preeny

preeny.一个有用的preload集合

github项目地址：https://github.com/zardus/preeny

Preeny有以下模块：

Name	Summary
dealarm	Disables alarm()
defork	Disables fork()
deptrace	Disables ptrace()
derand	Disables rand() and random()
desigact	Disables sigaction()
desock	Channels socket communication to the console
desock_dup	Channels socket communication to the console (simpler method)
ensock	The opposite of desock -- like an LD_PRELOAD version of socat!
desrand	Does tricky things with srand() to control randomness.
mallocwatch	When ltrace is inconvenient, mallocwatch provides info on heap operations.
writeout	Some binaries write() to fd 0, expecting it to be a two-way socket. This makes that work (by redirecting to fd 1).
patch	Patches programs at load time.
startstop	Sends SIGSTOP to itself on startup, to suspend the process.

Preeny安装：

$ git clone https://github.com/zardus/preeny.git 

$ apt-get install libini-config3 libini-config-dev 

$ cd preeny 

$ make

在64位x86主机上构建32位x86 preeny

$ CFLAGS = -m32 make

使用方法：

让程序内的sock(),fork(),alarm()函数失效

LD_PRELOAD=x86_64-linux-gnu/desock.so:x86_64-linux-gnu/defork.so:x86_64-linux-gnu/dealarm.so ~/code/security/codegate/2015/rodent/rodent

去随机化：

derand.so 覆盖 rand() and random()

# this will return 42 on each rand() call  每一次rand()都返回42
LD_PRELOAD=x86_64-linux-gnu/derand.so tests/rand

# this will return 1337 on each rand() call #每一次rand()都返回1337
RAND=1337 LD_PRELOAD=x86_64-linux-gnu/derand.so tests/rand

desrand.so 可以覆盖 srand 

# this simply sets the seed to 42  #rand函数种子变为42 （默认设置为42）
LD_PRELOAD=x86_64-linux-gnu/desrand.so tests/rand

# this sets the seed to 1337 #设置seed为1337
SEED=1337 LD_PRELOAD=x86_64-linux-gnu/desrand.so tests/rand

# this sets the seed to such that the first "rand() % 128" will be 10 #设置mod为128 并且第一次rand()%128 的值设置为10
WANT=10 MOD=128 LD_PRELOAD=x86_64-linux-gnu/desrand.so tests/rand

# finally, this makes the *third* "rand() % 128" be 10   #设置mod为128 并且第三次rand()%128 的值设置为10

SKIP=2 WANT=10 MOD=128 LD_PRELOAD=x86_64-linux-gnu/desrand.so tests/rand

下面这两功能我还没用过：与fuzz相关

De-socketing

Certain tools (such as American Fuzzy Lop, for example) are unable to handle network binaries. Preeny includes two "de-socketing" modules. desock.so neuters socket(), bind(), listen(), and accept(), making it return sockets that are, through hackish ways, synchronized to stdin and stdout. desock_dup.so is a simpler version for programs that dup accepted sockets over file descriptors 0, 1, and 2.

A discussion of the different ways to de-socket program, and why Preeny does it the way it does, can be found here.

En-socketing

You can also use preeny to turn a normal binary into a socket binary! Just set the PORT environment variable (default is 1337) and preload ensock.so!

Patch

可以利用patch.so修改指定位置的值

# tests/hello      有一个简单的输出Hello world的程序
Hello world!
# cat hello.p      编写.p文件 指定源字符 字符地址 目地字符
[hello]
address=0x4005c4
content='4141414141'

[world]
address=0x4005ca
content='6161616161'
# PATCH="hello.p" LD_PRELOAD=x86_64-linux-gnu/patch.so tests/hello 
--- section hello in file hello.p specifies 5-byte patch at 0x4005c4
--- section world in file hello.p specifies 5-byte patch at 0x4005ca
AAAAA aaaaa!