codepad.org is an online compiler/interpreter, and a simple collaboration tool. Paste your code below, and codepad will run it will run it
I'm surprised noone has forkbombed the server yet...
How it works
Code execution is handled by a supervisor based on geordi. The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits.
Paranoia
When your app is remote code execution, you have to expect security problems. Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:
* The supervisor processes run on virtual machines, which are firewalled such that they are incapable of making outgoing connections.
* The machines that run the virtual machines are also heavily firewalled, and restored from their source images periodically.
>>14
You don't need to. Just put some code in a buffer and execute the buffer. You may want to run various tests to determine what platform it is before actually being able to run more useful code, but if >>7 is right, then this would be no better than owning a Honeypot, which is totally useless.
>>15 C can do anything assembry can anyway. Now write a line of C code that will compile to a privileged instruction or invalid opcode. Without asm().
Name:
Anonymous2009-11-09 14:39
>>18 privileged instruction
Popular compilers have builtin support for most of these, even though 99.999% of developers don't need them. Here are some examples:
>>18
That's very simple actually, just assemble the instructions in a buffer, possibly writing the code so it would run from any base(call $/pop reg , and then use [reg+..] to offset all code from that), then just cast the buffer to a function pointer, and just call it.
The only difference here is that the code would run from the heap or stack, and there's some minor differences between normal code sections and that (such as protection modes and maybe on some platform, they could be marked with the NX flag). In which case, you might want to call the appropriate APIs for setting protection flags on that buffer's pages, or just alloc a new buffer for the code, or in a weird case, you could copy the code to the CODE/.text section where the C code is compiled to and running it. Technically, you can run anything from C (or other high/mid level languages with a FFI or similar), that you could run from asm.
Anyone know what the extra bullshit is? Any line that has anything to do with EDX or 0804971C is unnecessary to the function, and so it the jump-if-equal and that call... I'm guessing this is some kind of protection but I don't know what it would protect against.
>>22
Looks like it's unoptimized, how terrible[i]![/b] GCC?
It may be a "security cookie" protection against buffer overflows. MSVC does it all the time, it's fairly simple, it places a special dummy value as the first variable on the stack, and then checks if it remains unchanged at the end, if it has been changed, it will safely generate an error to avoid exploitation. Smart compilers like MSVC don't generate code like this in functions as simple as that, they only generate it in functions where buffers are used/stack allocated and there's a potential for a stack overflow.
The code I would use for your function is
mov eax, 7A69h
ret