From 8c3a3f89f36fa207bc05c82a25e483a75e408d91 Mon Sep 17 00:00:00 2001 From: c01dkit Date: Wed, 23 Aug 2023 19:20:43 +0800 Subject: [PATCH] Deployed 39bc5db with MkDocs version: 1.4.2 --- 404.html | 18 +- IDA/index.html | 18 +- autoconf/index.html | 21 +- c/index.html | 39 +- code-gracely/index.html | 18 +- crawler/index.html | 18 +- docker/index.html | 18 +- envs/index.html | 36 +- fuzzing/index.html | 18 +- git/index.html | 18 +- go/index.html | 23 +- index.html | 130 ++- interesting-articles/index.html | 18 +- investigations/index.html | 18 +- latex/index.html | 18 +- linux-server/index.html | 184 ++-- picking-ups/index.html | 18 +- porting/index.html | 24 +- pwn-college-cse365-spring2023/index.html | 74 +- python/index.html | 18 +- rca/index.html | 18 +- readings/index.html | 1017 ++++++++++++++++++++ reverse-advanced/index.html | 18 +- reverse-basic/index.html | 22 +- sci-thoughts/index.html | 18 +- search/search_index.json | 2 +- sentence-templates/index.html | 18 +- sitemap.xml | 62 +- sitemap.xml.gz | Bin 417 -> 429 bytes tech-sslh/index.html | 1088 ++++++++++++++++++++++ try-chatgpt/index.html | 18 +- word-learning/index.html | 18 +- 32 files changed, 2834 insertions(+), 212 deletions(-) create mode 100644 readings/index.html create mode 100644 tech-sslh/index.html diff --git a/404.html b/404.html index aacd92a..35d2d9d 100644 --- a/404.html +++ b/404.html @@ -220,8 +220,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -801,6 +801,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/IDA/index.html b/IDA/index.html index 1e2c220..a019857 100644 --- a/IDA/index.html +++ b/IDA/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -855,6 +855,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/autoconf/index.html b/autoconf/index.html index 4db7cec..7cf15ba 100644 --- a/autoconf/index.html +++ b/autoconf/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -862,6 +862,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + @@ -974,6 +988,9 @@

    区分目录结构

    reverse_CPPFLAGS = -msse4.1 +# 使用LDFLAG会在gcc中部放-l,导致找不到第三方库。用LDADD可以添加到整个gcc指令的最后 +reverse_LDADD = -lcapstone + handlers_FILES = handler_flag_manip.c handler_interrupt.c #handler_interrupt.c diff --git a/c/index.html b/c/index.html index 9972f74..9e95c67 100644 --- a/c/index.html +++ b/c/index.html @@ -13,7 +13,7 @@ - + @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -313,6 +313,13 @@ 根据结构体成员取结构体首地址 + + +
  • + + 编译时确定链接库 + +
    • @@ -855,6 +862,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + @@ -892,6 +913,13 @@ 根据结构体成员取结构体首地址 + + +
  • + + 编译时确定链接库 + +
    • @@ -916,7 +944,10 @@

    C语言

    根据结构体成员取结构体首地址

    member_address - &(((TYPE *)0)->member);
    -

    后半部分看似会解引用0地址而crash,但编译器会优化为直接计算member的offset。

    +

    后半部分看似会解引用0地址而crash,但编译器会优化为直接计算member的offset。参见kernel代码常用的container_of。

    +

    编译时确定链接库

    +

    使用-l指定链接库,注意去掉库文件的lib开头和.so结尾。编译时,注意把库放在整个命令的结尾,否则可能提示库函数未定义。

    +

    比如gcc main.c -lcapstone不会报错,gcc -lcapstone main.c会提示报错。(假设这里main.c调用了capstone的库函数)

    diff --git a/code-gracely/index.html b/code-gracely/index.html index aa59168..c9e3d89 100644 --- a/code-gracely/index.html +++ b/code-gracely/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -956,6 +956,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/crawler/index.html b/crawler/index.html index 19c884e..35043bc 100644 --- a/crawler/index.html +++ b/crawler/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -889,6 +889,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/docker/index.html b/docker/index.html index 68c063e..9d40c89 100644 --- a/docker/index.html +++ b/docker/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -890,6 +890,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/envs/index.html b/envs/index.html index b2ac4c1..20f4b22 100644 --- a/envs/index.html +++ b/envs/index.html @@ -16,6 +16,8 @@ + + @@ -229,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -884,6 +886,13 @@ 选择ssh密钥 + + +
  • + + Windows下安装make + +
  • @@ -902,6 +911,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + @@ -981,6 +1004,13 @@ 选择ssh密钥 + + +
  • + + Windows下安装make + +
  • @@ -1067,6 +1097,8 @@

    选择ssh密钥

    evel `ssh-agent`
 ssh-add <私钥文件>
    +

    Windows下安装make

    +

    使用chocolatey包管理器。按https://chocolatey.org/install#individual的说明即可,最后choco install make

    参考文章

    • diff --git a/git/index.html b/git/index.html index 908922b..8aa343d 100644 --- a/git/index.html +++ b/git/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -931,6 +931,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/go/index.html b/go/index.html index a0e0bc6..cee9cb9 100644 --- a/go/index.html +++ b/go/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -862,6 +862,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + @@ -930,8 +944,11 @@

    go

    go环境配置

    1. https://go.dev/dl/下载Archive的包,解压缩,添加其中的bin目录到系统路径
      2. -
    2. 国内使用时设置代理go env -w GOPROXY=https://goproxy.cn
      3. +
    3. 国内使用时设置代理
    +
    go env -w GO111MODULE=on
+go env -w  GOPROXY=https://goproxy.cn
+

    快速入门

    package main
 import (
diff --git a/index.html b/index.html
index 22e4db1..6db3e61 100644
--- a/index.html
+++ b/index.html
@@ -14,7 +14,7 @@
       
       
       
-        
+        
       
       
       
@@ -248,8 +248,8 @@
     
@@ -403,8 +410,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -984,6 +991,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
@@ -1017,8 +1038,8 @@
     
@@ -1175,19 +1203,25 @@
 
 
 
    Welcome to c01dkit's tech blog
    
-
    目录为自动生成,可能有误,欢迎提issue。最近一次更新时间2023-08-01
    
-
    linux服务器运维
    
+
    目录为自动生成,可能有误。最近一次更新时间2023-08-23。
    
+
    欢迎提issue以指错、交流
    
+
    最近一次更新内容:
    
 
+
    文章阅读
    
+
 
    编程语言 / C语言
    
 
 
    编程语言 / Go
    
 
-
    编程语言 / 优雅编程
    
+
    编程语言 / 优雅编程
    
 
-
    学习笔记 / 根因分析
    
+
    学习笔记 / 根因分析
    
 
-
    其他杂项 / 环境配置
    
+
    其他杂项 / 环境配置
    
 
+
    其他杂项 / linux服务器运维
    
+
 
 
 
diff --git a/interesting-articles/index.html b/interesting-articles/index.html
index 24da383..4513c32 100644
--- a/interesting-articles/index.html
+++ b/interesting-articles/index.html
@@ -231,8 +231,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -824,6 +824,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
diff --git a/investigations/index.html b/investigations/index.html
index eae7cbf..a055301 100644
--- a/investigations/index.html
+++ b/investigations/index.html
@@ -231,8 +231,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -824,6 +824,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
diff --git a/latex/index.html b/latex/index.html
index 0f9f7ea..dfc726b 100644
--- a/latex/index.html
+++ b/latex/index.html
@@ -231,8 +231,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -869,6 +869,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
diff --git a/linux-server/index.html b/linux-server/index.html
index 3354310..0a49bae 100644
--- a/linux-server/index.html
+++ b/linux-server/index.html
@@ -13,11 +13,9 @@
         
       
       
-        
+        
       
       
-        
-      
       
       
     
@@ -229,87 +227,11 @@
 
   
   
-    
-  
   
-    
  • 
-      
-      
-      
-      
-        
-      
-      
-        
-      
-      
-        linux服务器运维
+    
  • 
+      
+        文章阅读
       
-      
-        
-
-
-      
     
    • 
   
 
@@ -809,14 +731,16 @@
 
   
   
+    
+  
   
     
-    
  • 
+    
  • 
       
       
       
       
-      
+      
       
       
       
@@ -825,7 +749,7 @@
           
         
       
-      
    • 
diff --git a/picking-ups/index.html b/picking-ups/index.html
index c47796c..f9957aa 100644
--- a/picking-ups/index.html
+++ b/picking-ups/index.html
@@ -231,8 +231,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -824,6 +824,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
diff --git a/porting/index.html b/porting/index.html
index 09249d9..d0ed32c 100644
--- a/porting/index.html
+++ b/porting/index.html
@@ -231,8 +231,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -896,6 +896,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
@@ -1006,17 +1020,19 @@ 
    sslh:根据流量特征转发数据包
    
 # systemd users: don't forget to modify /lib/systemd/system/sslh.service
 DAEMON=/usr/sbin/sslh
 Run=yes
-DAEMON_OPTS="--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --ssl 127.0.0.1:443 --http 127.0.0.1:1284 --pidfile /var/run/sslh/sslh.pid"
+DAEMON_OPTS="--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --pidfile /var/run/sslh/sslh.pid"

    这里也可以cat /lib/systemd/system/sslh.service看一下service文件,其中有一行ExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS,可以看到在启动sslh时参数是DAEMON_OPTS。所以重点就在于配置好DAEMON_OPTS。

    解释一下几个参数的意思:

    然后systemctl enable sslhsystemctl start sslh启动sslh,将本地4684端口收到的流量根据ssh、ssl、http的特征分别进行端口转发。

    +

    比较有意思的是可以用--anyprot来设置默认的转发策略,配合nc -lk可以看自定义的数据包格式,再通过-F(或--config)指定config文件(比如/etc/sslh/sslh.cfg),实现利用正则表达式对数据包进行自定义转发。

    +

    注意,如果使用config文件,那么文件的内容不要和命令行已有的内容重复。比如命令行已经指定了监听127.0.0.1端口的4684,那config文件里就不要再加上listen:(xxx)了。

    ssh:提供远程连接

    由于原本对外开放的22端口只用于接收ssh请求,如果想要提供更多服务,需要先把22端口的接收的数据都转发给sslh,让它来进行分类。那么ssh请求应该就不能再还给22端口了(不然可能又被转发给sslh?不确定),可以考虑再开一个端口监听ssh请求。这里ssh的设定开了本地22和5752端口,配置时修改/etc/ssh/sshd_config文件,加一行Port 5752即可。同时记得使用公钥认证登录,禁用密码登录。

    Port 22
diff --git a/pwn-college-cse365-spring2023/index.html b/pwn-college-cse365-spring2023/index.html
index fe3891c..8d930ca 100644
--- a/pwn-college-cse365-spring2023/index.html
+++ b/pwn-college-cse365-spring2023/index.html
@@ -231,8 +231,8 @@
   
   
     
  • 
-      
-        linux服务器运维
+      
+        文章阅读
       
     
    • 
   
@@ -664,6 +664,13 @@
     Reverse Engineering Writeups
   
   
+
+      
+        
  • 
+  
+    总结
+  
+  
 
    • 
       
     
@@ -906,6 +913,20 @@
 
             
           
+            
+              
+  
+  
+  
+    
  • 
+      
+        linux服务器运维
+      
+    
    • 
+  
+
+            
+          
         
       
     
@@ -992,6 +1013,13 @@
     Reverse Engineering Writeups
   
   
+
+      
+        
  • 
+  
+    总结
+  
+  
 
    • 
       
     
@@ -1105,6 +1133,7 @@ 
    Reverse Engineering 学习笔记
    
 
  • 使用display/<n><u><f>来在每一条操作结束后显示某些数值。nuf的用法和x打印内存地址一样
    • 
 
  • 有关脚本编写,可以预先用gdb语法写好脚本文件xxx.gdb,然后启动gdb的时候加上参数-x xxx.gdb,就可以在gdb启动后自动化运行脚本
    • 
 
  • ~/.gdbinit在初始化gdb会话时自动运行
    • 
+
  • 使用call直接调用函数,比如call (void)win()
    • 
 
  • 使用set pagination off关闭分页确认
 以下是个gdb脚本的例子,silent用于在遇到断点时减少输出信息,以及使用setprintf设置变量、打印值。
    • 
 
@@ -1132,9 +1161,6 @@ 
    Reverse Engineering 学习笔记
    
 end
 continue
    -

    Talking Web WriteUps

    这个章节的题目是用curl、python和nc来实现发送各种http请求,先运行/challenge/run启动flask服务器,然后新开个终端用各种姿势连接本地127.0.0.1即可。

    这三种工具的大致思路:

    @@ -2577,6 +2603,44 @@

    Reverse Engineering Writeups

    可见在0x0000556609b49969处,从rax指向的地址读取4字节。但是此时rax在前两条语句已经被修改为0了,所以触发NULL指针解引用,引起SIGSEGV退出。所以试试直接跳过这段,进入win时修改rip寄存器即可。

    依次执行:break *wincall (void)win()set $rip=*win+35c即可。

    +

    Level 1.0

    +

    Reverse engineer this challenge to find the correct license key.

    +

    从此开始是一个证书验证程序,要求输入key来获取flag。第一题直接enter运行,会输出原始输入、处理后的输入以及正确答案。运行两次以后发现处理后的输入和原始输入是一样的,并且正确答案是固定的。

    +

    直接python里运行下[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]](可能需要修改0xXX的值),然后就得到key了。

    +

    Level 1.1

    +

    Reverse engineer this challenge to find the correct license key.

    +

    这一题没有直接把正确答案列出来。一种方案是先gdb启动程序,然后在要求输入密钥的时候ctrl+c暂停程序,用bt查看调用栈,可以看到__libc_start_main (main=0xXXXXX, argc=1, ....)。然后查看main函数的汇编指令x/80i 0xXXXX,可以看到其中的memcmp@plt函数所使用的的rsi来自[rip+0x2abf]。指令后面的#注释提示了对应的地址,直接用x/5x <address>查看密钥即可。

    +

    注意最后输入密钥时要直接运行程序,不要在gdb里面输,会提示权限不够。

    +

    Level 2.0

    +

    Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

    +

    这道题目交换了输入字符串的index 1和index 4的字符。

    +

    Level 2.1

    +

    Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

    +

    这道题目在2.0的基础上隐去了输入输出结果的显示,因此需要gdb看一下做了什么操作。按照1.1的方法查看memcmp附近的函数,可见:

    +
    0x5584f463251f:      lea    rax,[rbp-0xe]
+0x5584f4632523:      mov    edx,0x5
+0x5584f4632528:      mov    rsi,rax
+0x5584f463252b:      mov    edi,0x0
+0x5584f4632530:      call   0x5584f46321a0 <read@plt>
+0x5584f4632535:      movzx  eax,BYTE PTR [rbp-0xe]
+0x5584f4632539:      mov    BYTE PTR [rbp-0x10],al
+0x5584f463253c:      movzx  eax,BYTE PTR [rbp-0xd]
+0x5584f4632540:      mov    BYTE PTR [rbp-0xf],al
+0x5584f4632543:      movzx  eax,BYTE PTR [rbp-0xf]
+0x5584f4632547:      mov    BYTE PTR [rbp-0xe],al
+0x5584f463254a:      movzx  eax,BYTE PTR [rbp-0x10]
+0x5584f463254e:      mov    BYTE PTR [rbp-0xd],al
+0x5584f4632551:      lea    rdi,[rip+0xdb0]        # 0x5584f4633308
+0x5584f4632558:      call   0x5584f4632140 <puts@plt>
+0x5584f463255d:      lea    rax,[rbp-0xe]
+0x5584f4632561:      mov    edx,0x5
+0x5584f4632566:      lea    rsi,[rip+0x2aa3]        # 0x5584f4635010
+0x5584f463256d:      mov    rdi,rax
+0x5584f4632570:      call   0x5584f46321b0 <memcmp@plt>
+
    +

    输入的字符串被保存在[rbp-0xe]处,且进行了[rbp-0xe]和[rbp-0xd]的交换。也就是说输入字符串的前两个字符被交换了。查看memcmp加载到rsi的地址内容x/5b 0x5584f4635010得到对应的答案,交换前两个字符即可。

    +

    总结

    +

    CSE 365还是属于比较入门的类型,打好基础!

    diff --git a/python/index.html b/python/index.html index 56a3eb2..57e1ae3 100644 --- a/python/index.html +++ b/python/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -911,6 +911,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/rca/index.html b/rca/index.html index 48610d2..a629502 100644 --- a/rca/index.html +++ b/rca/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -883,6 +883,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/readings/index.html b/readings/index.html new file mode 100644 index 0000000..e546c44 --- /dev/null +++ b/readings/index.html @@ -0,0 +1,1017 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + 文章阅读 - c01dkit's tech blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + + Skip to content + + +
    +
    + +
    + + + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    + +
    + + +
    + +
    + + + +
    +
    +
    +
    + + + + + + + + + \ No newline at end of file diff --git a/reverse-advanced/index.html b/reverse-advanced/index.html index 069a370..cbe4c2e 100644 --- a/reverse-advanced/index.html +++ b/reverse-advanced/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -855,6 +855,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/reverse-basic/index.html b/reverse-basic/index.html index da07517..3dc58e4 100644 --- a/reverse-basic/index.html +++ b/reverse-basic/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -924,6 +924,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + @@ -1104,11 +1118,13 @@

    静态链接库与动态链接库

    静态库编译命令:gcc -c xx.c -o xx.oar crs libxx.a xx.o;动态库编译命令:gcc xx.c -o libxx.so -shared -fPIC其中-fPIC表示使用相对位置

    gdb

    添加多个符号表add-symbol-file xxx addr其中addr是代码段起始地址,xxx可以为sym文件,或elf文件等。变异时需要加上-g保留符号表(指定具体格式如-g2 -gdwarf-2),可以逐个使用add-symbol-file,都添加进去。

    +

    使用ulimit -c unlimited设置不限制coredump文件大小,然后root用户echo "core-%e-%p" > /proc/sys/kernel/core_pattern设置保留程序名、pid,则对于编译时添加了-g选项的程序,其崩溃产生的coredump文件可以使用gdb <程序名> <coredump文件名>来寻找root cause。gdb内用where查看调用栈。

    推荐阅读

    Linux 静态库 编译和使用 Linux 动态库 编译和使用 Makefile入门 -Makefile官方文档

    +Makefile官方文档 +coredump文件基础用法

    diff --git a/sci-thoughts/index.html b/sci-thoughts/index.html index b54e7ba..80a6d49 100644 --- a/sci-thoughts/index.html +++ b/sci-thoughts/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -862,6 +862,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/search/search_index.json b/search/search_index.json index 930ebe7..524bcd1 100644 --- a/search/search_index.json +++ b/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to c01dkit's tech blog","text":"

    \u76ee\u5f55\u4e3a\u81ea\u52a8\u751f\u6210\uff0c\u53ef\u80fd\u6709\u8bef\uff0c\u6b22\u8fce\u63d0issue\u3002\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u65f6\u95f42023-08-01

    "},{"location":"#linux","title":"linux\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"#c","title":"\u7f16\u7a0b\u8bed\u8a00 / C\u8bed\u8a00","text":""},{"location":"#go","title":"\u7f16\u7a0b\u8bed\u8a00 / Go","text":""},{"location":"#python","title":"\u7f16\u7a0b\u8bed\u8a00 / Python","text":""},{"location":"#_1","title":"\u7f16\u7a0b\u8bed\u8a00 / \u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"#python_1","title":"\u7f16\u7a0b\u5e94\u7528 / python\u722c\u866b","text":""},{"location":"#ida","title":"\u7a0b\u5e8f\u9006\u5411 / IDA\u57fa\u7840","text":""},{"location":"#_2","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u57fa\u7840","text":""},{"location":"#_3","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u9ad8\u9636","text":""},{"location":"#git","title":"\u5b66\u4e60\u7b14\u8bb0 / Git","text":""},{"location":"#docker","title":"\u5b66\u4e60\u7b14\u8bb0 / Docker","text":""},{"location":"#_4","title":"\u5b66\u4e60\u7b14\u8bb0 / \u6839\u56e0\u5206\u6790","text":""},{"location":"#autoconf","title":"\u5b66\u4e60\u7b14\u8bb0 / autoconf","text":""},{"location":"#pwn-college-cse-365-spring-2023","title":"\u5b66\u4e60\u7b14\u8bb0 / pwn-college / CSE 365 - spring 2023","text":""},{"location":"#_5","title":"\u79d1\u7814\u751f\u6d3b / \u79d1\u7814\u5fc3\u5f97","text":""},{"location":"#latex","title":"\u79d1\u7814\u751f\u6d3b / latex\u57fa\u7840","text":""},{"location":"#_6","title":"\u5176\u4ed6\u6742\u9879 / \u6a21\u7cca\u6d4b\u8bd5","text":""},{"location":"#_7","title":"\u5176\u4ed6\u6742\u9879 / \u670d\u52a1\u5668\u7aef\u53e3\u590d\u7528","text":""},{"location":"#chatgpt","title":"\u5176\u4ed6\u6742\u9879 / ChatGPT","text":""},{"location":"#_8","title":"\u5176\u4ed6\u6742\u9879 / \u73af\u5883\u914d\u7f6e","text":""},{"location":"IDA/","title":"IDA\u4f7f\u7528","text":""},{"location":"IDA/#arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"

    \u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002

    raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002

    "},{"location":"autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"

    \u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49

    "},{"location":"autoconf/#_1","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a

    bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"autoconf/#_2","title":"\u533a\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002

    \u7f16\u5199Makefile.am\u6587\u4ef6

    \u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a

    bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n

    \u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939

    POMP\u7684\u4f8b\u5b50\uff1a

    SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\nsrc/Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"c/","title":"C\u8bed\u8a00","text":""},{"location":"c/#_1","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"
    member_address - &(((TYPE *)0)->member);\n

    \u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002

    "},{"location":"code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"code-gracely/#_2","title":"\u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5","text":"

    \u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002

    "},{"location":"code-gracely/#_3","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":""},{"location":"code-gracely/#_4","title":"\u4f18\u5316\u8ba1\u7b97\u6548\u7387","text":""},{"location":"code-gracely/#_5","title":"\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801","text":"
    1. \u4f7f\u7528\u9ad8\u7ea7\u8bed\u8a00\u5b8c\u6210\u7a0b\u5e8f\u7f16\u5199
    2. \u8fdb\u884c\u6d4b\u8bd5\uff0c\u9a8c\u8bc1\u6b63\u786e\u6027
    3. \u8fdb\u884c\u7a0b\u5e8f\u5206\u6790\uff0c\u786e\u5b9a\u70ed\u70b9\u4ee3\u7801
    4. \u5bf9\u70ed\u70b9\u4ee3\u7801\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u6539\u5199
    "},{"location":"code-gracely/#_6","title":"\u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41","text":""},{"location":"code-gracely/#_7","title":"\u5faa\u73af","text":""},{"location":"code-gracely/#_8","title":"\u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf","text":""},{"location":"code-gracely/#if-else","title":"\u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad","text":"

    \u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a

    \u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a

    \u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002

    "},{"location":"code-gracely/#_9","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"

    \u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002

    "},{"location":"code-gracely/#_10","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"

    \u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002

    "},{"location":"code-gracely/#_11","title":"\u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027","text":""},{"location":"code-gracely/#c","title":"C","text":"

    \u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c

    int arr[10] = {\n[0]       = 1,\n[1 ... 4] = 2,\n[5 ... 7] = 4,\n};\n

    \u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c

    struct test {\nint a;\nint b;\nint c;\nint d;\n};\n\nint main(\nint argc, char const *argv[]\n)\n{\nstruct test t = {\n.a = 1,\n.b = 2,\n.c = 3,\n.d = 4,\n};\n\nreturn 0;\n}\n
    "},{"location":"crawler/","title":"\u722c\u866b\u6a21\u677f","text":""},{"location":"crawler/#scrapy","title":"Scrapy","text":"

    \u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd

    "},{"location":"crawler/#_2","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"

    \u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406

    import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n    \"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n    yield scrapy.Request(\n        headers = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n        meta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n        )\n
    "},{"location":"crawler/#applicationjson","title":"application/json\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a

    import json\nheaders = {\n    \"Content-Type\": \"application/json\",\n    \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n    url=url, \n    method='POST', \n    headers=headers, \n    body=data,\n    callback=self.parse, \n    meta={'period': t}, \n    errback=self.err,\n    cb_kwargs={'period': t,'page':0}\n)\n
    "},{"location":"crawler/#applicationx-www-form-urlencoded","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a

    post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n    url=url,\n    formdata=post_data,\n    errback=self.err,\n    callback = self.parse,\n    cookies = cookies,\n    cb_kwargs = {'id':'shixian','page':str(page)},\n    )\n

    \u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002

    "},{"location":"crawler/#selenium","title":"Selenium","text":"

    \u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8

    from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n    cur = -1\n    final = -1\n    try:\n        pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n    except:\n        print('Current page is not found')\n        return cur,final\n\n    for page in pages:\n        if 'active' in page.get_attribute('class'):\n            cur = int(page.text)\n        if 'number' in page.get_attribute('class'):\n            final = int(page.text)\n    return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n\"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n    \"\"\"\n    global CURRENT_PAGE\n    global CURRENT_TITLE\n    titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n    icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n    jscode = 'document.location = '+'\"'+config['url']+'\"'\n    driver.execute_script(jscode)\n    for title,svgs in zip(titles,icons):\n        svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n        print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n        if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n            continue\n        skip = False\n        for svg in svgs:\n            # if visible \n            if svg.get_attribute('style') == 'display: inline-block;':\n                svg.click()\n                time.sleep(7)\n                cls = driver.window_handles\n                if len(cls) > 1:\n                    time.sleep(20)\n                ok = archive_file(title.text,config)\n                if not ok:\n                    print(f'Failed to download {title.text}')\n                    while len(cls) > 1:\n                        driver.switch_to.window(cls[1])\n                        driver.close()\n                        driver.switch_to.window(cls[0])\n                        cls = driver.window_handles\n                    return (False, title.text)\n                cls = driver.window_handles\n                driver.switch_to.window(cls[0])\n    CURRENT_TITLE = None\n    CURRENT_PAGE += 1\n    return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n    SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n    yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n

    \u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a

    import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n    if op >= 200:\n        print('failed 200 times!')\n        break\n    p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n    print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n    op += 1\n\n    time.sleep(30)\n    if p.poll() == 0:\n        break\n    p.wait()\n
    "},{"location":"docker/","title":"Docker\u4f7f\u7528\u7b14\u8bb0","text":""},{"location":"docker/#docker_1","title":"\u5b89\u88c5docker","text":"

    \u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef

    "},{"location":"docker/#_1","title":"\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e","text":"

    \u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/lib/systemd/system/docker.service\u7684-g\u53c2\u6570\u6765\u6307\u5b9a\u4f4d\u7f6e\u3002\u53ef\u4ee5\u901a\u8fc7docker info\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002

    \u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002

    \u53e6\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a

    {\n\"data-root\": \"/home/docker\"\n}\n

    \u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a

    sudo cp -r /var/lib/docker /home/docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\nsudo systemctl status docker\n
    "},{"location":"docker/#_2","title":"\u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55","text":"

    \u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8

    docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx  -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
    \u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d--user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002

    \u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002

    \u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002

    \u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc

    "},{"location":"docker/#_3","title":"\u65b0\u5bb9\u5668\u521d\u59cb\u5316","text":"

    apt-get update\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential

    "},{"location":"docker/#_4","title":"\u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668","text":"

    \u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5

    "},{"location":"docker/#_5","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"
    docker exec -it <\u5bb9\u5668id> /bin/bash\n

    \u53ef\u4ee5Ctrl+D\u9000\u51fa

    "},{"location":"envs/","title":"\u73af\u5883\u914d\u7f6e","text":""},{"location":"envs/#_2","title":"\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"
    sudo apt update\nsudo apt install curl build-essential gcc make -y\n
    "},{"location":"envs/#rust","title":"\u5b89\u88c5rust","text":"
    curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n

    \u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)

    [source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
    "},{"location":"envs/#golang","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"
    go env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"envs/#ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"
    sudo apt install zsh\n

    curl\u548cwget\u4e8c\u9009\u4e00

    sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
    sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
    "},{"location":"envs/#git","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"

    \u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3

    git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
    "},{"location":"envs/#perf-ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"
    sudo apt-get install linux-tools-`uname -r`\n
    "},{"location":"envs/#ssh","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"
    evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
    "},{"location":"envs/#_3","title":"\u53c2\u8003\u6587\u7ae0","text":""},{"location":"fuzzing/","title":"\u6a21\u7cca\u6d4b\u8bd5\u57fa\u672c\u4ecb\u7ecd","text":"

    \u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f[^1]\uff1a

    1. \u4f7f\u7528\u7f16\u8bd1\u5668\u5411\u57fa\u672c\u5757\u8fb9\u7f18\u63d2\u6869\uff0c\u53ef\u4ee5\u51c6\u786e\u5730\u63d2\u6869\u5e76\u6613\u4e8e\u4f18\u5316\uff0c\u4f46\u9700\u8981\u6e90\u7801\u5df2\u77e5\u3002
    2. \u9759\u6001\u4e8c\u8fdb\u5236\u91cd\u5199\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u4ecd\u5728\u7814\u7a76\uff0c\u56e0\u4e3a\u9759\u6001\u4ee3\u7801\u63d2\u6869\u51c6\u786e\u6027\u96be\u4ee5\u4fdd\u8bc1\uff0c\u5e76\u4e14\u4f18\u5316\u80fd\u529b\u6709\u9650\u3002\u8fd9\u4e9b\u9650\u5236\u6761\u4ef6\u4f1a\u5f71\u54cd\u4ee3\u7801\u7387\u4fe1\u606f\u7684\u8d28\u91cf\u4e0e\u51c6\u786e\u6027\uff0c\u4ee5\u53ca\u4e8c\u8fdb\u5236\u91cd\u5199\u7684\u8868\u73b0\u3002
    3. \u52a8\u6001\u4e8c\u8fdb\u5236\u63d2\u6869\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u53ef\u4ee5\u5bb9\u6613\u3001\u51c6\u786e\u63d2\u5165\u4ee3\u7801\uff0c\u4f46\u662f\u52a8\u6001\u7ffb\u8bd1\u4e8c\u8fdb\u5236\u7684\u5f00\u9500\u53ef\u80fd\u5927\u5230\u4e0d\u80fd\u63a5\u53d7\u3002
    4. \u786c\u4ef6\u8f85\u52a9\u8ffd\u8e2a\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u5229\u7528\u5185\u7f6e\u7684\u786c\u4ef6\u8ffd\u8e2a\u6269\u5c55\uff0c\u5728\u8fd0\u884c\u65f6\u76f4\u63a5\u83b7\u53d6\u63a7\u5236\u6267\u884c\u6d41\u4fe1\u606f\u3002

    \u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a[^2]\uff1a

    Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.

    The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.

    Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.

    Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.

    Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.

    "},{"location":"fuzzing/#_2","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49

    "},{"location":"fuzzing/#aflnet","title":"AFLNET","text":"

    \u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002

    "},{"location":"fuzzing/#stateafl","title":"STATEAFL","text":"

    \u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002

    "},{"location":"fuzzing/#nsfuzz","title":"NSFuzz","text":"

    \u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002

    \u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002

    \u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002

    shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
    "},{"location":"fuzzing/#iothunter","title":"IoTHunter","text":"

    \u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002

    "},{"location":"fuzzing/#_3","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002

    \u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002

    \u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002

    "},{"location":"fuzzing/#dataflow","title":"DATAFLOW","text":"

    \u6e90\u7801

    \u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002

    [^1]: FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE [^2]: Intrusive v.s. non-intrusive tracing

    "},{"location":"git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"git/#github","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"

    \u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a

    \u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force\u53c2\u6570

    "},{"location":"git/#gitignore","title":"\u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6","text":"

    \u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09

    "},{"location":"git/#add","title":"\u64a4\u56deadd","text":"

    \u4f7f\u7528git add .\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .\u6765\u64a4\u56degit add . \u3002\uff08\u4f7f\u7528git status\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09

    "},{"location":"git/#gitgithub","title":"\u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee","text":"
    1. \u4f7f\u7528git config --global user.name \"<yourname>\"\u8bbe\u7f6e\u7528\u6237\u540d
    2. \u4f7f\u7528git config --global user.email \"<email>\"\u8bbe\u7f6e\u90ae\u7bb1
    3. \u4f7f\u7528ssh-keygen -t rsa -C \"<comments>\"\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09
    4. \u5728\u4e0a\u4e00\u6b65\u8fc7\u7a0b\u4e2d\u9ed8\u8ba4\u7684\u8def\u5f84\uff08\u6bd4\u5982~/.ssh\uff09\u627e\u5230id_rsa.pub\u6587\u4ef6\uff0c\u62f7\u8d1d\u5176\u5168\u90e8\u5185\u5bb9
    5. \u6253\u5f00github\uff0c\u53f3\u4e0a\u89d2\u5934\u50cf\uff0csettings\uff0c\u5de6\u4fa7\u7684SSH and GPG keys\uff0c\u7136\u540e\u7ed9SSH\u6dfb\u52a0\u8fd9\u4e2a\u516c\u94a5\u5373\u53ef

    ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528

    \u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile> \u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002

    \u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982

    Host github.com\n    HostName github.com\n    IdentityFile ~/.ssh/id_ed25519_user_github\n

    \u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002

    "},{"location":"git/#_1","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"

    \u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09

    "},{"location":"git/#_2","title":"\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93","text":"

    \u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002

    1. \u9996\u5148\u53d6\u6d88\u539f\u6765\u7684\u8fdc\u7a0b\u5206\u652f\u8ddf\u8e2agit remote rm <remote repo name>
    2. \u7136\u540e\u6dfb\u52a0\u81ea\u5df1\u7684\u4ed3\u5e93\u4f5c\u4e3a\u8fdc\u7a0bgit remote add <remote repo name> <repo url>

    \u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>

    \u8fd9\u91cc\u7684<remote repo name>\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002

    "},{"location":"git/#_3","title":"\u5b50\u6a21\u5757\u7684\u4e0b\u8f7d","text":"

    \u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002

    \u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002

    \u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull\u3002

    \u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6

    "},{"location":"git/#_4","title":"\u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539","text":"

    \u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log\u627e\u5230\u3002

    \u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002

    \u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>

    "},{"location":"git/#_5","title":"\u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528","text":"

    \u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002

    \u53ef\u4ee5\u4f7f\u7528git branch -a\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*\u7684\u662f\u5f53\u524dbranch\u3002

    \u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name> \u76f8\u5f53\u4e8e\u5148git branch <branch name> \u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002

    \u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a

    \u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>

    \u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>

    \u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002

    \u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002

    \u53ef\u4ee5\u7528git fetch --all\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"\u3002

    "},{"location":"git/#github-debug","title":"Github debug\u5408\u96c6","text":"

    \u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002

    "},{"location":"git/#git-clonegnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"

    \u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy

    \u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false

    "},{"location":"go/","title":"go","text":""},{"location":"go/#go_1","title":"go\u73af\u5883\u914d\u7f6e","text":"
    1. \u4ecehttps://go.dev/dl/\u4e0b\u8f7dArchive\u7684\u5305\uff0c\u89e3\u538b\u7f29\uff0c\u6dfb\u52a0\u5176\u4e2d\u7684bin\u76ee\u5f55\u5230\u7cfb\u7edf\u8def\u5f84
    2. \u56fd\u5185\u4f7f\u7528\u65f6\u8bbe\u7f6e\u4ee3\u7406go env -w GOPROXY=https://goproxy.cn
    "},{"location":"go/#_1","title":"\u5feb\u901f\u5165\u95e8","text":"
    package main\nimport (\n\"fmt\"\n)\n//\u5faa\u73af\u8f93\u51fa\nfor i:=0; i<10; i++{\nfmt.Println(i)\n}\n
    "},{"location":"interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":"
    1. [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing \u4e0d\u6b63\u786e\u7684\u9519\u8bef\u5904\u7406\u51fd\u6570\u672c\u8eab\u53ef\u80fd\u4e5f\u4f1a\u5e26\u6765\u65b0\u7684\u9519\u8bef\uff0c\u5c24\u5176\u662f\u5728\u505a\u4e00\u4e9b\u524d\u671f\u6e05\u7406\u5de5\u4f5c\u65f6\uff0c\u6267\u884c\u987a\u5e8f\u4e0d\u6b63\u786e\u4f1a\u5e26\u6765\u63d0\u6743\u3001\u5d29\u6e83\u4e0eDoS\u3002\u672c\u6587\u5e0c\u671b\u63a8\u65ad\u51fa\u9884\u671f\u7684\u6e05\u7406\u51fd\u6570\u3002
    2. [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck \u8003\u8651\u5230\u6570\u636e\u6d41\u5411\u7684\u5b9e\u4f53\uff0c\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u9690\u79c1\u89c4\u8303\u8fdb\u884c\u7814\u7a76\u5efa\u6a21\u3002
    3. [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub\u4e0a\u7531\u4e8e\u4e00\u4e9b\u4e0d\u5f53\u64cd\u4f5c\u53ef\u80fd\u4f1a\u5bfc\u81f4API\u5bc6\u94a5\u6cc4\u9732\u3002\u672c\u6587\u7814\u7a76\u8868\u660e\u8fd9\u79cd\u6cc4\u9732\u975e\u5e38\u7316\u7357\uff0c\u5e76\u4e14\u8fdc\u6ca1\u6709\u89e3\u51b3\u95ee\u9898\u3002
    "},{"location":"investigations/","title":"\u56db\u5927\u8c03\u67e5","text":"
    1. [Usenix Security 2022] \"I feel invaded, annoyed, anxious and I may protect myself\": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country
    2. [Usenix Security 2022] \"Like Lesbians Walking the Perimeter\": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
    3. [Usenix Security 2022] How and Why People Use Virtual Private Networks
    4. [Usenix Security 2021] \"It's the Company, the Government, You and I\": User Perceptions of Responsibility for Smart Home Privacy and Security
    5. [Usenix Security 2021] \"Shhh...be quiet!\" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
    6. [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
    7. [Usenix Security 2021] 'Passwords Keep Me Safe' \u2013 Understanding What Children Think about Passwords
    8. [Usenix Security 2021] \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
    9. [Usenix Security 2021] \"Now I'm a bit angry:\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
    10. [Usenix Security 2020] \"I am uncomfortable sharing what I can't see\": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications
    11. [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
    12. [Usenix Security 2020] An Observational Investigation of Reverse Engineers\u2019 Processes
    13. [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers
    14. [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports
    15. [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
    16. [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
    17. [NDSS 2019] A First Look into the Facebook Advertising Ecosystem
    "},{"location":"latex/","title":"latex\u57fa\u7840","text":""},{"location":"latex/#_1","title":"\u63a8\u8350\u5de5\u5177","text":"

    \u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c

    "},{"location":"latex/#latex_1","title":"\u82f1\u6587latex","text":"
    \\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
    "},{"location":"latex/#latex_2","title":"\u4e2d\u6587latex","text":"
    \\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}}    % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}}             % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}}          % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}}         % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}}               % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont}           % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont}          % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont}          % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont}        % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont}        % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont}            % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont}    % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont}            % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont}       % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont}    % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx}  \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n    \\begin{tikzpicture}\n    \\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n    \\draw (0,0) circle (#1);\n    \\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
    "},{"location":"linux-server/","title":"linux\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"linux-server/#pid","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"

    sudo ls -lah /proc/<pid>\n
    \u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f

    "},{"location":"linux-server/#linux_1","title":"\u5728linux\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"
    # \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program
    "},{"location":"linux-server/#_1","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"

    \u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5

    lspci | grep VGA\n

    \u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09

    nvidia-smi\n
    "},{"location":"linux-server/#_2","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"
    htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
    "},{"location":"linux-server/#_3","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"
    ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
    "},{"location":"linux-server/#dns","title":"\u4fee\u6539DNS","text":"

    \u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf\u9632\u6b62\u4fee\u6539\u3002

    "},{"location":"picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"

    Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)

    RR: A Fault Model for Efficient TEE Replication (NDSS 2023)

    No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)

    FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)

    Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer

    A Survey on Adversarial Attacks for Malware Analysis

    Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)

    A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)

    Structural Attack against Graph Based Android Malware Detection (CCS 2021)

    Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)

    Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)

    P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)

    Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)

    REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)

    What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)

    Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)

    POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis

    A Survey on Software Fault Localization (TSE 2016)

    "},{"location":"porting/","title":"\u6298\u817e\u7f51\u7ad9","text":""},{"location":"porting/#_2","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"

    \u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002

    "},{"location":"porting/#sslh","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"

    \u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh\uff1a

    # Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --ssl 127.0.0.1:443 --http 127.0.0.1:1284 --pidfile /var/run/sslh/sslh.pid\"\n

    \u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002

    \u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a

    \u7136\u540esystemctl enable sslh\u3001systemctl start sslh\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002

    "},{"location":"porting/#ssh","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"

    \u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002

    Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
    "},{"location":"porting/#nginxhttphttps","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"

    \u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a

    user  c01dkit;\nworker_processes  1;\n\nevents {\n    worker_connections  1024;\n}\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n    sendfile        on;\n    keepalive_timeout  65;\n    server_tokens off;\n    server {\n        listen       1284;\n        listen       127.0.0.1:1284;\n        charset utf-8;\n        server_name  xxxx.c01dkit.com;\n        if ($scheme = http ) {\n            return 301 https://$host:xxxx$request_uri;  \n        }\n        error_page  404              /404.html;\n    }\n\n    server {\n        listen       127.0.0.1:443 ssl ;\n        listen       443 ssl ;\n        listen       [::]:443 ssl ;\n        server_name  xxxx.c01dkit.com;\n        charset utf-8;\n        ssl_certificate      xxxx/fullchain.pem;\n        ssl_certificate_key  xxxx/privkey.pem;\n\n        ssl_session_cache    shared:SSL:1m;\n        ssl_session_timeout  5m;\n\n        ssl_ciphers  HIGH:!aNULL:!MD5;\n        ssl_prefer_server_ciphers  on;\n\n        location / {\n            root   xxxxx;\n            index  index.html index.htm;\n            error_page  404              /404.html;\n\n        }\n        location ~ \\.php$ {\n            fastcgi_pass   unix:/run/php/php8.1-fpm.sock;\n            fastcgi_index  index.php;\n            fastcgi_param  SCRIPT_FILENAME  xxxx/www$fastcgi_script_name;\n            include        fastcgi_params;\n            error_page  404              /404.html;\n        }\n    }\n\n}\n

    \u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66\u7ae0\u8282\u3002

    \u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a

    nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n

    \u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063

    "},{"location":"porting/#iptablessslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"

    \u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002

    iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002

    \u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a

    # Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h  dom mon dow   command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002

    "},{"location":"porting/#https","title":"https\u8bc1\u4e66","text":"

    \u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002

    \u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh \u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a

    echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n

    \u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002

    "},{"location":"pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"

    \u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b

    "},{"location":"pwn-college-cse365-spring2023/#talking-web","title":"Talking Web \u5b66\u4e60\u7b14\u8bb0","text":"

    \u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF

    \u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF

    \u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a

    HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment

    \u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding

    POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type

    \u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\"a\":\"xx\"}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob

    RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002

    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"pwn-college-cse365-spring2023/#building-a-web-server","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"

    \u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002

    \u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a

    // int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n *   uint16_t sa_family;\n *   uint8_t  sa_data[14];   \n * }\n * \n * struct sockaddr_in {\n *   uint16_t sin_family;\n *   uint16_t sin_port;\n *   uint32_t sin_addr;\n *   uint8_t  __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":" 
    start\nbreak *main+42\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x32)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
    start\ncatch syscall read\ncommands\n    silent\n    if ($rdi == 42)\nset $rdi = 0\nend\n    continue\nend\ncontinue\n
    "},{"location":"pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002

    \u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a

    \u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002

    Level 1

    Send an HTTP request using curl

    curl http://127.0.0.1\n

    Level 2

    Send an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\n

    Level 3

    Send an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 4

    Set the host header in an HTTP request using curl

    curl -H 'host:xxxxx' http://127.0.0.1\n

    Level 5

    Set the host header in an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n

    Level 6

    Set the host header in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n

    Level 7

    Set the path in an HTTP request using curl

    curl http://127.0.0.1/xxxxx\n

    Level 8

    Set the path in an HTTP request using nc

    nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n

    Level 9

    Set the path in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n

    Level 10~12

    URL encode a path in an HTTP request using curl/nc/python

    \u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef

    Level 13~15

    Specify an argument in an HTTP request using curl/nc/python

    GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef

    nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762

    Level 16~18

    Specify multiple arguments in an HTTP request using curl/nc/python

    \u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389

    Level 19~21

    Include form data in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n

    Level 22~24

    Include form data with multiple fields in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n

    Level 25~27

    Include json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' |  nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n

    Level 28~30

    Include complex json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n

    Level 31~33

    Follow an HTTP redirect from HTTP response using curl/nc/python

    #curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 34~36

    Include a cookie from HTTP response using curl/nc/python

    #curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 37~39

    Make multiple requests in response to stateful HTTP responses using curl/nc/python

    #curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v #nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002

    Level 1

    In this level you will work with registers_use! Please set the following: rdi = 0x1337

    from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
    \u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run\u5373\u53ef\u3002

    Level 2

    asm('add rdi,0x331337')\n

    Level 3

    asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n

    Level 4

    \u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002

    asm('mov rax, rdi;div rsi')\n

    Level 5

    asm('mov rax, rdi;div rsi;mov rax, rdx')\n

    Level 6

    \u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002

    asm('mov al, dil;mov bx, si')\n

    Level 7

    shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09

    asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n

    Level 8

    and reg1, reg2\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002

    asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n

    Level 9

    \u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002

    asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n

    Level 10

    \u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002

    asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n

    Level 11

    \u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002

    asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n

    Level 12

    \u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002

    asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n

    Level 13

    asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n

    Level 14

    asm('pop rax;sub rax,rdi; push rax')\n

    Level 15

    \u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668

    asm('push rdi; push rsi; pop rdi; pop rsi')\n

    Level 16

    \u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09

    asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n

    Level 17

    \u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002

    asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n

    Level 18

    \u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n    add eax, [rdi+8]\n    add eax, [rdi+12]\n    jmp done\ncase2:\n    sub eax, [rdi+8]\n    sub eax, [rdi+12]\n    jmp done\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 19

    jmp [reg + offset]\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002

    asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n

    Level 20

    \u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n    cmp rcx, rsi\n    je done\n    add rax, [rdi + 8 * rcx]\n    add rcx, 1\n    jmp loop\ndone:\n    div rsi\n\"\"\"\n\nprint(asm(payload))\n

    Level 21

    \u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 22

    \u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9\u8fdb\u884c\u4f20\u53c2\u3001rax\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n    mov bl, [rdx]\n    test bl,bl\n    jz done\n    cmp bl, 0x5a\n    jg notif\n    mov rax, 0x403000\n    xor rdi, rdi\n    mov dil, bl\n    call rax\n    mov [rdx], al\n    add rcx, 1\nnotif:\n    add rdx, 1\n    jmp loop\ndone:\n    mov rax, rcx\n    ret\n\"\"\"\n\nprint(asm(payload))\n

    Level 23

    \u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002

    from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n    cmp rcx, rdx\n    jg loop1_end\n    mov al, [rdi + rcx]\n    mov r8, rbp\n    mov r9, rax\n    imul r9, 4\n    sub r8, r9\n    mov ebx, [r8]\n    add ebx, 1\n    mov [r8], ebx\n    add rcx, 1\n    jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n    cmp rcx, 0xff\n    jg loop2_end\n    mov r8, rbp\n    mov r9, rcx\n    imul r9, 4\n    sub r8, r9\n    mov edx, [r8]\n    cmp edx, ebx\n    jle loop2_conti\n    mov rbx, rdx\n    mov rax, rcx\nloop2_conti:\n    add rcx, 1\n    jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
    "},{"location":"pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"

    \u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002

    \u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c

    Level 1

    \u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a

    ===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0)                                 = ?\n+++ exited with 0 +++\n

    \u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002

    \u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server\u5373\u53ef\u3002

    \u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002

    \u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a

    hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n

    \u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86

    Level 2

    In this challenge you will create a socket.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    # create a socket\n    mov rdi, 2 # AF_INET\n    mov rsi, 1 # SOCK_STREAM\n    mov rdx, 0 # IPPROTO_IP\n    mov rax, 41 # sys_socket\n    syscall\n\n    push rax\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n

    Level 3

    In this challenge you will bind an address to a socket.

