_RA_MANAGED : 0) |
(ra_msg->icmph.icmp6_addrconf_other ?
IF_RA_OTHERCONF : 0);
.
.
.
Then I believe it must be possible to retrieve those values using ioctl or proc filesystem or any other method. Could anyone please point that way.
At last I found the way. Thanks to Google, Thanks to Shirley Ma. Please get the code from my blog http://kumaran127.blogspot.jp/2013/05/get-m-and-o-flag-of-most-recently.html
I'm pretty sure you won't find this in procfs but you can analyse these packets with radvdump: see http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-radvd.html and for reference of how it's implemented: http://svn.dd-wrt.com/browser/src/router/radvd/radvdump.c?rev=11491 .. Here is how they create the icmp6 filter on a raw socket http://svn.dd-wrt.com/browser/src/router/radvd/socket.c?rev=11491 which is then used to listen in on.
Cheers
Related
I am attempting to write a python script using the angr binary analysis library (http://angr.io/). I have written code that successfully loads a core dump of the process I want to play with by using the ElfCore back end (http://angr.io/api-doc/cle.html#cle.backends.elf.elfcore.ELFCore) passed to the project constructor, doing something like the following:
ap = angr.Project("corefile", main_opts={'backend': 'elfcore'})
What I am wondering is, how do I now "run" the program forward from the state (registers and memory) which was defined by the core dump? For example, when I attempted to create a SimState using the above project:
ss = angr.sim_state.SimState(project=ap)
ss.regs.rip
I got back that rip was uninitialized (which it was certainly initialized in the core dump/at the point when the core dump was generated).
Thanks in advance for any help!
Alright! I figured this out. Being a total angr n00b® this may not be the best way of doing this, but since nobody offered a better way this is what I came up with.
First...
ap = angr.Project("corefile", main_opts={'backend': 'elfcore'}, rebase_granularity=0x1000)
ss = angr.factory.AngrObjectFactory(ap).blank_state()
the rebase_granularity was needed because my core file had the stack mapped high in the address range and angr refuses to map things above your main binary (my core file in this case).
From inspecting the angr source (and playing at a Python terminal) I found out that at this point, the above state will have memory all mapped out the way the core file defined it to be, but the registers are not defined appropriately yet. Therefore I needed to proceed to:
# Get the elfcore_object
elfcore_object = None
for o in ap.loader.all_objects:
if type(o) == cle.backends.elf.elfcore.ELFCore:
elfcore_object = o
break
if elfcore_object is None:
error
# Set the reg values from the elfcore_object to the sim state, realizing that not all
# of the registers will be supported (particularly some segment registers)
for regval in elfcore_object.initial_register_values():
try:
setattr(ss.regs, regval[0], regval[1])
except Exception:
warn
# get a simgr
simgr = ap.factory.simgr(ss)
Now, I was able to run forward from here using the state defined by the core dump as my starting point...
for ins in ap.factory.block(simgr.active[0].addr).capstone.insns:
print(ins)
simgr.step()
...repeat
I have used externally described data structures in the past to use file fields. Now when i debug the data structure is blanks. I cannot recollect if i have missed anything. Please assist.
H option(*nodebugio) cvtopt(*datetime)
FEMPMSTP IF E K disk prefix(A_)
D empDs E DS extname(EMPMSTP) prefix(A_)
dou %eof(EMPMSTP);
read EMPMSTP;
if %eof;
leave;
endif;
enddo;
*inlr = *on;
After the read statement the empDs is to have the value of the record that was read.
The RPGLE compiler is pretty smart. It knows you aren't using any of the data from the file...
Try adding..
h debug(*input)
Note that the behavior changed, read got smarter, in 6.1. So that might be why this is new to you now.
More info in a post from Barbara Morris of IBM's compiler team here: https://www.ibm.com/developerworks/community/blogs/b542d3ac-0785-4b6f-8e53-f72051460822/entry/are_you_using_option_nounref_if_so_good_if_not_read_on?lang=en
I would like to write a simple kernel function that iterates over all the vm_area_structs that belong to a specific process and mark each one of them as belonging to the heap or not. Assume that I can add a boolean field in the vm_area_struct that will be set for heap pages and reset for other pages.
I have looked into the mm_struct, vm_area_struct, and task_struct... but found nothing that can help.
Update: I am guessing start_brk and brk have something to do with this?
(Am inserting my last comment as an answer, as the formatting within "Comment" is not that great):
Wrt my prev comment: the relevant code (to look up VMAs of a given PID) seems to be here: fs/proc/task_mmu.c .
And, yes indeed, the "[heap]" is marked by this code snippet from the above src file (kernel ver 3.10.24):
*fs/proc/task_mmu.c:show_map_vma()*
...
if (vma->vm_start <= mm->brk &&
vma->vm_end >= mm->start_brk) {
name = "[heap]";
goto done; }
...
I am using lemaubtm 20. When i am connecting it with hyperterminal it receives OK and afterwards when i type LLL it also shows OK.
My problem is when i type other commands e.g AT it gives me ERROR
If anybody have any idea please help me.
Thanks.
you'e getting an " ok" response after you connect aubtm20 ..that's great you have made all ur electronic connections necessary for the pc to "talk" to your bt module..! i exactly know where you are getting it wrong .. after you connect to the command mode by pressing " LLL" before you type any command you have to follow the format : < c r >atcommand ..you achieve that by doing the following in the hyperterminal (for winxp): ctrl+m(for < cr >) ctrl+j (for < lf >)
tell me what you get ?
There are disassemblers like CFF explorer which display the AddressOfEntryPoint of any executable along with the offset where it is stored. I know how to find that ( IMAGE_OPTIONAL_HEADER::AddressOfEntryPoint ), but I want to be able to find the offset in the PE exe file where the AddressOfEntryPoint is stored, programmatically.
I've read a lot about PE files here
But still can't figure it out. Help needed
The offset of AddressOfEntryPoint would be the sum of the size of the sections that precede it: sizeof(IMAGE_DOS_HEADER)+sizeof(DWORD)+sizeof(IMAGE_FILE_HEADER)+sizeof(WORD)+sizeof(BYTE)+sizeof(BYTE)+sizeof(DWORD)+sizeof(DWORD)+sizeof(DWORD)
Well it looks like #JosephH wrote correct answer, however that answer isn't correct correct and not nice at all.
To get EP you need to have read file as binary file (not all file is needed).
So assume you have unsigned char* data; which points to binary info.
IMAGE_DOS_HEADER* dosHeader = (IMAGE_DOS_HEADER *)data; //cast it to DOS header (some calls it MZ header)
IMAGE_NT_HEADERS* peHeader = (IMAGE_NT_HEADERS *)&data[dosHeader->e_lfanew]; //find NT header (PE header)
DWORD ep = 0;
if (peHeader->Magic == 0x10b) //32-bit executable
ep = ((IMAGE_NT_HEADERS32 *)peHeader)->OptionalHeader.AddressOfEntryPoint; //Get EP
else //64-bit executable
ep = ((IMAGE_NT_HEADERS64 *)peHeader)->OptionalHeader.AddressOfEntryPoint; //Get EP
I think my answer is better because it is more self explaining, also you cannot trust offsets, because structures changes time to time. As you see even IMAGE_NT_HEADERS that I used is defined differently on x86 and x64 machines.