    \u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n

    \u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\npush rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, rax # socket_fd\npush 0x50000002 # AF_INET(2) and PORT(80) in big endian\nmov rsi, rsp # sockaddr_in\npush 0x0 # IP(0.0.0.0)\npush 0x0 # padding\npush 0x0 # padding\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n

    Level 4

    In this challenge you will listen on a socket.

    \u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 5

    In this challenge you will accept a connection.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 6

    In this challenge you will respond to an http request.

    \u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\nrequest:  .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 7

    In this challenge you will respond to a GET request for the contents of a specified file.

    \u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002

    open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e\\0\uff09\u3002

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0)                            = 0\n[\u2713] accept(3, NULL, NULL)                   = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY)      = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5)                                = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4)                                = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n

    \u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 8

    In this challenge you will accept multiple requests.

    \u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 9

    In this challenge you will concurrently accept multiple requests.

    \u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 10

    In this challenge you will respond to a POST request with a specified file and update its contents.

    \u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\"\\r\\n\\r\\n\"\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 11

    In this challenge you will respond to multiple concurrent GET and POST requests.

    \u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# check GET or POST\nmov eax, request\nmov ebx, requestget\ncmp eax, ebx\nje handle_get\nmov ebx, requestpost\ncmp eax, ebx\nje handle_post\n\njmp program_exit\n\nhandle_get:\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\njmp program_exit\n\nhandle_post:\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\nprogram_exit:\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"

    Level 1

    \u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002

    Level 2

    \u672c\u5173run\u4ee5\u540ep/x $r12\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002

    Level 3

    \u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002

    Level 4

    \u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0\uff0cset $pc=xxx\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002

    Level 5

    \u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002

    run\u540e\u5148disas $pc\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a

    0x000055981a8ccd40 <+666>:   mov    esi,0x0\n0x000055981a8ccd45 <+671>:   lea    rdi,[rip+0xd5e]        # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>:   mov    eax,0x0\n0x000055981a8ccd51 <+683>:   call   0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>:   mov    ecx,eax\n0x000055981a8ccd58 <+690>:   lea    rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>:   mov    edx,0x8\n0x000055981a8ccd61 <+699>:   mov    rsi,rax\n0x000055981a8ccd64 <+702>:   mov    edi,ecx\n0x000055981a8ccd66 <+704>:   call   0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>:   lea    rdi,[rip+0xd46]        # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>:   call   0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>:   lea    rdi,[rip+0xd5a]        # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>:   mov    eax,0x0\n0x000055981a8ccd83 <+733>:   call   0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>:   lea    rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>:   mov    rsi,rax\n0x000055981a8ccd8f <+745>:   lea    rdi,[rip+0xd51]        # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>:   mov    eax,0x0\n0x000055981a8ccd9b <+757>:   call   0x55981a8cc260 <__isoc99_scanf@plt>\n

    \u731c\u6d4b\u57280x000055981a8ccd51\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002

    \u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002

    start\nbreak *main+716\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x18)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n

    \u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002

    Level 6

    \u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002

    Level 7

    \uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f

    Level 8

    \u76f4\u63a5\u8c03\u7528call (void)win()\uff0c\u53ef\u4ee5disas *win\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002

    0x0000556609b49951 <+0>:     endbr64\n0x0000556609b49955 <+4>:     push   rbp\n0x0000556609b49956 <+5>:     mov    rbp,rsp\n0x0000556609b49959 <+8>:     sub    rsp,0x10\n0x0000556609b4995d <+12>:    mov    QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>:    mov    eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>:    lea    edx,[rax+0x1]\n0x0000556609b4996e <+29>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>:    mov    DWORD PTR [rax],edx\n0x0000556609b49974 <+35>:    lea    rdi,[rip+0x73e]        # 0x556609b4a0b9\n0x0000556609b4997b <+42>:    call   0x556609b49180 <puts@plt>\n

    \u53ef\u89c1\u57280x0000556609b49969\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002

    \u4f9d\u6b21\u6267\u884c\uff1abreak *win\uff0ccall (void)win()\uff0cset $rip=*win+35\uff0cc\u5373\u53ef\u3002

    "},{"location":"python/","title":"Python","text":""},{"location":"python/#_1","title":"\u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027","text":"

    obj.__dir__() \u6216\u8005dir(obj)

    "},{"location":"python/#argparse","title":"\u53c2\u6570\u89e3\u6790\uff1aargparse","text":"

    \u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install --upgrade, pip3 install --force-reinstall\u7b49\u7b49\u3002

    import argparse\n\ndef populate_parser(parser):\n    parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n    parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n    parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n    # Verbosity switches\n    parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n    parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
    "},{"location":"python/#yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"

    \u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305

    import yaml\n\nwith open('config.yml', 'rb') as f:\n    data = yaml.load(f, Loader=yaml.FullLoader)\n    print(data)\n

    \u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09

    \u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6

    item:\ntest1: 1\ntest2: 2\ntest2.1: TRUE\ntest2.2: true\ntest2.3: True\nmatters:\ntest3: 3\n3: 333\ntest4: 4\ntest5: ${item.test1}\ntest6: a b c d\ntest7:

    \u4f1a\u88ab\u8bc6\u522b\u4e3a

    {'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
    "},{"location":"python/#logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"

    \u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002

    import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n

    \u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f

    import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n

    \u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)

    "},{"location":"python/#_2","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"

    \u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002

    import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n    event_id, pc, cnt = bb_regex.match(line).groups()\n\n    event_id = int(event_id, 16)\n    pc = int(pc, 16)\n    cnt = int(cnt)\n\n    return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n    pc, addr, mode = line.split(\" \")\n    return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n    try:\n        with open(filename, \"r\") as f:\n            return [line_parser(line) for line in f.readlines() if line]\n    except FileNotFoundError:\n        return []\n\ndef parse_bbl_trace(filename):\n    return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n    return _parse_file(filename, parse_mmio_set_line)\n
    "},{"location":"python/#capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"

    Cap'n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a

    // test.capnp\nstruct TraceEvent {\nunion {\nbasicBlock @0 :BasicBlock;\naccess @1 :Access;\n}\n}\n\nstruct BasicBlock {\npc @0 :UInt32;\nlr @1 :UInt32;\n}\n\nstruct Access {\ntarget @0 :AccessTarget;\ntype @1 :AccessType;\nsize @2 :UInt8;\npc @3 :UInt32;\n}\n\nenum AccessTarget {\nram @0;\nmmio @1;\n}\nenum AccessType {\nread @0;\nwrite @1;\n}\n
    \u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a

    import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n    if event.which() == 'basicBlock':\n        print(event.basicBlock.pc)\ntrace_file.close()\n
    "},{"location":"python/#_3","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"

    \u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal

    pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n    if timeout_seconds != 0:\n        def handler(signal_no, stack_frame):\n            pipeline.request_shutdown()\n\n        # spin up an alarm for the time\n        signal.signal(signal.SIGALRM, handler)\n        signal.alarm(timeout_seconds)\n\n    pipeline.start()\nexcept Exception as e:\n    logger.error(f\"Got exception, shutting down pipeline: {e}\")\n    import traceback\n    traceback.print_exc()\n    status = 1\n
    "},{"location":"python/#hexintelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"

    fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc

    from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n    0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n    0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n    ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n    ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n    # Check if the address is consecutive with the current data\n    if current_address is None or address == current_address + len(current_data):\n        if current_address is None:\n            current_address = address\n        current_data += bytes([ih[address]])\n    else:\n        # Save the previous data and start a new block\n        restored_data[current_address] = current_data\n        current_address = address\n        current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n    restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
    "},{"location":"python/#_4","title":"\u53c2\u8003\u8d44\u6599","text":""},{"location":"rca/","title":"\u6839\u56e0\u5206\u6790","text":"

    \u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002

    \u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002

    \u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002

    \u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a

    1. \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5(Spectrum-based)\u3002\u5927\u6982\u601d\u8def\u662f\u4e0d\u9700\u8981\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u7684\u8bed\u4e49\u4fe1\u606f\uff0c\u5229\u7528\u4e00\u4e9b\u7edf\u8ba1\u5b66\u7684\u65b9\u6cd5\u6765\u5206\u6790\u54ea\u4e9b\u6307\u4ee4\u6709\u95ee\u9898\u3002\u8fd9\u7c7b\u65b9\u6cd5\u57fa\u4e8e\u8fd9\u6837\u4e00\u4e2a\u573a\u666f\uff1a\u5047\u8bbe\u6211\u4eec\u6709\u4e00\u5927\u6279\u76f8\u4f3c\u7684\u6d4b\u8bd5\u6837\u4f8b\uff0c\u5176\u4e2d\u6709\u4e9b\u4f1a\u5bfc\u81f4\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6709\u4e9b\u4e0d\u4f1a\uff0c\u90a3\u4e48\u8fd9\u4e24\u7c7b\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u504f\u597d\u3002\u90a3\u4e48\u90a3\u4e9b\u66f4\u503e\u5411\u4e8e\u5728\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b\u4e2d\u6267\u884c\u7684\u6307\u4ee4\u66f4\u6709\u53ef\u80fd\u662froot cause\u3002
    2. \u4e8b\u540e\u5206\u6790\u65b9\u6cd5(Postmortem-based)\u3002\u76f4\u8bd1\u5c38\u68c0\u5206\u6790\uff0c\u5f62\u8c61\u7406\u89e3\u4e3a\u4ece\u7a0b\u5e8f\u5d29\u6e83\u540e\u7559\u4e0b\u7684\u201c\u5c38\u4f53\u201d\u5f00\u59cb\u5206\u6790\u3002\u5b83\u5047\u5b9a\u7a0b\u5e8f\u5d29\u6e83\u540e\u4f1a\u4ea7\u751f\u4e00\u4e2acoredump(\u6838\u5fc3\u8f6c\u50a8)\u6587\u4ef6\uff0c\u5305\u542b\u4e86\u5d29\u6e83\u70b9\u7684\u5185\u5b58\u5feb\u7167(memory snapshot)\uff0c\u4ee5\u53ca\u8fd9\u4e2a\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84(execution trace)\u3002\u524d\u8005\u7528\u4e8e\u63d0\u4f9b\u6570\u636e\u6d41\u4fe1\u606f(\u6bd4\u5982\u5185\u5b58\u503c\u3001\u5bc4\u5b58\u5668\u503c)\uff0c\u540e\u8005\u7528\u4e8e\u63d0\u4f9b\u63a7\u5236\u6d41\u4fe1\u606f(\u6c47\u7f16\u6307\u4ee4\u6267\u884c\u4e0e\u8df3\u8f6c)\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u4e00\u4e9b\u9006\u5411\u6267\u884c(reverse execution)\u548c\u540e\u5411\u6c61\u70b9\u5206\u6790(backward taint analysis)\u7684\u65b9\u6cd5\uff0c\u5b9a\u4f4d\u53ef\u80fd\u7684root cause\u3002
    3. \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5(Model-based)\u3002\u8fd9\u4e00\u7c7b\u65b9\u6cd5\u662f\u8fd1\u4e9b\u5e74\u63d0\u51fa\u7684\uff0c\u5b83\u901a\u8fc7\u5b9a\u4e49\u8bed\u4e49\u76f8\u5173\u7684\u6a21\u578b\uff0c\u5229\u7528\u673a\u5668\u5b66\u4e60\u6216\u6df1\u5ea6\u5b66\u4e60\u7684\u601d\u60f3\uff0c\u627e\u5230\u8bed\u4e49\u4e0a\u5bfc\u81f4\u5d29\u6e83\u7684root cause\u3002

    \u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002

    \u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002

    \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5

    \u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002

    \u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002

    "},{"location":"rca/#_2","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"

    \u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684

    "},{"location":"rca/#_3","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"

    \u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002

    "},{"location":"rca/#_4","title":"\u4e00\u4e9b\u60f3\u6cd5","text":"
    1. \u4ec0\u4e48\u662f\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\uff1f\u5047\u5982\u51fd\u6570A\u5185\u521b\u5efa\u4e34\u65f6\u53d8\u91cfx\u5e76\u8c03\u7528\u51fd\u6570B(x)\uff0c\u5728B\u5185\u5f15\u53d1crash\uff0c\u90a3\u4e48\u5e94\u8be5\u5f52\u548e\u4e3aA\u6ca1\u6709\u5904\u7406x\u5462\uff0c\u8fd8\u662fB\u6ca1\u6709\u68c0\u67e5x\u5462\uff1f\u8fd9\u662fAPI\u5b9e\u73b0\u7684\u95ee\u9898\uff0c\u8fd8\u662fAPI\u8bef\u7528\u7684\u95ee\u9898\uff1f(\u5f00\u53d1\u8005or\u7528\u6237)
    2. \u5bf9\u4e8e\u67d0\u4e00\u4e2acrash\uff0c\u5982\u679c\u5f00\u53d1\u4eba\u5458\u8fdb\u884c\u4e86\u4fee\u590d\uff0c\u90a3\u4e48\u8fd9\u4e2a\u4fee\u590d\u80fd\u62ff\u6765\u5f53root cause\u5417\uff1f\u4e0d\u540c\u5f00\u53d1\u4eba\u5458\u4fee\u590d\u7684\u98ce\u683c\u53ef\u80fd\u4e0d\u4e00\u6837\uff0c\u4fee\u590d\u4e5f\u672a\u5fc5\u662f\u5b8c\u5168\u7684\uff0croot cause\u5c31\u662f\u4e00\u4e2a\u4e3b\u89c2\u7684\u95ee\u9898\u4e86\u3002
    "},{"location":"rca/#_5","title":"\u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09","text":""},{"location":"rca/#_6","title":"\u53c2\u8003\u6587\u732e","text":"

    \u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba

    "},{"location":"reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":""},{"location":"reverse-advanced/#windows","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"

    DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker

    "},{"location":"reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"

    \u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002

    "},{"location":"reverse-basic/#_2","title":"\u8c03\u7528\u7ea6\u5b9a","text":"

    cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002

    stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002

    fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002

    "},{"location":"reverse-basic/#_3","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"

    call \u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c

    retn \u5373pop EIP

    test \u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668

    "},{"location":"reverse-basic/#nop","title":"NOP\u6307\u4ee4\u7684\u7528\u9014","text":"

    NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002

    "},{"location":"reverse-basic/#_4","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"

    \u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a

    push ebp\nmov ebp,esp\n

    \u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27

    "},{"location":"reverse-basic/#_5","title":"\u540d\u79f0\u4fee\u9970","text":"

    \u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a

    namespace wikipedia\n{\nclass article\n{\npublic:\nstd::string format();\n}\n}\n

    \u5176\u4e2d_Z\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002

    "},{"location":"reverse-basic/#pe","title":"PE\u6587\u4ef6","text":"

    PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002

    "},{"location":"reverse-basic/#pe_1","title":"PE\u6587\u4ef6\u7684\u6570\u636e\u8282","text":"

    #pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002

    "},{"location":"reverse-basic/#_6","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"

    \u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a\u6216.lib\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so\u6216.dll

    \u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c

    \u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef

    \u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o\uff0car crs libxx.a xx.o\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e

    "},{"location":"reverse-basic/#gdb","title":"gdb","text":"

    \u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002

    "},{"location":"reverse-basic/#_7","title":"\u63a8\u8350\u9605\u8bfb","text":"

    Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863

    "},{"location":"sci-thoughts/","title":"\u79d1\u7814\u5fc3\u5f97","text":""},{"location":"sci-thoughts/#_2","title":"\u517b\u6210\u4e60\u60ef","text":"

    \u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002

    \u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002

    \u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002

    \u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002

    "},{"location":"sci-thoughts/#_3","title":"\u79d1\u7814\u5199\u4f5c","text":"

    \u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002

    \u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002

    "},{"location":"sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"

    \u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a

    \u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a

    \u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a

    \u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a

    \u63d0\u51fa\u672c\u6587novelty\uff1a

    \u63d0\u51fa\u672c\u6587insight\uff1a

    \u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a

    \u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a

    \u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a

    "},{"location":"try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":""},{"location":"try-chatgpt/#_1","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"

    linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f

    \u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002

    \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a

    wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
    \u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a

    --recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 --no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 --page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 --html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 --convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 --restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 --domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 --no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002

    \u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002

    \u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f

    \u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a

    \u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a

    wget --limit-rate=200k http://example.com\n

    \u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --tries \u548c --wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a

    wget --tries=10 --wait=5 http://example.com\n
    \u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a

    wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n

    \u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002

    "},{"location":"try-chatgpt/#gopythonrust","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"

    go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f

    \u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a

    Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002

    Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002

    Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002

    \u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002

    "},{"location":"try-chatgpt/#_2","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"

    \u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9

    \u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a

    OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002

    NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002

    SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002

    Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002

    SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002

    Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002

    GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002

    \u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01

    "},{"location":"word-learning/","title":"\u8bcd\u6c47\u5b66\u4e60","text":""}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to c01dkit's tech blog","text":"

    \u76ee\u5f55\u4e3a\u81ea\u52a8\u751f\u6210\uff0c\u53ef\u80fd\u6709\u8bef\u3002\u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u65f6\u95f42023-08-23\u3002

    \u6b22\u8fce\u63d0issue\u4ee5\u6307\u9519\u3001\u4ea4\u6d41\uff01

    \u6700\u8fd1\u4e00\u6b21\u66f4\u65b0\u5185\u5bb9\uff1a

    "},{"location":"#_1","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"#c","title":"\u7f16\u7a0b\u8bed\u8a00 / C\u8bed\u8a00","text":""},{"location":"#go","title":"\u7f16\u7a0b\u8bed\u8a00 / Go","text":""},{"location":"#python","title":"\u7f16\u7a0b\u8bed\u8a00 / Python","text":""},{"location":"#_2","title":"\u7f16\u7a0b\u8bed\u8a00 / \u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"#python_1","title":"\u7f16\u7a0b\u5e94\u7528 / python\u722c\u866b","text":""},{"location":"#ida","title":"\u7a0b\u5e8f\u9006\u5411 / IDA\u57fa\u7840","text":""},{"location":"#_3","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u57fa\u7840","text":""},{"location":"#_4","title":"\u7a0b\u5e8f\u9006\u5411 / \u9006\u5411\u9ad8\u9636","text":""},{"location":"#git","title":"\u5b66\u4e60\u7b14\u8bb0 / Git","text":""},{"location":"#docker","title":"\u5b66\u4e60\u7b14\u8bb0 / Docker","text":""},{"location":"#_5","title":"\u5b66\u4e60\u7b14\u8bb0 / \u6839\u56e0\u5206\u6790","text":""},{"location":"#autoconf","title":"\u5b66\u4e60\u7b14\u8bb0 / autoconf","text":""},{"location":"#pwn-college-cse-365-spring-2023","title":"\u5b66\u4e60\u7b14\u8bb0 / pwn-college / CSE 365 - spring 2023","text":""},{"location":"#_6","title":"\u79d1\u7814\u751f\u6d3b / \u79d1\u7814\u5fc3\u5f97","text":""},{"location":"#latex","title":"\u79d1\u7814\u751f\u6d3b / latex\u57fa\u7840","text":""},{"location":"#_7","title":"\u5176\u4ed6\u6742\u9879 / \u6a21\u7cca\u6d4b\u8bd5","text":""},{"location":"#_8","title":"\u5176\u4ed6\u6742\u9879 / \u670d\u52a1\u5668\u7aef\u53e3\u590d\u7528","text":""},{"location":"#chatgpt","title":"\u5176\u4ed6\u6742\u9879 / ChatGPT","text":""},{"location":"#_9","title":"\u5176\u4ed6\u6742\u9879 / \u73af\u5883\u914d\u7f6e","text":""},{"location":"#linux","title":"\u5176\u4ed6\u6742\u9879 / linux\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"IDA/","title":"IDA\u4f7f\u7528","text":""},{"location":"IDA/#arm-raw-binary","title":"\u53cd\u7f16\u8bd1ARM raw binary","text":"

    \u52a0\u8f7d\u65f6\u9009\u62e9Processor type\uff0c\u6bd4\u5982ARM Little-endian [ARM]\uff0c\u968f\u540e\u6839\u636e\u5b9e\u9645\u52a0\u8f7d\u60c5\u51b5\u8bbe\u7f6eROM\u7684\u8d77\u59cb\u5730\u5740\u548cInput file\u5730\u5740\u3002

    raw binary\u7684\u524d\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbsp\u503c\uff0c\u968f\u540e\u56db\u5b57\u8282\u53ef\u80fd\u662f\u521d\u59cbpc\u503c\u3002\u6309G\u5e76\u8f93\u5165pc\u503c\uff0cAlt+G\u8bbe\u7f6eT\u5bc4\u5b58\u5668\u503c\u4e3a1\uff080\u8868\u793aARM\uff0c1\u8868\u793aThumb\uff09\uff0c\u7136\u540e\u9009\u4e2dpc\u53ca\u4e4b\u540e\u6240\u6709\u4ee3\u7801\uff0c\u6309C\u8fdb\u884cMakeCode\u3002

    "},{"location":"autoconf/","title":"autoconf\u5b66\u4e60\u7b14\u8bb0","text":"

    \u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\u65f6\uff0c\u751f\u6210\u89c4\u8303\u7684configure\u7b49\u6587\u4ef6\u3002\u53ef\u53c2\u8003https://www.cnblogs.com/klausage/p/14163844.html\u7b49

    "},{"location":"autoconf/#_1","title":"\u4e0d\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u7f16\u5199Makefile.am\u6587\u4ef6\uff0c\u6bd4\u5982\uff1a

    bin_PROGRAMS=helloworld\nhelloworld_SOURCES=helloworld.c\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([FULL-PACKAGE-NAME], [VERSION], [BUG-REPORT-ADDRESS])\nAM_INIT_AUTOMAKE([foreign]) # \u5982\u679c\u4e0d\u52a0\u8fd9\u4e00\u53e5\uff0c\u9ed8\u8ba4gnu\uff0c\u5219\u4e4b\u540e\u76ee\u5f55\u91cc\u8981\u6709NEWS\u3001README\u3001AUTHORS\u3001ChangLog\u7b49\u6587\u4ef6\uff08\u9700\u81ea\u5df1\u624b\u52a8\u5efa\u7acb\uff09\nAC_CONFIG_SRCDIR([main.h])\nAC_CONFIG_HEADERS([config.h])\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\n\n# Checks for header files.\n\n# Checks for typedefs, structures, and compiler characteristics.\n\n# Checks for library functions.\n\nAC_CONFIG_FILES([Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"autoconf/#_2","title":"\u533a\u5206\u76ee\u5f55\u7ed3\u6784","text":"

    \u4e5f\u5c31\u662f\u8bf4\u6e90\u7801\u53ef\u80fd\u5728\u591a\u4e2a\u6587\u4ef6\u5939\u4e0b\uff0c\u6bd4\u5982src\u3002\u90a3\u4e48\u6bcf\u4e2a\u6587\u4ef6\u5939\u9700\u8981\u5355\u72ec\u5199Makefile.am\u6765\u6307\u5b9a\u5982\u4f55\u7f16\u8bd1\u3002

    \u7f16\u5199Makefile.am\u6587\u4ef6

    \u6e90\u7801\u6240\u5728\u7684\u6587\u4ef6\u5939\u7684Makefile\u6587\u4ef6\u793a\u4f8b\uff1a

    bin_PROGRAMS = reverse\n\n#AM_CFLAGS= -DDEBUG -DLOG_INSTRUCTIONS -I ../include\nAM_CFLAGS= -DDEBUG -I ../include\n\nreverse_CPPFLAGS = -msse4.1\n\n# \u4f7f\u7528LDFLAG\u4f1a\u5728gcc\u4e2d\u90e8\u653e-l\uff0c\u5bfc\u81f4\u627e\u4e0d\u5230\u7b2c\u4e09\u65b9\u5e93\u3002\u7528LDADD\u53ef\u4ee5\u6dfb\u52a0\u5230\u6574\u4e2agcc\u6307\u4ee4\u7684\u6700\u540e\nreverse_LDADD = -lcapstone\n\nhandlers_FILES = handler_flag_manip.c handler_interrupt.c\n\n#handler_interrupt.c\n\nreverse_SOURCES = access_memory.c alias_manager.c $(handlers_FILES)\n

    \u9879\u76ee\u6587\u4ef6\u5939\u9700\u8981\u6307\u5b9a\u6e90\u6587\u4ef6\u6240\u5728\u7684\u6587\u4ef6\u5939

    POMP\u7684\u4f8b\u5b50\uff1a

    SUBDIRS=src # \u6307\u5b9asrc\u6587\u4ef6\u5939\ndist_doc_DATA=README\n\nTESTSUITES_DIR = testsuites\nEXECUTABLE=$(SUBDIRS)/reverse\n\nabc2mtex:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n\naireplay-ng:\n$(EXECUTABLE) $(TESTSUITES_DIR)/$@/core $(TESTSUITES_DIR)/library/ $(TESTSUITES_DIR)/$@/inst.reverse\n

    \u6267\u884cautoscan\uff0c\u751f\u6210configure.scan\uff0c\u5e76\u4fee\u6539\u5176\u4e2d\u7684AC_INIT\u3001AM_INIT_AUTOMAKE\uff0c\u91cd\u547d\u540d\u6587\u4ef6\u4e3aconfigure.ac\uff0c\u6bd4\u5982\uff1a

    #                                               -*- Autoconf -*-\n# Process this file with autoconf to produce a configure script.\n\nAC_PREREQ([2.69])\nAC_INIT([reverse_from_coredump], [0.0.1], [mudongliangabcd@gmail.com])\nAM_INIT_AUTOMAKE([-Wall -Werror foreign])\nAC_CONFIG_HEADERS([config.h])\n\n# Checks for programs.\nAC_PROG_CC\n\n# Checks for libraries.\nAC_CHECK_LIB([disasm], [x86_init])\nAC_CHECK_LIB([elf], [gelf_getehdr])\n\n# Checks for header files.\nAC_CHECK_HEADERS([fcntl.h malloc.h stddef.h stdint.h stdlib.h string.h unistd.h])\n\n# Checks for typedefs, structures, and compiler characteristics.\nAC_CHECK_HEADER_STDBOOL\nAC_C_INLINE\nAC_TYPE_OFF_T\nAC_TYPE_SIZE_T\n\n# Checks for library functions.\nAC_FUNC_MALLOC\nAC_CHECK_FUNCS([memset strerror])\n\nAC_CONFIG_FILES([Makefile\nsrc/Makefile])\nAC_OUTPUT\n

    \u6267\u884caclocal && autoheader && autoconf\uff0c\u751f\u6210aclocal.m4\u3001config.h.in\u548cconfigure

    \u8fd0\u884cautomake --add-missing\uff0c\u4f1a\u6839\u636eMakefile.am\u751f\u6210Makefile.in

    \u8fd0\u884c./configure\u751f\u6210makefile

    \u8fd0\u884cmake\uff0c\u57fa\u4e8emakefile\u7f16\u8bd1\u4ee3\u7801

    "},{"location":"c/","title":"C\u8bed\u8a00","text":""},{"location":"c/#_1","title":"\u6839\u636e\u7ed3\u6784\u4f53\u6210\u5458\u53d6\u7ed3\u6784\u4f53\u9996\u5730\u5740","text":"
    member_address - &(((TYPE *)0)->member);\n

    \u540e\u534a\u90e8\u5206\u770b\u4f3c\u4f1a\u89e3\u5f15\u75280\u5730\u5740\u800ccrash\uff0c\u4f46\u7f16\u8bd1\u5668\u4f1a\u4f18\u5316\u4e3a\u76f4\u63a5\u8ba1\u7b97member\u7684offset\u3002\u53c2\u89c1kernel\u4ee3\u7801\u5e38\u7528\u7684container_of\u3002

    "},{"location":"c/#_2","title":"\u7f16\u8bd1\u65f6\u786e\u5b9a\u94fe\u63a5\u5e93","text":"

    \u4f7f\u7528-l\u6307\u5b9a\u94fe\u63a5\u5e93\uff0c\u6ce8\u610f\u53bb\u6389\u5e93\u6587\u4ef6\u7684lib\u5f00\u5934\u548c.so\u7ed3\u5c3e\u3002\u7f16\u8bd1\u65f6\uff0c\u6ce8\u610f\u628a\u5e93\u653e\u5728\u6574\u4e2a\u547d\u4ee4\u7684\u7ed3\u5c3e\uff0c\u5426\u5219\u53ef\u80fd\u63d0\u793a\u5e93\u51fd\u6570\u672a\u5b9a\u4e49\u3002

    \u6bd4\u5982gcc main.c -lcapstone\u4e0d\u4f1a\u62a5\u9519\uff0cgcc -lcapstone main.c\u4f1a\u63d0\u793a\u62a5\u9519\u3002\uff08\u5047\u8bbe\u8fd9\u91ccmain.c\u8c03\u7528\u4e86capstone\u7684\u5e93\u51fd\u6570\uff09

    "},{"location":"code-gracely/","title":"\u4f18\u96c5\u7f16\u7a0b","text":""},{"location":"code-gracely/#_2","title":"\u7a0b\u5e8f\u4f18\u5316\u65b9\u6cd5","text":"

    \u4f18\u5316\u9700\u8981\u901a\u8fc7\u5927\u91cf\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u4e00\u81f4\u6027\u3001\u6027\u80fd\uff0c\u56e0\u4e3a\u5e76\u975e\u6240\u6709\u4f18\u5316\u90fd\u662f\u6b63\u786e\u6216\u5fc5\u8981\u7684\u3002\u4ece\u91cd\u6784\u7a0b\u5e8f\u6267\u884c\u6d41\u7684\u89d2\u5ea6\u6765\u8bb2\uff0c\u4f18\u5316\u5e76\u4e0d\u662f\u7075\u4e39\u5999\u836f\uff0c\u5e76\u5728\u4e0d\u540c\u8bed\u8a00\u3001\u4e0d\u540c\u7f16\u8bd1\u5668\u3001\u4e0d\u540c\u73af\u5883\u3001\u4e0d\u540c\u4efb\u52a1\u4e2d\u8868\u73b0\u51fa\u5de8\u5927\u7684\u5dee\u5f02\u3002\u4ee5\u4e0b\u7684\u4f18\u5316\u65b9\u6cd5\u5747\u4ec5\u4f9b\u53c2\u8003\u3002

    "},{"location":"code-gracely/#_3","title":"\u5229\u7528\u77ed\u8def\u4e0e\u54e8\u5175","text":""},{"location":"code-gracely/#_4","title":"\u4f18\u5316\u8ba1\u7b97\u6548\u7387","text":""},{"location":"code-gracely/#_5","title":"\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u91cd\u5199\u4ee3\u7801","text":"
    1. \u4f7f\u7528\u9ad8\u7ea7\u8bed\u8a00\u5b8c\u6210\u7a0b\u5e8f\u7f16\u5199
    2. \u8fdb\u884c\u6d4b\u8bd5\uff0c\u9a8c\u8bc1\u6b63\u786e\u6027
    3. \u8fdb\u884c\u7a0b\u5e8f\u5206\u6790\uff0c\u786e\u5b9a\u70ed\u70b9\u4ee3\u7801
    4. \u5bf9\u70ed\u70b9\u4ee3\u7801\u4f7f\u7528\u4f4e\u7ea7\u8bed\u8a00\u6539\u5199
    "},{"location":"code-gracely/#_6","title":"\u8bbe\u8ba1\u6070\u5f53\u7684\u6267\u884c\u63a7\u5236\u6d41","text":""},{"location":"code-gracely/#_7","title":"\u5faa\u73af","text":""},{"location":"code-gracely/#_8","title":"\u5efa\u8868\uff0c\u4ee5\u63d0\u9ad8\u4ee3\u7801\u8d28\u91cf","text":""},{"location":"code-gracely/#if-else","title":"\u7528\u67e5\u8868\u6cd5\u66ff\u6362\u7e41\u7410\u7684if-else\u5224\u65ad","text":"

    \u4f7f\u7528\u5927\u91cfif-else\u7684\u574f\u5904\uff1a

    \u4f7f\u7528\u67e5\u8868\u6cd5\u7684\u597d\u5904\uff1a

    \u7528\u6cd5\uff1a\u5c06\u8981\u5224\u65ad\u7684\u5404\u4e2a\u53c2\u6570\u4f5c\u4e3a\u8868\u7684\u7ef4\u5ea6\uff0c\u5c06\u5224\u65ad\u7ed3\u679c\u4f5c\u4e3a\u8868\u7d22\u5f15\u540e\u7684\u7ed3\u679c\u3002

    "},{"location":"code-gracely/#_9","title":"\u7528\u7d22\u5f15\u8868\u66ff\u6362\u6570\u636e\u8868","text":"

    \u7a00\u758f\u7684\u6570\u636e\u8868\u5728\u5b58\u50a8\u5bf9\u9f50\u7684\u60c5\u51b5\u4e0b\u4f1a\u6d6a\u8d39\u5927\u91cf\u7a7a\u95f4\u3002\u4e0e\u4e4b\u76f8\u6bd4\uff0c\u91c7\u7528\u7d22\u5f15\u8868\u53ef\u4ee5\u964d\u4f4e\u7a7a\u95f4\u6d6a\u8d39\u91cf\uff08\u4ecd\u7136\u4f1a\u4ea7\u751f\u6d6a\u8d39\uff09\u3002\u4e3a\u4e86\u8fdb\u4e00\u6b65\u51cf\u5c11\u7d22\u5f15\u8868\u7a7a\u95f4\uff0c\u53ef\u4ee5\u4f7f\u7528\u9636\u68af\u7d22\u5f15\u8868\uff0c\u6839\u636e\u6570\u636e\u7684\u8303\u56f4\uff08\u800c\u4e0d\u662f\u5177\u4f53\u7684\u6570\u636e\u503c\uff09\u8fdb\u884c\u5efa\u7d22\u5f15\uff0c\u6bd4\u5982\u6839\u636e\u767e\u5206\u5236\u6210\u7ee9\u8ba1\u7b97\u7ee9\u70b9\uff0c\u5efa\u7acb\u76f8\u5e94\u7684data-to-key\u51fd\u6570\uff0c\u653e\u5728\u6570\u7ec4\u4e2d\u3002

    "},{"location":"code-gracely/#_10","title":"\u7528\u7ed3\u679c\u8868\u66ff\u6362\u6570\u5b66\u8ba1\u7b97\u7ed3\u679c","text":"

    \u8003\u8651\u5230\u7cfb\u7edf\u51fd\u6570\u7684\u7cbe\u786e\u6027\uff0c\u8ba1\u7b97\u901f\u5ea6\u53ef\u80fd\u8f83\u6162\u3002\u53ef\u4ee5\u9884\u5148\u624b\u52a8\u7b97\u51fa\u4e00\u4e9b\u6570\u636e\u5e76\u5efa\u8868\uff0c\u8ba1\u7b97\u65f6\u76f4\u63a5\u67e5\u8868\u5373\u53ef\uff0c\u5927\u5927\u63d0\u9ad8\u7a0b\u5e8f\u6027\u80fd\u3002

    "},{"location":"code-gracely/#_11","title":"\u4e00\u4e9b\u5c0f\u5c0f\u7684\u8bed\u6cd5\u7279\u6027","text":""},{"location":"code-gracely/#c","title":"C","text":"

    \u521d\u59cb\u5316\u6570\u7ec4\uff0c\u53ef\u4ee5\u8fde\u7eed\u8d4b\u503c

    int arr[10] = {\n[0]       = 1,\n[1 ... 4] = 2,\n[5 ... 7] = 4,\n};\n

    \u521d\u59cb\u5316\u7ed3\u6784\u4f53\u6216\u8054\u5408\uff0c\u53ef\u4ee5\u4e00\u8d77\u8d4b\u503c

    struct test {\nint a;\nint b;\nint c;\nint d;\n};\n\nint main(\nint argc, char const *argv[]\n)\n{\nstruct test t = {\n.a = 1,\n.b = 2,\n.c = 3,\n.d = 4,\n};\n\nreturn 0;\n}\n
    "},{"location":"crawler/","title":"\u722c\u866b\u6a21\u677f","text":""},{"location":"crawler/#scrapy","title":"Scrapy","text":"

    \u4e5f\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd

    "},{"location":"crawler/#_2","title":"\u52a0\u56fd\u5185\u4ee3\u7406","text":"

    \u9488\u5bf9\u4e2a\u522b\u7f51\u7ad9\u9501ip\uff0c\u53ef\u4ee5\u8003\u8651\u6574\u4e2a\u4ee3\u7406

    import base64\nusername = 'xxxxx'\npasswd = 'xxxxx'\nproxy_ip = 'xxxx.kdltps.com'\nproxy_port = '15818'\n\nmeta = {'proxy': f'http://{proxy_ip}:{proxy_port}'}\ncode = base64.b64encode(f'{username}:{passwd}'.encode()).decode()\n\nheaders = {\n    \"Proxy-Authorization\": f\"Basic {code}\", # \u5728headers\u91cc\u8bbe\u7f6e\u4e0b\u4ee3\u7406token\n}\n\ndef start_requests(self):\n    yield scrapy.Request(\n        headers = headers, # \u8bbe\u7f6e\u4f7f\u7528headers\uff0c\u5305\u542btoken\n        meta = meta, # \u8bbe\u7f6e\u4f7f\u7528\u4ee3\u7406\n        )\n
    "},{"location":"crawler/#applicationjson","title":"application/json\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/json\u7c7b\u578b\uff0cstart_requests\u91cc\u7528Request\uff0c\u6ce8\u660emethod\u548cbody\uff1a

    import json\nheaders = {\n    \"Content-Type\": \"application/json\",\n    \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36\",\n}\n\ndata = json.dumps({\"key\":\"value\"})\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.Request(\n    url=url, \n    method='POST', \n    headers=headers, \n    body=data,\n    callback=self.parse, \n    meta={'period': t}, \n    errback=self.err,\n    cb_kwargs={'period': t,'page':0}\n)\n
    "},{"location":"crawler/#applicationx-www-form-urlencoded","title":"application/x-www-form-urlencoded\u7c7b\u578b","text":"

    \u9488\u5bf9\u8bf7\u6c42\u5934Content-Type\u4e3aapplication/x-www-form-urlencoded\u7c7b\u578b\uff0cstart_requests\u91cc\u7528FormRequest\uff0c\u6ce8\u660eformdata\uff1a

    post_data = {\"key\":\"value\"}\n\n# \u7701\u7565\u65e0\u5173\u4fe1\u606f\n\nyield scrapy.FormRequest(\n    url=url,\n    formdata=post_data,\n    errback=self.err,\n    callback = self.parse,\n    cookies = cookies,\n    cb_kwargs = {'id':'shixian','page':str(page)},\n    )\n

    \u666e\u901a\u8bf7\u6c42\u7528scrapy.Request\u5373\u53ef\u3002

    "},{"location":"crawler/#selenium","title":"Selenium","text":"

    \u722c\u4e45\u4e86\u603b\u4f1a\u7206\u5185\u5b58\uff0c\u4e0d\u77e5\u9053\u5185\u5b58\u6cc4\u9732\u7684bug\u6709\u6ca1\u6709\u4fee\u590d\u3002\u4ee5\u4e0b\u7528\u7684\u662fchrome\u6d4f\u89c8\u5668\uff0c\u9700\u8981\u9884\u5148\u4e0b\u8f7d\u4e0b\u9a71\u52a8

    from selenium import webdriver\nfrom selenium.webdriver.common.by import By\nfrom selenium.webdriver.chrome.service import Service\nfrom pathlib import Path\nimport time\nimport json\nimport ast \nimport re\nimport os\nimport yaml\nimport shutil\n\noptions = webdriver.ChromeOptions()\n# options.add_argument('--headless')\n# https://chromedriver.chromium.org/downloads\ns = Service('S:/chromedriver.exe')\noptions.add_experimental_option('excludeSwitches', ['enable-logging'])\ndriver = webdriver.Chrome(service=s,options=options)\ndriver.get('http://www.baidu.com')\ntime.sleep(1)\n\ndef get_current_and_final_page_of_one_book():\n    cur = -1\n    final = -1\n    try:\n        pages = driver.find_elements(By.XPATH,'//ul[@class=\"t-pager\"]/li')\n    except:\n        print('Current page is not found')\n        return cur,final\n\n    for page in pages:\n        if 'active' in page.get_attribute('class'):\n            cur = int(page.text)\n        if 'number' in page.get_attribute('class'):\n            final = int(page.text)\n    return cur,final\n\ndef download_one_page_of_a_book(skip,config):\n\"\"\"\u4e00\u9875\u6240\u6709\u6587\u6863\u5168\u90e8\u4e0b\u8f7d\u6210\u529f\u5219\u8fd4\u56deTrue,OK\n    \"\"\"\n    global CURRENT_PAGE\n    global CURRENT_TITLE\n    titles = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[1]')\n    icons = driver.find_elements(By.XPATH,'//div[@class=\"container\"]/div[1]/div[2]/div[2]/table/tbody/tr/td[4]')\n    jscode = 'document.location = '+'\"'+config['url']+'\"'\n    driver.execute_script(jscode)\n    for title,svgs in zip(titles,icons):\n        svgs = svgs.find_elements(By.XPATH,'.//*[name()=\"svg\"]')\n        print(f'Current title: {title.text}, skip: {skip}, CURRENT_TITLE: {CURRENT_TITLE}')\n        if CURRENT_TITLE is not None and skip and title.text != CURRENT_TITLE:\n            continue\n        skip = False\n        for svg in svgs:\n            # if visible \n            if svg.get_attribute('style') == 'display: inline-block;':\n                svg.click()\n                time.sleep(7)\n                cls = driver.window_handles\n                if len(cls) > 1:\n                    time.sleep(20)\n                ok = archive_file(title.text,config)\n                if not ok:\n                    print(f'Failed to download {title.text}')\n                    while len(cls) > 1:\n                        driver.switch_to.window(cls[1])\n                        driver.close()\n                        driver.switch_to.window(cls[0])\n                        cls = driver.window_handles\n                    return (False, title.text)\n                cls = driver.window_handles\n                driver.switch_to.window(cls[0])\n    CURRENT_TITLE = None\n    CURRENT_PAGE += 1\n    return (True, 'OK')\n\n# load yaml\nwith open(target_yml,'r',encoding='utf8') as f:\n    SETTINGS = yaml.load(f,Loader=yaml.FullLoader)\n# dump yaml\nwith open(target_yml,'w',encoding='utf8') as f:\n    yaml.dump(SETTINGS,f,allow_unicode=True)\n\ndriver.close()\ndriver.quit()\n

    \u6216\u8005\u8bbe\u7f6e\u4e00\u4e2ahelper\u7a0b\u5e8f\uff0c\u53cd\u590d\u542f\u52a8selenium\uff1a

    import subprocess\nimport time\nimport datetime\nimport sys\ncmd = 'python ./main.py'\nop = 0\nwhile True:\n    if op >= 200:\n        print('failed 200 times!')\n        break\n    p = subprocess.Popen(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)\n    print('new round at', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),f'op = {op}')\n    op += 1\n\n    time.sleep(30)\n    if p.poll() == 0:\n        break\n    p.wait()\n
    "},{"location":"docker/","title":"Docker\u4f7f\u7528\u7b14\u8bb0","text":""},{"location":"docker/#docker_1","title":"\u5b89\u88c5docker","text":"

    \u6309\u7167https://docs.docker.com/engine/install/ubuntu/\u7684\u8bf4\u660e\u5b89\u88c5\u5373\u53ef

    "},{"location":"docker/#_1","title":"\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e","text":"

    \u9ed8\u8ba4\u4f7f\u7528\u7684\u4f4d\u7f6e\u662f/var/lib/docker\uff0c\u5728\u6839\u76ee\u5f55\u4e0b\u5bb9\u6613\u5360\u6ee1\u3002\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/lib/systemd/system/docker.service\u7684-g\u53c2\u6570\u6765\u6307\u5b9a\u4f4d\u7f6e\u3002\u53ef\u4ee5\u901a\u8fc7docker info\u67e5\u770b\u4fdd\u5b58\u7684\u4f4d\u7f6eDocker Root Dir\u3002

    \u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u901a\u8fc7systemctl status docker\u5e76\u67e5\u770bLoad\u4f7f\u7528\u7684\u914d\u7f6e\u6587\u4ef6\u662f\u54ea\u4e2a\u3002

    \u53e6\u4e00\u79cd\u6307\u5b9a\u955c\u50cf\u4fdd\u5b58\u4f4d\u7f6e\u7684\u65b9\u6cd5\uff1a\u4fee\u6539/etc/docker/daemon.json\uff0c\u8bbe\u7f6e\u4e3a

    {\n\"data-root\": \"/home/docker\"\n}\n

    \u968f\u540e\u91cd\u8f7d\u4e00\u4e0b\u914d\u7f6e\uff1a

    sudo cp -r /var/lib/docker /home/docker\nsudo systemctl daemon-reload\nsudo systemctl restart docker\nsudo systemctl status docker\n
    "},{"location":"docker/#_2","title":"\u4ece\u955c\u50cf\u521b\u5efa\u5bb9\u5668\u5e76\u6302\u8f7d\u76ee\u5f55","text":"

    \u4f1a\u5728\u5bb9\u5668\u4e2d\u521b\u5efa\u76ee\u5f55\uff0c\u6620\u5c04\u5bbf\u4e3b\u673a\u76ee\u5f55\u3002\u5bbf\u4e3b\u673a\u7684\u76ee\u5f55\u548c\u5bb9\u5668\u76ee\u5f55\u5185\u5bb9\u662f\u4e00\u6837\u7684\uff0c\u4fee\u6539\u4e00\u65b9\uff0c\u53e6\u4e00\u65b9\u968f\u4e4b\u6539\u53d8

    docker run -it --name=<container_name> --user=<user_id>:<group_id> --hostname=xxxx --workdir=xxxx  -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --mount type=bind,source=<\u5bbf\u4e3b\u673a\u76ee\u5f55>,target=<\u5bb9\u5668\u76ee\u5f55> <\u955c\u50cf\u540d>:<tag> /bin/bash\n
    \u4ee5\u4e0a\u547d\u4ee4\u53ef\u4ee5\u5b8c\u6210\u5bf9\u6307\u5b9a\u955c\u50cf\u521b\u5efa\u4e00\u4e2a\u6bd4\u8f83\u5b8c\u5907\u7684\u5bb9\u5668\uff0c\u6307\u5b9a\u4e86\u5bb9\u5668\u540d\u79f0\u3001\u7528\u6237\u540d\u79f0\u548c\u7ec4\u522b\u3001\u4e3b\u673a\u540d\u3001\u7528\u6237\u5de5\u4f5c\u76ee\u5f55\uff0c\u5e76\u6302\u8f7d\u4e86\u4e3b\u673a\u7684\u4e00\u4e9b\u76ee\u5f55\u3002\u6307\u5b9apasswd\u548cgroup\u6587\u4ef6\u7684\u53ea\u8bfb\u6302\u8f7d\u53ef\u4ee5\u907f\u514d--user\u4f7f\u7528\u7528\u6237(\u7ec4)id\u8fdb\u884c\u65b0\u5efa\u5bb9\u5668\u65f6\u5f15\u53d1\u7684\u627e\u4e0d\u5230\u7528\u6237\u540d\u548c\u7ec4\u540d\u7684\u95ee\u9898\u3002\u5e76\u4e14\u907f\u514d\u4e86\u9ed8\u8ba4root\u7528\u6237\u5bfc\u81f4\u7684\u4e3b\u673a\u7aef\u65e0\u6cd5\u8bbf\u95ee\u5bb9\u5668\u65b0\u5efa\u6587\u4ef6\u7684\u95ee\u9898\u3002

    \u6ce8\u610f\u8fd9\u6837\u521b\u5efa\u7684\u7528\u6237\u6ca1\u6709root\u6743\u9650\u3002\u5982\u679c\u9700\u8981\uff0c\u5219\u4e0d\u4f7f\u7528user\u53c2\u6570\uff0c\u4f46\u5b58\u5728\u5bb9\u5668\u521b\u5efa\u6587\u4ef6\u662froot\uff0c\u5bbf\u4e3b\u673a\u65e0\u6cd5\u4fee\u6539\u7684\u95ee\u9898\u3002

    \u4e00\u4e2a\u4e0d\u592a\u806a\u660e\u7684\u89e3\u51b3\u65b9\u6cd5\u662fuser_id\u8bbe\u6210root\u76840\uff0cgroup_id\u8bbe\u6210\u666e\u901a\u7528\u6237\uff0c\u7136\u540e\u5728\u5bb9\u5668\u91cc\u7ed9root\u7684.bashrc\u52a0\u4e00\u884cumask 0002\u3002\u5c31\u662f\u8bf4\u8ba9\u7528\u6237\u7ec4\u4e5f\u80fd\u4fee\u6539\u6587\u4ef6\u4e86\u3002

    \u4e00\u4e9b\u5176\u4ed6\u7684\u529e\u6cd5\uff1adocker exec -u\u597d\u50cf\u53ef\u4ee5\u6307\u5b9a\u542f\u52a8\u5bb9\u5668\u65f6\u7684\u7528\u6237\uff0c\u4e0d\u77e5\u9053\u6709\u4ec0\u4e48\u7528\uff0c\u53ef\u4ee5\u8bd5\u8bd5\uff1b\u6216\u8005root\u8fdb\u53bb\u4ee5\u540e\u628a\u666e\u901a\u7528\u6237\u52a0\u5230sudoers\u91cc

    "},{"location":"docker/#_3","title":"\u65b0\u5bb9\u5668\u521d\u59cb\u5316","text":"

    apt-get update\u66f4\u65b0\u4e00\u4e0blist\uff0c\u7136\u540e\u624d\u80fd\u4f7f\u7528apt-get\u4e0b\u8f7d\u5176\u4ed6\u5305\u3002\u4e00\u4e9b\u5e38\u7528\u7684\u5305\uff1aapt-get install build-essential

    "},{"location":"docker/#_4","title":"\u9000\u51fa\u521d\u6b21\u521b\u5efa\u7684\u5bb9\u5668","text":"

    \u8fde\u6309Ctrl+P\u3001Ctrl+Q\u9000\u51fa\u5bb9\u5668\u3002\u5426\u5219\u7b80\u5355\u9000\u51fa\u540e\u5bb9\u5668\u5c31stop\u4e86\uff0c\u4e0b\u6b21exec\u7684\u65f6\u5019\u8fd8\u8981restart\uff0c\u751a\u81f3\u8fd8\u4f1a\u51fa\u73b0restart\u81ea\u52a8\u53c8stop\u7684\u60c5\u51b5

    "},{"location":"docker/#_5","title":"\u8fdb\u5165\u5df2\u6709\u7684\u5bb9\u5668","text":"
    docker exec -it <\u5bb9\u5668id> /bin/bash\n

    \u53ef\u4ee5Ctrl+D\u9000\u51fa

    "},{"location":"envs/","title":"\u73af\u5883\u914d\u7f6e","text":""},{"location":"envs/#_2","title":"\u66f4\u65b0\u57fa\u672c\u73af\u5883","text":"
    sudo apt update\nsudo apt install curl build-essential gcc make -y\n
    "},{"location":"envs/#rust","title":"\u5b89\u88c5rust","text":"
    curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh\n

    \u56fd\u5185\u4f7f\u7528\u65f6crates.io\u53ef\u80fd\u767b\u4e0d\u4e0a\uff0c\u8bd5\u8bd5\u4fee\u6539\u5b89\u88c5\u76ee\u5f55\u4e0b\u7684config\u6587\u4ef6(\u6bd4\u5982$HOME/.cargo/config)

    [source.crates-io]\nregistry = \"https://github.com/rust-lang/crates.io-index\"\n\n# \u66ff\u6362\u6210\u4f60\u504f\u597d\u7684\u955c\u50cf\u6e90\n#replace-with = 'sjtu'\n#replace-with = 'ustc'\n#replace-with = 'tuna'\n#replace-with = 'rustcc'\n\n# \u6e05\u534e\u5927\u5b66\n[source.tuna]\nregistry = \"https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git\"\n\n# \u4e2d\u56fd\u79d1\u5b66\u6280\u672f\u5927\u5b66\n[source.ustc]\nregistry = \"git://mirrors.ustc.edu.cn/crates.io-index\"\n\n# \u4e0a\u6d77\u4ea4\u901a\u5927\u5b66\n[source.sjtu]\nregistry = \"https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index\"\n\n# rustcc\u793e\u533a\n[source.rustcc]\nregistry = \"git://crates.rustcc.cn/crates.io-index\"\n\n[source.rustcchttp]\nregistry = \"https://code.aliyun.com/rustcc/crates.io-index.git\"\n
    "},{"location":"envs/#golang","title":"\u8bbe\u7f6egolang\u4ee3\u7406","text":"
    go env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"envs/#ohmyzsh","title":"\u5b89\u88c5ohmyzsh","text":"
    sudo apt install zsh\n

    curl\u548cwget\u4e8c\u9009\u4e00

    sh -c \"$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)\"\n
    sh -c \"$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)\"\n
    "},{"location":"envs/#git","title":"git\u8bbe\u7f6e\u5168\u5c40\u4ee3\u7406","text":"

    \u9700\u8981\u6839\u636e\u672c\u5730\u5b9e\u9645\u7684\u60c5\u51b5\u4fee\u6539\u76ee\u6807ip\u548c\u7aef\u53e3

    git config --global http.https://github.com.proxy http://xxx.xxx.xxx.xxx:xxx\n
    "},{"location":"envs/#perf-ubuntu","title":"perf \u5b89\u88c5(ubuntu)","text":"
    sudo apt-get install linux-tools-`uname -r`\n
    "},{"location":"envs/#ssh","title":"\u9009\u62e9ssh\u5bc6\u94a5","text":"
    evel `ssh-agent`\nssh-add <\u79c1\u94a5\u6587\u4ef6>\n
    "},{"location":"envs/#windowsmake","title":"Windows\u4e0b\u5b89\u88c5make","text":"

    \u4f7f\u7528chocolatey\u5305\u7ba1\u7406\u5668\u3002\u6309https://chocolatey.org/install#individual\u7684\u8bf4\u660e\u5373\u53ef\uff0c\u6700\u540echoco install make

    "},{"location":"envs/#_3","title":"\u53c2\u8003\u6587\u7ae0","text":""},{"location":"fuzzing/","title":"\u6a21\u7cca\u6d4b\u8bd5\u57fa\u672c\u4ecb\u7ecd","text":"

    \u8986\u76d6\u7387\u6307\u5f15\u7684\u6a21\u7cca\u6d4b\u8bd5\u65b9\u6cd5\u83b7\u5f97\u8986\u76d6\u7387\u7684\u56db\u79cd\u8ffd\u8e2a\u65b9\u5f0f[^1]\uff1a

    1. \u4f7f\u7528\u7f16\u8bd1\u5668\u5411\u57fa\u672c\u5757\u8fb9\u7f18\u63d2\u6869\uff0c\u53ef\u4ee5\u51c6\u786e\u5730\u63d2\u6869\u5e76\u6613\u4e8e\u4f18\u5316\uff0c\u4f46\u9700\u8981\u6e90\u7801\u5df2\u77e5\u3002
    2. \u9759\u6001\u4e8c\u8fdb\u5236\u91cd\u5199\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u4ecd\u5728\u7814\u7a76\uff0c\u56e0\u4e3a\u9759\u6001\u4ee3\u7801\u63d2\u6869\u51c6\u786e\u6027\u96be\u4ee5\u4fdd\u8bc1\uff0c\u5e76\u4e14\u4f18\u5316\u80fd\u529b\u6709\u9650\u3002\u8fd9\u4e9b\u9650\u5236\u6761\u4ef6\u4f1a\u5f71\u54cd\u4ee3\u7801\u7387\u4fe1\u606f\u7684\u8d28\u91cf\u4e0e\u51c6\u786e\u6027\uff0c\u4ee5\u53ca\u4e8c\u8fdb\u5236\u91cd\u5199\u7684\u8868\u73b0\u3002
    3. \u52a8\u6001\u4e8c\u8fdb\u5236\u63d2\u6869\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u53ef\u4ee5\u5bb9\u6613\u3001\u51c6\u786e\u63d2\u5165\u4ee3\u7801\uff0c\u4f46\u662f\u52a8\u6001\u7ffb\u8bd1\u4e8c\u8fdb\u5236\u7684\u5f00\u9500\u53ef\u80fd\u5927\u5230\u4e0d\u80fd\u63a5\u53d7\u3002
    4. \u786c\u4ef6\u8f85\u52a9\u8ffd\u8e2a\uff0c\u4e0d\u9700\u8981\u6e90\u7801\uff0c\u5229\u7528\u5185\u7f6e\u7684\u786c\u4ef6\u8ffd\u8e2a\u6269\u5c55\uff0c\u5728\u8fd0\u884c\u65f6\u76f4\u63a5\u83b7\u53d6\u63a7\u5236\u6267\u884c\u6d41\u4fe1\u606f\u3002

    \u4fb5\u5165\u5f0f\u4e0e\u975e\u4fb5\u5165\u5f0f\u8ffd\u8e2a[^2]\uff1a

    Traces can be generated by trace code that is executed within tasks and/or interrupt service routines, just like application code that is executed on the same CPU. This is the most flexible approach, as both the content and the amount of trace information output can be defined in software. However, this tracing method comes with a significant drawback: It uses resources that are shared with the application software, hence tracing may significantly reduce the amount of memory available for the applications, increase the gross execution times of the applications and, in the case of real-time systems, impair functionality. This is why it is called intrusive tracing.

    The most common case is that adding trace code is detrimental to the functionality of the applications in real-time systems because the resource requirements for intrusive tracing have been underestimated in the early stages of the project, such that tracing would eventually eat up resources that are required by the application. Therefore, the resource requirements for tracing must be properly considered throughout the whole development lifecycle. Removing trace code from real-time systems may also cause functional issues, typically just before the final production software release. This is the worst case, as trace information is no longer available in this scenario.

    Non-intrusive tracing does not change the intrinsic timing behavior of the system under test. This approach simplifies the software development process a lot and requires dedicated hardware support for tracing. External trace probes connected to the target system, in conjunction with on-chip debug modules, capture code execution on instruction level, memory accesses and other events on the target processor. This approach is the best option when it comes to debugging the code execution down to the instruction level. The PCB design of the device under test must provide the connectors required by the external probe.

    Another option for non-intrusive tracing is on-chip tracing, where most of the trace hardware is packed into the same chip that also contains the CPU that executes the application code. Non-intrusive tracing can, however, be restricted by limitations of the respective trace module or probe, such as buffer sizes, bus bandwidth or the size of an external probe.

    Due to cost savings (no expensive third-party trace hardware required), reduced footprint (very small connectors instead of larger probe connectors), and limited trace bandwidth requirements, the on-chip tracing method is the preferred approach for generating the trace data required for in-depth timing analysis on task, runnable and ISR level. On-chip tracing is a suitable tracing method for devices under test with form factors very close to the final volume production devices.

    "},{"location":"fuzzing/#_2","title":"\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u7f51\u7edc\u534f\u8bae\u7684\u7279\u70b9\u662f\u4e00\u822c\u6709\u660e\u786e\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u76f8\u540c\u7684input\u5728\u4e0d\u540c\u7684\u72b6\u6001\u53ef\u80fd\u5f97\u5230\u4e0d\u540c\u7684output\u3002\u9488\u5bf9\u7f51\u7edc\u534f\u8bae\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e00\u822c\u5177\u6709stateful\u7684\u7279\u70b9\u3002\u8fd9\u7c7b\u6a21\u7cca\u6d4b\u8bd5\u6709\u51e0\u4e2a\u96be\u70b9\uff1a 1. \u751f\u6210\u683c\u5f0f\u6b63\u786e\u7684\u4fe1\u606f\uff0c\u6ee1\u8db3\u5bf9\u7279\u5b9a\u72b6\u6001\u7684fuzz 2. \u6269\u5c55\u5230\u4e0d\u540c\u7684\u534f\u8bae\u4e2d 3. \u6d4b\u8bd5\u6837\u4f8b\u6709\u6548\u6027\uff0c\u9700\u8981\u901a\u8fc7\u683c\u5f0f\u6821\u9a8c\u6bd4\u5982\u957f\u5ea6\u3001\u534f\u8bae\u8ba4\u8bc1\u3001\u6821\u9a8c\u548c\u7b49

    "},{"location":"fuzzing/#aflnet","title":"AFLNET","text":"

    \u9996\u6b21\u63d0\u51fa\u9488\u5bf9\u6709\u72b6\u6001\u534f\u8bae\u7684\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u3002AFLNET\u4ece\u54cd\u5e94\u4fe1\u606f\u4e2d\u63d0\u53d6\u54cd\u5e94\u7801\u6765\u8868\u793a\u72b6\u6001\u4fe1\u606f\uff0c\u5e76\u7528\u54cd\u5e94\u7801\u5e8f\u5217\u6765\u63a8\u65ad\u534f\u8bae\u5b9e\u73b0\u7684\u72b6\u6001\u6a21\u578b\uff0c\u5e76\u8fdb\u4e00\u6b65\u4f7f\u7528\u8fd9\u4e00\u6a21\u578b\u6765\u6307\u5bfcfuzz\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u72b6\u6001\u8868\u793a\u80fd\u529b\uff1aAFLNET\u8981\u6c42\u54cd\u5e94\u4fe1\u606f\u4e2d\u5305\u542b\u72b6\u6001\u7801\uff0c\u8fd9\u5e76\u4e0d\u662f\u534f\u8bae\u5fc5\u987b\u5b9e\u73b0\u7684\u3002\u800c\u4e14\u72b6\u6001\u7801\u8868\u793a\u80fd\u529b\u6709\u9650\uff0c\u4e14\u53ef\u80fd\u4ea7\u751f\u5197\u4f59\u72b6\u6001\u3002 2. \u6d4b\u8bd5\u6548\u7387\uff1a\u6ca1\u6709\u660e\u786e\u7684\u4fe1\u53f7\u53cd\u6620\u5f85\u6d4b\u7a0b\u5e8f\u662f\u5426\u5904\u7406\u5b8c\u6d88\u606f\uff0c\u56e0\u6b64\u8bbe\u7f6e\u56fa\u5b9a\u7684\u8ba1\u65f6\u5668\u6765\u63a7\u5236\u6d88\u606f\u53d1\u9001\uff0c\u65f6\u95f4\u7a97\u53e3\u53ef\u80fd\u8fc7\u5c0f\u6216\u8fc7\u5927\u3002

    "},{"location":"fuzzing/#stateafl","title":"STATEAFL","text":"

    \u4f7f\u7528\u7a0b\u5e8f\u5185\u5b58\u72b6\u6001\u6765\u8868\u793a\u670d\u52a1\u72b6\u6001\uff0c\u901a\u8fc7\u5bf9\u88ab\u6d4b\u7a0b\u5e8f\u63d2\u6869\u6765\u6536\u96c6\u72b6\u6001\u4fe1\u606f\u5e76\u63a8\u6d4b\u72b6\u6001\u6a21\u578b\u3002\u5728\u6bcf\u4e00\u8f6e\u7f51\u7edc\u4ea4\u4e92\u4e2d\uff0cSTATEAFL\u5c06\u7a0b\u5e8f\u53d8\u91cf\u503c\u8f6c\u50a8\u7ed9\u5206\u6790\u961f\u5217\uff0c\u5e76\u8fdb\u884cpost-execution\u7684\u5206\u6790\uff0c\u6765\u66f4\u65b0\u72b6\u6001\u6a21\u578b\u3002

    \u4e00\u4e9b\u4e0d\u8db3\uff1a 1. \u9762\u5bf9\u548cAFLNET\u76f8\u540c\u7684\u6d4b\u8bd5\u6548\u7387\u95ee\u9898\uff0c\u800c\u4e14\u56e0\u4e3a\u540e\u6267\u884c\u5206\u6790\uff0c\u4ea7\u751f\u989d\u5916\u7684\u5f00\u9500\uff0c\u4f1a\u964d\u4f4e\u6d4b\u8bd5\u541e\u5410\u91cf\u3002

    "},{"location":"fuzzing/#nsfuzz","title":"NSFuzz","text":"

    \u4f7f\u7528\u57fa\u4e8e\u53d8\u91cf\u7684\u72b6\u6001\u8868\u793a\u65b9\u6cd5\u63a8\u65ad\u72b6\u6001\u6a21\u578b\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u57fa\u4e8e\u7f51\u7edc\u4e8b\u4ef6\u5faa\u73af\u7684\u540c\u6b65\u673a\u5236\u6765\u63d0\u9ad8\u541e\u5410\u91cf\u3002

    \u542f\u53d1\u5f0f\u7684\u53d8\u91cf\u5224\u65ad\u65b9\u6cd5\uff1a\u9759\u6001\u5206\u6790\u4e2d\u53ea\u5728\u4e8b\u4ef6\u5faa\u73af\u4ee3\u7801\u4e2d\u5206\u8fa8\u72b6\u6001\u53d8\u91cf\uff0c\u4e14\u5173\u6ce8\u88ab\u8bfb\u4e0e\u5199\u3001\u88ab\u8d4b\u4e88\u679a\u4e3e\u7c7b\u578b\u7684\u6570\u636e\u6216\u662f\u6570\u636e\u7ed3\u6784\u4f53\u91cc\u7684\u6574\u578b\u6210\u5458\u3002

    \u8868\u793a\u72b6\u6001\u7684\u65b9\u6cd5\uff1a\u4f7f\u7528\u4e24\u6761\u8bed\u53e5\u7ef4\u62a4shared_state\u6570\u7ec4\uff0c\u5f53\u72b6\u6001\u53d8\u91cf\u503c\u88ab\u66f4\u65b0\u65f6\u540c\u6b65\u66f4\u65b0shared_state\uff1b\u5f53fuzzer\u5728\u901a\u4fe1\u7ba1\u9053\u6536\u5230\u6d88\u606f\u5904\u7406\u7ed3\u679c\u65f6\uff0c\u5bf9\u8fd9\u4e2a\u6570\u7ec4\u8fdb\u884chash\uff0c\u4f5c\u4e3a\u5f53\u524d\u7a0b\u5e8f\u6240\u5904\u7684state\u3002

    shared_state[hash(var_id) ^ cur_store_val] = 1;\nshared_state[hash(var_id) ^ pre_store_val] = 0;\n
    "},{"location":"fuzzing/#iothunter","title":"IoTHunter","text":"

    \u63d0\u51fa\u591a\u9636\u6bb5\u4fe1\u606f\u751f\u6210\u65b9\u6cd5\u6765\u5bf9IoT\u56fa\u4ef6\u4e2d\u7684\u6709\u72b6\u6001\u7f51\u7edc\u534f\u8bae\u8fdb\u884cfuzz\u3002\u5206\u4e3a\u5bf9\u5df2\u77e5\u72b6\u6001\u7684\u6a21\u7cca\u6d4b\u8bd5\u4e0e\u672a\u77e5\u72b6\u6001\u7684\u63a2\u7d22\u3002\u57fa\u4e8e\u6574\u6570\u53d8\u5f02\u7684\u65b9\u6cd5\u6539\u53d8\u5305\u7c7b\u578b\uff0c\u5e76\u5bf9\u5305\u683c\u5f0f\uff08\u6bd4\u5982\u957f\u5ea6\u3001\u6821\u9a8c\u548c\uff09\u505a\u68c0\u67e5\u7b49\u3002

    "},{"location":"fuzzing/#_3","title":"\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5","text":"

    \u63a7\u5236\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u7a0b\u5e8f\u64cd\u4f5c\u7684\u6267\u884c\u987a\u5e8f\uff08\u6bd4\u5982\u5206\u652f\u4e0e\u5faa\u73af\uff09\uff0c\u6570\u636e\u6d41\u6307\u5bfc\u7684\u6a21\u7cca\u6d4b\u8bd5\u4fa7\u91cd\u53d8\u91cf\u5982\u4f55\u5b9a\u4e49\u4e0e\u4f7f\u7528\u3002\u53d8\u91cf\u7684\u5b9a\u4e49\u4e0e\u4f7f\u7528\u4f4d\u7f6e\u53ef\u4ee5\u4e0d\u5b58\u5728\u63a7\u5236\u4e0a\u7684\u4f9d\u8d56\u5173\u7cfb\u3002\u5728\u6a21\u7cca\u6d4b\u8bd5\u4e2d\uff0c\u6570\u636e\u6d41\u4e3b\u8981\u4f7f\u7528\u52a8\u6001\u6c61\u70b9\u5206\u6790\uff08DTA\uff09\u6280\u672f\uff0c\u5373\u5c06\u76ee\u6807\u7a0b\u5e8f\u7684\u8f93\u5165\u6570\u636e\u5728\u5b9a\u4e49\u5904\u89c6\u4e3a\u6c61\u70b9\uff0c\u5e76\u5728\u8fd0\u884c\u65f6\u8ffd\u8e2a\u5b83\u662f\u5982\u4f55\u88ab\u8bbf\u95ee\u4e0e\u4f7f\u7528\u7684\u3002

    \u5728\u5b9e\u8df5\u4e2d\uff0c\u96be\u4ee5\u505a\u5230\u51c6\u786e\u7684DTA\uff0c\u5f00\u9500\u4f1a\u5f88\u5927\u3002\u5e76\u4e14\u90e8\u5206\u771f\u5b9e\u7a0b\u5e8f\u65e0\u6cd5\u5728\u5e94\u7528DTA\u6280\u672f\u7684\u60c5\u51b5\u4e0b\u6210\u529f\u7f16\u8bd1\u3002\u56e0\u6b64\u5927\u90e8\u5206\u7070\u76d2\u6a21\u7cca\u6d4b\u8bd5\u4e0d\u4f7f\u7528DTA\uff0c\u4ee5\u671f\u83b7\u5f97\u66f4\u9ad8\u7684\u541e\u5410\u91cf\u3002

    \u6709\u4e00\u4e9b\u8f7b\u91cf\u7ea7\u7684DTA\u4ee3\u66ff\u65b9\u6848\uff08\u6bd4\u5982REDQUEUE\u3001GREYONE\uff09\uff0c\u800c\u57fa\u4e8e\u63a7\u5236\u6d41\u4e0e\u6570\u636e\u6d41\u7684\u6a21\u7cca\u6d4b\u8bd5\u5668\u7684\u8986\u76d6\u7387\u6307\u6807\u8fd8\u6ca1\u6709\u88ab\u5b8c\u5168\u63a2\u7d22\u3002

    "},{"location":"fuzzing/#dataflow","title":"DATAFLOW","text":"

    \u6e90\u7801

    \u5728\u7a0b\u5e8f\u6267\u884c\u65f6\u5e76\u884c\u4f7f\u7528\u6570\u636e\u6d41\u5206\u6790\u6765\u6307\u5bfc\u6a21\u7cca\u6d4b\u8bd5\uff0c\u4f7f\u7528\u4e0d\u7cbe\u786e\u7684\u63a8\u65ad\u6765\u964d\u4f4e\u5f00\u9500\u5e76\u63d0\u9ad8\u541e\u5410\u91cf\u3002\u5bf9\u6570\u636e\u6d41\u6709\u6548\u6027\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u8bc4\u4f30\uff0c\u8ba4\u4e3a\u5bf9\u5927\u90e8\u5206\u6d4b\u8bd5\u76ee\u6807\u800c\u8a00\uff0c\u6570\u636e\u6d41\u5e76\u4e0d\u6bd4\u63a7\u5236\u6d41\u4f18\u8d8a\uff0c\u4f46\u662f\u5728\u90e8\u5206\u7279\u5b9a\u573a\u666f\uff08\u6bd4\u5982\u63a7\u5236\u6d41\u548c\u8bed\u4e49\u89e3\u8026\uff0c\u5982parser\uff09\u4e0b\uff0c\u6570\u636e\u6d41\u53ef\u80fd\u4f1a\u6709\u7528\u3002

    [^1]: FUZZING WITH PERFORMANCE MONITORING AND TRACING HARDWARE [^2]: Intrusive v.s. non-intrusive tracing

    "},{"location":"git/","title":"Git\u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"git/#github","title":"\u5c06\u672c\u5730\u5df2\u6709\u4ed3\u5e93\u63a8\u9001\u81f3Github\u7684\u65b0\u5efa\u4ed3\u5e93\u4e2d","text":"

    \u9ed8\u8ba4\u4ee5\u4e0b\u6761\u4ef6\u5747\u6210\u7acb\uff1a

    \u5f3a\u5236\u63a8\u9001\u53ef\u4ee5\u518d\u52a0\u4e2a--force\u53c2\u6570

    "},{"location":"git/#gitignore","title":"\u6dfb\u52a0.gitignore\u6587\u4ef6\u4ee5\u4e0d\u8ffd\u8e2a\u6587\u4ef6","text":"

    \u521d\u6b21\u5411github\u63d0\u4ea4\u4ee3\u7801\u524d\uff0c\u5728\u672c\u5730\u5de5\u4f5c\u76ee\u5f55\u4e0b\u521b\u5efa.gitignore\u6587\u4ef6\uff0c\u91cc\u9762\u76f4\u63a5\u5199\u4e0a\u4e0d\u60f3\u8ffd\u8e2a\u7684\u6587\u4ef6\u540d\u548c\u6587\u4ef6\u5939\u540d\u5373\u53ef\u3002\uff08\u6587\u4ef6\u540d\u4e0d\u9700\u8981\u8865\u5168\u8def\u5f84\uff09

    "},{"location":"git/#add","title":"\u64a4\u56deadd","text":"

    \u4f7f\u7528git add .\u53ef\u4ee5\u76f4\u63a5\u628a\u5f53\u524d\u76ee\u5f55\u90fdadd\u8fdb\u6682\u5b58\u533a\uff0c\u5bf9\u4e8e\u4e0d\u614e\u6dfb\u52a0\u7684\u5185\u5bb9\u53ef\u4ee5\u4f7f\u7528git rm --cached <file>\u6765\u64a4\u56deadd\u3002\u53ef\u4ee5\u4f7f\u7528git rm -r --cached .\u6765\u64a4\u56degit add . \u3002\uff08\u4f7f\u7528git status\u53ef\u4ee5\u67e5\u770b\u6682\u5b58\u533a\uff0c\u91cc\u9762\u4e5f\u6709\u63d0\u793a\u600e\u4e48\u64a4\u56de\uff09

    "},{"location":"git/#gitgithub","title":"\u914d\u7f6egit\u8d26\u53f7\u5e76\u52a0\u5165github\u9879\u76ee","text":"
    1. \u4f7f\u7528git config --global user.name \"<yourname>\"\u8bbe\u7f6e\u7528\u6237\u540d
    2. \u4f7f\u7528git config --global user.email \"<email>\"\u8bbe\u7f6e\u90ae\u7bb1
    3. \u4f7f\u7528ssh-keygen -t rsa -C \"<comments>\"\u751f\u6210\u5bc6\u94a5\u5bf9\uff0c\u7136\u540e\u4e00\u8def\u56de\u8f66\u76f4\u5230\u751f\u6210\u7ed3\u675f\uff08\u4e5f\u53ef\u4ee5\u63d0\u793a\u6dfb\u52a0passwd phrase\uff0c\u8fd9\u6837\u7684\u8bdd\u5982\u679c\u4f7f\u7528ssh-add\u6dfb\u52a0\u65f6\u4f1a\u8981\u6c42\u8f93\u5165\u8fd9\u4e2a\u5bc6\u7801\u9632\u6b62\u88ab\u522b\u4eba\u6ee5\u7528\u3002\u6ce8\u610f\u76f8\u540c\u7684passwd phrase\u4e0d\u4f1a\u751f\u6210\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\uff09
    4. \u5728\u4e0a\u4e00\u6b65\u8fc7\u7a0b\u4e2d\u9ed8\u8ba4\u7684\u8def\u5f84\uff08\u6bd4\u5982~/.ssh\uff09\u627e\u5230id_rsa.pub\u6587\u4ef6\uff0c\u62f7\u8d1d\u5176\u5168\u90e8\u5185\u5bb9
    5. \u6253\u5f00github\uff0c\u53f3\u4e0a\u89d2\u5934\u50cf\uff0csettings\uff0c\u5de6\u4fa7\u7684SSH and GPG keys\uff0c\u7136\u540e\u7ed9SSH\u6dfb\u52a0\u8fd9\u4e2a\u516c\u94a5\u5373\u53ef

    ed25519\u4f3c\u4e4e\u6bd4\u9ed8\u8ba4\u7684rsa\u66f4\u5b89\u5168\u3001\u8ba1\u7b97\u66f4\u5feb\u3001\u5bc6\u94a5\u66f4\u77ed\uff0c\u53ef\u4ee5\u4f7f\u7528

    \u6709\u65f6\u9700\u8981\u6307\u5b9a\u5bc6\u94a5\uff0c\u6bd4\u5982\u4e0d\u4f7f\u7528\u9ed8\u8ba4\u7684\u5bc6\u94a5\u6587\u4ef6\u540d\u3002\u6b64\u65f6\u53ef\u4ee5\u5148eval $(ssh-agent -s)\u542f\u7528agent\uff0c\u7136\u540essh-add <private keyfile> \u6765\u6dfb\u52a0\u5bc6\u94a5\u3002ssh-add -l\u53ef\u4ee5\u67e5\u770b\u6dfb\u52a0\u7684\u5bc6\u94a5\u3002

    \u6216\u8005\u53ef\u4ee5\u628a\u5bc6\u94a5\u5728~/.ssh/config\u6587\u4ef6\u91cc\u6307\u5b9a\u4e00\u4e0b\uff0c\u5c31\u53ef\u4ee5\u7701\u53bbssh-agent\u7684\u64cd\u4f5c\uff0c\u6bd4\u5982

    Host github.com\n    HostName github.com\n    IdentityFile ~/.ssh/id_ed25519_user_github\n

    \u6709\u7684\u65f6\u5019git\u8fdb\u884cpush\u5230\u79c1\u4ed3\u65f6\u4f1a\u51fa\u73b0\u5361\u673a\u7684\u95ee\u9898\uff0c\u4e0d\u786e\u5b9a\u662f\u4ec0\u4e48\u539f\u56e0\uff0c\u5982\u679cremote repo\u4f7f\u7528\u7684\u662fgit@xxx\u7684url\u7684\u8bdd\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u6539\u6210https\u7684\u94fe\u63a5\uff1b\u8fd8\u4e0d\u884c\u7684\u8bdd\u53ef\u4ee5\u8bd5\u8bd5git config\u7684proxy\uff0c\u8bbe\u7f6e\u6216\u6e05\u7a7a\u3002

    "},{"location":"git/#_1","title":"\u653e\u5f03\u5bf9\u6587\u4ef6\u7684\u8ddf\u8e2a","text":"

    \u4e0e\u4ed6\u4eba\u5408\u4f5c\u9879\u76ee\u65f6\uff0c\u6709\u65f6\u9700\u8981\u505a\u4e00\u4e9b\u672c\u5730\u9002\u914d\uff0c\u4f46\u662f\u4e0d\u60f3\u59a8\u788d\u5176\u4ed6\u4eba\uff0c\u53ef\u4ee5\u6dfb\u52a0\u5230.gitignore\u3002\u4f46\u5bf9\u4e8e\u5df2\u7ecf\u5904\u4e8e\u8ddf\u8e2a\u72b6\u6001\u7684\u6587\u4ef6\u6765\u8bf4\u540e\u6dfb\u8fdb.gitignore\u662f\u65e0\u6548\u7684\u3002\u56e0\u6b64\u53ef\u4ee5\u5148\u5c06\u6587\u4ef6\u79fb\u51fa\u8ddf\u8e2a\u6001\uff0c\u7136\u540e\u518d\u52a0\u8fdb.gitignore\u91cc\u3002\u5982\u4e0b\uff1agit rm -r --cached <file/dir>\u5176\u4e2d-r\u8868\u793a\u9012\u5f52\u3002\u4e5f\u53ef\u4ee5\u52a0-n\u8868\u793a\u4f2a\u653e\u5f03\u8ddf\u8e2a\uff08\u7528\u4e8e\u9884\u89c8\u4f1a\u653e\u5f03\u5bf9\u54ea\u4e9b\u6587\u4ef6\u7684\u8ffd\u8e2a\uff09

    "},{"location":"git/#_2","title":"\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93","text":"

    \u6709\u7684\u65f6\u5019\u4ece\u5b98\u65b9\u4ed3\u5e93git clone\u4e0b\u4ee3\u7801\uff0c\u672c\u5730\u62f7\u8d1d\u4e00\u4efd\u3001\u5404\u79cd\u9b54\u6539\u5e76\u4e0a\u4f20\u5230\u81ea\u5df1\u7684\u79c1\u4ed3\u3002\u53c8\u7531\u4e8ewindows\u3001linux\u73af\u5883\u4e0d\u540c\uff0c\u60f3\u628a\u539f\u6765\u7684\u4ee3\u7801\u66f4\u65b0\u6210\u81ea\u5df1\u7684\u79c1\u4ed3\uff0c\u6240\u4ee5\u9700\u8981\u6362\u4e00\u4e0b\u8fdc\u7a0b\u4ed3\u5e93\u3002

    1. \u9996\u5148\u53d6\u6d88\u539f\u6765\u7684\u8fdc\u7a0b\u5206\u652f\u8ddf\u8e2agit remote rm <remote repo name>
    2. \u7136\u540e\u6dfb\u52a0\u81ea\u5df1\u7684\u4ed3\u5e93\u4f5c\u4e3a\u8fdc\u7a0bgit remote add <remote repo name> <repo url>

    \u597d\u50cf\u4e5f\u53ef\u4ee5\u76f4\u63a5\u66f4\u6362\u8fdc\u7a0b\u4ed3\u5e93\uff1agit remote set-url <remote repro name> <repo url>

    \u8fd9\u91cc\u7684<remote repo name>\u662f\u81ea\u5df1\u53d6\u7684\u4ed3\u5e93\u540d\uff0c\u4e4b\u540e\u7684\u64cd\u4f5c\u53ef\u4ee5\u7528\u5b83\u6765\u6307\u5b9a\u5bf9\u8c61\u3002\u53ef\u4ee5\u968f\u4fbf\u53d6\uff0c\u6bd4\u5982\u5e38\u89c1\u7684origin\u3002

    "},{"location":"git/#_3","title":"\u5b50\u6a21\u5757\u7684\u4e0b\u8f7d","text":"

    \u6709\u7684\u65f6\u5019\u4e00\u4e2a\u4ee3\u7801\u4ed3\u5e93\u62ff\u5176\u4ed6\u4ed3\u5e93\u6765\u5f53\u505a\u5b50\u6a21\u5757\uff0c\u5728github\u4e0a\u8fd9\u4e9b\u6a21\u5757\u662f\u56fe\u4e2d\u7684\u8868\u793a\u5f62\u5f0f\u3002git\u4ed3\u5e93\u91cc\u4e5f\u4f1a\u6709.gitmodules\u6587\u4ef6\u6765\u8bf4\u660e\u8fd9\u4e9b\u5b50\u6a21\u5757\u3002\u5f53clone\u4e3b\u4ed3\u5e93\u65f6\uff0c\u8fd9\u4e9b\u5b50\u6a21\u5757\u4e0d\u4f1a\u8ddf\u7740\u4e0b\u8f7d\u4e0b\u6765\u3002

    \u521d\u6b21\u90e8\u7f72\u65f6\uff0c\u5728\u4e3b\u4ed3\u5e93\u76ee\u5f55\u4e0b\u91cc\u4f7f\u7528git submodule update --init --recursive\u6765\u4ece.gitmodules\u5b57clone\u5b50\u6a21\u5757\u3002

    \u5982\u679c\u5b50\u6a21\u5757\u88ab\u522b\u7684\u5f00\u53d1\u8005\u66f4\u65b0\u4e86\uff0c\u53ef\u4ee5\u8fdb\u5230\u5b50\u6a21\u5757\u4e2d\u7136\u540egit pull\u3002

    \u5982\u679c\u5e0c\u671b\u6dfb\u52a0\u67d0\u4e2a\u4ed3\u5e93\u4f5c\u4e3a\u5b50\u6a21\u5757\uff0c\u4f7f\u7528git submodule add <repo url>\u6765\u4e0b\u8f7d\u5b50\u6a21\u5757\u5e76\u66f4\u65b0.gitmodules\u6587\u4ef6

    "},{"location":"git/#_4","title":"\u81ea\u5df1\u7684\u9879\u76ee\u9700\u8981\u5bf9\u5176\u4ed6\u9879\u76ee\u8fdb\u884c\u4fee\u6539","text":"

    \u5982\u679c\u81ea\u5df1\u7684\u9879\u76ee\u7528\u5230\u522b\u7684\u9879\u76ee\uff0c\u9700\u8981\u5bf9\u5176\u4e2d\u4e00\u4e9b\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff0c\u800c\u4e0d\u9700\u8981\u628a\u5728\u4e0a\u4f20github\u65f6\u628a\u6574\u4e2a\u9879\u76ee\u5168\u90e8\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u4e0b\uff0c\u53ef\u4ee5\u5148\u7528submodule\u6dfb\u52a0\u5b50\u6a21\u5757\uff0c\u7136\u540e\u76f4\u63a5\u4fee\u6539\u4ee3\u7801\uff0c\u5e76\u5728\u5176\u9879\u76ee\u4e0b\u7528git diff <commit id> > <file.patch>\u751f\u6210\u4e00\u4e2adiff\u6587\u4ef6\u3002\u628adiff\u6587\u4ef6\u653e\u5230\u81ea\u5df1\u7684\u9879\u76ee\u91cc\uff0c\u518d\u4e0a\u4f20\u5230github\u4e0a\u3002\u5176\u4e2dcommit id\u662f\u7b2c\u4e09\u65b9\u9879\u76ee\u7684commit\uff0c\u4e5f\u5c31\u662f\u8fd9\u4e2asubmodule\u4e0b\u8f7d\u65f6\u7684commit id\uff0c\u53ef\u4ee5\u901a\u8fc7git log\u627e\u5230\u3002

    \u5982\u679c\u76f4\u63a5\u7528git diff > <file.patch>\uff0c\u4f1a\u8f93\u51fa\u672a\u52a0\u5165\u6682\u5b58\u7684\u4fee\u6539\u548c\u6700\u8fd1\u4e00\u6b21\u6682\u5b58/commit\u7684diff\u6587\u4ef6\u3002

    \u5176\u4ed6\u4eba\u4f7f\u7528\u65f6\uff0c\u5c31\u5148\u628a\u7b2c\u4e09\u65b9\u9879\u76ee\u83b7\u53d6\u4e0b\u6765\uff0c\u7136\u540egit apply <file.patch>\u5373\u53ef\u3002\u64a4\u56de\u8865\u4e01\u4f7f\u7528git apply -R <file.patch>

    "},{"location":"git/#_5","title":"\u4e0d\u540c\u7248\u672c\u591a\u4eba\u5408\u4f5c\u4e0e\u5206\u652f\u4f7f\u7528","text":"

    \u6700\u8fd1\u5728\u8dd1fuzzer\uff0c\u5408\u4f5c\u65f6\u6709\u65f6\u9700\u8981\u5207\u6362\u4e0d\u540c\u7684\u6d4b\u8bd5\u76ee\u6807\uff0c\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u90fd\u6709\u81ea\u5df1\u7684\u4e00\u5927\u5806\u914d\u5957\u8bbe\u7f6e\u3002\u5927\u5bb6\u90fd\u5728\u4e3b\u5206\u652f\u5220\u6539\u592a\u9ebb\u70e6\u800c\u4e14\u5f88\u4e71\uff0c\u6240\u4ee5\u9700\u8981\u9488\u5bf9\u6bcf\u4e2a\u6d4b\u8bd5\u76ee\u6807\u8bbe\u7f6e\u4e0d\u540c\u7684branch\u3002

    \u53ef\u4ee5\u4f7f\u7528git branch -a\u67e5\u770b\u6240\u6709\u5206\u652f\u3002\u5176\u4e2d\u524d\u9762\u5e26*\u7684\u662f\u5f53\u524dbranch\u3002

    \u65b0\u5efa\u5206\u652f\u65f6\u4f7f\u7528 git checkout -b <branch name> \u76f8\u5f53\u4e8e\u5148git branch <branch name> \u521b\u5efa\u4e86\u4e00\u4e2a\u65b0\u7684\u5206\u652f\uff0c\u7136\u540egit checkout <branch name>\u5207\u6362\u5230\u90a3\u4e2a\u5206\u652f\u3002

    \u5728\u65b0\u7684\u5206\u652fcommit\u540e\uff0c\u4f7f\u7528git push -u <remote repo name> <local branch name>:<remote branch name>\u53ef\u4ee5\u5c06\u81ea\u5df1\u7684\u8fd9\u4e2a\u5206\u652f\u63a8\u9001\u5230\u8fdc\u7a0b\u4ed3\u5e93\u3002\u5176\u4e2d\uff1a

    \u5982\u679c\u9700\u8981\u5220\u9664\u8fdc\u7a0b\u5206\u652f\uff0c\u53ef\u4ee5\u7b80\u5355\u5730\u63a8\u9001\u7a7a\u5206\u652f\uff1agit push origin :<remote branch name>\u3002\u8fd9\u91cc\u672c\u5730\u5206\u652f\u540d\u7559\u7a7a\u4e86\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4e13\u95e8\u7684\u5220\u9664\u65b9\u5f0f\uff1agit push origin --delete <remote branch name>

    \u5982\u679c\u9700\u8981\u5220\u9664\u672c\u5730\u5206\u652f\uff0c\u4f7f\u7528git branch -d <local branch name>

    \u5408\u5e76\u5206\u652f\u65f6\uff0c\u5148\u5207\u6362\u5230\u9700\u8981\u63a5\u6536\u6539\u52a8\u7684\u5206\u652f\u4e0a\uff0c\u7136\u540egit merge <new branch name>\uff0c\u5373\u53ef\u5c06new branch\u7684\u6539\u52a8\u66f4\u65b0\u5230\u5f53\u524d\u5206\u652f\u4e0a\u3002new branch\u7684\u5185\u5bb9\u662f\u4e0d\u53d8\u7684\u3002

    \u62c9\u53d6\u8fdc\u7a0b\u5206\u652f\u5230\u672c\u5730\uff0c\u800c\u4e0d\u5f71\u54cd\u672c\u5730\u5206\u652f\uff1agit fetch <remote repo name> <remote branch name>:<local branch name>\u4f1a\u5c06\u8fdc\u7a0b\u4ed3\u5e93\u7684\u5206\u652f\u4fdd\u5b58\u5728\u672c\u5730\u5bf9\u5e94\u5206\u652f\u4e0b\u3002

    \u53ef\u4ee5\u7528git fetch --all\u62c9\u53d6\u6240\u6709\u8fdc\u7a0b\u5206\u652f\uff0c\u5982\u679c\u6ca1\u6709\u6548\u679c\uff0c\u6ce8\u610f\u68c0\u67e5remote.origin.fetch\u7684\u8bbe\u7f6e\uff1agit config --get remote.origin.fetch\uff0c\u5982\u679c\u662f+refs/heads/master:refs/remotes/origin/master\uff0c\u5219\u8868\u793a\u53ea\u62c9master\u5206\u652f\u3002\u53ef\u4ee5\u4fee\u6539\u6210\u62c9\u53d6\u6240\u6709\u5206\u652f\uff1agit config remote.origin.fetch \"+refs/heads/*:refs/remotes/origin/*\"\u3002

    "},{"location":"git/#github-debug","title":"Github debug\u5408\u96c6","text":"

    \u67d0\u79cd\u4e1c\u897f\u771f\u7684\u795e\u70e6\uff0c\u79d1\u7814\u9700\u8981\u4e0b\u8f7d\u7684\u4ed3\u5e93\u4ee3\u7801\u7ecf\u5e38\u83ab\u540d\u5176\u5999\u4e0b\u8f7d\u4e0d\u4e86\uff0c\u5199\u7684\u4ee3\u7801\u4e0a\u4f20\u8865\u4e0a\u53bb\uff0cbuild\u4e2adocker\u6162\u7684\u8981\u6b7b\uff0c\u7b2c\u4e09\u65b9\u5305\u62c9\u53d6\u4e0d\u5230\u2026\u2026\u6d6a\u8d39\u5f88\u591a\u65f6\u95f4\u5728\u56e0\u4e3a\u7f51\u7edc\u8fde\u63a5\u4e0d\u4e86\u5bfc\u81f4\u7684\u5404\u79cdbug\u4e0a\uff0c\u6709\u6548\u79d1\u7814\u65f6\u95f4\u767d\u767d\u88ab\u6d88\u8017\uff0c\u771f\u7684\u5f88xx\u3002

    "},{"location":"git/#git-clonegnutls_handshake-failed-the-tls-connection-was-non-properly-terminated","title":"Git clone\u62a5\u9519gnutls_handshake() failed: The TLS connection was non-properly terminated.","text":"

    \u4e00\u79cd\u505a\u6cd5\u662f\u8bbe\u7f6e\u6216\u8005\u53d6\u6d88\u8bbe\u7f6ehttp.proxy\u548chttps.proxy

    \u53e6\u4e00\u79cd\u505a\u6cd5\u662f\u76f4\u63a5\u53d6\u6d88SSL\u6821\u9a8c\uff0c\u867d\u7136\u7c97\u66b4\u4e86\u70b9\uff1agit config http.sslVerify false

    "},{"location":"go/","title":"go","text":""},{"location":"go/#go_1","title":"go\u73af\u5883\u914d\u7f6e","text":"
    1. \u4ecehttps://go.dev/dl/\u4e0b\u8f7dArchive\u7684\u5305\uff0c\u89e3\u538b\u7f29\uff0c\u6dfb\u52a0\u5176\u4e2d\u7684bin\u76ee\u5f55\u5230\u7cfb\u7edf\u8def\u5f84
    2. \u56fd\u5185\u4f7f\u7528\u65f6\u8bbe\u7f6e\u4ee3\u7406
    go env -w GO111MODULE=on\ngo env -w  GOPROXY=https://goproxy.cn\n
    "},{"location":"go/#_1","title":"\u5feb\u901f\u5165\u95e8","text":"
    package main\nimport (\n\"fmt\"\n)\n//\u5faa\u73af\u8f93\u51fa\nfor i:=0; i<10; i++{\nfmt.Println(i)\n}\n
    "},{"location":"interesting-articles/","title":"\u6709\u8da3\u6587\u7ae0","text":"
    1. [Usenix Security 2021] Understanding and Detecting Disordered Error Handling with Precise Function Pairing \u4e0d\u6b63\u786e\u7684\u9519\u8bef\u5904\u7406\u51fd\u6570\u672c\u8eab\u53ef\u80fd\u4e5f\u4f1a\u5e26\u6765\u65b0\u7684\u9519\u8bef\uff0c\u5c24\u5176\u662f\u5728\u505a\u4e00\u4e9b\u524d\u671f\u6e05\u7406\u5de5\u4f5c\u65f6\uff0c\u6267\u884c\u987a\u5e8f\u4e0d\u6b63\u786e\u4f1a\u5e26\u6765\u63d0\u6743\u3001\u5d29\u6e83\u4e0eDoS\u3002\u672c\u6587\u5e0c\u671b\u63a8\u65ad\u51fa\u9884\u671f\u7684\u6e05\u7406\u51fd\u6570\u3002
    2. [Usenix Security 2020] Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck \u8003\u8651\u5230\u6570\u636e\u6d41\u5411\u7684\u5b9e\u4f53\uff0c\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u9690\u79c1\u89c4\u8303\u8fdb\u884c\u7814\u7a76\u5efa\u6a21\u3002
    3. [NDSS 2019] https://www.youtube.com/watch?v=dMndb0Xmr4k&t=1s&list=PLfUWWM-POgQs9SPvg-UA-TNG7UVEcdz8l&index=5 GitHub\u4e0a\u7531\u4e8e\u4e00\u4e9b\u4e0d\u5f53\u64cd\u4f5c\u53ef\u80fd\u4f1a\u5bfc\u81f4API\u5bc6\u94a5\u6cc4\u9732\u3002\u672c\u6587\u7814\u7a76\u8868\u660e\u8fd9\u79cd\u6cc4\u9732\u975e\u5e38\u7316\u7357\uff0c\u5e76\u4e14\u8fdc\u6ca1\u6709\u89e3\u51b3\u95ee\u9898\u3002
    "},{"location":"investigations/","title":"\u56db\u5927\u8c03\u67e5","text":"
    1. [Usenix Security 2022] \"I feel invaded, annoyed, anxious and I may protect myself\": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country
    2. [Usenix Security 2022] \"Like Lesbians Walking the Perimeter\": Experiences of U.S. LGBTQ+ Folks With Online Security, Safety, and Privacy Advice
    3. [Usenix Security 2022] How and Why People Use Virtual Private Networks
    4. [Usenix Security 2021] \"It's the Company, the Government, You and I\": User Perceptions of Responsibility for Smart Home Privacy and Security
    5. [Usenix Security 2021] \"Shhh...be quiet!\" Reducing the Unwanted Interruptions of Notification Permission Prompts on Chrome
    6. [Usenix Security 2021] Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
    7. [Usenix Security 2021] 'Passwords Keep Me Safe' \u2013 Understanding What Children Think about Passwords
    8. [Usenix Security 2021] \"It's stressful having all these phones\": Investigating Sex Workers' Safety Goals, Risks, and Practices Online
    9. [Usenix Security 2021] \"Now I'm a bit angry:\" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
    10. [Usenix Security 2020] \"I am uncomfortable sharing what I can't see\": Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications
    11. [Usenix Security 2020 | Distingguished Paper Award] Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
    12. [Usenix Security 2020] An Observational Investigation of Reverse Engineers\u2019 Processes
    13. [Usenix Security 2020] That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers
    14. [NDSS 2022] An In-depth Analysis of Duplicated Linux Kernel Bug Reports
    15. [NDSS 2020] Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
    16. [NDSS 2019] Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
    17. [NDSS 2019] A First Look into the Facebook Advertising Ecosystem
    "},{"location":"latex/","title":"latex\u57fa\u7840","text":""},{"location":"latex/#_1","title":"\u63a8\u8350\u5de5\u5177","text":"

    \u4f7f\u7528Table Generator\u7ed8\u5236\u8868\u683c

    "},{"location":"latex/#latex_1","title":"\u82f1\u6587latex","text":"
    \\documentclass[conference,11pt]{IEEEtran}\n\\IEEEoverridecommandlockouts\n% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.\n\\usepackage{cite}\n\\usepackage{amsmath,amssymb,amsfonts}\n\\usepackage{algorithmic}\n\\usepackage{graphicx}\n\\usepackage{textcomp}\n\\usepackage{xcolor}\n\\usepackage{caption}\n\\usepackage{url}\n\\def\\UrlBreaks{\\do\\A\\do\\B\\do\\C\\do\\D\\do\\E\\do\\F\\do\\G\\do\\H\\do\\I\\do\\J\n\\do\\K\\do\\L\\do\\M\\do\\N\\do\\O\\do\\P\\do\\Q\\do\\R\\do\\S\\do\\T\\do\\U\\do\\V\n\\do\\W\\do\\X\\do\\Y\\do\\Z\\do\\[\\do\\\\\\do\\]\\do\\^\\do\\_\\do\\`\\do\\a\\do\\b\n\\do\\c\\do\\d\\do\\e\\do\\f\\do\\g\\do\\h\\do\\i\\do\\j\\do\\k\\do\\l\\do\\m\\do\\n\n\\do\\o\\do\\p\\do\\q\\do\\r\\do\\s\\do\\t\\do\\u\\do\\v\\do\\w\\do\\x\\do\\y\\do\\z\n\\do\\.\\do\\@\\do\\\\\\do\\/\\do\\!\\do\\_\\do\\|\\do\\;\\do\\>\\do\\]\\do\\)\\do\\,\n\\do\\?\\do\\'\\do+\\do\\=\\do\\#}\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\\usepackage{lscape, latexsym, amssymb, algorithmic, multirow}\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e}\n\\usepackage{mathtools, bbm, color}\n\\usepackage{booktabs}\n\\usepackage{amsthm,mathrsfs,amsfonts,dsfont}\n\\usepackage{listings}\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\\begin{document}\n\n\\title{xxxx}\n\n\\author{xxxx}\n\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\n\\begin{IEEEkeywords}\nxxx,xxx\n\\end{IEEEkeywords}\n\n\\bibliographystyle{IEEEtran}\n{\n\\begingroup\n\\bibliography{ref}\n\\endgroup\n}\n\n\\end{document}\n
    "},{"location":"latex/#latex_2","title":"\u4e2d\u6587latex","text":"
    \\documentclass[12pt]{article}\n\n\\usepackage{cite} % \u5f15\u7528\u53c2\u8003\u6587\u732e\n\\usepackage{ctex} % \u4e2d\u6587\u652f\u6301\n\\usepackage{times}% \u82f1\u6587\u4f7f\u7528Times New Roman\n\\usepackage{url,hyperref} % \u8d85\u94fe\u63a5\n\\usepackage{xspace} % \u65e0\u6807\u70b9\u81ea\u52a8\u7a7a\u683c\n\\usepackage{graphicx} % \u63d2\u5165\u56fe\u7247\u7528\n\\usepackage{geometry} % \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\usepackage{listings} % \u63d2\u5165\u4ee3\u7801\u5757\n\\usepackage{color} % \u5b9a\u4e49\u989c\u8272\uff0c\u7528\u4e8e\u63a7\u5236\u4ee3\u7801\u9ad8\u4eae\n\\usepackage{subcaption} % \u753b\u5b50\u56fe\n\\usepackage{tikz} % \u540e\u7eed\u753b\u5706\u5708\n\\usepackage{multirow} % \u8868\u683c\u591a\u884c\u6587\u672c\n% \\usepackage{tabu}\n\\usepackage{longtable}\n\\usepackage{float}\n\\usepackage{tabu}\n\\usepackage{booktabs} % \u753b\u8868\u683c\n\n\\usepackage[linesnumbered, vlined, ruled]{algorithm2e} % \u7b97\u6cd5\u5217\u8868\n\n% \u4f7f\u7528 ctex \u5b8f\u5305\u8bbe\u7f6e\u4e2d\u6587\u56fe\u9898\n\\renewcommand{\\figurename}{\u56fe}\n\\renewcommand{\\tablename}{\u8868}\n\n% \u8bbe\u7f6e\u9875\u8fb9\u8ddd\n\\geometry{a4paper,left=2cm,right=2cm,top=2cm,bottom=3cm} \n\n\n% \u8bbe\u7f6e\u5b57\u4f53\n\\newcommand{\\song}{\\CJKfamily{song}}    % \u5b8b\u4f53\n\\newcommand{\\fs}{\\CJKfamily{fs}}             % \u4eff\u5b8b\u4f53\n\\newcommand{\\kai}{\\CJKfamily{kai}}          % \u6977\u4f53\n\\newcommand{\\hei}{\\CJKfamily{hei}}         % \u9ed1\u4f53\n\\newcommand{\\li}{\\CJKfamily{li}}               % \u96b6\u4e66\n\n% \u8bbe\u7f6e\u5b57\u53f7\n\\newcommand{\\yihao}{\\fontsize{26pt}{36pt}\\selectfont}           % \u4e00\u53f7, 1.4 \u500d\u884c\u8ddd\n\\newcommand{\\erhao}{\\fontsize{22pt}{28pt}\\selectfont}          % \u4e8c\u53f7, 1.25\u500d\u884c\u8ddd\n\\newcommand{\\xiaoer}{\\fontsize{18pt}{18pt}\\selectfont}          % \u5c0f\u4e8c, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\sanhao}{\\fontsize{16pt}{24pt}\\selectfont}        % \u4e09\u53f7, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosan}{\\fontsize{15pt}{22pt}\\selectfont}        % \u5c0f\u4e09, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\sihao}{\\fontsize{14pt}{21pt}\\selectfont}            % \u56db\u53f7, 1.5 \u500d\u884c\u8ddd\n\\newcommand{\\banxiaosi}{\\fontsize{13pt}{19.5pt}\\selectfont}    % \u534a\u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\xiaosi}{\\fontsize{12pt}{18pt}\\selectfont}            % \u5c0f\u56db, 1.5\u500d\u884c\u8ddd\n\\newcommand{\\dawuhao}{\\fontsize{11pt}{11pt}\\selectfont}       % \u5927\u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\\newcommand{\\wuhao}{\\fontsize{10.5pt}{15.75pt}\\selectfont}    % \u4e94\u53f7, \u5355\u500d\u884c\u8ddd\n\n% \u5b9a\u4e49\u4ee3\u7801\u6837\u5f0f\n\\definecolor{codegreen}{rgb}{0,0.6,0}\n\\definecolor{codegray}{rgb}{0.5,0.5,0.5}\n\\definecolor{codepurple}{rgb}{0.58,0,0.82}\n\\definecolor{backcolour}{rgb}{0.95,0.95,0.95}\n\\lstdefinestyle{mystyle}{\n % backgroundcolor=\\color{backcolour},   \n commentstyle=\\color{codegreen},\n keywordstyle=\\color{magenta},\n numberstyle=\\tiny\\color{codegray},\n stringstyle=\\color{codepurple},\n % basicstyle=\\footnotesize\\ttfamily,\n basicstyle=\\footnotesize\\scriptsize,\n breakatwhitespace=false,         \n breaklines=true,                 \n captionpos=b,                    \n keepspaces=true,\n numbers=left,  %% \u884c\u53f7 \n % numbersep=2pt,                  \n showspaces=false,                \n showstringspaces=false,\n showtabs=false,                  \n tabsize=1,\n xleftmargin=\\parindent,\n}\n\\lstset{style=mystyle}\n\n\\renewcommand{\\abstractname}{\\textbf{\u6458\\quad \u8981}} % \u66f4\u6539\u6458\u8981\u4e8c\u5b57\u7684\u6837\u5f0f\n\n% use these commands to consistently refer to stuff\n\n\\newcommand{\\bugCount}{xx}  \n\n\\newcommand{\\tabincell}[2]{\\begin{tabular}{@{}#1@{}}#2\\end{tabular}}\n\n\\newcommand*\\emptcirc[1][1ex]{\\tikz\\draw (0,0) circle (#1);} \n\\newcommand*\\halfcirc[1][1ex]{%\n    \\begin{tikzpicture}\n    \\draw[fill] (0,0)-- (90:#1) arc (90:270:#1) -- cycle ;\n    \\draw (0,0) circle (#1);\n    \\end{tikzpicture}}\n\\newcommand*\\fullcirc[1][1ex]{\\tikz\\fill (0,0) circle (#1);} \n\n\\def\\BibTeX{{\\rm B\\kern-.05em{\\sc i\\kern-.025em b}\\kern-.08em\n    T\\kern-.1667em\\lower.7ex\\hbox{E}\\kern-.125emX}}\n\n\\title{\\fontsize{18pt}{27pt}\\selectfont \\textbf{xxxx}}\n\\author{\\fontsize{14pt}{21pt}\\selectfont \\textbf{xxxx}}\n\\date{}\n\n\\begin{document}\n\\begin{sloppypar} % \u9632\u6b62\u957f\u5355\u8bcd\u51fa\u754c\n\\maketitle\n\n\\begin{abstract}\n\\end{abstract}\n\n\\section{\u80cc\u666f}\n\n\\subsection{\u53ef\u4fe1\u6267\u884c\u73af\u5883}\n\\bibliographystyle{plain}\n\\bibliography{Ref}\n\n\\end{sloppypar}\n\\end{document}\n
    "},{"location":"linux-server/","title":"linux\u670d\u52a1\u5668\u8fd0\u7ef4","text":""},{"location":"linux-server/#pid","title":"\u6839\u636epid\u67e5\u8be2\u7ec6\u8282","text":"

    sudo ls -lah /proc/<pid>\n
    \u7136\u540e\u6839\u636e\u5176\u4e2d\u7684cwd\u627e\u5230\u8fd0\u884c\u76ee\u5f55\uff0cexe\u627e\u5230\u8fd0\u884c\u7a0b\u5e8f

    "},{"location":"linux-server/#linux_1","title":"\u5728linux\u7ec8\u7aef\u5411\u7a0b\u5e8f\u8f93\u5165\u5b57\u8282","text":"
    # \u8f93\u5165raw bytes\necho -e '\\x31\\x32' | program\n\n# \u8f93\u5165raw binary\necho -e '\\x31\\x32' | xxd -r -p | program
    "},{"location":"linux-server/#_1","title":"\u67e5\u8be2\u670d\u52a1\u5668\u663e\u5361","text":"

    \u67e5\u8be2\u7269\u7406\u69fd\u663e\u5361\u8fde\u63a5

    lspci | grep VGA\n

    \u67e5\u8be2\u6d3b\u8dc3\u60c5\u51b5\uff08\u9700\u8981\u5b89\u88c5\u663e\u5361\u9a71\u52a8\uff0c\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5CUDA runfile\uff0c\u81ea\u5e26\u9a71\u52a8\uff09

    nvidia-smi\n
    "},{"location":"linux-server/#_2","title":"\u7edf\u8ba1\u670d\u52a1\u5668\u8fdb\u7a0b\u5360\u7528","text":"
    htop # \u89c2\u5bdf\u5185\u5b58\u3001\u5404\u8fdb\u7a0b\u3001CPU\u5360\u7528\nsudo ls -lah /proc/<pid>/cwd # \u89c2\u5bdf\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u5224\u65ad\u8c01\u7684\u7a0b\u5e8f\n
    "},{"location":"linux-server/#_3","title":"\u7edf\u8ba1\u78c1\u76d8\u7528\u91cf","text":"
    ncdu # \u7edf\u8ba1\u5f53\u524d\u76ee\u5f55\u4e0b\u5404\u4e2a\u6587\u4ef6\u5939\u5360\u7528\uff0c\u53ef\u4ee5\u8fdb\u5165\u3001\u5220\u9664\u6587\u4ef6\u5939\u6216\u76ee\u5f55\n
    "},{"location":"linux-server/#dns","title":"\u4fee\u6539DNS","text":"

    \u6709\u65f6\u5019\u8fde\u4e0d\u4e0a\u7f51\u662f\u56e0\u4e3aDNS\u7684\u95ee\u9898\uff0c\u4fee\u6539/etc/resolve.conf\u5373\u53ef\u3002\u4e0d\u8fc7\u8fd9\u4e2a\u8f6f\u8fde\u63a5\u4fee\u6539\u5b8c\u4e86\u4ee5\u540e\u53ef\u80fd\u4f1a\u88ab\u7cfb\u7edf\u6539\u6389\uff0c\u53ef\u4ee5\u8bd5\u8bd5\u5220\u6389\u4ee5\u540e\u76f4\u63a5\u521b\u5efa\u4e2a/etc/resolve.conf\u6587\u4ef6\uff0c\u518dchattr +i /etc/resovle.conf\u9632\u6b62\u4fee\u6539\u3002

    "},{"location":"picking-ups/","title":"\u6587\u53e5\u6458\u5f55","text":"

    Alligator in Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features (ISSTA 2023)

    RR: A Fault Model for Efficient TEE Replication (NDSS 2023)

    No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions (NDSS 2023)

    FUZZUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks (Oakland 2022)

    Registered Report: DATAFLOW Towards a Data-Flow-Guided Fuzzer

    A Survey on Adversarial Attacks for Malware Analysis

    Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land (Oakland 2021)

    A Systematical and longitudinal study of evasive behaviors in windows malware (Computers & Security 2021)

    Structural Attack against Graph Based Android Malware Detection (CCS 2021)

    Deep Learning for Android Malware Defenses: a Systematic Literature Review (ACM Survey 2021)

    Intriguing Properties of Adversarial ML Attacks in the Problem Space (Oakland 2020)

    P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling (USENIX SECURITY 2020)

    Toward the Analysis of Embedded Firmware through Automated Re-hosting (RAID 2019)

    REPT: Reverse Debugging of Failures in Deployed Software (USENIX SECURITY 2018)

    What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices (NDSS 2018)

    Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts (USENIX SECURITY 2017)

    POMP++: Facilitating Postmortem Program Diagnosis with Value-Set Analysis

    A Survey on Software Fault Localization (TSE 2016)

    "},{"location":"porting/","title":"\u6298\u817e\u7f51\u7ad9","text":""},{"location":"porting/#_2","title":"\u7aef\u53e3\u590d\u7528\u65b9\u6cd5","text":"

    \u7531\u4e8e\u670d\u52a1\u5668\u5b89\u5168\u8bbe\u5b9a\uff0c\u53ea\u5bf9\u5916\u5f00\u653e\u4e00\u4e2a22\u7aef\u53e3\u63d0\u4f9bssh\u8fde\u63a5\u3002\u90a3\u4e48\u5728\u6b64\u57fa\u7840\u4e0a\u5982\u4f55\u63d0\u4f9bhttp\u3001https\u7b49\u591a\u79cd\u670d\u52a1\uff1f\u641c\u7d22\u4e86\u4e0b\u53ef\u4ee5\u6839\u636e\u6d41\u91cf\u7279\u5f81\u7528sslh\u7b80\u5355\u8f6c\u53d1\u4e00\u4e0b\u6570\u636e\u5305\u5230\u4e0d\u540c\u7684\u5185\u90e8\u7aef\u53e3\u3002

    "},{"location":"porting/#sslh","title":"sslh\uff1a\u6839\u636e\u6d41\u91cf\u7279\u5f81\u8f6c\u53d1\u6570\u636e\u5305","text":"

    \u5728root\u4e0bapt install sslh\u540e\u4fee\u6539\u914d\u7f6e\u6587\u4ef6/etc/default/sslh\uff1a

    # Default options for sslh initscript\n# sourced by /etc/init.d/sslh\n\n# binary to use: forked (sslh) or single-thread (sslh-select) version\n# systemd users: don't forget to modify /lib/systemd/system/sslh.service\nDAEMON=/usr/sbin/sslh\nRun=yes\nDAEMON_OPTS=\"--user sslh --listen 0.0.0.0:4684 --ssh 127.0.0.1:5752 --tls 127.0.0.1:443 --http 127.0.0.1:1284 --pidfile /var/run/sslh/sslh.pid\"\n

    \u8fd9\u91cc\u4e5f\u53ef\u4ee5cat /lib/systemd/system/sslh.service\u770b\u4e00\u4e0bservice\u6587\u4ef6\uff0c\u5176\u4e2d\u6709\u4e00\u884cExecStart=/usr/sbin/sslh --foreground $DAEMON_OPTS\uff0c\u53ef\u4ee5\u770b\u5230\u5728\u542f\u52a8sslh\u65f6\u53c2\u6570\u662fDAEMON_OPTS\u3002\u6240\u4ee5\u91cd\u70b9\u5c31\u5728\u4e8e\u914d\u7f6e\u597dDAEMON_OPTS\u3002

    \u89e3\u91ca\u4e00\u4e0b\u51e0\u4e2a\u53c2\u6570\u7684\u610f\u601d\uff1a

    \u7136\u540esystemctl enable sslh\u3001systemctl start sslh\u542f\u52a8sslh\uff0c\u5c06\u672c\u57304684\u7aef\u53e3\u6536\u5230\u7684\u6d41\u91cf\u6839\u636essh\u3001ssl\u3001http\u7684\u7279\u5f81\u5206\u522b\u8fdb\u884c\u7aef\u53e3\u8f6c\u53d1\u3002

    \u6bd4\u8f83\u6709\u610f\u601d\u7684\u662f\u53ef\u4ee5\u7528--anyprot\u6765\u8bbe\u7f6e\u9ed8\u8ba4\u7684\u8f6c\u53d1\u7b56\u7565\uff0c\u914d\u5408nc -lk\u53ef\u4ee5\u770b\u81ea\u5b9a\u4e49\u7684\u6570\u636e\u5305\u683c\u5f0f\uff0c\u518d\u901a\u8fc7-F\uff08\u6216--config\uff09\u6307\u5b9aconfig\u6587\u4ef6\uff08\u6bd4\u5982/etc/sslh/sslh.cfg\uff09\uff0c\u5b9e\u73b0\u5229\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5bf9\u6570\u636e\u5305\u8fdb\u884c\u81ea\u5b9a\u4e49\u8f6c\u53d1\u3002

    \u6ce8\u610f\uff0c\u5982\u679c\u4f7f\u7528config\u6587\u4ef6\uff0c\u90a3\u4e48\u6587\u4ef6\u7684\u5185\u5bb9\u4e0d\u8981\u548c\u547d\u4ee4\u884c\u5df2\u6709\u7684\u5185\u5bb9\u91cd\u590d\u3002\u6bd4\u5982\u547d\u4ee4\u884c\u5df2\u7ecf\u6307\u5b9a\u4e86\u76d1\u542c127.0.0.1\u7aef\u53e3\u76844684\uff0c\u90a3config\u6587\u4ef6\u91cc\u5c31\u4e0d\u8981\u518d\u52a0\u4e0alisten:(xxx)\u4e86\u3002

    "},{"location":"porting/#ssh","title":"ssh\uff1a\u63d0\u4f9b\u8fdc\u7a0b\u8fde\u63a5","text":"

    \u7531\u4e8e\u539f\u672c\u5bf9\u5916\u5f00\u653e\u768422\u7aef\u53e3\u53ea\u7528\u4e8e\u63a5\u6536ssh\u8bf7\u6c42\uff0c\u5982\u679c\u60f3\u8981\u63d0\u4f9b\u66f4\u591a\u670d\u52a1\uff0c\u9700\u8981\u5148\u628a22\u7aef\u53e3\u7684\u63a5\u6536\u7684\u6570\u636e\u90fd\u8f6c\u53d1\u7ed9sslh\uff0c\u8ba9\u5b83\u6765\u8fdb\u884c\u5206\u7c7b\u3002\u90a3\u4e48ssh\u8bf7\u6c42\u5e94\u8be5\u5c31\u4e0d\u80fd\u518d\u8fd8\u7ed922\u7aef\u53e3\u4e86\uff08\u4e0d\u7136\u53ef\u80fd\u53c8\u88ab\u8f6c\u53d1\u7ed9sslh\uff1f\u4e0d\u786e\u5b9a\uff09\uff0c\u53ef\u4ee5\u8003\u8651\u518d\u5f00\u4e00\u4e2a\u7aef\u53e3\u76d1\u542cssh\u8bf7\u6c42\u3002\u8fd9\u91ccssh\u7684\u8bbe\u5b9a\u5f00\u4e86\u672c\u573022\u548c5752\u7aef\u53e3\uff0c\u914d\u7f6e\u65f6\u4fee\u6539/etc/ssh/sshd_config\u6587\u4ef6\uff0c\u52a0\u4e00\u884cPort 5752\u5373\u53ef\u3002\u540c\u65f6\u8bb0\u5f97\u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1\u767b\u5f55\uff0c\u7981\u7528\u5bc6\u7801\u767b\u5f55\u3002

    Port 22\nPort 5752\nPubkeyAuthentication yes\nPasswordAuthentication no\n
    "},{"location":"porting/#nginxhttphttps","title":"nginx\uff1a\u63d0\u4f9bhttp/https\u670d\u52a1","text":"

    \u5728nginx\u5b98\u7f51\u4e0b\u8f7d\u6e90\u7801\u5e76\u6309\u8bf4\u660e\u7f16\u8bd1\u3002nginx\uff081.22\u7248\u672c\uff09\u7684\u914d\u7f6e\u5982\u4e0b\uff1a

    user  c01dkit;\nworker_processes  1;\n\nevents {\n    worker_connections  1024;\n}\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n    sendfile        on;\n    keepalive_timeout  65;\n    server_tokens off;\n    server {\n        listen       1284;\n        listen       127.0.0.1:1284;\n        charset utf-8;\n        server_name  xxxx.c01dkit.com;\n        if ($scheme = http ) {\n            return 301 https://$host:xxxx$request_uri;  \n        }\n        error_page  404              /404.html;\n    }\n\n    server {\n        listen       127.0.0.1:443 ssl ;\n        listen       443 ssl ;\n        listen       [::]:443 ssl ;\n        server_name  xxxx.c01dkit.com;\n        charset utf-8;\n        ssl_certificate      xxxx/fullchain.pem;\n        ssl_certificate_key  xxxx/privkey.pem;\n\n        ssl_session_cache    shared:SSL:1m;\n        ssl_session_timeout  5m;\n\n        ssl_ciphers  HIGH:!aNULL:!MD5;\n        ssl_prefer_server_ciphers  on;\n\n        location / {\n            root   xxxxx;\n            index  index.html index.htm;\n            error_page  404              /404.html;\n\n        }\n        location ~ \\.php$ {\n            fastcgi_pass   unix:/run/php/php8.1-fpm.sock;\n            fastcgi_index  index.php;\n            fastcgi_param  SCRIPT_FILENAME  xxxx/www$fastcgi_script_name;\n            include        fastcgi_params;\n            error_page  404              /404.html;\n        }\n    }\n\n}\n

    \u8fd9\u91cc\u914d\u7f6e\u4e86nginx\u76d1\u542c\u672c\u57301284\u7aef\u53e3\u6765\u5904\u7406http\u8bbf\u95ee\uff0c\u5c06https\u8bf7\u6c42\u8f6c\u53d1\u5230443\u7aef\u53e3\uff0c\u4e5f\u8bbe\u7f6e\u4e86ssl\u7684\u8bc1\u4e66\u3002\u8bc1\u4e66\u7684\u914d\u7f6e\u65b9\u6cd5\u53ef\u4ee5\u89c1\u540e\u6587\u7684https\u8bc1\u4e66\u7ae0\u8282\u3002

    \u5173\u4e8enginx\uff0c\u53ef\u4ee5nginx -V\u67e5\u770b\u7f16\u8bd1\u9009\u9879\uff0c\u7136\u540e\u81ea\u5df1\u4ece\u6e90\u7801\u7f16\u8bd1\u4e0b\u3002\u5e38\u89c1\u7684-V\u8f93\u51fa\u6709\uff1a

    nginx version: nginx/1.22.1\nbuilt by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) \nbuilt with OpenSSL 3.0.2 15 Mar 2022\nTLS SNI support enabled\nconfigure arguments: --user=c01dkit --group=c01dkit --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module\n

    \u8fd9\u91cc\u6307\u5b9auser\u4e3ac01dkit\uff0c\u7136\u540e\u7f51\u7ad9\u4e5f\u90fd\u653e\u5728c01dkit\u7684\u5bb6\u76ee\u5f55\u91cc\u9762\uff0c\u4ee5\u9632\u7f51\u7ad9\u9875\u9762\u56e0\u4e3a\u6743\u9650\u95ee\u9898\u6253\u4e0d\u5f00\uff08\u597d\u50cf\u9ed8\u8ba4\u662fwww-data\uff09\uff0c\u53ef\u80fd\u662f\u87f9\u811a\u6539\u6cd5\u25cb( \uff3e\u76bf\uff3e)\u3063

    "},{"location":"porting/#iptablessslh","title":"iptables\uff1a\u8f6c\u53d1\u5916\u90e8\u8bbf\u95ee\u5230sslh","text":"

    \u6700\u540e\u63a5\u7740\u8bbe\u7f6e\u9632\u706b\u5899\u5c06\u6240\u6709\u5916\u90e8\u6d41\u91cf\u4ece\u5f00\u653e\u7684\u552f\u4e00\u7aef\u53e3\u8f6c\u53d1\u52304684\u7aef\u53e3\u5373\u53ef\u3002

    iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u8fd9\u91cc\u5047\u5b9a\u5916\u90e8\u7aef\u53e3\u5f00\u653e\u7684\u7aef\u53e3\u6620\u5c04\u5230\u672c\u573022\u7aef\u53e3\u3002\u8fd9\u91cc22\u7aef\u53e3\u4e5f\u662f\u6709ssh\u670d\u52a1\u5728\u76d1\u542c\u3002

    \u6709\u65f6\u62c5\u5fc3sslh\u670d\u52a1\u6302\u6389\u5bfc\u81f44684\u6ca1\u6709ssh\u670d\u52a1\u3001ssh\u8fde\u4e0d\u4e0a\uff0c\u8bbe\u7f6e\u4e86\u5b9a\u65f6\u4efb\u52a1\u6765\u5173\u6389\u3001\u6253\u5f00\u9632\u706b\u5899\uff08\u6b64\u65f6\u53ea\u80fdssh\u8fde\u63a5\uff0c\u63d0\u4f9b\u8fd0\u7ef4\u7a97\u53e3\u671f\uff09\uff0c\u6bd4\u5982\u6bcf\u5468\u4e094\u70b9\u52306\u70b9\u53ea\u63d0\u4f9b22\u7aef\u53e3\u7684ssh\u670d\u52a1\uff1a

    # Edit this file to introduce tasks to be run by cron.\n# \n# Each task to run has to be defined through a single line\n# indicating with different fields when the task will be run\n# and what command to run for the task\n# \n# To define the time you can provide concrete values for\n# minute (m), hour (h), day of month (dom), month (mon),\n# and day of week (dow) or use '*' in these fields (for 'any').\n# \n# Notice that tasks will be started based on the cron's system\n# daemon's notion of time and timezones.\n# \n# Output of the crontab jobs (including errors) is sent through\n# email to the user the crontab file belongs to (unless redirected).\n# \n# For example, you can run a backup of all your user accounts\n# at 5 a.m every week with:\n# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/\n# \n# For more information see the manual pages of crontab(5) and cron(8)\n# \n# m h  dom mon dow   command\n0 4 * * 3 iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n0 6 * * 3 iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 4684\n

    \u7531\u4e8e\u8fd9\u6837\u8bbe\u7f6eiptables\u4f1a\u5728\u670d\u52a1\u5668\u91cd\u542f\u540e\u5931\u6548\uff0c\u6240\u4ee5\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u7684\u8bdd\u53ea\u4e0d\u8fc7\u662f\u6062\u590d\u5230\u6700\u57fa\u7840\u768422\u7aef\u53e3ssh\u800c\u5df2\u3002

    "},{"location":"porting/#https","title":"https\u8bc1\u4e66","text":"

    \u5173\u4e8ehttps\u8bc1\u4e66\uff0c\u53ef\u4ee5\u6309\u8fd9\u91cc\u7684\u65b9\u6cd5\uff0c\u5148snap install --classic certbot\u5b89\u88c5certbot\uff0c\uff08\u4e0d\u77e5\u9053\u4e3a\u5565\u5f53\u65f6\u8bbe\u7f6e\u4e86\u4e00\u4e0bcertbot\u8def\u5f84sudo ln -s /snap/bin/certbot /usr/bin/certbot\uff09\u3002\u5982\u679c80\u7aef\u53e3\u5df2\u7ecf\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u7b80\u5355\u5730certbot --nginx\u81ea\u52a8\u5e2e\u5fd9\u8ba4\u8bc1\uff08\u5373certbot\u521b\u5efa\u8ba4\u8bc1\u6587\u4ef6\u7136\u540e\u5728\u516c\u7f51\u8bbf\u95ee\uff09\u3002\u5982\u679c80\u7aef\u53e3\u4e0d\u5bf9\u5916\u5f00\u653e\uff0c\u53ef\u4ee5\u81ea\u9009dns\u8ba4\u8bc1\uff1acertbot certonly --manual --preferred-challenges=dns\u7136\u540e\u5728\u57df\u540d\u7ba1\u7406\u90a3\u8fb9\u6dfb\u52a0\u4e00\u4e0b\u8bb0\u5f55\u5373\u53ef\uff0c\u6bd4\u5982\u521b\u5efa\u4e00\u4e2a_acme-challenge.remote\u7684TXT\u8bb0\u5f55\u3002\u7136\u540e\u5728nginx\u7684conf\u90a3\u91cc\u8bbe\u7f6e\u597d\u8bc1\u4e66\u8def\u5f84\uff0c\u8bbf\u95ee\u5c31\u6709https\u8ba4\u8bc1\u4e86\uff01\u5bf9\u4e8ehttp\u8bbf\u95ee\uff0c\u53ef\u4ee5\u7528301\u8df3\u8f6c\u3002

    \u4e00\u6b21\u8ba4\u8bc1\u662f90\u5929\u6709\u6548\u671f\uff0c\u5230\u671f\u4e4b\u524d\u4f1a\u53d1\u90ae\u4ef6\uff0c\u66f4\u65b0\u8bc1\u4e66\u65f6\u9700\u8981\u8fd0\u884ccertbot renew --manual-auth-hook=xxx.sh \u5176\u4e2dsh\u811a\u672c\u662f\u81ea\u5df1\u7f16\u5199\u7684\u4e00\u4e2a\u81ea\u52a8\u5316\u5b8c\u6210DNS\u8bb0\u5f55\u66f4\u65b0\u3002\u4e3a\u4e86\u61d2\u7701\u4e8b\uff0c\u53ef\u4ee5\u8fd9\u4e48\u5199\uff1a

    echo ${CERTBOT_VALIDATION} >> xxx.txt\necho ${CERTBOT_DOMAIN} >> xxx.txt\nsleep 120\nexit 0\n

    \u7136\u540e\u5728\u4e24\u5206\u949f\u4e4b\u5185\uff0c\u628axxx.txt\u91ccCERTBOT_VALIDATION\u5bf9\u5e94\u7684\u54c8\u5e0c\u503c\u624b\u52a8\u66f4\u65b0\u5728DNS\u8bb0\u5f55\u91cc\u5373\u53ef\u3002

    "},{"location":"pwn-college-cse365-spring2023/","title":"CSE 365 - Spring 2023","text":"

    \u5728\u7ec8\u7aef\u8fde\u63a5pwn-college\u65f6\uff0c\u5148\u5728\u7f51\u9875\u7aef\u914d\u7f6e\u4e0b\u516c\u94a5\uff0c\u7136\u540essh -i \u79c1\u94a5 hacker@dojo.pwn.college\u5373\u53ef\u3002\u7f51\u9875\u7aef\u542f\u52a8\u4e00\u4e2a\u5b9e\u4f8b\u540e\uff0c\u8fdc\u7a0b\u4e5f\u4f1a\u81ea\u52a8\u542f\u52a8\u5bf9\u5e94\u7684\u73af\u5883\u3002\u95ee\u9898\u4e00\u822c\u653e\u5728\u6839\u76ee\u5f55\u7684challenge\u6587\u4ef6\u5939\u4e0b

    "},{"location":"pwn-college-cse365-spring2023/#talking-web","title":"Talking Web \u5b66\u4e60\u7b14\u8bb0","text":"

    \u8bf7\u6c42\u7b2c\u4e00\u884cRequest line\uff1a\u8bf7\u6c42\u65b9\u6cd5 URI \u534f\u8bae\u7248\u672c CRLF

    \u54cd\u5e94\u7b2c\u4e00\u884cStatus line\uff1a\u534f\u8bae\u7248\u672c \u72b6\u6001\u7801 \u89e3\u91ca CRLF

    \u5e38\u89c1\u7684\u8bf7\u6c42\u65b9\u6cd5\uff1a

    HTTP URL Scheme\uff1ascheme://host:port/path?query#fragment

    \u8bf7\u6c42\u7684\u8d44\u6e90\u542b\u6709\u4e00\u4e9b\u7279\u6b8a\u7b26\u53f7\u6bd4\u5982?,/,&,#\u7b49\u7b49\u65f6\uff0c\u4f7f\u7528%xx\u8fdb\u884c\u7f16\u7801\uff0c\u5176\u4e2dxx\u662fASCII\u7801\u3002\u8fd9\u79cd\u505a\u6cd5\u79f0\u4e3aurlencoding

    POST\u8bf7\u6c42\u65f6\uff0c\u9700\u8981\u5e26\u4e0aContent-Type

    \u524d\u8005body\u91cc\u5199a=xx\uff0c\u540e\u8005\u5199{\"a\":\"xx\"}\u3002json\u53ef\u4ee5\u6784\u9020\u66f4\u590d\u6742\u7684blob

    RFC 1945 HTTP\u534f\u8bae\u662f\u65e0\u72b6\u6001\u7684\uff0c\u4f46\u662f\u7f51\u7edc\u5e94\u7528\u662f\u6709\u72b6\u6001\u7684\u3002\u4f7f\u7528cookie\u6765\u4fdd\u6301\u72b6\u6001\u3002

    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course","title":"Assembly Crash Course \u5b66\u4e60\u7b14\u8bb0","text":""},{"location":"pwn-college-cse365-spring2023/#building-a-web-server","title":"Building a Web Server \u5b66\u4e60\u7b14\u8bb0","text":"

    \u4f7f\u7528socket\u521b\u5efa\u4e00\u4e2aA-B\u7684\u7f51\u7edc\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528bind\u5c06socket\u4e0e\u5177\u4f53\u7684ip\u7ed1\u5b9a\u3002\u4f7f\u7528listen\u6765\u88ab\u52a8\u4fa6\u542csockfd\u3002\u4f7f\u7528accept\u63a5\u53d7\u5916\u90e8\u8fde\u63a5\u3002

    \u4f7f\u7528TCP/IP\u8fdb\u884c\u7f51\u7edc\u901a\u8baf\uff0c\u670d\u52a1\u5668\u7aef\u7684\u4f8b\u5b50\u5982\uff1a

    // int socket(int domain, int type, int protocol)\nsocket_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)\n\n// int bind(int sockfd, struct sockaddr* addr, socklen_t addrlen)\n/*\n * struct sockaddr {\n *   uint16_t sa_family;\n *   uint8_t  sa_data[14];   \n * }\n * \n * struct sockaddr_in {\n *   uint16_t sin_family;\n *   uint16_t sin_port;\n *   uint32_t sin_addr;\n *   uint8_t  __pad[8];\n * }\n*/\nbind(socket_fd, {sa_family=AF_INET, sin_port=htons(port), sin_addr=inet_addr(\"0.0.0.0\")}, 16)\n\n// int listen(int sock fd, int backlog);\nlisten(socket_fd, 0)\n\n// int accept(int sockfd, struct sockaddr* addr, socklen_t* addrlen);\ntunnel = accept(socket_fd, NULL, NULL)\n\n// revceive http request: GET / HTTP/1.0\nread(tunnel, \"GET / HTTP/1.0\",19)\n\n// response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19)\n\n// receive http request: GET /flag HTTP/1.0\nread(tunnel, \"GET /flag HTTP/1.0\\r\\n\\r\\n\",256)\n\n// open and read file\nfilefd = open(\"/flag\",O_RDDONLY)\nread(filefd, \"FLAG\", 256)\n\n//response\nwrite(tunnel, \"HTTP/1.0 200 OK\\r\\n\\r\\nFLAG\", 27)\n\nclose(tunnel)\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering","title":"Reverse Engineering \u5b66\u4e60\u7b14\u8bb0","text":" 
    start\nbreak *main+42\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x32)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n
    start\ncatch syscall read\ncommands\n    silent\n    if ($rdi == 42)\nset $rdi = 0\nend\n    continue\nend\ncontinue\n
    "},{"location":"pwn-college-cse365-spring2023/#talking-web-writeups","title":"Talking Web WriteUps","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u76ee\u662f\u7528curl\u3001python\u548cnc\u6765\u5b9e\u73b0\u53d1\u9001\u5404\u79cdhttp\u8bf7\u6c42\uff0c\u5148\u8fd0\u884c/challenge/run\u542f\u52a8flask\u670d\u52a1\u5668\uff0c\u7136\u540e\u65b0\u5f00\u4e2a\u7ec8\u7aef\u7528\u5404\u79cd\u59ff\u52bf\u8fde\u63a5\u672c\u5730127.0.0.1\u5373\u53ef\u3002

    \u8fd9\u4e09\u79cd\u5de5\u5177\u7684\u5927\u81f4\u601d\u8def\uff1a

    \u9700\u8981\u5148\u7b80\u5355\u5730\u8fde\u63a5127.0.0.1\u7136\u540e\u6839\u636e\u62a5\u9519\u63d0\u793a\u6765\u4fee\u6539\u8bf7\u6c42\u3002

    Level 1

    Send an HTTP request using curl

    curl http://127.0.0.1\n

    Level 2

    Send an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\n

    Level 3

    Send an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 4

    Set the host header in an HTTP request using curl

    curl -H 'host:xxxxx' http://127.0.0.1\n

    Level 5

    Set the host header in an HTTP request using nc

    nc 127.0.0.1 80\nGET / HTTP/1.1\nhost:xxxxx\n

    Level 6

    Set the host header in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1\", headers={\"host\":\"xxx\"}).text\n

    Level 7

    Set the path in an HTTP request using curl

    curl http://127.0.0.1/xxxxx\n

    Level 8

    Set the path in an HTTP request using nc

    nc 127.0.0.1 80\nGET /xxxx HTTP/1.1\n

    Level 9

    Set the path in an HTTP request using python

    import requests as r\nr.get(\"http://127.0.0.1/xxx\").text\n

    Level 10~12

    URL encode a path in an HTTP request using curl/nc/python

    \u7528%20\u66ff\u6362\u6389\u7a7a\u683c\u5373\u53ef

    Level 13~15

    Specify an argument in an HTTP request using curl/nc/python

    GET\u52a0\u53c2\u6570\uff0c\u5728\u8def\u5f84\u540e\u9762\u8ffd\u52a0?a=xxx\u5373\u53ef

    nc\u65f6\u52a0\u5230nc\u8fde\u63a5\u4ee5\u540e\u7684GET\u540e\u9762

    Level 16~18

    Specify multiple arguments in an HTTP request using curl/nc/python

    \u7ed3\u540810~15\u9898\uff0c\u7a7a\u683c\u7528%20\u6362\u6389\uff0c\u4e0e\u53f7\u7528%26\u6362\u6389\uff0c\u4e95\u53f7\u7528%23\u6362\u6389

    Level 19~21

    Include form data in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length:34\n\na=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx'}).text\n

    Level 22~24

    Include form data with multiple fields in an HTTP request using curl/nc/python

    #curl\ncurl http://127.0.0.1 -F a=xxx -F b='xxxx'\n\n#nc\nPOST / HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 78\n\na=xxx&b=xxx\n\n#python\nimport requests as r\nr.post(\"http://127.0.0.1\",data={'a':'xxx','b':'xxx'}).text\n

    Level 25~27

    Include json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type:application/json' -d '{\"a\":\"xxx\"}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length:40\\r\\n\\r\\n{\"a\":\"xxx\"}' |  nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\"})).text\n

    Level 28~30

    Include complex json data in an HTTP request using curl/nc/python

    #curl\ncurl -X POST -H 'Content-Type: application/json' -H 'Content-Length: 121' -d '{\"a\":\"xxx\", \"b\":{\"c\": \"xxxx\", \"d\": [\"xxx\", \"xxx\"]}}' http://127.0.0.1\n\n#nc\necho -ne 'POST / HTTP/1.1\\r\\nContent-Type: application/json\\r\\nContent-Length: 121\\r\\n\\r\\n{\"a\":\"xxx\", \"b\":{\"c\": \"xxx\", \"d\": [\"xxx\", \"xxx\"]}}' | nc 127.0.0.1 80\n\n#python\nimport requests as r\nimport json\nr.post(\"http://127.0.0.1\",headers={\"Content-Type\":\"application/json\"},data=json.dumps({\"a\":\"xxx\",\"b\":{'c': 'xxx', 'd': ['xxx', 'xxx']}})).text\n

    Level 31~33

    Follow an HTTP redirect from HTTP response using curl/nc/python

    #curl\ncurl -L http://127.0.0.1\n\n#nc\necho -ne \"GET /xxx HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\n#python\u9ed8\u8ba4\u8ddf\u968f\u8df3\u8f6c\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 34~36

    Include a cookie from HTTP response using curl/nc/python

    #curl\ncurl http://127.0.0.1 -v\ncurl -b \"cookie=xxx\" http://127.0.0.1\n\n#nc\necho -ne \"GET / HTTP/1.1\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:cookie=xxxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python \u9ed8\u8ba4\u81ea\u52a8\u63a5\u53d7cookie\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n

    Level 37~39

    Make multiple requests in response to stateful HTTP responses using curl/nc/python

    #curl \u5b8c\u62103\u6b21\u4ea4\u4e92\u5373\u53ef\ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v \ncurl -b \"session=xxx\" http://127.0.0.1 -v #nc\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\necho -ne \"GET / HTTP/1.1\\r\\nCookie:session=xxx\\r\\n\\r\\n\" | nc 127.0.0.1 80\n\n#python\nimport requests as r\nr.get(\"http://127.0.0.1\").text\n
    "},{"location":"pwn-college-cse365-spring2023/#assembly-crash-course-writeups","title":"Assembly Crash Course Writeups","text":"

    \u8fd9\u4e2a\u7ae0\u8282\u7684\u9898\u9700\u8981\u628a\u6c47\u7f16\u53d8\u6210raw bytes\uff0c\u7136\u540e\u5582\u7ed9/challenge/run\u3002\u9700\u8981\u5148\u8fd0\u884c\u8fd9\u4e2arun\uff0c\u7136\u540e\u6839\u636e\u8981\u6c42\u5b8c\u6210\u3002\u6bd4\u5982\u53ef\u4ee5\u7528pwntools\u7684asm\u6a21\u5757\u751f\u6210\u6c47\u7f16\uff0c\u7136\u540eecho\u8fdbrun\u91cc\u3002

    Level 1

    In this level you will work with registers_use! Please set the following: rdi = 0x1337

    from pwn import *\ncontext.arch='amd64'\nasm('mov rdi,0x1337')\n\n#b'H\\xc7\\xc77\\x13\\x00\\x00'\n
    \u7136\u540e\u5728shell\u91ccecho -ne 'H\\xc7\\xc77\\x13\\x00\\x00' | /challenge/run\u5373\u53ef\u3002

    Level 2

    asm('add rdi,0x331337')\n

    Level 3

    asm('imul rdi,rsi; add rdi,rdx; mov rax,rdi')\n

    Level 4

    \u5b66\u4e60div\u9664\u6cd5\uff0cdiv reg\u4f1a\u4f7f\u7528rax\u4f5c\u4e3a\u88ab\u9664\u6570\uff0creg\u4f5c\u4e3a\u9664\u6570\uff0c\u7136\u540e\u81ea\u52a8\u4f7f\u7528rax\u5b58\u653e\u5546\uff0crdx\u5b58\u653e\u4f59\u6570\u3002

    asm('mov rax, rdi;div rsi')\n

    Level 5

    asm('mov rax, rdi;div rsi;mov rax, rdx')\n

    Level 6

    \u9664\u6570\u4e3a2\u7684\u5e42\u6b21\u65f6\uff0c\u76f4\u63a5\u4f7f\u7528mov\u4fdd\u7559\u5bc4\u5b58\u5668\u7684\u4e00\u90e8\u5206\u5373\u53ef\u3002\u6ce8\u610fmov\u4e24\u4e2a\u5bc4\u5b58\u5668\u957f\u5ea6\u8981\u4e00\u81f4\u3002

    asm('mov al, dil;mov bx, si')\n

    Level 7

    shl\u5de6\u79fb\uff0cshr\u53f3\u79fb\uff08\u9ad8\u4f4d\u88650\uff09

    asm('shl rdi, 59; shr rdi, 63; mov rax, rdi')\n

    Level 8

    and reg1, reg2\u4f1a\u628areg1\u548creg2\u8fdb\u884c\u903b\u8f91\u4e0e\u7684\u7ed3\u679c\u4fdd\u5b58\u5728reg1\u91cc\u3002\u9898\u76ee\u4e0d\u8ba9\u7528mov\uff0c\u90a3\u53ef\u4ee5\u91c7\u7528\u7f6e0\u51cf1\u7684\u65b9\u5f0f\u83b7\u5f972^65-1\uff0c\u7136\u540eand\u5373\u53ef\u3002

    asm('xor rax, rax; sub rax, 1; and rax, rdi; and rax, rsi')\n

    Level 9

    \u9898\u76ee\u8981\u6c42\u53ea\u7528and\uff0cor\uff0cxor\u5b9e\u73b0\u4e00\u4e2a\u5947\u5076\u5224\u65ad\u7684\u529f\u80fd\u3002\u6574\u4f53\u601d\u8def\u662fxor\u53cd\u8f6c\u6bd4\u7279\u3001\u6e05\u7a7a\u503c\uff0cor\u505a\u52a0\u6cd5\uff0cand\u53d6\u6700\u4f4e\u4f4d\u3002

    asm('xor rax, rax; or rax, 1; and rax, rdi; xor rax, 1')\n

    Level 10

    \u6709\u5173\u8bbf\u95ee\u5185\u5b58\u7684\u64cd\u4f5c\u3002mov reg, [address]\u7528\u4e8e\u628aaddress\u5730\u5740\u5904\u7684\u503c\u8d4b\u7ed9reg\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5mov [address], reg\u628areg\u7684\u503c\u4fdd\u5b58\u5728address\u5730\u5740\u3002\u52a0\u4e00\u5c42\u65b9\u62ec\u53f7\u53ea\u662f\u8868\u793a\u5f53\u4f5c\u5730\u5740\u3002\u4e0d\u8981\u4e0b\u610f\u8bc6\u8fdb\u884c\u66f4\u591a\u6b21\u6570\u7684\u89e3\u5f15\u7528\u3002

    asm('mov rbx, [0x404000]; mov rax, rbx; add rbx, 0x1337; mov [0x404000], rbx')\n

    Level 11

    \u5982\u679cmov\u4e00\u65b9\u4e3a\u5bc4\u5b58\u5668\uff0c\u4e00\u65b9\u4e3a\u5730\u5740\uff0c\u4f1a\u6839\u636e\u5bc4\u5b58\u5668\u7684\u5927\u5c0f\u81ea\u52a8\u63a8\u65ad\u4ece\u5730\u5740\u4e2dload\u591a\u5c11\u5b57\u8282\u3002

    asm('mov al, [0x404000]; mov bx, [0x404000]; mov ecx, [0x404000]; mov rdx, [0x404000];')\n

    Level 12

    \u5bf9\u4e8e\u6bd4\u8f83\u5927\u7684\u7acb\u5373\u6570\uff0c\u53ef\u4ee5\u5148\u653e\u5728\u5bc4\u5b58\u5668\uff0c\u7136\u540e\u518dmov\u5230\u6307\u5b9a\u4f4d\u7f6e\u3002

    asm('mov rax, 0xdeadbeef00001337; mov [rdi], rax; mov rax, 0xc0ffee0000; mov [rsi], rax')\n

    Level 13

    asm('mov rax, [rdi]; add rax, [rdi+8]; mov [rsi], rax')\n

    Level 14

    asm('pop rax;sub rax,rdi; push rax')\n

    Level 15

    \u4f7f\u7528\u6808\u53ef\u4ee5\u7b80\u5355\u5730\u4ea4\u6362\u5bc4\u5b58\u5668

    asm('push rdi; push rsi; pop rdi; pop rsi')\n

    Level 16

    \u5b9e\u73b0\u6808\u4e0a\u7684\u6570\u636e\u53d6\u5e73\u5747\uff0c\u7528[rsp+X]\u6765\u53d6\u503c\uff08\u4e00\u822c\u7528rbp\u6765\u53d6\u5427\uff1f\uff09

    asm('mov rax, [rsp]; add rax, [rsp+8]; add rax, [rsp+16]; add rax, [rsp+24]; mov rbx, 4; div rbx; push rax')\n

    Level 17

    \u4f7f\u7528label\u8bbe\u7f6e\u76f8\u5bf9\u8df3\u8f6c\u5730\u5740\uff0c\u4f7f\u7528\u5355\u5b57\u8282\u7684nop\u586b\u5145\u3002\u4e0d\u8fc7\u9898\u76ee\u8981\u6c42\u7684\u201c\u4ecejmp\u504f\u79fb0x51\u7684\u5730\u5740\u201d\u6709\u70b9\u8ff7\u60d1\uff0c\u770b\u7ed3\u679c\u7684\u8bdd\u4f3c\u4e4e\u9ed8\u8ba4\u662fjmp\u6267\u884c\u540e\u7684\u5730\u5740\u518d\u504f\u79fb0x51\uff0c\u800c\u4e0d\u662fjmp\u6307\u4ee4\u672c\u8eab\u7684\u5730\u5740\u504f\u79fb0x51\uff0c\u6240\u4ee5\u4e0d\u9700\u8981\u77e5\u9053jmp\u6307\u4ee4\u672c\u8eab\u7684\u957f\u5ea6\u3002

    asm('jmp lab;'+'nop;'*0x51+'lab: mov rdi, [rsp]; mov rax, 0x403000; jmp rax')\n

    Level 18

    \u5b9e\u73b0if-else\u8df3\u8f6c\u3002\u6ce8\u610f\u5185\u5b58\u8ba1\u7b97\u4f7f\u7528dword\u768432\u4f4d\u6570\u636e\uff0c\u7528eax\u800c\u4e0d\u662frax\u3002

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"mov eax, [rdi+4]\nmov ebx, 0x7f454c46\ncmp ebx, [rdi]\nje case1\nmov ebx, 0x5a4d\ncmp ebx, [rdi]\nje case2\nimul eax, [rdi+8]\nimul eax, [rdi+12]\njmp done\ncase1:\n    add eax, [rdi+8]\n    add eax, [rdi+12]\n    jmp done\ncase2:\n    sub eax, [rdi+8]\n    sub eax, [rdi+12]\n    jmp done\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 19

    jmp [reg + offset]\u95f4\u63a5\u8df3\u8f6c\uff0c\u4f7f\u7528rsi\u4fdd\u5b58\u8df3\u8f6c\u8868\u7684\u57fa\u5730\u5740\uff0c\u7528\u4e8e\u5b9e\u73b0switch\u3002\u8fd9\u91cc\u597d\u50cf\u662fjnz\u4e0d\u652f\u6301\u95f4\u63a5\u8df3\u8f6c\u3002

    asm('mov rax, rdi; shr rax, 2; jnz final; jmp [rsi + rdi * 8]; final: jmp [rsi + 32]')\n

    Level 20

    \u5b9e\u73b0\u4e00\u4e2a\u7b80\u5355\u7684\u6c42\u5e73\u5747\u51fd\u6570

    from pwn import *\ncontext.arch='amd64'\npayload=\"\"\"xor rax, rax\nxor rcx, rcx\nloop:\n    cmp rcx, rsi\n    je done\n    add rax, [rdi + 8 * rcx]\n    add rcx, 1\n    jmp loop\ndone:\n    div rsi\n\"\"\"\n\nprint(asm(payload))\n

    Level 21

    \u5b9e\u73b0\u4e00\u4e2astrlen\u51fd\u6570\uff0c\u9010byte\u68c0\u67e5\u662f\u5426\u4e3a0\u3002\u6ce8\u610fmov\u4e0d\u4f1a\u6539\u53d8EFLAGS\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nxor rax, rax\ntest rdi, rdi\njz done\nloop: mov bl, [rdi + rax]\ntest bl,bl\njz done\nadd rax, 1\njmp loop\ndone:\n    nop\n\"\"\"\n\nprint(asm(payload))\n

    Level 22

    \u8fd9\u9053\u9898\u7ed9\u7684\u89e3\u91ca\u4e0d\u662f\u5f88\u6e05\u695a\uff0c\u5c3d\u7ba1\u662f\u7b2c\u4e00\u6b21\u63d0\u5230\u4f7f\u7528call\u8fdb\u884c\u51fd\u6570\u8c03\u7528\uff0c\u4f46\u662f\u6ca1\u6709\u8bf464\u4f4d\u7a0b\u5e8f\u4f9d\u6b21\u4f7f\u7528rdi,rsi,rdx,rcd,r8,r9\u8fdb\u884c\u4f20\u53c2\u3001rax\u4fdd\u5b58\u51fd\u6570\u8fd4\u56de\u7ed3\u679c\uff0c\u4e5f\u6ca1\u6709\u8bf4\u662f\u7531\u4e3b\u8c03\u51fd\u6570\u8fd8\u662f\u88ab\u8c03\u51fd\u6570\u6765\u4fdd\u5b58\u5bc4\u5b58\u5668\u3002\u66f4\u5947\u602a\u7684\u662f\u867d\u7136\u8ba9\u5b9e\u73b0\u4e00\u4e2astr_lower\u51fd\u6570\uff0c\u4f46\u662f\u6ca1\u6709\u6309\u51fd\u6570\u5b9e\u73b0\u7684\u6807\u51c6\u5199PROG\uff0c\u751a\u81f3\u6700\u540e\u8fd8\u7528ret\u6765\u7ed3\u675f\u3002

    from pwn import *\ncontext.arch='amd64'\npayload = \"\"\"\nmov rdx, rdi\nxor rax, rax\nxor rcx, rcx\ntest rdx, rdx\njz done\nloop:\n    mov bl, [rdx]\n    test bl,bl\n    jz done\n    cmp bl, 0x5a\n    jg notif\n    mov rax, 0x403000\n    xor rdi, rdi\n    mov dil, bl\n    call rax\n    mov [rdx], al\n    add rcx, 1\nnotif:\n    add rdx, 1\n    jmp loop\ndone:\n    mov rax, rcx\n    ret\n\"\"\"\n\nprint(asm(payload))\n

    Level 23

    \u5b9e\u73b0\u4e00\u4e2a\u67e5\u8be2\u5b57\u7b26\u4e32\u4e2d\u54ea\u4e2a\u5b57\u7b26\u6700\u591a\u7684\u51fd\u6570\u3002\u6bcf\u4e2a\u5b57\u7b26\u4e0d\u8d85\u8fc70xffff\u4e2a\uff0c\u6240\u4ee5\u8981\u75284\u5b57\u8282\u7684\u5bc4\u5b58\u5668\u6765\u8fdb\u884c\u5b58\u653e\u3002\u8fd9\u91cc\u4f3c\u4e4e\u4e0d\u652f\u6301\u76f4\u63a5mov rbx, [ebp - rcx * 4]\u4e4b\u7c7b\u7684\u65b9\u6cd5\uff0c\u5c31\u7528r8\u548cr9\u4e34\u65f6\u5b58\u653e\u4e00\u4e0b\u4e86\u3002

    from pwn import *\n\ncontext.arch = 'amd64'\n\npayload = \"\"\"\npush rbp\nmov rbp, rsp\nsub rsp, 0x400\nxor rax, rax\nxor rcx, rcx\nmov rdx, rsi\nsub rdx, 0x1\nloop1: \n    cmp rcx, rdx\n    jg loop1_end\n    mov al, [rdi + rcx]\n    mov r8, rbp\n    mov r9, rax\n    imul r9, 4\n    sub r8, r9\n    mov ebx, [r8]\n    add ebx, 1\n    mov [r8], ebx\n    add rcx, 1\n    jmp loop1\nloop1_end:\nxor rax, rax\nxor rbx, rbx\nxor rcx, rcx\nloop2:\n    cmp rcx, 0xff\n    jg loop2_end\n    mov r8, rbp\n    mov r9, rcx\n    imul r9, 4\n    sub r8, r9\n    mov edx, [r8]\n    cmp edx, ebx\n    jle loop2_conti\n    mov rbx, rdx\n    mov rax, rcx\nloop2_conti:\n    add rcx, 1\n    jmp loop2\nloop2_end:\nmov rsp, rbp\npop rbp\nret\n\"\"\"\n\nprint(asm(payload))\n
    "},{"location":"pwn-college-cse365-spring2023/#building-a-web-server-writeups","title":"Building a Web Server Writeups","text":"

    \u4e0d\u5f97\u4e0d\u5410\u69fdpwn-college\u6709\u4e00\u70b9\u4e0d\u597d\uff0c\u6bcf\u4e2a\u6a21\u5757\u7b2c\u4e00\u4e2achallenge\u8bf4\u660e\u592a\u5c11\u4e86\uff0c\u5b8c\u5168\u4e0d\u77e5\u9053\u4ece\u54ea\u5f00\u59cb\u4e0b\u624b\u3002\u5728challenge 1\u7684wp\u91cc\u8be6\u7ec6\u8bb2\u4e00\u4e0b\u8fd9\u4e2a\u6a21\u5757\u600e\u4e48\u5f00\u59cb\u505a\uff0c\u7136\u540e\u540e\u7eed\u5c31\u7701\u7565\u4e86\u3002

    \u7528\u6c47\u7f16\u5199server\uff0c\u53ef\u4ee5\u67e5\u886864\u4f4dsyscall\u624b\u518c

    Level 1

    \u9996\u5148\u8fd8\u662f\u8fd0\u884c/challeng/run\uff0c\u5f97\u5230\u4e00\u6bb5\u8f93\u51fa\uff1a

    ===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\nUsage: `/challenge/run <path_to_web_server>`\n\n$ cat server.s\n.intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n\n$ as -o server.o server.s && ld -o server server.o\n\n$ strace ./server\nexecve(\"./server\", [\"./server\"], 0x7ffccb8c6480 /* 17 vars */) = 0\nexit(0)                                 = ?\n+++ exited with 0 +++\n

    \u8fd9\u9053\u9898\u7684\u610f\u601d\u662f\u8ba9\u7528\u6c47\u7f16\u5199\u4e00\u4e2a\u670d\u52a1\u7aef\u3002\u5728\u8fd0\u884c/challenge/run server\u7684\u65f6\u5019\uff0c\u5224\u9898\u7a0b\u5e8f\u4f1a\u542f\u52a8\u7528\u6237\u6307\u5b9a\u7684\u8fd9\u4e2aserver\uff0c\u7136\u540e\u68c0\u67e5\u8fd9\u4e2aserver\u7a0b\u5e8f\u662f\u4e0d\u662f\u76f4\u63a5exit(0)\u4e86\u3002\u6240\u4ee5\u53ea\u9700\u8981\u7f16\u8bd1\u4e00\u4e2aexit(0)\u7684server\u5373\u53ef\u3002

    \u9898\u76ee\u91cc\u5176\u5b9e\u5df2\u7ecf\u7ed9\u51fa\u4e86server.s\u7684\u6a21\u677f\uff08cat server.s\u7684\u8f93\u51fa\uff09\u548c\u7f16\u8bd1\u65b9\u5f0f\uff08as -o server.o server.s && ld -o server server.o\uff09\u3002\u6240\u4ee5\u8fd9\u9053\u9898\u53ea\u9700\u8981\u628acat server.s\u7684\u8f93\u51fa\u4fdd\u5b58\u5230server.s\u6587\u4ef6\uff0c\u7136\u540e\u76f4\u63a5\u8fd0\u884cas -o server.o server.s && ld -o server server.o\u7f16\u8bd1\u51fa\u4e00\u4e2aserver\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\uff0c\u6700\u540e\u8fd0\u884c/challenge/run ./server\u5373\u53ef\u3002

    \u6a21\u677f\u91cc\u53ea\u6267\u884c\u4e86\u4e00\u4e2a\u9000\u51fa\u7684syscall\uff0c\u6b63\u597d\u662f\u8fd9\u4e00\u9898\u7684\u8981\u6c42\u3002\u672c\u6765\u4ee5\u4e3a\u8fd9\u9053\u9898\u610f\u601d\u662f\u81ea\u5df1\u5199\u4e00\u4e2aserver\u7684\u6c47\u7f16\u6587\u4ef6\uff0c\u7136\u540erun\u7684\u65f6\u5019\u6307\u5b9a\u6e90\u6587\u4ef6\uff0c\u7531\u5224\u9898\u7a0b\u5e8f\u7f16\u8bd1\u7684\u5462\uff0c\u7ed3\u679c\u53d1\u73b0run\u7684\u65f6\u5019\u662f\u9700\u8981\u6307\u5b9a\u4e00\u4e2a\u7f16\u8bd1\u597d\u7684\u53ef\u6267\u884c\u7a0b\u5e8fhh\u3002

    \u5b8c\u6574\u89e3\u9898\u6b65\u9aa4\u5982\u4e0b\uff1a

    hacker@building-a-web-server-level-1:~$ echo \".intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\" > ./server.s\n\nhacker@building-a-web-server-level-1:~$ as -o server.o server.s && ld -o server server.o\n\nhacker@building-a-web-server-level-1:~$ /challenge/run ./server\n===== Welcome to Building a Web Server! =====\nIn this series of challenges, you will be writing assembly to interact with your environment, and ultimately build a web server\nIn this challenge you will exit a program.\n\n\n===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7f07cf7959a0 /* 0 vars */) = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n\npwn.college{xxxx}\n

    \u4ee5\u4e0b\u7684\u5404\u4e2a\u9898\u76ee\u5c31\u53ea\u5199server.s\u7684\u5185\u5bb9\u4e86

    Level 2

    In this challenge you will create a socket.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n    # create a socket\n    mov rdi, 2 # AF_INET\n    mov rsi, 1 # SOCK_STREAM\n    mov rdx, 0 # IPPROTO_IP\n    mov rax, 41 # sys_socket\n    syscall\n\n    push rax\n    mov rdi, 0\n    mov rax, 60     # SYS_exit\n    syscall\n\n.section .data\n

    Level 3

    In this challenge you will bind an address to a socket.

    \u5728Level2\u521b\u5efasocket\u7684\u57fa\u7840\u4e0a\uff0c\u5c06\u5176\u7ed1\u5b9a\u52300.0.0.0:80\u4e0a\u3002\uff08\u53ef\u4ee5\u8fd0\u884cLevel1\u521b\u5efa\u7684server\u6765\u5148\u9605\u8bfb\u4e0b\u9898\u76ee\u8981\u6c42\uff0c\u5982\u4e0b\u6240\u793a\uff09

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] exit(0) = ?\n

    \u6700\u7ec8\u89e3\u5982\u4e0b\u3002\u8fd9\u91cc\u76f4\u63a5\u7528\u6808\u6765\u4fdd\u5b58sockaddr_in\u7ed3\u6784\u4f53\u4e86\uff0c\u6bd4\u8f83\u7c97\u66b4\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\npush rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, rax # socket_fd\npush 0x50000002 # AF_INET(2) and PORT(80) in big endian\nmov rsi, rsp # sockaddr_in\npush 0x0 # IP(0.0.0.0)\npush 0x0 # padding\npush 0x0 # padding\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n

    Level 4

    In this challenge you will listen on a socket.

    \u4f7f\u7528listen\u76d1\u542c\u8fd9\u4e2asocket\u3002\u7531\u4e8e\u8fd9\u91cclisten\u4e5f\u8981\u7528\u5230\u4e4b\u524dsocket\u521b\u5efa\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u6ce8\u610f\u5230\u6837\u4f8b\u7684\u6c47\u7f16\u6587\u4ef6\u6700\u540e\u63d0\u793a\u7528data\u4e86\uff0c\u6240\u4ee5\u5e72\u8106\u6362\u7528\u6570\u636e\u533a\u6765\u4fdd\u5b58\u5404\u79cd\u7ed3\u6784\u4f53\uff0c\u4e5f\u5f03\u7528Level3\u91cc\u5bf9\u6808\u505a\u7684\u90a3\u4e9b\u4fee\u6539\u4e86\u3002\u8fd9\u91ccsockfd\u548csockaddr\u90fd\u662f\u5730\u5740\uff0c\u6240\u4ee5mov\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u89e3\u5f15\u7528\uff0c\u7528lea\u6307\u4ee4\u6765\u83b7\u5f97\u5730\u5740\u672c\u8eab\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 5

    In this challenge you will accept a connection.

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 6

    In this challenge you will respond to an http request.

    \u8fd9\u4e2a\u9898\u7684\u610f\u601d\u662f\u5e0c\u671b\u5b9e\u73b0\u4e00\u4e2a\u9759\u6001\u7684\u7ad9\u70b9\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bf7\u6c42\u540e\uff0c\u59cb\u7ec8\u56de\u590dHTTP/1.0 200 OK\u3002\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u7f13\u51b2\u533a\u4fdd\u5b58\u8bf7\u6c42\uff0c\u8fd9\u91cc\u5f00\u4e86\u4e2a256\u5b57\u8282\u7684\u5185\u5b58\uff08\u5b9e\u9645\u4e0a\u6709140\u5b57\u8282\uff09\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\nrequest:  .space 256\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 7

    In this challenge you will respond to a GET request for the contents of a specified file.

    \u5b9e\u73b0\u4e00\u4e2a\u52a8\u6001\u4e00\u70b9\u7684\u670d\u52a1\u5668\u3002\u8fd9\u9898\u4e2d\uff0c\u5ba2\u6237\u7aef\u4f1a\u8bf7\u6c42\u670d\u52a1\u5668\u7aef\u8bfb\u53d6\u4e00\u4e2a\u6587\u4ef6\u5e76\u8fd4\u56de\u7ed3\u679c\u3002\u6587\u4ef6\u662f\u5224\u9898\u7a0b\u5e8f\u968f\u673a\u751f\u6210\u5728/tmp\u4e0b\u7684\uff0c\u5185\u5bb9\u957f\u5ea6\u4e5f\u662f\u968f\u673a\u7684\u3002\u6240\u4ee5\u5199\u4ee3\u7801\u7684\u65f6\u5019\u8981\u591a\u9884\u7559\u70b9\u7f13\u51b2\u533a\u6765\u4fdd\u5b58\u6587\u4ef6\u5185\u5bb9\u3002

    open\u6587\u4ef6\u65f6\uff0c\u6587\u4ef6\u540d\u8981\u4ecerequest\u8bf7\u6c42\u91cc\u63d0\u53d6\u3002\u56e0\u4e3a\u751f\u6210\u7684\u6587\u4ef6\u540d\u957f\u5ea6\u662f\u56fa\u5b9a\u7684\uff0c\u6240\u4ee5\u61d2\u7701\u4e8b\u76f4\u63a5\u5728request\u7f13\u51b2\u533a\u91cc\u6539\u4e86\uff08\u5b57\u7b26\u4e32\u672b\u5c3e\\0\uff09\u3002

    ===== Expected: Parent Process =====\n[ ] execve(<execve_args>) = 0\n[ ] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[ ] bind(3, {sa_family=AF_INET, sin_port=htons(<bind_port>), sin_addr=inet_addr(\"<bind_address>\")}, 16) = 0\n    - Bind to port 80\n    - Bind to address 0.0.0.0\n[ ] listen(3, 0) = 0\n[ ] accept(3, NULL, NULL) = 4\n[ ] read(4, <read_request>, <read_request_count>) = <read_request_result>\n[ ] open(\"<open_path>\", O_RDONLY) = 5\n[ ] read(5, <read_file>, <read_file_count>) = <read_file_result>\n[ ] close(5) = 0\n[ ] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[ ] write(4, <write_file>, <write_file_count>) = <write_file_result>\n[ ] close(4) = 0\n[ ] exit(0) = ?\n\n===== Trace: Parent Process =====\n[\u2713] execve(\"/proc/self/fd/3\", [\"/proc/self/fd/3\"], 0x7ffacc256990 /* 0 vars */) = 0\n[\u2713] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3\n[\u2713] bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr(\"0.0.0.0\")}, 16) = 0\n[\u2713] listen(3, 0)                            = 0\n[\u2713] accept(3, NULL, NULL)                   = 4\n[\u2713] read(4, \"GET /tmp/tmpungh1ajd HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: python-requests/2.31.0\\r\\nAccept-Encoding: gzip, deflate\\r\\nAccept: */*\\r\\nConnection: keep-alive\\r\\n\\r\\n\", 256) = 155\n[\u2713] open(\"/tmp/tmpungh1ajd\", O_RDONLY)      = 5\n[\u2713] read(5, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 1024) = 148\n[\u2713] close(5)                                = 0\n[\u2713] write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\n[\u2713] write(4, \"3Hy3xnjNjQIBfP6QDUW4ekuQtBwdXQPbhtPFxawXzQ6LXVQDgs8ZlslYncY9DMQohXFVHFyMPnOI6kaGqURTh2fXHuKe2oqjntry7Pt5QQP0148CyzGKtmOigovhOHobD2zujqgJIRXxjny3UVL9\", 148) = 148\n[\u2713] close(4)                                = 0\n[\u2713] exit(0)                                 = ?\n[?] +++ exited with 0 +++\n\n===== Result =====\n[\u2713] Success\n

    \u4f7f\u7528\u7684\u6c47\u7f16\u4ee3\u7801\u5982\u4e0b\uff1a

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 8

    In this challenge you will accept multiple requests.

    \u4f7f\u7528\u4e00\u4e2a\u7a0b\u5e8f\u63a5\u53d7\u591a\u4e2a\u8bf7\u6c42\u3002\u7531\u4e8esocket\u6ca1\u6709\u5173\uff0c\u5728\u6700\u540e\u52a0\u4e00\u4e2aaccept\u5373\u53ef\u3002\u7a0b\u5e8f\u6700\u540eaccept\u8d85\u65f6sigkill\u9000\u51fa\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 5\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(5, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(5)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# close(4)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\n\n# accept(3, NULL, NULL)\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 9

    In this challenge you will concurrently accept multiple requests.

    \u8fd9\u9053\u9898\u662f\u8ba9\u505a\u4e00\u4e2a\u591a\u8fdb\u7a0b\uff0c\u7236\u8fdb\u7a0b\u8d1f\u8d23\u5faa\u73afaccept\uff0c\u5b50\u8fdb\u7a0b\u7528\u4e8e\u52a8\u6001\u5904\u7406\u6587\u4ef6\u8bfb\u5199\u3002\u6839\u636efork\u8fd4\u56de\u503c\u6765\u5224\u65ad\u7236\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a\u5b50\u8fdb\u7a0bpid\uff09\u8fd8\u662f\u5b50\u8fdb\u7a0b\uff08\u8fd4\u56de\u503c\u4e3a0\uff09\u3002\u7236\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edtunnel\uff1b\u5b50\u8fdb\u7a0b\u4e2d\uff0c\u5173\u95edsockfd\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 256\nmov rax, 0 # sys_read\nsyscall\n\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequest:  .space 256\nfilecontent: .space 1024\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 10

    In this challenge you will respond to a POST request with a specified file and update its contents.

    \u8fd9\u9053\u9898\u662f\u7528POST\u8bf7\u6c42\uff0c\u8981\u6c42\u7528\u591a\u8fdb\u7a0b\u5904\u7406\uff0c\u5728\u5b50\u8fdb\u7a0b\u4e2d\u628aPOST\u7684\u8bf7\u6c42\u4f53\u4fdd\u5b58\u5728\u4e34\u65f6\u6587\u4ef6\uff0c\u5e76\u8fd4\u56de200 OK\u3002\u8003\u8651\u5230\u6587\u4ef6\u540d\u662f\u5b9a\u957f\u7684\uff0c\u6240\u4ee5\u6cbf\u7528\u4e4b\u524d\u7684\u65b9\u6cd5\u5f97\u5230\u6587\u4ef6\u540d\u3002\u8fd9\u91cc\u7528\u7684\u4e00\u4e2atrick\u662f\u7528\"\\r\\n\\r\\n\"\u6765\u4ece\u8bf7\u6c42\u4e2d\u5206\u5272\u8bf7\u6c42\u4f53\uff0c\u5e76\u4e14\u5185\u5bb9\u7684\u8ba1\u7b97\u662f\u7528read\u7684\u8fd4\u56de\u503c\u51cf\u53bb\u504f\u79fb\u91cf\u7b97\u7684\u3002\u8fd9\u662f\u5077\u61d2\u6ca1\u6709\u5b9e\u73b0\u89e3\u6790Content-Length\u7684\u529f\u80fdhhh

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n

    Level 11

    In this challenge you will respond to multiple concurrent GET and POST requests.

    \u76f4\u63a5\u53d1\u4e86\u4e00\u5806GET\u548cPOST\u6df7\u5408\u8bf7\u6c42\u3002\u4e0d\u8fc7\u597d\u50cf\u6ca1\u8bf4\u6bcf\u4e2a\u8bf7\u6c42\u8981\u5e72\u561b\uff0c\u5c31\u76f4\u63a5\u7ed3\u5408\u4e0blevel9\u548clevel10\u7684\u7ed3\u679c\uff0c\u6bd4\u8f83request\u662f\u4ee5POST\u5f00\u5934\u8fd8\u662fGET\u5f00\u5934\uff0c\u5206\u522b\u8df3\u8f6c\u5230\u5bf9\u5e94\u7684\u903b\u8f91\u5c31\u884c\u4e86\u3002

    .intel_syntax noprefix\n.globl _start\n\n.section .text\n\n_start:\n# create a socket\nmov rdi, 2 # AF_INET\nmov rsi, 1 # SOCK_STREAM\nmov rdx, 0 # IPPROTO_IP\nmov rax, 41 # sys_socket\nsyscall\nmov sockfd, rax\n\n# bind the socket to 0.0.0.0:80\nmov rdi, sockfd   # socket_fd\nlea rsi, sockaddr # sockaddr\nmov rdx, 16 # addrlen\nmov rax, 49 # sys_bind\nsyscall\n\n# listen(3, 0)\nmov rdi, sockfd\nmov rsi, 0\nmov rax, 50 # sys_listen\nsyscall\n\nparent_process_1:\n# accept(3, NULL, NULL) = 4\nmov rdi, sockfd\nmov rsi, 0\nmov rdx, 0\nmov rax, 43 # sys_accept\nsyscall\nmov tunnel, rax\n\n# fork() = <fork_result>\nmov rax, 57 # sys_fork\nsyscall\n\ntest rax, rax\njnz parent_process_2\njz child_process\n\nparent_process_2:\n\n# close(3)\nmov rdi, tunnel\nmov rax, 3 # sys_close\nsyscall\njmp parent_process_1\n\nchild_process:\n\n# close(3)\nmov rdi, sockfd\nmov rax, 3 # sys_close\nsyscall\n\n# read(4, <read_request>, <read_request_count>) = <read_request_result>\nmov rdi, tunnel\nlea rsi, request\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov requestlen, rax\n\n# check GET or POST\nmov eax, request\nmov ebx, requestget\ncmp eax, ebx\nje handle_get\nmov ebx, requestpost\ncmp eax, ebx\nje handle_post\n\njmp program_exit\n\nhandle_get:\n# open(\"<open_path>\", O_RDONLY) = 3\nlea rdi, [request+4] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0 # O_RDONLY\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# read(3, <read_file>, <read_file_count>) = <read_file_result>\nmov rdi, txtfile\nlea rsi, filecontent\nmov rdx, 1024\nmov rax, 0 # sys_read\nsyscall\nmov filecnt, rax # \n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\n# write(4, <write_file>, <write_file_count>) = <write_file_result>\nmov rdi, tunnel\nlea rsi, filecontent\nmov rdx, filecnt\nmov rax, 1 # sys_write\nsyscall\n\njmp program_exit\n\nhandle_post:\n# open(\"<open_path>\", O_WRONLY|O_CREAT, 0777) = 3\nlea rdi, [request+5] # extract file name\nmovb [rdi+16], 0\nmov rsi, 0x41 # O_WRONLY | O_CREAT\nmov rdx, 0777\nmov rax, 2 # sys_open\nsyscall\nmov txtfile, rax\n\n# locate POST body\nmov rcx, 0\nmov ebx, separate\nlocate_body:\nmov eax, [request+rcx]\nadd rcx, 1\ncmp eax, ebx\njne locate_body\n# extrace POST body\nadd rcx, 3\nmov rdi, txtfile\nlea rsi, [request+rcx]\nmov rdx, requestlen\nsub rdx, rcx\nmov rax, 1 # sys_write\nsyscall\n\n# close(3)\nmov rdi, txtfile\nmov rax, 3 # sys_close\nsyscall\n\n# write(4, \"HTTP/1.0 200 OK\\r\\n\\r\\n\", 19) = 19\nmov rdi, tunnel\nlea rsi, response\nmov rdx, 19\nmov rax, 1 # sys_write\nsyscall\n\nprogram_exit:\n# exit\nmov rdi, 0\nmov rax, 60     # SYS_exit\nsyscall\n\n.section .data\n\nsockfd:   .quad 0\ntunnel:   .quad 0\ntxtfile:  .quad 0\nfilecnt:  .quad 0\nrequestlen: .quad 0\nrequest:  .space 1024\nfilecontent: .space 1024\nrequestget: .ascii \"GET \"\nrequestpost: .ascii \"POST\"\nseparate: .ascii \"\\r\\n\\r\\n\"\nresponse: .ascii \"HTTP/1.0 200 OK\\r\\n\\r\\n\"\nsockaddr: .quad 0x50000002 # AF_INET(2) and PORT(80) in big endian\n.quad 0x0 # IP(0.0.0.0)\n.quad 0x0 # padding\n.quad 0x0 # padding\n
    "},{"location":"pwn-college-cse365-spring2023/#reverse-engineering-writeups","title":"Reverse Engineering Writeups","text":"

    Level 1

    \u8fd0\u884c/challenge\u4e0b\u7684\u6587\u4ef6\uff0c\u4f1a\u81ea\u52a8\u6253\u5f00gdb\uff0c\u8f93\u5165run\u542f\u52a8\u7a0b\u5e8f\uff0c\u8fdb\u5165\u7b2c\u4e00\u5173\u3002\u7b2c\u4e00\u5173\u4e3b\u8981\u662f\u8bb2\u4e0b\u5927\u81f4\u7684\u9898\u76ee\u8981\u6c42\uff0c\u5728\u8fd9\u91cc\u6309C\u7ee7\u7eed\u8fd0\u884c\u4f1a\u76f4\u63a5\u7ed9\u51faflag\u3002

    Level 2

    \u672c\u5173run\u4ee5\u540ep/x $r12\u7136\u540e\u6309C\uff0c\u628a\u7ed3\u679c\u8f93\u5165\u5c31\u884c\u3002

    Level 3

    \u8fd9\u4e00\u5173\u4e3b\u8981\u662f\u719f\u6089\u6253\u5370\u5185\u5b58\u6570\u636e\uff0c\u53ef\u4ee5\u5728\u6309C\u8fdb\u5165\u7a0b\u5e8f\u524d\u540e\u7528x/20gx $rsp\u5bf9\u6bd4\u4e00\u4e0b\u6808\u4e0a\u4ec0\u4e48\u6570\u636e\u6539\u53d8\u4e86\u3002\u7b97\u662f\u4e0d\u770b\u6c47\u7f16\u7684\u4e00\u70b9\u5c0ftrick\u3002

    Level 4

    \u8fd9\u5173\u7684\u6ca1\u7528\u6b63\u5e38\u89e3\u6cd5\u3002\u6709\u4e00\u70b9\u5c0ftrick\uff1a\u4f7f\u7528disas $pc\u67e5\u770b\u53d1\u73b0\u6709\u4e2awin\u51fd\u6570\uff0c\u53c2\u6570\u7528\u76840\u3002\u76f4\u63a5set $rax=0\uff0cset $pc=xxx\u8df3\u8f6c\u5230win\u7684\u51fd\u6570\u5c31\u884c\u4e86\u3002

    Level 5

    \u8fd9\u9898\u63d0\u793a\u53ef\u4ee5\u7f16\u5199gdb\u811a\u672c\uff0c\u52a0\u8f7d\u540e\u4f1a\u81ea\u52a8\u6267\u884c\u3002\u8fd9\u9053\u9898\u76ee\u4f1a\u5728\u5faa\u73af\u4e2d\u591a\u6b21\u8bbe\u7f6e\u968f\u673a\u6570\uff0c\u6240\u4ee5\u9700\u8981\u81ea\u52a8\u5316\u89e3\u51b3\u3002

    run\u540e\u5148disas $pc\u770b\u4e00\u770bmain\u51fd\u6570\u7684\u5173\u952e\u903b\u8f91\uff1a

    0x000055981a8ccd40 <+666>:   mov    esi,0x0\n0x000055981a8ccd45 <+671>:   lea    rdi,[rip+0xd5e]        # 0x55981a8cdaaa\n0x000055981a8ccd4c <+678>:   mov    eax,0x0\n0x000055981a8ccd51 <+683>:   call   0x55981a8cc250 <open@plt>\n0x000055981a8ccd56 <+688>:   mov    ecx,eax\n0x000055981a8ccd58 <+690>:   lea    rax,[rbp-0x18]\n0x000055981a8ccd5c <+694>:   mov    edx,0x8\n0x000055981a8ccd61 <+699>:   mov    rsi,rax\n0x000055981a8ccd64 <+702>:   mov    edi,ecx\n0x000055981a8ccd66 <+704>:   call   0x55981a8cc210 <read@plt>\n0x000055981a8ccd6b <+709>:   lea    rdi,[rip+0xd46]        # 0x55981a8cdab8\n0x000055981a8ccd72 <+716>:   call   0x55981a8cc190 <puts@plt>\n0x000055981a8ccd77 <+721>:   lea    rdi,[rip+0xd5a]        # 0x55981a8cdad8\n0x000055981a8ccd7e <+728>:   mov    eax,0x0\n0x000055981a8ccd83 <+733>:   call   0x55981a8cc1d0 <printf@plt>\n0x000055981a8ccd88 <+738>:   lea    rax,[rbp-0x10]\n0x000055981a8ccd8c <+742>:   mov    rsi,rax\n0x000055981a8ccd8f <+745>:   lea    rdi,[rip+0xd51]        # 0x55981a8cdae7\n0x000055981a8ccd96 <+752>:   mov    eax,0x0\n0x000055981a8ccd9b <+757>:   call   0x55981a8cc260 <__isoc99_scanf@plt>\n

    \u731c\u6d4b\u57280x000055981a8ccd51\u5904\u7684open\u662f\u6253\u5f00\u4e86\u968f\u673a\u6570\u53d1\u751f\u5668\uff08\u6bd4\u5982/dev/urandom\uff09\uff0c\u7136\u540e0x000055981a8ccd66\u5904\u7684read\u662f\u8bfb8\u4e2a\u5b57\u8282\uff0c\u5373\u6700\u7ec8\u7684\u968f\u673a\u6570\uff0c\u4fdd\u5b58\u5728rsi\u5bc4\u5b58\u5668\u6307\u5411\u7684\u4f4d\u7f6e\uff0c\u5373rbp-0x18\u5904\u3002\u6240\u4ee5\u81ea\u52a8\u5316\u811a\u672c\u53ef\u4ee5\u57280x000055981a8ccd72\u5904\uff08\u5373*main+716\uff09\u6253\u4e2a\u65ad\u70b9\uff0c\u6253\u5370\u6b64\u65f6rbp-0x18\u7684\u503c\u3002

    \u5373\u5148\u7f16\u5199\u4e0b\u8ff0\u811a\u672c\uff0c\u7136\u540e\u542f\u52a8\u7a0b\u5e8f\u65f6-x\u8ffd\u52a0\u811a\u672c\u5373\u53ef\u3002

    start\nbreak *main+716\ncommands\n    silent\n    set $local_variable = *(unsigned long long*)($rbp-0x18)\nprintf \"Current value: %llx\\n\", $local_variable\ncontinue\nend\ncontinue\n

    \u5f53\u7136\u89e3\u6cd5\u6709\u5f88\u591a\uff0c\u770bdisas\u540e\u7684\u7ed3\u679c\uff0c\u8f93\u5165\u7684\u6570\u636e\u88abscanf\u4fdd\u5b58\u5230rbp-0x10\u5904\uff0c\u4e0erbp-0x18\u6bd4\u8f83\u3002\u4e5f\u53ef\u4ee5\u5728\u6bd4\u8f83\u524d\u76f4\u63a5\u4fee\u6539\u5bc4\u5b58\u5668\u8ba9\u503c\u76f8\u7b49\u3002

    Level 6

    \u8fd9\u4e00\u5173\u624d\u6559\u600e\u4e48\u7528set\u6539\u5bc4\u5b58\u5668\uff0c\u4ece\u800c\u4fee\u6539\u7a0b\u5e8f\u6267\u884c\u903b\u8f91\u3002\u662f\u4e0d\u662f\u53ef\u4ee5\u6697\u793a\u76f4\u63a5\u62ffflag\uff1frun\u540eset $rip=*main+715\uff0c\u7136\u540e\u7ee7\u7eed\u8fd0\u884c\u7a0b\u5e8f\u3002

    Level 7

    \uff1f\uff1f\uff1f\u539f\u6765\u8fd8\u53ef\u4ee5\u8fd9\u4e48\u73a9\uff1f\uff1f

    Level 8

    \u76f4\u63a5\u8c03\u7528call (void)win()\uff0c\u53ef\u4ee5disas *win\u770b\u4e00\u4e0bwin\u51fd\u6570\u3002

    0x0000556609b49951 <+0>:     endbr64\n0x0000556609b49955 <+4>:     push   rbp\n0x0000556609b49956 <+5>:     mov    rbp,rsp\n0x0000556609b49959 <+8>:     sub    rsp,0x10\n0x0000556609b4995d <+12>:    mov    QWORD PTR [rbp-0x8],0x0\n0x0000556609b49965 <+20>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49969 <+24>:    mov    eax,DWORD PTR [rax]\n0x0000556609b4996b <+26>:    lea    edx,[rax+0x1]\n0x0000556609b4996e <+29>:    mov    rax,QWORD PTR [rbp-0x8]\n0x0000556609b49972 <+33>:    mov    DWORD PTR [rax],edx\n0x0000556609b49974 <+35>:    lea    rdi,[rip+0x73e]        # 0x556609b4a0b9\n0x0000556609b4997b <+42>:    call   0x556609b49180 <puts@plt>\n

    \u53ef\u89c1\u57280x0000556609b49969\u5904\uff0c\u4ecerax\u6307\u5411\u7684\u5730\u5740\u8bfb\u53d64\u5b57\u8282\u3002\u4f46\u662f\u6b64\u65f6rax\u5728\u524d\u4e24\u6761\u8bed\u53e5\u5df2\u7ecf\u88ab\u4fee\u6539\u4e3a0\u4e86\uff0c\u6240\u4ee5\u89e6\u53d1NULL\u6307\u9488\u89e3\u5f15\u7528\uff0c\u5f15\u8d77SIGSEGV\u9000\u51fa\u3002\u6240\u4ee5\u8bd5\u8bd5\u76f4\u63a5\u8df3\u8fc7\u8fd9\u6bb5\uff0c\u8fdb\u5165win\u65f6\u4fee\u6539rip\u5bc4\u5b58\u5668\u5373\u53ef\u3002

    \u4f9d\u6b21\u6267\u884c\uff1abreak *win\uff0ccall (void)win()\uff0cset $rip=*win+35\uff0cc\u5373\u53ef\u3002

    Level 1.0

    Reverse engineer this challenge to find the correct license key.

    \u4ece\u6b64\u5f00\u59cb\u662f\u4e00\u4e2a\u8bc1\u4e66\u9a8c\u8bc1\u7a0b\u5e8f\uff0c\u8981\u6c42\u8f93\u5165key\u6765\u83b7\u53d6flag\u3002\u7b2c\u4e00\u9898\u76f4\u63a5enter\u8fd0\u884c\uff0c\u4f1a\u8f93\u51fa\u539f\u59cb\u8f93\u5165\u3001\u5904\u7406\u540e\u7684\u8f93\u5165\u4ee5\u53ca\u6b63\u786e\u7b54\u6848\u3002\u8fd0\u884c\u4e24\u6b21\u4ee5\u540e\u53d1\u73b0\u5904\u7406\u540e\u7684\u8f93\u5165\u548c\u539f\u59cb\u8f93\u5165\u662f\u4e00\u6837\u7684\uff0c\u5e76\u4e14\u6b63\u786e\u7b54\u6848\u662f\u56fa\u5b9a\u7684\u3002

    \u76f4\u63a5python\u91cc\u8fd0\u884c\u4e0b[chr(i) for i in [0x75,0x62,0x61,0x6a,0x68]]\uff08\u53ef\u80fd\u9700\u8981\u4fee\u65390xXX\u7684\u503c\uff09\uff0c\u7136\u540e\u5c31\u5f97\u5230key\u4e86\u3002

    Level 1.1

    Reverse engineer this challenge to find the correct license key.

    \u8fd9\u4e00\u9898\u6ca1\u6709\u76f4\u63a5\u628a\u6b63\u786e\u7b54\u6848\u5217\u51fa\u6765\u3002\u4e00\u79cd\u65b9\u6848\u662f\u5148gdb\u542f\u52a8\u7a0b\u5e8f\uff0c\u7136\u540e\u5728\u8981\u6c42\u8f93\u5165\u5bc6\u94a5\u7684\u65f6\u5019ctrl+c\u6682\u505c\u7a0b\u5e8f\uff0c\u7528bt\u67e5\u770b\u8c03\u7528\u6808\uff0c\u53ef\u4ee5\u770b\u5230__libc_start_main (main=0xXXXXX, argc=1, ....)\u3002\u7136\u540e\u67e5\u770bmain\u51fd\u6570\u7684\u6c47\u7f16\u6307\u4ee4x/80i 0xXXXX\uff0c\u53ef\u4ee5\u770b\u5230\u5176\u4e2d\u7684memcmp@plt\u51fd\u6570\u6240\u4f7f\u7528\u7684\u7684rsi\u6765\u81ea[rip+0x2abf]\u3002\u6307\u4ee4\u540e\u9762\u7684#\u6ce8\u91ca\u63d0\u793a\u4e86\u5bf9\u5e94\u7684\u5730\u5740\uff0c\u76f4\u63a5\u7528x/5x <address>\u67e5\u770b\u5bc6\u94a5\u5373\u53ef\u3002

    \u6ce8\u610f\u6700\u540e\u8f93\u5165\u5bc6\u94a5\u65f6\u8981\u76f4\u63a5\u8fd0\u884c\u7a0b\u5e8f\uff0c\u4e0d\u8981\u5728gdb\u91cc\u9762\u8f93\uff0c\u4f1a\u63d0\u793a\u6743\u9650\u4e0d\u591f\u3002

    Level 2.0

    Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

    \u8fd9\u9053\u9898\u76ee\u4ea4\u6362\u4e86\u8f93\u5165\u5b57\u7b26\u4e32\u7684index 1\u548cindex 4\u7684\u5b57\u7b26\u3002

    Level 2.1

    Reverse engineer this challenge to find the correct license key, but your input will be modified somehow before being compared to the correct key.

    \u8fd9\u9053\u9898\u76ee\u57282.0\u7684\u57fa\u7840\u4e0a\u9690\u53bb\u4e86\u8f93\u5165\u8f93\u51fa\u7ed3\u679c\u7684\u663e\u793a\uff0c\u56e0\u6b64\u9700\u8981gdb\u770b\u4e00\u4e0b\u505a\u4e86\u4ec0\u4e48\u64cd\u4f5c\u3002\u6309\u71671.1\u7684\u65b9\u6cd5\u67e5\u770bmemcmp\u9644\u8fd1\u7684\u51fd\u6570\uff0c\u53ef\u89c1\uff1a

    0x5584f463251f:      lea    rax,[rbp-0xe]\n0x5584f4632523:      mov    edx,0x5\n0x5584f4632528:      mov    rsi,rax\n0x5584f463252b:      mov    edi,0x0\n0x5584f4632530:      call   0x5584f46321a0 <read@plt>\n0x5584f4632535:      movzx  eax,BYTE PTR [rbp-0xe]\n0x5584f4632539:      mov    BYTE PTR [rbp-0x10],al\n0x5584f463253c:      movzx  eax,BYTE PTR [rbp-0xd]\n0x5584f4632540:      mov    BYTE PTR [rbp-0xf],al\n0x5584f4632543:      movzx  eax,BYTE PTR [rbp-0xf]\n0x5584f4632547:      mov    BYTE PTR [rbp-0xe],al\n0x5584f463254a:      movzx  eax,BYTE PTR [rbp-0x10]\n0x5584f463254e:      mov    BYTE PTR [rbp-0xd],al\n0x5584f4632551:      lea    rdi,[rip+0xdb0]        # 0x5584f4633308\n0x5584f4632558:      call   0x5584f4632140 <puts@plt>\n0x5584f463255d:      lea    rax,[rbp-0xe]\n0x5584f4632561:      mov    edx,0x5\n0x5584f4632566:      lea    rsi,[rip+0x2aa3]        # 0x5584f4635010\n0x5584f463256d:      mov    rdi,rax\n0x5584f4632570:      call   0x5584f46321b0 <memcmp@plt>\n

    \u8f93\u5165\u7684\u5b57\u7b26\u4e32\u88ab\u4fdd\u5b58\u5728[rbp-0xe]\u5904\uff0c\u4e14\u8fdb\u884c\u4e86[rbp-0xe]\u548c[rbp-0xd]\u7684\u4ea4\u6362\u3002\u4e5f\u5c31\u662f\u8bf4\u8f93\u5165\u5b57\u7b26\u4e32\u7684\u524d\u4e24\u4e2a\u5b57\u7b26\u88ab\u4ea4\u6362\u4e86\u3002\u67e5\u770bmemcmp\u52a0\u8f7d\u5230rsi\u7684\u5730\u5740\u5185\u5bb9x/5b 0x5584f4635010\u5f97\u5230\u5bf9\u5e94\u7684\u7b54\u6848\uff0c\u4ea4\u6362\u524d\u4e24\u4e2a\u5b57\u7b26\u5373\u53ef\u3002

    "},{"location":"pwn-college-cse365-spring2023/#_1","title":"\u603b\u7ed3","text":"

    CSE 365\u8fd8\u662f\u5c5e\u4e8e\u6bd4\u8f83\u5165\u95e8\u7684\u7c7b\u578b\uff0c\u6253\u597d\u57fa\u7840\uff01

    "},{"location":"python/","title":"Python","text":""},{"location":"python/#_1","title":"\u83b7\u53d6\u672a\u77e5\u5bf9\u8c61\u7684\u6240\u6709\u5c5e\u6027","text":"

    obj.__dir__() \u6216\u8005dir(obj)

    "},{"location":"python/#argparse","title":"\u53c2\u6570\u89e3\u6790\uff1aargparse","text":"

    \u6839\u636e\u7528\u6237\u4f20\u53c2\u800c\u6267\u884c\u4e0d\u540c\u7684\u529f\u80fd\uff0c\u53c8\u5206\u591a\u4e2a\u5c42\u6b21\u3002\u6bd4\u5982pip3\u547d\u4ee4\uff0c\u53ef\u4ee5\u6709pip3 install\u548cpip3 freeze\u7b49\u7b49\uff0c\u5bf9\u4e8e\u6bcf\u4e00\u4e2a\u5b50\u89e3\u6790\u53c8\u6709\u8fdb\u4e00\u6b65\u7684\u53c2\u6570\uff0c\u6bd4\u5982pip3 install --upgrade, pip3 install --force-reinstall\u7b49\u7b49\u3002

    import argparse\n\ndef populate_parser(parser):\n    parser.add_argument('input_file', type=str, help=\"Path to the file containing the mutated input to load\")\n    parser.add_argument('--prefix-input', dest='prefix_input_path', type=str, help=\"(Optional) Path to the file containing a constant input to load\")\n    parser.add_argument('-c', '--config', default=\"config.yml\", help=\"The emulator configuration to use. Defaults to 'config.yml'\")\n\n    # Verbosity switches\n    parser.add_argument('-v', '--print-exit-info', default=False, action=\"store_true\", help=\"Print some information about the exit reason.\")\n    parser.add_argument('-t', '--trace-funcs', dest='trace_funcs', default=False, action='store_true')\nparser = argparse.ArgumentParser(description=\"Fuzzware\")\nsubparsers = parser.add_subparsers(title=\"Fuzzware Components\", help='Fuzzware utilities:', description=\"Fuzzware supports its different functions using a set of utilities.\\n\\nUse 'fuzzware <util_name> -h' for more details.\")\nparser_pipeline = subparsers.add_parser(MODE_PIPELINE, help=\"Running the full pipeline. Fuzzware's main utility.\")\nparser_pipeline.set_defaults(func=do_pipeline)\n# Pipeline command-line arguments\nparser_pipeline.add_argument('target_dir', nargs=\"?\", type=os.path.abspath, default=os.curdir, help=\"Directory containing the main config. Defaults to the current working dir.\")\n\n\nparser = argparse.ArgumentParser(description=\"Fuzzware emulation harness\")\npopulate_parser(parser)\n
    "},{"location":"python/#yaml","title":"\u914d\u7f6e\u8bfb\u53d6\uff1ayaml","text":"

    \u9664\u4e86argparse\u4ee5\u5916\uff0c\u53ef\u4ee5\u628a\u4e00\u4e9b\u5f88\u957f\u7684\u914d\u7f6e\u6570\u636e\uff08\u6bd4\u5982\u591a\u5230\u547d\u4ee4\u884c\u6572\u662f\u4e0d\u73b0\u5b9e\u7684\uff09\u653e\u5230yml\u91cc\uff0c\u7136\u540e\u7528yaml\u8bfb\u53d6\uff0c\u5f97\u5230\uff08\u5d4c\u5957\u7684\uff09\u5b57\u5178\uff0c\u7136\u540e\u518d\u53d6\u5185\u5bb9\u5c31\u5f88\u65b9\u4fbf\u4e86\u3002\u9700\u8981pip\u5b89\u88c5pyyaml\u8fd9\u4e2a\u5305

    import yaml\n\nwith open('config.yml', 'rb') as f:\n    data = yaml.load(f, Loader=yaml.FullLoader)\n    print(data)\n

    \u90a3\u4e48data\u5c31\u662f\u4e00\u4e2a\u5b57\u5178\uff0c\u6839\u636eyml\u91cc\u7684\u5185\u5bb9\u53ef\u80fd\u6210\u4e3a\u5d4c\u5957\u5173\u7cfb\u3002\u5b57\u5178\u91cc\u4e3a\u7a7a\u7684\u503c\u4f1a\u53d8\u6210None\uff0ctrue\u6216True\u6216TRUE\u90fd\u4f1a\u53d8\u6210True\uff0c\u6570\u5b57\u4f1a\u88ab\u8bc6\u522b\u6210\u6574\u6570\u6216\u6d6e\u70b9\u6570\uff0c\u5b57\u7b26\u4e32\u4f1a\u88ab\u8bc6\u522b\u6210\u5b57\u7b26\u4e32\uff08\u542b\u7a7a\u683c\uff09

    \u6bd4\u5982\u4e0b\u9762\u7684yml\u6587\u4ef6

    item:\ntest1: 1\ntest2: 2\ntest2.1: TRUE\ntest2.2: true\ntest2.3: True\nmatters:\ntest3: 3\n3: 333\ntest4: 4\ntest5: ${item.test1}\ntest6: a b c d\ntest7:

    \u4f1a\u88ab\u8bc6\u522b\u4e3a

    {'item': {'test1': 1, 'test2': 2, 'test2.1': True, 'test2.2': True, 'test2.3': True}, 'matters': {'test3': 3, 3: 333, 'test4': 4, 'test5': '${item.test1}', 'test6': 'a b c d', 'test7': None}}\n
    "},{"location":"python/#logging","title":"\u8f93\u51fa\u65e5\u5fd7\uff1alogging","text":"

    \u5728\u5f00\u53d1\u7a0b\u5e8f\u7684\u65f6\u5019\uff0c\u9047\u5230bug\u6216\u8005\u60f3\u5f04\u6e05\u695a\u4e34\u65f6\u7ed3\u679c\u3001\u63a7\u5236\u6d41\u8d70\u5411\u7684\u65f6\u5019\uff0c\u91c7\u7528print\u7684\u4f20\u7edf\u65b9\u6cd5\u6765\u6253\u5370\u53d8\u91cf\u6709\u70b9\u8fc7\u4e8e\u8822\u7b28\u4e86\u3002\u800c\u4f7f\u7528logging\u53ef\u4ee5\u968f\u65f6\u6253\u5370\u6570\u636e\u5230\u63a7\u5236\u53f0\u6216\u6587\u4ef6\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\u6253\u5370\u8303\u56f4\uff0c\u800c\u4e14\u6613\u4e8e\u8c03\u8bd5\u3002

    import logging\n\nlogging.basicConfig(format='[%(levelname)s %(filename)s:%(lineno)d]: %(message)s', stream=sys.stdout, level=logging.DEBUG)\nlogger = logging.getLogger('TEST')\n\nlogger.debug('here is a test!')\nlogger.info('info level')\n

    \u5f53\u7136\u4e5f\u53ef\u4ee5\u5168\u9762\u4e86\u89e3\u4e0blogging\uff0c\u63a8\u8350\u9605\u8bfb\u8fd9\u4e2a\u77e5\u4e4e\u4e13\u680f

    import logging\n\n# 1\u3001\u521b\u5efa\u4e00\u4e2alogger\nlogger = logging.getLogger('mylogger')\nlogger.setLevel(logging.DEBUG)\n\n# 2\u3001\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\nfh = logging.FileHandler('test.log')\nfh.setLevel(logging.DEBUG)\n\n# \u518d\u521b\u5efa\u4e00\u4e2ahandler\uff0c\u7528\u4e8e\u8f93\u51fa\u5230\u63a7\u5236\u53f0\nch = logging.StreamHandler()\nch.setLevel(logging.DEBUG)\n\n# 3\u3001\u5b9a\u4e49handler\u7684\u8f93\u51fa\u683c\u5f0f\uff08formatter\uff09\nformatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')\n\n# 4\u3001\u7ed9handler\u6dfb\u52a0formatter\nfh.setFormatter(formatter)\nch.setFormatter(formatter)\n\n# 5\u3001\u7ed9logger\u6dfb\u52a0handler\nlogger.addHandler(fh)\nlogger.addHandler(ch)\n

    \u4ee5\u53ca\u4fee\u6539log\u7684\u989c\u8272(\u4e0d\u8fc7\u6ca1\u6709\u8bd5\u8fc7\uff0c\u4e0d\u77e5\u9053\u662f\u5426\u53ef\u7528)

    "},{"location":"python/#_2","title":"\u63a5\u53e3\u8bbe\u8ba1","text":"

    \u4e00\u7cfb\u5217\u76f8\u4f3c\u7684\u51fd\u6570\u5b8c\u6210\u76f8\u4f3c\u7684\u529f\u80fd\uff08\u6bd4\u5982\u4e0d\u540c\u89e3\u6790\u51fd\u6570\u89e3\u6790\u4e0d\u540c\u79cd\u7c7b\u7684\u65e5\u5fd7\uff0c\u90fd\u5b8c\u6210\u201c\u6570\u636e\u5904\u7406\u201d\u8fd9\u4e00\u529f\u80fd\uff09\u65f6\uff0c\u53ef\u4ee5\u5c06\u51fd\u6570\u540d\u4f5c\u4e3a\u53c2\u6570\u4f20\u5165\u516c\u5171\u5904\u7406\u51fd\u6570\uff0c\u8bbe\u8ba1\u66f4\u6e05\u6670\u3002

    import re\n\n# 0000 11c4 0\nbb_regex = re.compile(r\"([0-9a-f]+) ([0-9a-f]+) ([0-9]+)\")\ndef parse_bb_line(line):\n    event_id, pc, cnt = bb_regex.match(line).groups()\n\n    event_id = int(event_id, 16)\n    pc = int(pc, 16)\n    cnt = int(cnt)\n\n    return event_id, pc, cnt\n\ndef parse_mmio_set_line(line):\n    pc, addr, mode = line.split(\" \")\n    return (int(pc, 16), int(addr, 16), mode[0])\n\ndef _parse_file(filename, line_parser):\n    try:\n        with open(filename, \"r\") as f:\n            return [line_parser(line) for line in f.readlines() if line]\n    except FileNotFoundError:\n        return []\n\ndef parse_bbl_trace(filename):\n    return _parse_file(filename, parse_bb_line)\n\ndef parse_mmio_set(filename):\n    return _parse_file(filename, parse_mmio_set_line)\n
    "},{"location":"python/#capnp","title":"\u4e2d\u95f4\u6570\u636e\u5b58\u50a8\uff1acapnp","text":"

    Cap'n Proto\u597d\u50cf\u662f\u4e00\u79cd\u5e2e\u52a9\u5feb\u901f\u5e8f\u5217\u5316/\u53cd\u5e8f\u5217\u5316\u7684\u5de5\u5177\uff0cpython\u8fd9\u8fb9\u5c01\u88c5\u4e86C++\u7684\u5b9e\u73b0\uff0c\u9700\u8981pip\u5b89\u88c5pycapnp\u8fd9\u4e2a\u5305\u3002\u4f7f\u7528\u65f6\u9700\u8981\u9996\u5148\u5b9a\u4e49\u6570\u636e\u7ed3\u6784\uff0c\u6bd4\u5982\uff1a

    // test.capnp\nstruct TraceEvent {\nunion {\nbasicBlock @0 :BasicBlock;\naccess @1 :Access;\n}\n}\n\nstruct BasicBlock {\npc @0 :UInt32;\nlr @1 :UInt32;\n}\n\nstruct Access {\ntarget @0 :AccessTarget;\ntype @1 :AccessType;\nsize @2 :UInt8;\npc @3 :UInt32;\n}\n\nenum AccessTarget {\nram @0;\nmmio @1;\n}\nenum AccessType {\nread @0;\nwrite @1;\n}\n
    \u4f7f\u7528\u65f6\uff0cpython\u7a0b\u5e8f\u5982\u4e0b\uff1a

    import capnp\nimport test_capnp\n\n# \u8fde\u7eed\u5199\u5165\u6587\u4ef6\uff0c\u5bf9union\u521d\u59cb\u5316\ntrace_file = open('test.bin','wb')\nevent = test_capnp.TraceEvent.new_message()\nbasicBlock = event.init('basicBlock')\nbasicBlock.pc = uc.reg_read(UC_ARM_REG_PC)\nbasicBlock.lr = uc.reg_read(UC_ARM_REG_LR)\nevent.write(trace_file)\nevent.write(trace_file)\ntrace_file.close()\n\n# \u4ece\u6587\u4ef6\u4e2d\u8fde\u7eed\u8bfb\u53d6\uff0c\u89e3\u6790union\ntrace_file = open('test.bin','rb')\nfor event in test_capnp.TraceEvent.read_multiple(f):\n    if event.which() == 'basicBlock':\n        print(event.basicBlock.pc)\ntrace_file.close()\n
    "},{"location":"python/#_3","title":"\u8ba1\u65f6\u7ec8\u6b62\u7a0b\u5e8f","text":"

    \u5982\u679c\u9700\u8981\u8ba9\u7a0b\u5e8f\u5728\u8fd0\u884c\u4e00\u6bb5\u65f6\u95f4\u540e\u7ec8\u6b62\uff0c\u5728\u7a0b\u5e8f\u5185\u90e8\u8fdb\u884c\u65f6\u95f4\u68c0\u67e5\u5e76\u4e0d\u4f18\u96c5\uff08\u56e0\u4e3a\u662f\u65e0\u5173\u903b\u8f91\u7684\uff09\uff1b\u53ef\u4ee5\u4e3a\u8fd9\u4e2a\u5b50\u7a0b\u5e8f\u8bbe\u8ba1signal

    pipeline = Pipeline(args.target_dir, args.project_name, args.base_inputs, args.num_local_fuzzer_instances, args.disable_modeling, write_worker_logs=not args.silent_workers, do_full_tracing=args.full_traces, config_name=args.runtime_config_name, timeout_seconds=timeout_seconds, use_aflpp=args.aflpp)\n\ntry:\n    if timeout_seconds != 0:\n        def handler(signal_no, stack_frame):\n            pipeline.request_shutdown()\n\n        # spin up an alarm for the time\n        signal.signal(signal.SIGALRM, handler)\n        signal.alarm(timeout_seconds)\n\n    pipeline.start()\nexcept Exception as e:\n    logger.error(f\"Got exception, shutting down pipeline: {e}\")\n    import traceback\n    traceback.print_exc()\n    status = 1\n
    "},{"location":"python/#hexintelhex","title":"\u4e8c\u8fdb\u5236\u5b57\u8282\u4e0ehex\u4e92\u76f8\u8f6c\u6362\uff1aIntelHex","text":"

    fuzzware\u91cc\u6dfb\u52a0\u9000\u51fahandler\u6253\u5370state\uff08\u5373\u6a21\u62dfcoredump\uff09\u65f6\uff0c\u4f7f\u7528\u4e86IntelHex\u6765\u4fdd\u5b58\u4e2d\u95f4\u7ed3\u679c\u3002\u53ef\u4ee5\u53c2\u8003\u4e0b\u9762\u7684\u4f8b\u5b50\uff0c\u8fdb\u884c\u76f8\u4e92\u8f6c\u5316\u3002IntelHex\u6587\u4ef6\u672c\u8eab\u7684\u683c\u5f0f\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc

    from intelhex import IntelHex\nih = IntelHex()\n\ndata = {\n    0x30000000: b'\\x00\\x01\\x02\\x03\\x04',\n    0x20002000: b'\\x04\\x05\\x06\\x07'\n}\n\nfor base_addr, contents in data.items():\n    ih.puts(base_addr, contents)\n\nwith open('test.hex', 'w') as f:\n    ih.write_hex_file(f)\n\n\n# \u4ece\u5df2\u6709\u7684hex\u6587\u4ef6\u4e2d\u8bfb\u53d6\u6570\u636e\nih = IntelHex()\nih.fromfile('test.hex', format='hex')\n\n\"\"\"test.hex\n:020000042000DA\n:0420000004050607C6\n:020000043000CA\n:050000000001020304F1\n:00000001FF\n\nhex\u683c\u5f0f\u4ee5\u5192\u53f7\u5f00\u5934\uff0c\u968f\u540e1\u5b57\u8282\u8868\u793a\u6570\u636e\u957f\u5ea6\uff0c\u7d27\u63a54\u5b57\u8282\u8868\u793a\u5730\u5740\uff0c\u968f\u540e1\u5b57\u8282\u4e3a\u8bb0\u5f55\u7c7b\u578b\uff1a\n00\uff1a\u8868\u793a\u6570\u636e\n01\uff1a\u8868\u793a\u6587\u4ef6\u7ed3\u675f\n02\uff1a\u8868\u793a\u6269\u5c55\u6bb5\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u5de6\u79fb4\u4f4d\uff0c\u4f5c\u4e3a\u6bb5\u5730\u5740\uff0c\u5728\u4e4b\u540e\u7684\u8ba1\u7b97\u4e2d\u548c\u5730\u5740\u76f8\u52a0\u4f5c\u4e3a\u6700\u540e\u5730\u5740\n03\uff1a\u8868\u793a\u8d77\u59cb\u6bb5\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u4e2d\uff0c\u524d\u3001\u540e2\u5b57\u8282\u5206\u522b\u8868\u793aCS\u3001IP\n04\uff1a\u8868\u793a\u6269\u5c55\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76842\u5b57\u8282\u6307\u5b9a32\u5730\u5740\u7684\u9ad816\u4f4d\n05\uff1a\u8868\u793a\u8d77\u59cb\u7ebf\u6027\u5730\u5740\u3002\u968f\u540e\u76844\u5b57\u8282\u6307\u5b9a\u6307\u4ee4\u6267\u884c\u8d77\u59cb\u5730\u5740\n\u6700\u540e\u4e00\u5b57\u8282\u8868\u793a\u6821\u9a8c\u7801\n\n\u6bd4\u5982:020000042000DA\uff0c\u5206\u4e3a:02 0000 04 2000 DA\n\"\"\"\n\n# \u83b7\u53d6\u89e3\u6790\u540e\u7684\u6570\u636e\uff0c\u5e76\u5408\u5e76\u8fde\u7eed\u7684\u5730\u5740\nrestored_data = {}\ncurrent_address = None\ncurrent_data = b''\n\nfor address in ih.addresses():\n    # Check if the address is consecutive with the current data\n    if current_address is None or address == current_address + len(current_data):\n        if current_address is None:\n            current_address = address\n        current_data += bytes([ih[address]])\n    else:\n        # Save the previous data and start a new block\n        restored_data[current_address] = current_data\n        current_address = address\n        current_data = bytes([ih[address]])\n\n# Save the last block of data\nif current_address is not None:\n    restored_data[current_address] = current_data\n\n# \u8f93\u51fa\u8fd8\u539f\u540e\u7684data\u5b57\u5178\nprint(restored_data)\n# {536879104: b'\\x04\\x05\\x06\\x07', 805306368: b'\\x00\\x01\\x02\\x03\\x04'}\n
    "},{"location":"python/#_4","title":"\u53c2\u8003\u8d44\u6599","text":""},{"location":"rca/","title":"\u6839\u56e0\u5206\u6790","text":"

    \u4ec0\u4e48\u662f\u6839\u56e0\u5206\u6790\uff1f \u6839\u56e0\u5206\u6790(Root Cause Analysis)\u6216\u8005\u8bf4\u7f3a\u9677\u5b9a\u4f4d(Fault Localization)\u662f\u7a0b\u5e8f\u5f00\u53d1\u4eba\u5458\u6216\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u786e\u8ba4\u7a0b\u5e8f\u5b58\u5728\u5f02\u5e38\u884c\u4e3a\u540e\uff0c\u901a\u8fc7\u624b\u52a8\u6216\u81ea\u52a8\u7684\u65b9\u6cd5\u6765\u5b9a\u4f4d\u5f02\u5e38\u884c\u4e3a\u7684\u6839\u672c\u539f\u56e0\u7684\u8fc7\u7a0b\u3002\u6839\u56e0\u5206\u6790\u662f\u7a0b\u5e8f\u5b89\u5168\u5206\u6790\u6d41\u7a0b\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u4e00\u73af\u3002

    \u4e3a\u4ec0\u4e48\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b\u6839\u56e0\u5206\u6790\u65b9\u6cd5\uff1f \u5728\u5f53\u4e0b\u5404\u7c7b\u81ea\u52a8\u5316\u6f0f\u6d1e\u6316\u6398\u5de5\u5177(\u6bd4\u5982\u5404\u7c7bfuzzer)\u7684\u8f85\u52a9\u4e0b\uff0c\u6bcf\u65e5\u53d1\u73b0\u7684bug\u6570\u91cf\u5df2\u7ecf\u8fdc\u8d85\u5f00\u53d1\u4eba\u5458\u786e\u8ba4\u5e76\u4fee\u590d\u7684\u6570\u91cf\u3002\u8bbe\u8ba1\u4e00\u79cd\u81ea\u52a8\u5316\u53d1\u73b0\u6f0f\u6d1e\u7684\u5de5\u5177\u5e76\u4e0d\u96be\uff0c\u96be\u5728\u5982\u4f55\u6839\u636e\u8fd9\u4e9b\u5de5\u5177\u62a5\u51fa\u7684crash\u4fe1\u606f\u6765\u51c6\u786e\u5730\u5206\u6790\u51fa\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\u3002\u5bf9\u4e8e\u5927\u578b\u7a0b\u5e8f\u800c\u8a00\uff0c\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b(crashing testcase)\u6267\u884c\u4e0b\u6765\u53ef\u80fd\u7ecf\u5386\u4e86\u51e0\u767e\u4e07\u6761\u6c47\u7f16\u6307\u4ee4\uff0c\u624b\u5de5\u786e\u8ba4\u7a0d\u5fae\u6709\u70b9\u4e0d\u73b0\u5b9e\u4e86\u3002\u56e0\u6b64\u9700\u8981\u8bbe\u8ba1\u4e00\u4e9b(\u81ea\u52a8\u5316)\u7684\u6839\u56e0\u5206\u6790\u5de5\u5177\u3002

    \u600e\u4e48\u8fdb\u884c\u6839\u56e0\u5206\u6790\uff1f\u76ee\u524d\u6709\u54ea\u4e9b\u5de5\u4f5c\uff1f \u6700\u6734\u7d20\u800c\u76f4\u89c2\u7684\u601d\u60f3\u5c31\u662f\u6d88\u8017\u5b89\u5168\u5206\u6790\u4eba\u5458\u7684\u7cbe\u529b\uff0c\u4ece\u7a0b\u5e8f\u7684\u5165\u53e3\u70b9(entry)\u6216\u8005\u5d29\u6e83\u70b9(crash site)\u51fa\u53d1\uff0c\u770b\u770b\u7a0b\u5e8f\u662f\u600e\u4e48\u6267\u884c\u7684\uff0c\u54ea\u4e9b\u5143\u7d20(program entity)\u4f1a\u5bfc\u81f4\u6700\u540e\u7684crash\uff0c\u7136\u540e\u518d\u8fdb\u884c\u5bf9\u5e94\u7684\u4fee\u590d\u3002\u6839\u636e\u5b9a\u4f4d\u5143\u7d20\u7684\u7c92\u5ea6\u4e0d\u540c\uff0c\u6839\u56e0\u5206\u6790\u53ef\u4ee5\u5b9a\u4f4d\u5230\u51fd\u6570\u7ea7(function level)\u3001\u8bed\u53e5\u7ea7(statement level)\u3001\u6c47\u7f16\u6307\u4ee4\u7ea7(instruction level)\u3002\u7531\u4e8e\u5728\u6c47\u7f16\u6307\u4ee4\u4e0a\u8fdb\u884c\u5206\u6790\u53ef\u4ee5\u66f4\u666e\u9002\u5730\u9002\u5e94\u591a\u79cd\u7f16\u7a0b\u8bed\u8a00\u3001\u4e0d\u9700\u8981\u83b7\u53d6\u6e90\u7801\uff0c\u6240\u4ee5\u4e0b\u6587\u7684\u8ba8\u8bba\u90fd\u662f\u56f4\u7ed5\u6c47\u7f16\u6307\u4ee4\u7ea7\u5c55\u5f00\u3002

    \u76ee\u524d\u4e00\u4e9b\u81ea\u52a8\u5316\u6839\u56e0\u5206\u6790\u7814\u7a76\u601d\u8def\u6709\uff1a

    1. \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5(Spectrum-based)\u3002\u5927\u6982\u601d\u8def\u662f\u4e0d\u9700\u8981\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u7684\u8bed\u4e49\u4fe1\u606f\uff0c\u5229\u7528\u4e00\u4e9b\u7edf\u8ba1\u5b66\u7684\u65b9\u6cd5\u6765\u5206\u6790\u54ea\u4e9b\u6307\u4ee4\u6709\u95ee\u9898\u3002\u8fd9\u7c7b\u65b9\u6cd5\u57fa\u4e8e\u8fd9\u6837\u4e00\u4e2a\u573a\u666f\uff1a\u5047\u8bbe\u6211\u4eec\u6709\u4e00\u5927\u6279\u76f8\u4f3c\u7684\u6d4b\u8bd5\u6837\u4f8b\uff0c\u5176\u4e2d\u6709\u4e9b\u4f1a\u5bfc\u81f4\u7a0b\u5e8f\u5d29\u6e83\uff0c\u6709\u4e9b\u4e0d\u4f1a\uff0c\u90a3\u4e48\u8fd9\u4e24\u7c7b\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u504f\u597d\u3002\u90a3\u4e48\u90a3\u4e9b\u66f4\u503e\u5411\u4e8e\u5728\u5d29\u6e83\u6d4b\u8bd5\u6837\u4f8b\u4e2d\u6267\u884c\u7684\u6307\u4ee4\u66f4\u6709\u53ef\u80fd\u662froot cause\u3002
    2. \u4e8b\u540e\u5206\u6790\u65b9\u6cd5(Postmortem-based)\u3002\u76f4\u8bd1\u5c38\u68c0\u5206\u6790\uff0c\u5f62\u8c61\u7406\u89e3\u4e3a\u4ece\u7a0b\u5e8f\u5d29\u6e83\u540e\u7559\u4e0b\u7684\u201c\u5c38\u4f53\u201d\u5f00\u59cb\u5206\u6790\u3002\u5b83\u5047\u5b9a\u7a0b\u5e8f\u5d29\u6e83\u540e\u4f1a\u4ea7\u751f\u4e00\u4e2acoredump(\u6838\u5fc3\u8f6c\u50a8)\u6587\u4ef6\uff0c\u5305\u542b\u4e86\u5d29\u6e83\u70b9\u7684\u5185\u5b58\u5feb\u7167(memory snapshot)\uff0c\u4ee5\u53ca\u8fd9\u4e2a\u6d4b\u8bd5\u6837\u4f8b\u7684\u6267\u884c\u8def\u5f84(execution trace)\u3002\u524d\u8005\u7528\u4e8e\u63d0\u4f9b\u6570\u636e\u6d41\u4fe1\u606f(\u6bd4\u5982\u5185\u5b58\u503c\u3001\u5bc4\u5b58\u5668\u503c)\uff0c\u540e\u8005\u7528\u4e8e\u63d0\u4f9b\u63a7\u5236\u6d41\u4fe1\u606f(\u6c47\u7f16\u6307\u4ee4\u6267\u884c\u4e0e\u8df3\u8f6c)\u3002\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u7ed3\u5408\u4e00\u4e9b\u9006\u5411\u6267\u884c(reverse execution)\u548c\u540e\u5411\u6c61\u70b9\u5206\u6790(backward taint analysis)\u7684\u65b9\u6cd5\uff0c\u5b9a\u4f4d\u53ef\u80fd\u7684root cause\u3002
    3. \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5(Model-based)\u3002\u8fd9\u4e00\u7c7b\u65b9\u6cd5\u662f\u8fd1\u4e9b\u5e74\u63d0\u51fa\u7684\uff0c\u5b83\u901a\u8fc7\u5b9a\u4e49\u8bed\u4e49\u76f8\u5173\u7684\u6a21\u578b\uff0c\u5229\u7528\u673a\u5668\u5b66\u4e60\u6216\u6df1\u5ea6\u5b66\u4e60\u7684\u601d\u60f3\uff0c\u627e\u5230\u8bed\u4e49\u4e0a\u5bfc\u81f4\u5d29\u6e83\u7684root cause\u3002

    \u8fd9\u4e9b\u7814\u7a76\u601d\u8def\u90fd\u89e3\u51b3\u4e86\u4ec0\u4e48\u95ee\u9898\uff1f\u6709\u4ec0\u4e48\u72ec\u7279\u7684\u4f18\u70b9\uff1f\u5b58\u5728\u54ea\u4e9b\u72ec\u6709\u7684\u4e0d\u8db3\uff1f \u57fa\u4e8e\u7a0b\u5e8f\u8c31\u7684\u5206\u6790\u65b9\u6cd5\u76f4\u89c2\u4e0a\u4f3c\u4e4e\u6709\u70b9\u9053\u7406\u3002\u5b83\u4ec5\u8003\u8651\u6c47\u7f16\u6307\u4ee4\u672c\u8eab\uff0c\u800c\u4f46\u4ec5\u4ec5\u4ece\u7edf\u8ba1\u7ed3\u679c\u4e0a\u53bb\u5206\u6790\uff0c\u53ef\u80fd\u5e76\u4e0d\u80fd\u51c6\u786e\u5206\u6790\u51fa\u903b\u8f91\u4e0a\u7684root cause\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u4f1a\u8bbe\u8ba1\u4e00\u79cd\u6392\u540d\u7b56\u7565(ranking)\uff0c\u5bf9\u9009\u62e9\u51fa\u7684\u53ef\u7591\u6307\u4ee4\u8fdb\u884ctop1-topn\u7684\u6392\u540d\uff0c\u6765\u8bd5\u56fe\u63d0\u9ad8\u51c6\u786e\u6027\u3002\u8fd9\u7c7b\u65b9\u6cd5\u4e00\u822c\u9700\u8981\u6839\u636e\u4e00\u4e2a\u5d29\u6e83\u6837\u4f8b\u4ee5\u53ca\u548c\u5b83\u76f8\u4f3c\u7684\u5d29\u6e83\u6837\u4f8b\u548c\u975e\u5d29\u6e83\u6837\u4f8b\u8fdb\u884c\u5206\u6790\uff0c\u56e0\u6b64\u65f6\u7a7a\u5f00\u9500\u90fd\u6bd4\u8f83\u5927\u3002

    \u4e8b\u540e\u5206\u6790\u65b9\u6cd5\u76f8\u6bd4\u7a0b\u5e8f\u8c31\u5206\u6790\u65b9\u6cd5\u8003\u8651\u4e86\u6307\u4ee4\u8bed\u4e49\uff0c\u6bd4\u5982\u5728\u9006\u5411\u6267\u884c\u7684\u65f6\u5019\u4f1a\u8bbe\u8ba1\u4e00\u4e9b\u6c47\u7f16\u6307\u4ee4handler\uff0c\u5bf9\u4e8e\u5185\u5b58\u7684\u5206\u6790\u4e5f\u4f1a\u66f4\u7cbe\u786e\u4e9b\u3002\u4f46\u6c61\u70b9\u5206\u6790\u65b9\u6cd5\u6bd5\u7adf\u5b58\u5728\u8fc7\u5ea6\u6c61\u67d3(over-tainting)\u7684\u95ee\u9898\uff0c\u5bfc\u81f4\u7ed3\u679c\u5197\u4f59\u6bd4\u8f83\u4e25\u91cd\u3002

    \u57fa\u4e8e\u6a21\u578b\u7684\u5206\u6790\u65b9\u6cd5\u5229\u7528AI\u7684\u4f18\u52bf\uff0c\u53ef\u4ee5\u7ed9\u51fa\u66f4\u6709\u8bed\u4e49\u4fe1\u606f\u7684root cause\uff0c\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u53bb\u5206\u6790\u3002\u4e0d\u8fc7\u6a21\u578b\u7684\u8bad\u7ec3\u4f9d\u8d56\u8bad\u7ec3\u96c6\u7684\u8d28\u91cf\uff0c\u5e76\u4e14\u53d7\u7a0b\u5e8f\u8bed\u4e49\u5f71\u54cd\u5f88\u5927\u3002\u5728\u4e0d\u540c\u9886\u57df\u4e4b\u95f4\u53ef\u80fd\u8fc1\u79fb\u6027\u4e0d\u662f\u5f88\u597d\uff0c\u6bd4\u5982\u6ca1\u6cd5\u5904\u7406\u4e00\u4e9b\u7279\u5b9a\u7684\u5bc6\u7801\u5b66\u51fd\u6570\u3002\u4e14\u4e3a\u5f85\u6d4b\u7a0b\u5e8f\u5efa\u7acb\u6a21\u578b\u6765\u63cf\u8ff0\u5176\u7ed3\u6784\u4e0e\u884c\u4e3a\u662f\u975e\u5e38\u590d\u6742\u3001\u8017\u65f6\u7684\u4e8b\u60c5

    \u73b0\u6709\u7684\u8fd9\u4e9b\u65b9\u6cd5\u6709\u6ca1\u6709\u4ec0\u4e48\u666e\u904d\u5b58\u5728\u7684\u95ee\u9898\uff1f \u5728\u6700\u540e\u8bc4\u4f30\u9636\u6bb5(evaluation)\uff0c\u4e00\u822c\u5148\u901a\u8fc7\u624b\u5de5\u5206\u6790\u786e\u5b9a\u54ea\u4e9b\u6c47\u7f16\u6307\u4ee4\uff0c\u5982\u679c\u65b9\u6cd5\u8f93\u51fa\u7684\u6c47\u7f16\u6307\u4ee4\u96c6\u5408\u91cc\u5305\u542b\u8fd9\u4e9b\u6307\u4ee4\uff0c\u90a3\u4e48\u5c31\u8ba4\u4e3a\u662f\u53d1\u73b0\u4e86root cause\u3002\u4f46\u81ea\u52a8\u5316\u65b9\u6cd5\u6bd5\u7adf\u7f3a\u5c11\u4eba\u5de5\u53c2\u4e0e\uff0c\u7ed9\u51fa\u7684\u7ed3\u679c\u4e00\u5b9a\u662f\u4e0d\u51c6\u786e\u7684\u3002\u73b0\u6709\u7684\u5de5\u4f5c\u7684\u4e00\u4e2a\u4e3b\u6d41\u601d\u60f3\u5728\u4e8e\u201c\u65b9\u6cd5\u7ed9\u51fa\u7684\u96c6\u5408\u53ef\u4ee5\u5305\u542b\u65e0\u5173\u6307\u4ee4\uff0c\u4f46\u4e0d\u80fd\u7f3a\u5c11\u76f8\u5173\u6307\u4ee4\u201d\uff0c\u65e8\u5728\u63d0\u9ad8\u53ec\u56de\u7387(recall)\u3002\u56e0\u6b64\u5f80\u5f80\u7ed9\u51fa\u4e0eroot cause\u4e0d\u76f8\u5173\u7684\u6307\u4ee4\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u5728\u6700\u540e\u7684\u4fee\u590d\u7aef\uff0c\u5982\u679c\u7ed9\u51fa\u4e0d\u76f8\u5173\u6307\u4ee4\u8fc7\u591a\uff0c\u90a3\u4e48\u4ecd\u7136\u9700\u8981\u5f00\u53d1\u8005\u53bb\u5206\u6790\uff0c\u4f9d\u65e7\u8017\u65f6\u8017\u529b\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c9.43%\u5e0c\u671broot cause\u5728\u5206\u6790\u7ed3\u679c\u7684Top1\uff0c73.58%\u5bb9\u8bb8\u5728Top5\uff0c15.09%\u5bb9\u8bb8\u5728Top10\u3002\u6240\u4ee5\u7ea698%\u7684\u60c5\u51b5\u4e0b\u9700\u8981\u5728Top10\u5185\u7ed9\u51fa\u7ed3\u679c\u3002\u5c31\u5206\u6790\u51c6\u786e\u5ea6\u4e0e\u5f00\u53d1\u4eba\u5458\u6ee1\u610f\u5ea6\u800c\u8a00\uff0c\u5982\u679cRCA\u5de5\u5177\u51c6\u786e\u5ea6\u8fbe90%\uff0c\u6ee1\u610f\u5ea6\u51e0\u4e4e\u8fbe\u5230100%\u4e86\u3002\u51c6\u786e\u5ea6\u4f4e\u4e8e20%\u65f6\u53ea\u670912%\u63a5\u53d7\uff0c\u5982\u679c\u6ee1\u610f\u5ea6\u8fbe50%\u300175%\u300190%\uff0c\u51c6\u786e\u5ea6\u9700\u8981\u5206\u522b\u8fbe\u523050%\u300175%\u300185%\uff08\u4f46\u662f\u539f\u6587\u8bf490%\uff09\u3002

    \u76ee\u524d\u7684\u7edd\u5927\u90e8\u5206RCA\u5206\u6790\u7684\u5de5\u4f5c\u7684\u8f93\u51fa\u662f\u4e24\u7c7b\uff1aranked list\u548csuspicious set\u3002\u4f46\u4e24\u8005\u90fd\u5b58\u5728\u7684\u95ee\u9898\u662f\u4ec5\u4ec5\u9ad8\u4eae\u4e86\u53ef\u80fd\u5b58\u5728bug\u7684\u5143\u7d20\uff0c\u800c\u7f3a\u4e4f\u4e00\u4e9brational\u7684\u5206\u6790\u3002

    "},{"location":"rca/#_2","title":"\u4e0d\u540c\u7684\u5206\u6790\u7c92\u5ea6\u7684\u4f18\u52bf","text":"

    \u57fa\u4e8e\u6587\u4ef6\u7c92\u5ea6\u7684RCA\u5de5\u4f5c\uff08\u6bd4\u5982Scaffle\uff09\u5e0c\u671b\u627e\u5230\u5305\u542b\u767e\u4e07\u7ea7\u540c\u8d28\u4ee3\u7801\u5e93\u4e2d\u54ea\u4e9b\u6587\u4ef6\u548ccrash\u6709\u5173\u3002\u5728\u6b64\u57fa\u7840\u4e0a\u8ba9\u5bf9\u5e94\u7684\u5de5\u7a0b\u5e08\u56e2\u961f\u53bb\u5904\u7406bug\uff0c\u6709\u5229\u4e8e\u5927\u578b\u7ec4\u7ec7\u7ba1\u7406\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c\u5f00\u53d1\u8005\u5bf9\u7c92\u5ea6\u7684top3\u671f\u671b\u4f9d\u6b21\u662f\u65b9\u6cd5\u7ea7\u522b\u3001\u8bed\u53e5\u7ea7\u522b\u3001\u57fa\u672c\u5757\u7ea7\u522b\uff0c\u4e0d\u8fc7\u5bf9\u8fd9\u4e09\u79cd\u7c92\u5ea6\u7684\u503e\u5411\u4e4b\u95f4\u6ca1\u6709\u660e\u663e\u5dee\u5f02\u3002\u800c\u5f53\u65f6\u6bd4\u8f83\u591a\u7684\u65b9\u6cd5\u662f\u8bed\u53e5\u7ea7\u522b\u7684

    "},{"location":"rca/#_3","title":"\u5206\u6790\u65f6\u95f4\u5f00\u9500","text":"

    \u6839\u636e\u91c7\u7528\u7684\u7b56\u7565\u4e0d\u540c\uff0cRCA\u4e4b\u95f4\u7684\u65f6\u95f4\u5f00\u9500\u5dee\u5f02\u53ef\u80fd\u8fbe\u4e24\u4e2a\u6570\u91cf\u7ea7\u3002\uff08\u79d2\u7ea7-\u5206\u949f\u7ea7-\u5c0f\u65f6\u7ea7\uff09\u3002

    \u636eISSTA 2016\u4e00\u7bc7\u8c03\u7814\uff08Practitioners\u2019 expectations on automated fault localization\uff09\uff0c90%\u5f00\u53d1\u8005\u63a5\u53d71min\u4ee5\u5185\u7684\u5206\u6790\uff0c\u4e0d\u52309%\u5f00\u53d1\u8005\u63a5\u53d7\u8d85\u8fc71h\u7684\u5206\u6790\u300250%\u5f00\u53d1\u8005\u5927\u6982\u572830min\u4ee5\u5185\u3002

    "},{"location":"rca/#_4","title":"\u4e00\u4e9b\u60f3\u6cd5","text":"
    1. \u4ec0\u4e48\u662f\u6f0f\u6d1e\u7684\u6839\u672c\u539f\u56e0\uff1f\u5047\u5982\u51fd\u6570A\u5185\u521b\u5efa\u4e34\u65f6\u53d8\u91cfx\u5e76\u8c03\u7528\u51fd\u6570B(x)\uff0c\u5728B\u5185\u5f15\u53d1crash\uff0c\u90a3\u4e48\u5e94\u8be5\u5f52\u548e\u4e3aA\u6ca1\u6709\u5904\u7406x\u5462\uff0c\u8fd8\u662fB\u6ca1\u6709\u68c0\u67e5x\u5462\uff1f\u8fd9\u662fAPI\u5b9e\u73b0\u7684\u95ee\u9898\uff0c\u8fd8\u662fAPI\u8bef\u7528\u7684\u95ee\u9898\uff1f(\u5f00\u53d1\u8005or\u7528\u6237)
    2. \u5bf9\u4e8e\u67d0\u4e00\u4e2acrash\uff0c\u5982\u679c\u5f00\u53d1\u4eba\u5458\u8fdb\u884c\u4e86\u4fee\u590d\uff0c\u90a3\u4e48\u8fd9\u4e2a\u4fee\u590d\u80fd\u62ff\u6765\u5f53root cause\u5417\uff1f\u4e0d\u540c\u5f00\u53d1\u4eba\u5458\u4fee\u590d\u7684\u98ce\u683c\u53ef\u80fd\u4e0d\u4e00\u6837\uff0c\u4fee\u590d\u4e5f\u672a\u5fc5\u662f\u5b8c\u5168\u7684\uff0croot cause\u5c31\u662f\u4e00\u4e2a\u4e3b\u89c2\u7684\u95ee\u9898\u4e86\u3002
    "},{"location":"rca/#_5","title":"\u76f8\u5173\u8bba\u6587\u7684\u4e00\u4e9b\u53d1\u73b0\uff08\u7591\u95ee\uff09","text":""},{"location":"rca/#_6","title":"\u53c2\u8003\u6587\u732e","text":"

    \u4ee5\u4e0a\u5185\u5bb9\u4ec5\u4ee3\u8868\u4e2a\u4eba\u89c2\u70b9\uff0c\u4e0d\u5b9a\u671f\u66f4\u65b0\uff0c\u6b22\u8fce\u8ba8\u8bba

    "},{"location":"readings/","title":"\u6587\u7ae0\u9605\u8bfb","text":""},{"location":"readings/#_2","title":"\u8f6f\u4ef6\u4f9b\u5e94\u94fe","text":""},{"location":"readings/#_3","title":"\u5927\u6a21\u578b","text":""},{"location":"readings/#google","title":"Google","text":""},{"location":"reverse-advanced/","title":"\u9006\u5411\u9ad8\u9636","text":""},{"location":"reverse-advanced/#windows","title":"Windows\u9006\u5411\u6280\u672f\u6982\u5ff5","text":"

    DLL\u6ce8\u5165\uff0cWindows\u6d88\u606f\u94a9\u53d6\uff0cDLL\u5378\u8f7d\uff0c\u4ee3\u7801\u6ce8\u5165\uff0cAPI\u94a9\u53d6\uff0c\u8fdb\u7a0b\u9690\u85cf\uff0cIE\u8fde\u63a5\u63a7\u5236\uff0cTLS\u56de\u8c03\u51fd\u6570\uff0cTEB\uff0cPEB\uff0cSEH\uff0cIA-32\uff0c\u53cd\u8c03\u8bd5\uff08\u9759\u6001\u3001\u52a8\u6001\uff09\uff0cPE\u955c\u50cf\uff0cDebug Blocker

    "},{"location":"reverse-basic/","title":"\u9006\u5411\u57fa\u7840","text":"

    \u9006\u5411\u51fd\u6570\u65f6\uff0c\u8981\u63d0\u524d\u9884\u6d4b\u4e0b\u51fd\u6570\u5b9e\u73b0\u673a\u5236\uff0c\u4ee5\u8282\u7701\u65f6\u95f4\u3002\u8981\u660e\u767d\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7a0b\u5e8f\u7279\u6709\u7684\u5b9e\u73b0\uff0c\u54ea\u4e9b\u90e8\u5206\u5c5e\u4e8e\u7b2c\u4e09\u65b9\u7684\u5e93\uff0c\u4e0d\u8981\u968f\u4fbf\u8fdb\u5230\u7b2c\u4e09\u65b9\u5e93\u6216\u8005\u5e95\u5c42API\u91cc\u9762\u5206\u6790\u3002

    "},{"location":"reverse-basic/#_2","title":"\u8c03\u7528\u7ea6\u5b9a","text":"

    cdecl\uff08C\u9ed8\u8ba4\uff09\u7531caller\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\u3002

    stdcall\u7531callee\u8d1f\u8d23\u6e05\u7406\u6808\u4e0a\u4f20\u5165\u53c2\u6570\uff08Win32API\uff09\uff0c\u88ab\u8c03\u51fd\u6570\u8fd4\u56de\u65f6\u4f7f\u7528RETN X\u6765\u9000\u51fa\uff0c\u76f8\u5f53\u4e8eRETN\u3001POP X\u3002\u6bd4\u5982\u9000\u4e24\u4e2a\u53c2\u6570\uff0c\u5c31RETN 8\u3002

    fastcall\u4e3a\u4e86\u63d0\u9ad8\u901f\u5ea6\uff0c\u5206\u522b\u4f7f\u7528ECX\u3001EDX\u4f20\u9012\u524d\u4e24\u4e2a\u53c2\u6570\uff0c\u66f4\u591a\u53c2\u6570\u8fd8\u662f\u4f7f\u7528\u5185\u5b58\u3002 \u4f20\u53c2\u65f6\u90fd\u662f\u4ece\u53f3\u5411\u5de6\u4ee5\u6b64\u538b\u5165\u6808\u4e2d\u3002

    "},{"location":"reverse-basic/#_3","title":"\u4e00\u4e9b\u5e38\u89c1\u6c47\u7f16\u64cd\u4f5c\u7b26","text":"

    call \u5305\u62ec\u4fdd\u5b58\u8fd4\u56de\u5730\u5740\u3001IP\u8df3\u8f6c

    retn \u5373pop EIP

    test \u76f8\u5f53\u4e8eAND\uff0c\u4f46\u662f\u4e0d\u6539\u53d8\u666e\u901a\u5bc4\u5b58\u5668\u7684\u503c\uff0c\u53ea\u4fee\u6539EFLAGS\u5bc4\u5b58\u5668

    "},{"location":"reverse-basic/#nop","title":"NOP\u6307\u4ee4\u7684\u7528\u9014","text":"

    NOP\u6307\u4ee4\u901a\u5e38\u7528\u4e8e\u63a7\u5236\u65f6\u5e8f\u7684\u76ee\u7684\uff0c\u5f3a\u5236\u5185\u5b58\u5bf9\u9f50\uff0c\u9632\u6b62\u6d41\u6c34\u7ebf\u707e\u96be\uff0c\u5360\u636e\u5206\u652f\u6307\u4ee4\u5ef6\u8fdf\uff0c\u6216\u662f\u4f5c\u4e3a\u5360\u4f4d\u7b26\u4ee5\u4f9b\u7a0b\u5e8f\u7684\u6539\u5584\uff08\u6216\u66ff\u4ee3\u88ab\u79fb\u9664\u7684\u6307\u4ee4\uff09\u3002

    "},{"location":"reverse-basic/#_4","title":"\u51fd\u6570\u6267\u884c\u6808\u5e27\u63a8\u65ad","text":"

    \u51fd\u6570\u5185\u90e8\u4e00\u822c\u5148\u4f1a\u6267\u884c\u4ee5\u4e0b\u4e24\u6761\u6307\u4ee4\uff1a

    push ebp\nmov ebp,esp\n

    \u53ef\u4ee5\u89c2\u5bdfebp\u548cesp\u7684\u4fee\u6539\u60c5\u51b5\u63a8\u65ad\u51fd\u6570\u6808\u5e27

    "},{"location":"reverse-basic/#_5","title":"\u540d\u79f0\u4fee\u9970","text":"

    \u540d\u79f0\u4fee\u9970\uff08name mangling\uff0cname decoration\uff09\uff0c\u7528\u6765\u89e3\u51b3\u6807\u5fd7\u7b26\u7684\u552f\u4e00\u547d\u540d\u95ee\u9898\u3002\u6bd4\u5982\u5728\u4e0d\u540c\u7684\u547d\u540d\u7a7a\u95f4\u5b9e\u73b0\u76f8\u540c\u540d\u79f0\u7684\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u5728\u600e\u4e48\u8868\u793a\u5462\uff1f\u540d\u79f0\u4fee\u9970\u6280\u672f\u7528\u6765\u751f\u6210\u552f\u4e00\u7684\u6807\u5fd7\u7b26\uff0c\u4fdd\u7559\u547d\u540d\u7a7a\u95f4\u3001\u51fd\u6570\u540d\u3001\u7ed3\u6784\u4f53\u540d\u3001\u7c7b\u540d\u4ee5\u53ca\u53c2\u6570\u7c7b\u578b\u7b49\u7b49\u4fe1\u606f\u3002\u540d\u79f0\u4fee\u9970\u548c\u8c03\u7528\u7ea6\u5b9a\u3001\u7f16\u8bd1\u5668\u6709\u5173\uff0c\u5e94\u7528\u6700\u5e7f\u6cdb\u7684\u662fC++\u7684\u4ee3\u7801\uff08\u5c24\u5176\u662f\u6df7\u5408C\u7f16\u8bd1\u65f6\uff09\u3002\u6bd4\u5982_ZN9wikipedia7article6formatEv\u53ef\u4ee5\u7528\u6765\u8868\u793a\uff1a

    namespace wikipedia\n{\nclass article\n{\npublic:\nstd::string format();\n}\n}\n

    \u5176\u4e2d_Z\u662f\u5f00\u5934\uff08\u4e0b\u5212\u7ebf+\u5927\u5199\u5b57\u6bcd\u5728C\u4e2d\u662f\u4fdd\u7559\u7684\u6807\u5fd7\u7b26\uff0c\u907f\u514d\u51b2\u7a81\uff09\uff0cN\u8868\u793a\u662f\u5d4c\u5957\u6709\u547d\u540d\u7a7a\u95f4\u548c\u7c7b\u540d\uff0c\u968f\u540e\u7684\u6570\u5b57+\u5b57\u6bcd\u4e2d\uff0c\u6570\u5b57\u8868\u793a\u957f\u5ea6\uff0c\u5b57\u6bcd\u8868\u793a\u540d\u79f0\uff0c\u5e76\u4ee5E\u7ed3\u675f\u3002\u4e4b\u540e\u7684\u53c2\u6570\u8868\u793a\u51fd\u6570\u7684\u53c2\u6570\u7c7b\u578b\uff0cv\u4e3avoid\u3002

    "},{"location":"reverse-basic/#pe","title":"PE\u6587\u4ef6","text":"

    PE\uff08Portable Execution\uff09\u6587\u4ef6\u662fWindows\u7cfb\u7edf\u4f7f\u7528\u7684\u53ef\u6267\u884c\u6587\u4ef6\u683c\u5f0f\u3002

    "},{"location":"reverse-basic/#pe_1","title":"PE\u6587\u4ef6\u7684\u6570\u636e\u8282","text":"

    #pragma data_seg()\u53ef\u4ee5\u5c06\u4ee3\u7801\u4efb\u610f\u90e8\u5206\u7f16\u8bd1\u5230PE\u6587\u4ef6\u4efb\u610f\u8282\uff0c\u8282\u540d\u4e5f\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3002

    "},{"location":"reverse-basic/#_6","title":"\u9759\u6001\u94fe\u63a5\u5e93\u4e0e\u52a8\u6001\u94fe\u63a5\u5e93","text":"

    \u9759\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e3a.a\u6216.lib\uff1b\u52a8\u6001\u5e93\u7684\u62d3\u5c55\u540d\u4e00\u822c\u4e3a.so\u6216.dll

    \u9759\u6001\u5e93\u7f16\u8bd1\u65f6\u76f4\u63a5\u6574\u5408\u5230\u76ee\u6807\u7a0b\u5e8f\u4e2d\uff0c\u7f16\u8bd1\u6210\u529f\u540e\u7684\u53ef\u6267\u884c\u6587\u4ef6\u53ef\u4ee5\u72ec\u7acb\u8fd0\u884c\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u65f6\u53ef\u6267\u884c\u7a0b\u5e8f\u65e0\u6cd5\u72ec\u7acb\u8fd0\u884c

    \u9759\u6001\u5e93\u66f4\u65b0\u540e\u9700\u8981\u66f4\u65b0\u6574\u4e2a\u76ee\u6807\u7a0b\u5e8f\uff1b\u52a8\u6001\u5e93\u66f4\u65b0\u540e\u53ea\u9700\u66f4\u6362\u65b0\u7684\u52a8\u6001\u5e93\u5373\u53ef

    \u9759\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc -c xx.c -o xx.o\uff0car crs libxx.a xx.o\uff1b\u52a8\u6001\u5e93\u7f16\u8bd1\u547d\u4ee4\uff1agcc xx.c -o libxx.so -shared -fPIC\u5176\u4e2d-fPIC\u8868\u793a\u4f7f\u7528\u76f8\u5bf9\u4f4d\u7f6e

    "},{"location":"reverse-basic/#gdb","title":"gdb","text":"

    \u6dfb\u52a0\u591a\u4e2a\u7b26\u53f7\u8868add-symbol-file xxx addr\u5176\u4e2daddr\u662f\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740\uff0cxxx\u53ef\u4ee5\u4e3asym\u6587\u4ef6\uff0c\u6216elf\u6587\u4ef6\u7b49\u3002\u53d8\u5f02\u65f6\u9700\u8981\u52a0\u4e0a-g\u4fdd\u7559\u7b26\u53f7\u8868(\u6307\u5b9a\u5177\u4f53\u683c\u5f0f\u5982-g2 -gdwarf-2)\uff0c\u53ef\u4ee5\u9010\u4e2a\u4f7f\u7528add-symbol-file\uff0c\u90fd\u6dfb\u52a0\u8fdb\u53bb\u3002

    \u4f7f\u7528ulimit -c unlimited\u8bbe\u7f6e\u4e0d\u9650\u5236coredump\u6587\u4ef6\u5927\u5c0f\uff0c\u7136\u540eroot\u7528\u6237echo \"core-%e-%p\" > /proc/sys/kernel/core_pattern\u8bbe\u7f6e\u4fdd\u7559\u7a0b\u5e8f\u540d\u3001pid\uff0c\u5219\u5bf9\u4e8e\u7f16\u8bd1\u65f6\u6dfb\u52a0\u4e86-g\u9009\u9879\u7684\u7a0b\u5e8f\uff0c\u5176\u5d29\u6e83\u4ea7\u751f\u7684coredump\u6587\u4ef6\u53ef\u4ee5\u4f7f\u7528gdb <\u7a0b\u5e8f\u540d> <coredump\u6587\u4ef6\u540d>\u6765\u5bfb\u627eroot cause\u3002gdb\u5185\u7528where\u67e5\u770b\u8c03\u7528\u6808\u3002

    "},{"location":"reverse-basic/#_7","title":"\u63a8\u8350\u9605\u8bfb","text":"

    Linux \u9759\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Linux \u52a8\u6001\u5e93 \u7f16\u8bd1\u548c\u4f7f\u7528 Makefile\u5165\u95e8 Makefile\u5b98\u65b9\u6587\u6863 coredump\u6587\u4ef6\u57fa\u7840\u7528\u6cd5

    "},{"location":"sci-thoughts/","title":"\u79d1\u7814\u5fc3\u5f97","text":""},{"location":"sci-thoughts/#_2","title":"\u517b\u6210\u4e60\u60ef","text":"

    \u65f6\u95f4\u8fc7\u5f97\u603b\u662f\u975e\u5e38\u5feb\u7684\u3002\u5fd9\u7740\u505a\u4e00\u4e2a\u8bfe\u9898\uff0c\u53ef\u80fd\u6bcf\u5929\u611f\u89c9\u4e0d\u5230\u6709\u4ec0\u4e48\u8fdb\u5c55\u5462\uff0c\u534a\u5e74\u4e00\u5e74\u5c31\u8fc7\u53bb\u4e86\u3002\u5982\u679c\u6709\u8fd9\u79cd\u60f3\u6cd5\uff0c\u591a\u534a\u662f\u6ca1\u505a\u597d\u89c4\u5212\uff0c\u50cf\u4e2a\u65e0\u5934\u82cd\u8747\u4e00\u6837\u4e1c\u95ef\u897f\u649e\u3002

    \u611f\u89c9\u6709\u4e24\u4e2a\u4e60\u60ef\u662f\u5fc5\u987b\u517b\u6210\u7684\uff0c\u4e00\u662f\u8bfb\u8bba\u6587\u8981\u601d\u8003\u95ee\u9898\u4e0e\u610f\u4e49\uff1a\u770b\u5230\u9898\u76ee\u548c\u6458\u8981\uff0c\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u5e0c\u671b\u89e3\u51b3\u4ec0\u4e48\u95ee\u9898\u3001\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u4ef7\u503c\u3001\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u6709\u4ec0\u4e48\u601d\u8def\u3001\u4f1a\u9047\u5230\u54ea\u4e9b\u666e\u904d\u4e0e\u7279\u6b8a\u7684\u6311\u6218\uff0c\u4ee5\u53ca\u6587\u7ae0\u57fa\u4e8e\u54ea\u4e9b\u5047\u8bbe\u5e76\u4e14\u4f1a\u8bd5\u56fe\u907f\u800c\u4e0d\u8c08\u7684\u7f3a\u9677\uff1b\u4e8c\u662f\u6bcf\u5929\u8fdb\u884c\u603b\u7ed3\u4e0e\u5f52\u7eb3\uff0c\u601d\u8003\u4e00\u5929\u5230\u5e95\u6709\u4ec0\u4e48\u8fdb\u5c55\uff0c\u51dd\u7ec3\u603b\u7ed3\u6210\u6587\u5b57\u6216ppt\u8bb2\u7a3f\u3002\u6bcf\u5929\u5149\u770b\u4e0d\u603b\u7ed3\uff0c\u7b49\u4e8e\u767d\u770b\uff01\u5e73\u65f6\u5bf9\u5404\u79cd\u95ee\u9898\u5c31\u8981\u6709\u6240\u51c6\u5907\u4e0e\u601d\u8003\uff0c\u4e0d\u8981\u522b\u4eba\u95ee\u8d77\u7684\u65f6\u5019\u5c31\u6577\u884d\u5730\u7ed9\u4e00\u4e2a\u56de\u7b54\uff0c\u6ca1\u6709\u610f\u4e49\u3002

    \u65e9\u4e0a\u5199todo list\uff0c\u665a\u4e0a\u5199done list\uff0c\u770b\u770b\u8fd9\u4e00\u5929\u8fdb\u5c55\u5982\u4f55\u3002\u662f\u5426\u6709\u6ca1\u505a\u5b8c\u7684\u4e8b\u60c5\uff0c\u662f\u5426\u6709\u5206\u5fc3\u505a\u4e86\u522b\u7684\u4e8b\u60c5\uff0c\u660e\u5929\u5982\u4f55\u89c4\u5212\u65f6\u95f4\u2026\u2026\u5bf9\u81ea\u5df1\u6bcf\u5929\u3001\u6bcf\u5468\u3001\u6bcf\u6708\u80fd\u505a\u7684\u4e8b\u60c5\u6709\u6e05\u695a\u7684\u8ba4\u8bc6\uff0c\u4e0d\u76f2\u76ee\u81ea\u5927\u4e5f\u4e0d\u5984\u81ea\u83f2\u8584\u3002

    \u505a\u4efb\u4f55\u4e8b\u90fd\u8981\u7ed9\u4e00\u4e2a\u6e05\u6670\u7684ddl\uff0c\u7763\u4fc3\u5c3d\u5feb\u5b8c\u6210\u4e0d\u8981\u62d6\u6c93\u3002\u53e6\u4e00\u65b9\u9762\u662f\u4e3a\u4e86\u9650\u5236\u601d\u8003\uff0c\u8981\u96c6\u4e2d\u3001\u5feb\u901f\uff0c\u4e0d\u8981\u6f2b\u65e0\u76ee\u7684\u5730\u53d1\u6563\u3002\u6bd4\u5982\u8bfb\u8bba\u6587\u524d\u601d\u8003\u8fd9\u7bc7\u6587\u7ae0\u9700\u8981\u89e3\u51b3\u7684\u6311\u6218\u65f6\uff0c\u9650\u5b9a\u57283min\u4e4b\u5185\uff0c\u8d85\u65f6\u4ee5\u540e\u65e0\u8bba\u662f\u5426\u60f3\u5230\u591a\u5c11\u90fd\u8981\u505c\u4e0b\u6765\u3002\u4e5f\u53ef\u4ee5\u6709\u6548\u907f\u514d\u5206\u5fc3\u3002

    "},{"location":"sci-thoughts/#_3","title":"\u79d1\u7814\u5199\u4f5c","text":"

    \u79d1\u7814\u5199\u4f5c\u9700\u8981\u7cfb\u7edf\u7684\u8bad\u7ec3\u3002\u6bcf\u5929\u6109\u5feb\u5730\u8bfb\u3001\u5199\u4e00\u5c0f\u65f6\uff0c\u957f\u671f\u575a\u6301\uff0c\u53eb\u505a\u201cread and write\u201d\u3002

    \u5199\u6587\u7ae0\u8981\u5f04\u6e05\u695a\u8bfb\u8005\u90fd\u662f\u540c\u4e13\u4e1a\u7684\u4eba\uff0c\u56e0\u6b64\u8981\u4f53\u73b0\u51fa\u4e13\u4e1a\u6027\u4e0e\u79d1\u5b66\u6027\u3001\u7cbe\u786e\u6027\u3001\u7b80\u6d01\u6027\u3001\u903b\u8f91\u6027\u3002

    "},{"location":"sentence-templates/","title":"\u60c5\u666f\u6a21\u677f","text":"

    \u63d0\u51fa\u672c\u6587\u5de5\u4f5c\uff1a

    \u4ecb\u7ecd\u67d0\u4e00\u6d41\u7a0b\u5728\u6574\u4f53\u7cfb\u7edf\u4e2d\u7684\u4f5c\u7528\uff1a

    \u8bf4\u660e\u67d0\u4e00\u6b65\u9aa4\u5e76\u975e\u7b80\u5355\u7684\uff1a

    \u51dd\u7ec3\u672c\u6587\u5b9e\u9a8c\u6548\u679c\uff1a

    \u63d0\u51fa\u672c\u6587novelty\uff1a

    \u63d0\u51fa\u672c\u6587insight\uff1a

    \u51c6\u5907\u5f00\u59cb\u4ecb\u7ecd\u6280\u672f\u7ec6\u8282\uff1a

    \u8bf4\u76ee\u524d\u7684\u5de5\u4f5c\u7814\u7a76\u7684\u4e3b\u8981\u5185\u5bb9\u53d7\u9650\u3001\u522b\u7684\u65b9\u6cd5\u5b58\u5728\u95ee\u9898\uff1a

    \u4e00\u4e9b\u5de5\u4f5c\u7ec6\u8282\uff1a

    "},{"location":"tech-sslh/","title":"sslh \u9605\u8bfb\u7b14\u8bb0","text":"

    \u6700\u8fd1\u5728\u8bfbsslh\u7684\u6e90\u7801\uff0c\u611f\u89c9\u8fd8\u662f\u6bd4\u8f83\u6709\u610f\u601d\u7684\u3002\u4e4b\u524d\u5728\u7aef\u53e3\u590d\u7528\u91cc\u9762\u7b80\u5355\u63d0\u4e86\u4e0bsslh\u7684\u7528\u6cd5\uff0c\u4f46\u662f\u5728\u5b9e\u8df5\u4e2d\u8e29\u4e86\u4e0d\u5c11\u5751\uff0c\u6240\u4ee5\u628a\u6e90\u7801\u62ff\u6765\u8bfb\u4e00\u8bfb\uff0c\u770b\u770b\u5185\u90e8\u7684\u7ed3\u6784\u3002

    sslh\u4f3c\u4e4e\u662f\u4f7f\u7528\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u4fdd\u5b58\u7684\u534f\u8bae\u4fe1\u606f\uff0c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u5bf9\u5e94\u670d\u52a1\u5efa\u7acb\u8fde\u63a5\u3002\u540e\u7eed\u6570\u636e\u5305\u4e0d\u518d\u9700\u8981\u68c0\u67e5\u534f\u8bae\u4e86\u3002

    "},{"location":"tech-sslh/#_1","title":"\u4fbf\u6377\u4e0a\u624b","text":"
    apt install sslh # \u4f46\u6700\u597d\u8fd8\u662f\u4ece\u6e90\u7801make install\uff0c\u7528\u6700\u65b0\u7248\u672c\uff1b\u53c2\u8003\u4ed3\u5e93\u7684INSTALL\u5b89\u88c5\u5bf9\u5e94\u7684C\u5e93\nvi /etc/default/sslh\nsystemctl start sslh\n

    \u4f3c\u4e4ecfg\u6587\u4ef6\u91cc\u548ccommand line\u4f1a\u6709\u51b2\u7a81\u3002\u6240\u4ee5commandline\u7528-F /etc/sslh/sslh.cfg\uff08\u6ca1\u6709\u5219\u65b0\u5efa\u4e00\u4e2a\uff09\u6307\u5b9a\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u4e0d\u8981\u6709\u548ccommand\u91cd\u590d\u7684\u5185\u5bb9\u3002\u53ea\u653eprotocols\u5dee\u4e0d\u591a\u5c31\u5f97\u4e86\u3002\u6bd4\u8f83\u597d\u7528\u7684\u662f\u6b63\u5219\u548ctls\u4e2d\u6839\u636ealpn\u548csni\u6765\u5339\u914d\u3002

    \u4e0b\u9762\u662f\u5b8c\u6574\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u4e00\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u6570\u636e\u5305\u5305\u542b\"OK1\"\u6216\u8005\"OK2\"\uff0c\u5219\u4f1a\u88ab\u8f6c\u53d1\u5230127.0.0.1:1234\u3002\u5176\u4e2d\u7684name\u5b57\u6bb5\u8868\u793a\u8fd9\u6761\u534f\u8bae\u5728sslh\u542f\u52a8\u540e\u600e\u4e48\u914d\u7f6e\uff0c\u5e38\u89c1\u7684\u6bd4\u5982regex\u3001ssh\u3001tls\u3001http\u3002

    \u6ce8\u610f\uff0c\u6700\u540e\u4e00\u6761\u534f\u8bae\u7684\u5206\u53f7\u540e\u9762\u4e0d\u52a0\u9017\u53f7\u3002

    protocols:\n(\n{ name: \"regex\"; host: \"127.0.0.1\"; port: \"1234\"; regex_patterns: [ \"OK1\", \"OK2\" ]; }\n);\n
    "},{"location":"tech-sslh/#sslh_1","title":"sslh\u7a0b\u5e8f\u542f\u52a8\u5165\u53e3\u4e0e\u521d\u59cb\u5316","text":"

    \u9ed8\u8ba4\u6700\u7b80\u5355\u7684\u542f\u52a8\u65b9\u5f0f\u7684\u5165\u53e3\u5728sslh-main.c\u7684main\u51fd\u6570\uff0c\u4e5f\u5373\u7a0b\u5e8f\u7684\u4e3b\u4f53\u903b\u8f91\u3002\u4e00\u4e9b\u5173\u952e\u6b65\u9aa4\uff1a

    1. \u8c03\u7528sslhcfg_cl_parse\u51fd\u6570\uff0c\u6839\u636e\u547d\u4ee4\u884c\u53c2\u6570\u548c\u914d\u7f6e\u6587\u4ef6\uff0c\u505a\u4e00\u4e2a\u7f13\u51b2
    2. \u8c03\u7528config_protocols\u5b8c\u6210\u8f6c\u53d1\u89c4\u5219\u7684\u521d\u59cb\u5316\uff0c\u5185\u90e8\u8c03\u7528\u7684get_probe\u662f\u7ed9\u52a0\u8f7d\u4e86\u534f\u8bae\u7684\u914d\u7f6e\u89c4\u5219
    3. \u8c03\u7528start_listen_sockets\u5f00\u59cb\u76d1\u542csockets
    4. \u8c03\u7528main_loop\u8fdb\u5165\u4e3b\u5faa\u73af\uff0c\u9ed8\u8ba4\u4e3asslh-fork\u7684main_loop\u51fd\u6570

    \u9ed8\u8ba4\u4f7f\u7528tcp\u3002main_loop\u51fd\u6570\u4e2d\uff0c\u5bf9\u76d1\u542c\u7684\u6bcf\u4e2asockets\u8fdb\u884cfork\uff0c\u6bcf\u4e2a\u5b50\u8fdb\u7a0b\u6267\u884ctcp_listener\uff0c\u5728\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u4e2daccept\u5bf9\u5e94\u7684\u8fde\u63a5\u3002\u8fd9\u4e9b\u5b50\u8fdb\u7a0b\u5c06\u7ee7\u7eedfork\u51fa\u5b50\u8fdb\u7a0b\uff0c\u6267\u884cstart_shoveler\uff0c\u5b9e\u73b0\u771f\u6b63\u7684\u529f\u80fd\u3002

    "},{"location":"tech-sslh/#_2","title":"\u534f\u8bae\u8bc6\u522b","text":"

    \u5b50\u8fdb\u7a0b\u901a\u8fc7probe_client_protocol\u6765\u786e\u5b9a\u6570\u636e\u5305\u662f\u4ec0\u4e48\u534f\u8bae\uff0c\u5e76\u6839\u636e\u5bf9\u5e94\u7684\u89c4\u5219\u5b9e\u73b0\u7aef\u53e3\u8f6c\u53d1\u3002\u8fd9\u4e00\u51fd\u6570\u4e0d\u65ad\u8fdb\u884c\u8c03\u7528\uff0c\u6700\u540e\u5728probe_buffer\u51fd\u6570\u4e2d\u904d\u5386\u4e4b\u524d\u914d\u7f6e\u7684\u6bcf\u4e2a\u534f\u8bae\u89c4\u8303\uff08\u627e\u5230\u5339\u914d\u5219\u505c\u6b62\uff0c\u6240\u4ee5\u914d\u7f6e\u987a\u5e8f\u4e5f\u86ee\u5173\u952e\u7684\uff09\uff0c\u901a\u8fc7p->probe(buf, len, p)\u8fd9\u4e2a\u51fd\u6570\u6307\u9488\u6765\u95f4\u63a5\u8c03\u7528\u8bc6\u522b\u534f\u8bae\u7684\u76f8\u5173\u51fd\u6570\u3002

    \u8fd9\u91cc\u7684\u534f\u8bae\u5305\u62ec\u4ee5\u4e0b\u5185\u7f6e\u534f\u8bae\uff1a

    /* Table of protocols that have a built-in probe\n */\nstatic struct protocol_probe_desc builtins[] = {\n/* description  probe  */\n{ \"ssh\",        is_ssh_protocol},\n{ \"openvpn\",    is_openvpn_protocol },\n{ \"wireguard\",  is_wireguard_protocol },\n{ \"tinc\",       is_tinc_protocol },\n{ \"xmpp\",       is_xmpp_protocol },\n{ \"http\",       is_http_protocol },\n{ \"tls\",        is_tls_protocol },\n{ \"adb\",        is_adb_protocol },\n{ \"socks5\",     is_socks5_protocol },\n{ \"syslog\",     is_syslog_protocol },\n{ \"teamspeak\",  is_teamspeak_protocol },\n{ \"msrdp\",      is_msrdp_protocol },\n{ \"anyprot\",    is_true }\n};\n

    \u5185\u7f6e\u534f\u8bae\u5185\u7f6e\u4e86\u4e00\u4e9b\u5339\u914d\u89c4\u5219\uff0c\u5373\u4e0a\u9762\u63d0\u5230\u7684is_ssh_protocol\u3001is_http_protocol\u7b49\u7b49\u3002\u53ef\u4ee5\u770b\u4e00\u4e2assh\u89c4\u5219\u7684\u4f8b\u5b50\uff1a

    /* Is the buffer the beginning of an SSH connection? */\nstatic int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nif (len < 4)\nreturn PROBE_AGAIN;\n\nreturn !strncmp(p, \"SSH-\", 4);\n}\n

    \u53ef\u89c1\uff0c\u5982\u679c\u7b2c\u4e00\u4e2a\u6570\u636e\u5305\u957f\u5ea6\u4e0d\u4f4e\u4e8e4\u4e14\u4ee5\"SSH-\"\u5f00\u5934\uff0c\u5219\u4f1a\u88ab\u8ba4\u4e3a\u662fssh\u8bf7\u6c42\u3002

    /* Is the buffer the beginning of an HTTP connection?  */\nstatic int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)\n{\nint res;\n/* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */\nif (memmem(p, len, \"HTTP\", 4))\nreturn PROBE_MATCH;\n\n#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res\n\n/* Otherwise it could be HTTP/1.0 without version: check if it's got an\n     * HTTP method (RFC2616 5.1.1) */\nPROBE_HTTP_METHOD(\"OPTIONS\");\nPROBE_HTTP_METHOD(\"GET\");\nPROBE_HTTP_METHOD(\"HEAD\");\nPROBE_HTTP_METHOD(\"POST\");\nPROBE_HTTP_METHOD(\"PUT\");\nPROBE_HTTP_METHOD(\"DELETE\");\nPROBE_HTTP_METHOD(\"TRACE\");\nPROBE_HTTP_METHOD(\"CONNECT\");\n\n#undef PROBE_HTTP_METHOD\n\nreturn PROBE_NEXT;\n}\n

    http\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u68c0\u67e5\"HTTP\"\u5b57\u7b26\u4e32\u3002

    \u53e6\u5916\u6709\u4e24\u79cd\u7279\u6b8a\u7684\u534f\u8bae\uff0ctimeout\u9ed8\u8ba4\u4f1a\u9009\u62e9\u521d\u59cb\u5316\u540e\u7684\u7b2c\u4e00\u4e2a\u534f\u8bae\uff08\u5373ssh\uff09\uff0cregex\u652f\u6301\u6b63\u5219\u5339\u914d\u6570\u636e\u5305\u7684\u56fa\u6709\u5b57\u7b26\u4e32\uff0c\u5c31\u8fde\u521d\u59cb\u5316\u65f6\u90fd\u662f\u5355\u72ec\u521d\u59cb\u5316\u7684\uff1a

    /* Returns the probe for specified protocol:\n * parameter is the description in builtins[], or \"regex\" \n * */\nT_PROBE* get_probe(const char* description) {\nint i;\n\nfor (i = 0; i < ARRAY_SIZE(builtins); i++) {\nif (!strcmp(builtins[i].name, description)) {\nreturn builtins[i].probe;\n}\n}\n\n/* Special case of \"regex\" probe (we don't want to set it in builtins\n     * because builtins is also used to build the command-line options and\n     * regexp is not legal on the command line)*/\nif (!strcmp(description, \"regex\"))\nreturn regex_probe;\n\n/* Special case of \"timeout\" is allowed as a probe name in the\n     * configuration file even though it's not really a probe */\nif (!strcmp(description, \"timeout\"))\nreturn is_true;\n\nreturn NULL;\n}\n

    is_true\u59cb\u7ec8\u8fd4\u56detrue\uff0c\u4e0d\u8fdb\u884c\u522b\u7684\u5224\u65ad\u4e86\u3002

    regex_probe\u5185\u90e8\u7528pre2\u5b9e\u73b0\u4e86\u4e00\u5957\u6b63\u5219\u5339\u914d\u7684\u673a\u5236\u3002\u914d\u7f6econfig\u7684\u65b9\u6cd5\u53ef\u4ee5\u89c1\u4e0a\u6587\u3002

    "},{"location":"tech-sslh/#tlsalpnsni","title":"TLS\u534f\u8bae\u4e2d\u4f7f\u7528\u7684ALPN\u3001SNI\u7b80\u4ecb","text":"

    tls\u4e3atcp\u63d0\u4f9b\u4e86\u52a0\u5bc6\u670d\u52a1\uff0c\u662f\u5f88\u591a\u670d\u52a1\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u73af\u3002\u7531\u4e8e\u6570\u636e\u5305\u662f\u52a0\u5bc6\u7684\u3001\u5f88\u591a\u670d\u52a1\u90fd\u4f7f\u7528tls\uff08\u6bd4\u5982https\uff09\uff0c\u6240\u4ee5\u6ca1\u6cd5\u901a\u8fc7regex\u7684\u65b9\u6cd5\u6765\u533a\u5206\u4e0d\u540c\u7684\u670d\u52a1\u3002\u597d\u5728sslh\u4e3atls\u63d0\u4f9b\u4e86\u4e24\u79cd\u5206\u8fa8\u65b9\u6cd5\uff0c\u5373sni_hostnames\u4e0ealpn_protocols\u3002\u5728config\u91cc\u5199\u7684\u4e00\u6761\u89c4\u5219\u5982\u679c\u4e24\u8005\u90fd\u7528\u4e86\uff0c\u5219\u53ea\u6709\u540c\u65f6\u6ee1\u8db3\u4e24\u8005\u7684tls\u6570\u636e\u5305\u624d\u5339\u914d\u5f97\u4e0a\u5bf9\u5e94\u7684\u89c4\u5219\u3002

    \u6bd4\u5982example.cfg\u7ed9\u51fa\u7684\u4f8b\u5b50\uff1a

    # match BOTH ALPN/SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"5223\"; alpn_protocols: [ \"xmpp-client\" ]; sni_hostnames: [ \"im.somethingelse.net\" ]; log_level: 0; tfo_ok: true },\n\n# just match ALPN\n{ name: \"tls\"; host: \"localhost\"; port: \"443\"; alpn_protocols: [ \"h2\", \"http/1.1\", \"spdy/1\", \"spdy/2\", \"spdy/3\" ]; log_level: 0;  tfo_ok: true },\n     { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; alpn_protocols: [ \"xmpp-client\" ];  log_level: 0; tfo_ok: true },\n\n# just match SNI\n{ name: \"tls\"; host: \"localhost\"; port: \"993\"; sni_hostnames: [ \"mail.rutschle.net\", \"mail.englishintoulouse.com\" ]; log_level: 0;  tfo_ok: true },\n     { name: \"tls\"; host: \"localhost\"; port: \"xmpp-client\"; sni_hostnames: [ \"im.rutschle.net\", \"im.englishintoulouse.com\" ];  log_level: 0; tfo_ok: true },\n\n# Let's Encrypt (tls-alpn-* challenges)\n{ name: \"tls\"; host: \"localhost\"; port: \"letsencrypt-client\"; alpn_protocols: [ \"acme-tls/1\" ]; log_level: 0;},\n\n# catch anything else TLS\n{ name: \"tls\"; host: \"localhost\"; port: \"443\";  tfo_ok: true },\n

    alpn_protocols\u5373\u4f7f\u7528\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u7f16\u53f7\uff1aTLS Application-Layer Protocol Negotiation (ALPN) Protocol ID\u3002\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u5b8c\u6574\u7684\u683c\u5f0f\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u5982\u679c\u8bf4\u6570\u636e\u5305\u662f\u997a\u5b50\uff0ctls\u662f\u997a\u5b50\u76ae\uff0cALPN\u5c31\u662f\u8868\u793a\u91cc\u9762\u662f\u4ec0\u4e48\u9985\u7684\u3002

    sni_hostnames\u5373\u4f7f\u7528\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff1aServer Name Indication\uff08SNI\uff09\uff0c\u7c7b\u4f3c\u4e8e\u670d\u52a1\u5668\u7aef\u7684\u57df\u540d\u3002\u6253\u4e2a\u6bd4\u65b9\uff0c\u867d\u7136\u5728\u5b66\u6821\u5feb\u9012\uff08\u6570\u636e\u5305\uff09\u90fd\u4f1a\u9001\u5230\u83dc\u9e1f\u9a7f\u7ad9\uff08\u670d\u52a1\u5668\uff09\uff0c\u4f46\u8fd9\u4e9b\u5305\u88f9\u6700\u7ec8\u662f\u6d41\u5411\u4e0d\u540c\u7684\u5bbf\u820d\u7684\uff08SNI\uff09\u3002SNI\u5e2e\u52a9\u5728tls\u63e1\u624b\u671f\u95f4\u5c31\u786e\u5b9assl\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u5728http\u5efa\u7acb\u8fde\u63a5\u540e\u3002FQDN\u6307\u7684\u662fFully Qualified Domain Name\uff0c\u5373\u5b8c\u6574\u57df\u540d\uff0c\u53ef\u4ee5\u770b\u8fd9\u91cc\u7684\u4ecb\u7ecd\u3002

    sni_hostname\u548calpn_protocols\uff0c\u5c5e\u4e8etls\u6269\u5c55\u5185\u5bb9\uff0c\u5e76\u975e\u5f3a\u5236\u4fdd\u7559\u5176\u4e2d\u3002\u53d1\u5305\u7684\u65f6\u5019\u6ce8\u610f\u6dfb\u52a0\uff0c\u4e0d\u7136sslh\u53ef\u80fd\u8bc6\u522b\u4e0d\u5230\u3002

    "},{"location":"try-chatgpt/","title":"ChatGPT\u6765\u5e2e\u5fd9","text":""},{"location":"try-chatgpt/#_1","title":"\u7f51\u7edc\u7ad9\u70b9\u6253\u5305\u4e0b\u8f7d","text":"

    linux\u7528\u54ea\u4e2a\u547d\u4ee4\u53ef\u4ee5\u628a\u4e00\u4e2a\u7f51\u5740\u4ee5\u53ca\u5176\u6240\u4f9d\u8d56\u7684js\u548ccss\u7b49\u7b49\u6587\u4ef6\u81ea\u52a8\u4e0b\u8f7d\u4e0b\u6765\uff1f

    \u5728Linux\u4e2d\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 wget \u547d\u4ee4\u6765\u81ea\u52a8\u4e0b\u8f7d\u4e00\u4e2a\u7f51\u7ad9\u53ca\u5176\u4f9d\u8d56\u7684\u8d44\u6e90\u6587\u4ef6\uff08\u5982JS\u548cCSS\u7b49\uff09\u3002

    \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u547d\u4ee4\uff1a

    wget --recursive --no-clobber --page-requisites --html-extension --convert-links --restrict-file-names=windows --domains website.com --no-parent http://website.com\n
    \u8be5\u547d\u4ee4\u4f7f\u7528\u4e86\u591a\u4e2a\u9009\u9879\uff0c\u5176\u4e2d\u4e00\u4e9b\u9009\u9879\u7684\u542b\u4e49\u5982\u4e0b\uff1a

    --recursive: \u4e0b\u8f7d\u7f51\u7ad9\u7684\u6240\u6709\u94fe\u63a5\u3002 --no-clobber: \u4e0d\u4f1a\u91cd\u590d\u4e0b\u8f7d\u5df2\u7ecf\u5b58\u5728\u7684\u6587\u4ef6\u3002 --page-requisites: \u4e0b\u8f7d\u6240\u6709\u9875\u9762\u7684\u8d44\u6e90\uff08\u5982\u56fe\u50cf\uff0c\u97f3\u9891\u548c\u89c6\u9891\uff09\u3002 --html-extension: \u5c06\u6240\u6709HTML\u6587\u4ef6\u6269\u5c55\u540d\u6dfb\u52a0\u4e3a .html\u3002 --convert-links: \u5c06\u6240\u6709\u94fe\u63a5\u8f6c\u6362\u4e3a\u672c\u5730\u94fe\u63a5\u3002 --restrict-file-names=windows: \u907f\u514d\u4f7f\u7528 Linux \u4e0d\u652f\u6301\u7684\u6587\u4ef6\u540d\u5b57\u7b26\u3002 --domains website.com: \u9650\u5236\u4e0b\u8f7d\u7684\u57df\u540d\u8303\u56f4\u3002 --no-parent: \u4e0d\u4f1a\u4e0b\u8f7d\u7236\u7ea7\u94fe\u63a5\uff08\u6709\u52a9\u4e8e\u9632\u6b62\u65e0\u9650\u9012\u5f52\uff09\u3002

    \u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u4fee\u6539\u8fd9\u4e9b\u9009\u9879\u4ee5\u6ee1\u8db3\u7279\u5b9a\u7684\u8981\u6c42\u3002

    \u7528\u8fd9\u6761\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u53d1\u73b0\u6076\u610f\u4e0b\u8f7d\uff0c\u88ab\u7ed9403 forbidden\u4e86\u600e\u4e48\u529e\uff1f

    \u5982\u679c\u4f60\u4f7f\u7528\u7684\u547d\u4ee4\u88ab\u670d\u52a1\u5668\u8ba4\u4e3a\u662f\u6076\u610f\u4e0b\u8f7d\uff0c\u5e76\u4e14\u88ab\u670d\u52a1\u5668\u62d2\u7edd\u8bbf\u95ee\uff0c\u90a3\u4e48\u4f60\u53ef\u4ee5\u8003\u8651\u4ee5\u4e0b\u4e00\u4e9b\u65b9\u6cd5\u6765\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a

    \u4fee\u6539\u4e0b\u8f7d\u901f\u5ea6\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u5982\u679c\u4f60\u4e0b\u8f7d\u7684\u592a\u5feb\uff0c\u5c31\u4f1a\u88ab\u8ba4\u4e3a\u662f\u653b\u51fb\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --limit-rate \u9009\u9879\u6765\u9650\u5236\u4e0b\u8f7d\u901f\u5ea6\uff0c\u4f8b\u5982\uff1a

    wget --limit-rate=200k http://example.com\n

    \u4fee\u6539\u4e0b\u8f7d\u5e76\u53d1\u6570\uff1a\u7c7b\u4f3c\u4e8e\u901f\u5ea6\u9650\u5236\uff0c\u4e00\u4e9b\u670d\u52a1\u5668\u4e5f\u4f1a\u9650\u5236\u540c\u65f6\u8fdb\u884c\u7684\u4e0b\u8f7d\u6570\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --tries \u548c --wait \u9009\u9879\u6765\u9650\u5236\u5e76\u53d1\u4e0b\u8f7d\u6570\uff0c\u4f8b\u5982\uff1a

    wget --tries=10 --wait=5 http://example.com\n
    \u6dfb\u52a0 User-Agent\uff1a\u6709\u4e9b\u670d\u52a1\u5668\u53ef\u80fd\u4f1a\u68c0\u67e5 User-Agent\uff0c\u5982\u679c User-Agent \u88ab\u8ba4\u4e3a\u662f\u6076\u610f\u7684\uff0c\u90a3\u4e48\u4f60\u7684\u8bf7\u6c42\u4e5f\u4f1a\u88ab\u62d2\u7edd\u3002\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u4f7f\u7528 --user-agent \u9009\u9879\u6765\u8bbe\u7f6e User-Agent\uff0c\u4f8b\u5982\uff1a

    wget --user-agent=\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3\" http://example.com\n

    \u4e0e\u670d\u52a1\u5668\u7ba1\u7406\u5458\u8054\u7cfb\uff1a\u5982\u679c\u4ee5\u4e0a\u65b9\u6cd5\u90fd\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u8054\u7cfb\u670d\u52a1\u5668\u7ba1\u7406\u5458\uff0c\u8bf4\u660e\u4f60\u7684\u4e0b\u8f7d\u8bf7\u6c42\u662f\u5408\u6cd5\u7684\uff0c\u8bf7\u6c42\u4ed6\u4eec\u653e\u884c\u4f60\u7684\u8bf7\u6c42\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4e0d\u8981\u4f7f\u7528\u975e\u6cd5\u7684\u65b9\u5f0f\u4e0b\u8f7d\u6587\u4ef6\uff0c\u4ee5\u514d\u4fb5\u72af\u4ed6\u4eba\u7684\u5408\u6cd5\u6743\u76ca\uff0c\u5e76\u6709\u53ef\u80fd\u5bfc\u81f4\u6cd5\u5f8b\u7ea0\u7eb7\u3002

    "},{"location":"try-chatgpt/#gopythonrust","title":"\u6bd4\u8f83Go\u3001Python\u3001Rust\u7684\u5173\u7cfb","text":"

    go\u3001rust\u3001python\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5728\u8bed\u8a00\u7279\u6027\u65b9\u9762\u6709\u4ec0\u4e48\u533a\u522b\uff1f\u5404\u81ea\u6709\u4ec0\u4e48\u4f18\u52bf\uff1f\u9002\u7528\u573a\u666f\u6709\u4ec0\u4e48\u533a\u522b\uff1f

    \u8fd9\u4e09\u79cd\u7f16\u7a0b\u8bed\u8a00\u5404\u6709\u4e0d\u540c\u7684\u7279\u70b9\u548c\u4f18\u52bf\uff0c\u4ee5\u4e0b\u662f\u5b83\u4eec\u7684\u4e3b\u8981\u533a\u522b\u548c\u9002\u7528\u573a\u666f\uff1a

    Python Python \u662f\u4e00\u79cd\u9ad8\u7ea7\u7684\u52a8\u6001\u89e3\u91ca\u578b\u8bed\u8a00\uff0c\u5177\u6709\u7b80\u5355\u6613\u5b66\u3001\u6613\u8bfb\u6613\u5199\u7684\u7279\u70b9\u3002\u5b83\u7684\u8bed\u6cd5\u7b80\u5355\u3001\u4ee3\u7801\u53ef\u8bfb\u6027\u9ad8\u3001\u652f\u6301\u591a\u79cd\u7f16\u7a0b\u8303\u5f0f\u548c\u4e30\u5bcc\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u9002\u7528\u4e8e\u5404\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\uff0c\u5c24\u5176\u64c5\u957f\u6570\u636e\u5206\u6790\u3001\u4eba\u5de5\u667a\u80fd\u548c\u79d1\u5b66\u8ba1\u7b97\u9886\u57df\u3002\u7531\u4e8e\u5b83\u7684\u5f00\u53d1\u6548\u7387\u9ad8\uff0c\u5e38\u88ab\u7528\u4e8e\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\u3002

    Go Go \u662f\u4e00\u79cd\u5f00\u6e90\u7684\u7f16\u8bd1\u578b\u8bed\u8a00\uff0c\u7531 Google \u5f00\u53d1\u3002\u5b83\u7684\u8bbe\u8ba1\u76ee\u6807\u662f\u4e3a\u4e86\u89e3\u51b3\u591a\u6838\u3001\u7f51\u7edc\u3001\u5927\u89c4\u6a21\u7a0b\u5e8f\u5f00\u53d1\u7b49\u95ee\u9898\uff0c\u5177\u6709\u9ad8\u6548\u3001\u53ef\u9760\u3001\u7b80\u6d01\u7b49\u7279\u70b9\u3002Go \u8bed\u8a00\u5728\u5e76\u53d1\u7f16\u7a0b\u548c\u7f51\u7edc\u7f16\u7a0b\u65b9\u9762\u8868\u73b0\u7a81\u51fa\uff0c\u6709\u7740\u975e\u5e38\u9ad8\u6548\u7684 Goroutine \u548c Channel \u673a\u5236\uff0c\u9002\u5408\u4e8e\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u4e91\u8ba1\u7b97\u7b49\u9886\u57df\u7684\u5f00\u53d1\u3002

    Rust Rust \u662f\u4e00\u79cd\u7cfb\u7edf\u7ea7\u7684\u7f16\u7a0b\u8bed\u8a00\uff0c\u7531 Mozilla \u5f00\u53d1\u3002\u5b83\u7ed3\u5408\u4e86\u9ad8\u6548\u6027\u80fd\u3001\u5185\u5b58\u5b89\u5168\u548c\u5e76\u53d1\u5b89\u5168\uff0c\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u548c\u5b89\u5168\u7684\u7f16\u7a0b\u73af\u5883\u3002Rust \u7684\u4e3b\u8981\u4f18\u52bf\u5728\u4e8e\u5176\u5185\u5b58\u5b89\u5168\u6027\u548c\u5e76\u53d1\u6027\uff0c\u5b83\u5177\u6709\u9ad8\u6548\u7684\u7f16\u8bd1\u5668\u3001\u4e30\u5bcc\u7684\u7c7b\u578b\u7cfb\u7edf\u548c\u9ad8\u7ea7\u7684\u6a21\u5f0f\u5339\u914d\u529f\u80fd\uff0c\u9002\u7528\u4e8e\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u7b49\u9886\u57df\u3002

    \u603b\u7684\u6765\u8bf4\uff0cPython \u9002\u5408\u5feb\u901f\u539f\u578b\u8bbe\u8ba1\u548c\u654f\u6377\u5f00\u53d1\uff0cGo \u9002\u5408\u9ad8\u5e76\u53d1\u3001\u5206\u5e03\u5f0f\u7cfb\u7edf\u548c\u4e91\u8ba1\u7b97\uff0cRust \u9002\u5408\u9700\u8981\u9ad8\u6027\u80fd\u548c\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u7ea7\u7f16\u7a0b\u3001\u7f51\u7edc\u7f16\u7a0b\u3001\u64cd\u4f5c\u7cfb\u7edf\u548c\u5d4c\u5165\u5f0f\u5f00\u53d1\u3002\u9009\u62e9\u54ea\u79cd\u7f16\u7a0b\u8bed\u8a00\u53d6\u51b3\u4e8e\u5177\u4f53\u7684\u5e94\u7528\u573a\u666f\u548c\u9700\u6c42\u3002

    "},{"location":"try-chatgpt/#_2","title":"\u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u5b66\u4e60","text":"

    \u6211\u60f3\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\uff0c\u8bf7\u63a8\u8350\u4e00\u4e9b\u7f51\u7ad9

    \u4ee5\u4e0b\u662f\u4e00\u4e9b\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5b66\u4e60\u5de5\u4e1a\u754c\u5b9e\u7528\u7684\u8ba1\u7b97\u673a\u5b89\u5168\u9886\u57df\u7684\u77e5\u8bc6\u7684\u7f51\u7ad9\uff1a

    OWASP (\u5f00\u653e\u5f0f\u7f51\u7edc\u5b89\u5168\u9879\u76ee)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u4e86\u5927\u91cf\u6709\u5173\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u8d44\u6599\u548c\u5de5\u5177\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u5b89\u5168\u6807\u51c6\u3001\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3001\u653b\u51fb\u6a21\u62df\u5668\u7b49\u7b49\u3002

    NIST (\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u6240)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u4e3a\u8ba1\u7b97\u673a\u5b89\u5168\u548c\u4fe1\u606f\u6280\u672f\u63d0\u4f9b\u6807\u51c6\u548c\u6307\u5357\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u627e\u5230\u6709\u5173\u5b89\u5168\u63a7\u5236\u3001\u5bc6\u7801\u5b66\u3001\u98ce\u9669\u8bc4\u4f30\u7b49\u65b9\u9762\u7684\u8d44\u6599\u3002

    SANS (\u5b89\u5168\u57f9\u8bad\u548c\u8ba4\u8bc1\u673a\u6784)\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u63d0\u4f9b\u6709\u5173\u5404\u79cd\u8ba1\u7b97\u673a\u5b89\u5168\u4e3b\u9898\u7684\u57f9\u8bad\u548c\u8bfe\u7a0b\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u535a\u5ba2\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6587\u7ae0\u548c\u63d0\u793a\u3002

    Dark Reading\uff1a\u8fd9\u662f\u4e00\u5bb6\u5728\u7ebf\u51fa\u7248\u5546\uff0c\u63d0\u4f9b\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6700\u65b0\u65b0\u95fb\u3001\u5206\u6790\u548c\u8bc4\u8bba\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd\u8d44\u6e90\uff0c\u5305\u62ec\u7f51\u7edc\u5b89\u5168\u767d\u76ae\u4e66\u3001\u7814\u7a76\u62a5\u544a\u548c\u6f14\u793a\u6587\u7a3f\u3002

    SecurityFocus\uff1a\u8fd9\u4e2a\u7f51\u7ad9\u662f\u4e00\u4e2a\u5b89\u5168\u65b0\u95fb\u805a\u5408\u7ad9\u70b9\uff0c\u6536\u96c6\u4e86\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u5b89\u5168\u65b0\u95fb\u548c\u6f0f\u6d1e\u62a5\u544a\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u5b89\u5168\u8bba\u575b\u3001\u5b89\u5168\u5de5\u5177\u7b49\u3002

    Reddit\uff1aReddit\u4e0a\u6709\u8bb8\u591a\u4e0e\u8ba1\u7b97\u673a\u5b89\u5168\u76f8\u5173\u7684\u793e\u533a\uff0c\u5982r/netsec\u3001r/hacking\u3001r/AskNetsec\u7b49\u3002\u8fd9\u4e9b\u793e\u533a\u53ef\u4ee5\u8ba9\u60a8\u5411\u5176\u4ed6\u5b89\u5168\u4e13\u4e1a\u4eba\u5458\u63d0\u95ee\uff0c\u5e76\u4e0e\u4ed6\u4eec\u5206\u4eab\u6709\u7528\u7684\u8d44\u6e90\u548c\u5de5\u5177\u3002

    GitHub\uff1aGitHub\u662f\u4e00\u4e2a\u8f6f\u4ef6\u5f00\u53d1\u5e73\u53f0\uff0c\u4e5f\u662f\u8bb8\u591a\u5b89\u5168\u5de5\u5177\u548c\u811a\u672c\u7684\u6765\u6e90\u3002\u901a\u8fc7\u641c\u7d22GitHub\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5f88\u591a\u6709\u7528\u7684\u5de5\u5177\uff0c\u5982\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3001\u6f0f\u6d1e\u626b\u63cf\u5668\u7b49\u7b49\u3002

    \u5e0c\u671b\u8fd9\u4e9b\u7f51\u7ad9\u80fd\u5bf9\u60a8\u6709\u6240\u5e2e\u52a9\uff01

    "},{"location":"word-learning/","title":"\u8bcd\u6c47\u5b66\u4e60","text":""}]} \ No newline at end of file diff --git a/sentence-templates/index.html b/sentence-templates/index.html index 502f1fc..3980773 100644 --- a/sentence-templates/index.html +++ b/sentence-templates/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -824,6 +824,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/sitemap.xml b/sitemap.xml index db5fd15..2b064b2 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,132 +2,142 @@ https://tech.c01dkit.com/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/IDA/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/autoconf/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/c/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/code-gracely/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/crawler/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/docker/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/envs/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/fuzzing/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/git/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/go/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/interesting-articles/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/investigations/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/latex/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/linux-server/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/picking-ups/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/porting/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/pwn-college-cse365-spring2023/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/python/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/rca/ - 2023-08-06 + 2023-08-23 + daily + + + https://tech.c01dkit.com/readings/ + 2023-08-23 daily https://tech.c01dkit.com/reverse-advanced/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/reverse-basic/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/sci-thoughts/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/sentence-templates/ - 2023-08-06 + 2023-08-23 + daily + + + https://tech.c01dkit.com/tech-sslh/ + 2023-08-23 daily https://tech.c01dkit.com/try-chatgpt/ - 2023-08-06 + 2023-08-23 daily https://tech.c01dkit.com/word-learning/ - 2023-08-06 + 2023-08-23 daily \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index 3371cdcefafe1cae1378f4597d57efb545b9f8a2..67f1075a85ccab899490c91d0edc35369ac6c3da 100644 GIT binary patch literal 429 zcmV;e0aE@SiwFpc>*Ztu|8r?{Wo=<_E_iKh0L|CUirX*{0O0#RMetpgH=$))9501Z z=)HXabu^Jh6iL;L?PQ<6((Y1n?WK$^w#UQp!Pxp4pRbp&Td|N&@z_1~L$|{S$@=Jy z-OnH2)Km97J&a2UguJWCk&fNWoIh*5ZCg*C@nSOdsW?qA*9X$?K|S=Jy6It8M=S7l z_d3RqU}{yUmSKdshvCtlJ@=3+YJaFH@3Ffym`!weD)@V{ z#)sRe?;>vu{nznNqVHe72vnJc6Qp<&NCSzcWKp?d0K-ipub3@h5h$|>&LUwLR}#oN zEiW&1{uC&4o+YZ1K$MS+1&M1Tl_~5YAc| ziGWrx@s}YlafeReRs9_nH?zbJ6V^RJZLO-O+uYVQiO3dEL}8X_D>qeZvC9&-p<60e X1vDl8m!<9XLdeq}T++97gb@G$0rk); literal 417 zcmV;S0bc$eiwFn>70+Y>|8r?{Wo=<_E_iKh0L|CIYU3~v0ML8CBKR)LO=#&B$7Nwz z*n9f{+R;Q7Q6yC}wv&E+<+d!j?xl<_w&h`XFk&S2Pv=wE%vi{$xNmOTuGwIOWPNn| z=H>afdT5@8n|>;RkT*3r(!Lp)^P|?wvb5wGPbO2FiqiyR{UH4{sk`<^Gu&+ISQC7{ zeT+UN7}hLQ(=fu=LU(JAo?A#K-Rt%Db+jQqB|B`p?M`(Ms=KctUvpPsFq-J_Q1ErI z#)nI$)a+_0EUZ1UNK9+B2Z=%97Vz~&Log^ znBLxM{}d>5o+YZ1K$MS+1&M1Rl_~5YAc zhP=dMFo9Qf%}s7(iLHgOZoIX$s$L=Ux_L-Ma=ECQi(Qs@o?23|DxfLxTYB`zgOG=J LH#58}O%MP88^_8u diff --git a/tech-sslh/index.html b/tech-sslh/index.html new file mode 100644 index 0000000..dc1677a --- /dev/null +++ b/tech-sslh/index.html @@ -0,0 +1,1088 @@ + + + + + + + + + + + + + + + + + + + + + + sslh 阅读笔记 - c01dkit's tech blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    + + + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + +

    sslh 阅读笔记

    +

    最近在读sslh的源码,感觉还是比较有意思的。之前在端口复用里面简单提了下sslh的用法,但是在实践中踩了不少坑,所以把源码拿来读一读,看看内部的结构。

    +

    sslh似乎是使用第一个数据包保存的协议信息,为客户端与服务器对应服务建立连接。后续数据包不再需要检查协议了。

    +

    便捷上手

    +
    apt install sslh # 但最好还是从源码make install,用最新版本;参考仓库的INSTALL安装对应的C库
+vi /etc/default/sslh
+systemctl start sslh
+
    +

    似乎cfg文件里和command line会有冲突。所以commandline用-F /etc/sslh/sslh.cfg(没有则新建一个)指定的配置文件中,不要有和command重复的内容。只放protocols差不多就得了。比较好用的是正则和tls中根据alpn和sni来匹配。

    +

    下面是完整的配置文件的一个例子,如果数据包包含"OK1"或者"OK2",则会被转发到127.0.0.1:1234。其中的name字段表示这条协议在sslh启动后怎么配置,常见的比如regexsshtlshttp

    +

    注意,最后一条协议的分号后面不加逗号。

    +
    protocols:
+(
+    { name: "regex"; host: "127.0.0.1"; port: "1234"; regex_patterns: [ "OK1", "OK2" ]; }
+);
+
    +

    sslh程序启动入口与初始化

    +

    默认最简单的启动方式的入口在sslh-main.c的main函数,也即程序的主体逻辑。一些关键步骤:

    +
      +
    1. 调用sslhcfg_cl_parse函数,根据命令行参数和配置文件,做一个缓冲
      2. +
    2. 调用config_protocols完成转发规则的初始化,内部调用的get_probe是给加载了协议的配置规则
      3. +
    3. 调用start_listen_sockets开始监听sockets
      4. +
    4. 调用main_loop进入主循环,默认为sslh-fork的main_loop函数
      5. +
    +

    默认使用tcp。main_loop函数中,对监听的每个sockets进行fork,每个子进程执行tcp_listener,在这些子进程中accept对应的连接。这些子进程将继续fork出子进程,执行start_shoveler,实现真正的功能。

    +

    协议识别

    +

    子进程通过probe_client_protocol来确定数据包是什么协议,并根据对应的规则实现端口转发。这一函数不断进行调用,最后在probe_buffer函数中遍历之前配置的每个协议规范(找到匹配则停止,所以配置顺序也蛮关键的),通过p->probe(buf, len, p)这个函数指针来间接调用识别协议的相关函数。

    +

    这里的协议包括以下内置协议:

    +
    /* Table of protocols that have a built-in probe
+ */
+static struct protocol_probe_desc builtins[] = {
+    /* description  probe  */
+    { "ssh",        is_ssh_protocol},
+    { "openvpn",    is_openvpn_protocol },
+    { "wireguard",  is_wireguard_protocol },
+    { "tinc",       is_tinc_protocol },
+    { "xmpp",       is_xmpp_protocol },
+    { "http",       is_http_protocol },
+    { "tls",        is_tls_protocol },
+    { "adb",        is_adb_protocol },
+    { "socks5",     is_socks5_protocol },
+    { "syslog",     is_syslog_protocol },
+    { "teamspeak",  is_teamspeak_protocol },
+    { "msrdp",      is_msrdp_protocol },
+    { "anyprot",    is_true }
+};
+
    +

    内置协议内置了一些匹配规则,即上面提到的is_ssh_protocolis_http_protocol等等。可以看一个ssh规则的例子:

    +
    /* Is the buffer the beginning of an SSH connection? */
+static int is_ssh_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
+{
+    if (len < 4)
+        return PROBE_AGAIN;
+
+    return !strncmp(p, "SSH-", 4);
+}
+
    +

    可见,如果第一个数据包长度不低于4且以"SSH-"开头,则会被认为是ssh请求。

    +
    /* Is the buffer the beginning of an HTTP connection?  */
+static int is_http_protocol(const char *p, ssize_t len, struct sslhcfg_protocols_item* proto)
+{
+    int res;
+    /* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */
+    if (memmem(p, len, "HTTP", 4))
+        return PROBE_MATCH;
+
+#define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res
+
+    /* Otherwise it could be HTTP/1.0 without version: check if it's got an
+     * HTTP method (RFC2616 5.1.1) */
+    PROBE_HTTP_METHOD("OPTIONS");
+    PROBE_HTTP_METHOD("GET");
+    PROBE_HTTP_METHOD("HEAD");
+    PROBE_HTTP_METHOD("POST");
+    PROBE_HTTP_METHOD("PUT");
+    PROBE_HTTP_METHOD("DELETE");
+    PROBE_HTTP_METHOD("TRACE");
+    PROBE_HTTP_METHOD("CONNECT");
+
+#undef PROBE_HTTP_METHOD
+
+    return PROBE_NEXT;
+}
+
    +

    http也比较简单,检查"HTTP"字符串。

    +

    另外有两种特殊的协议,timeout默认会选择初始化后的第一个协议(即ssh),regex支持正则匹配数据包的固有字符串,就连初始化时都是单独初始化的:

    +
    /* Returns the probe for specified protocol:
+ * parameter is the description in builtins[], or "regex" 
+ * */
+T_PROBE* get_probe(const char* description) {
+    int i;
+
+    for (i = 0; i < ARRAY_SIZE(builtins); i++) {
+        if (!strcmp(builtins[i].name, description)) {
+            return builtins[i].probe;
+        }
+    }
+
+    /* Special case of "regex" probe (we don't want to set it in builtins
+     * because builtins is also used to build the command-line options and
+     * regexp is not legal on the command line)*/
+    if (!strcmp(description, "regex"))
+        return regex_probe;
+
+    /* Special case of "timeout" is allowed as a probe name in the
+     * configuration file even though it's not really a probe */
+    if (!strcmp(description, "timeout"))
+        return is_true;
+
+    return NULL;
+}
+
    +

    is_true始终返回true,不进行别的判断了。

    +

    regex_probe内部用pre2实现了一套正则匹配的机制。配置config的方法可以见上文。

    +

    TLS协议中使用的ALPN、SNI简介

    +

    tls为tcp提供了加密服务,是很多服务不可或缺的一环。由于数据包是加密的、很多服务都使用tls(比如https),所以没法通过regex的方法来区分不同的服务。好在sslh为tls提供了两种分辨方法,即sni_hostnames与alpn_protocols。在config里写的一条规则如果两者都用了,则只有同时满足两者的tls数据包才匹配得上对应的规则。

    +

    比如example.cfg给出的例子:

    +
    # match BOTH ALPN/SNI
+     { name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0; tfo_ok: true },
+
+# just match ALPN
+     { name: "tls"; host: "localhost"; port: "443"; alpn_protocols: [ "h2", "http/1.1", "spdy/1", "spdy/2", "spdy/3" ]; log_level: 0;  tfo_ok: true },
+     { name: "tls"; host: "localhost"; port: "xmpp-client"; alpn_protocols: [ "xmpp-client" ];  log_level: 0; tfo_ok: true },
+
+# just match SNI
+     { name: "tls"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0;  tfo_ok: true },
+     { name: "tls"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ];  log_level: 0; tfo_ok: true },
+
+# Let's Encrypt (tls-alpn-* challenges)
+     { name: "tls"; host: "localhost"; port: "letsencrypt-client"; alpn_protocols: [ "acme-tls/1" ]; log_level: 0;},
+
+# catch anything else TLS
+     { name: "tls"; host: "localhost"; port: "443";  tfo_ok: true },
+
    +

    alpn_protocols即使用应用层协议协商编号:TLS Application-Layer Protocol Negotiation (ALPN) Protocol ID。可以在这里看到完整的格式。打个比方,如果说数据包是饺子,tls是饺子皮,ALPN就是表示里面是什么馅的。

    +

    sni_hostnames即使用服务器名称指示:Server Name Indication(SNI),类似于服务器端的域名。打个比方,虽然在学校快递(数据包)都会送到菜鸟驿站(服务器),但这些包裹最终是流向不同的宿舍的(SNI)。SNI帮助在tls握手期间就确定ssl证书,而不是在http建立连接后。FQDN指的是Fully Qualified Domain Name,即完整域名,可以看这里的介绍。

    +

    sni_hostname和alpn_protocols,属于tls扩展内容,并非强制保留其中。发包的时候注意添加,不然sslh可能识别不到。

    + + + + + + +
    +
    + + +
    + +
    + + + +
    +
    +
    +
    + + + + + + + + + \ No newline at end of file diff --git a/try-chatgpt/index.html b/try-chatgpt/index.html index 0e8322a..71e5ded 100644 --- a/try-chatgpt/index.html +++ b/try-chatgpt/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -869,6 +869,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + + diff --git a/word-learning/index.html b/word-learning/index.html index 7c37000..410fd84 100644 --- a/word-learning/index.html +++ b/word-learning/index.html @@ -231,8 +231,8 @@
  • - - linux服务器运维 + + 文章阅读
    • @@ -824,6 +824,20 @@ + + + + + +
  • + + linux服务器运维 + +
    • + + + +