Continued with memory corruption. Only attacks remaining

2025-12-25 19:03:07 +08:00 · 2022-06-05 09:01:09 -04:00
parent d4a881540f
commit 3f02cd4996
21 changed files with 548 additions and 323 deletions
--- a/docs/document.log
+++ b/docs/document.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  4 JUN 2022 08:55
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  5 JUN 2022 08:58
 entering extended mode
 restricted \write18 enabled.
 %&-line parsing enabled.
@@ -1089,7 +1089,7 @@ File: t1txss.fd 2000/12/15 v3.1
 )
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
 (Font)              scaled to size 11.39996pt on input line 186.
-<images//Portada_Logo.png, id=205, 456.2865pt x 45.99pt>
+<images//Portada_Logo.png, id=209, 456.2865pt x 45.99pt>
 File: images//Portada_Logo.png Graphic file (type png)
 <use images//Portada_Logo.png>
 Package pdftex.def Info: images//Portada_Logo.png  used on input line 190.
@@ -1102,7 +1102,7 @@ LaTeX Font Info:    Font shape `T1/txss/m/n' will be
 (Font)              scaled to size 23.63593pt on input line 201.
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
 (Font)              scaled to size 19.70294pt on input line 205.
-<images/creativecommons.png, id=207, 338.76563pt x 118.19156pt>
+<images/creativecommons.png, id=211, 338.76563pt x 118.19156pt>
 File: images/creativecommons.png Graphic file (type png)
 <use images/creativecommons.png>
 Package pdftex.def Info: images/creativecommons.png  used on input line 215.
@@ -1214,7 +1214,7 @@ Chapter 2.
 LaTeX Warning: Reference `section:analysis_offensive_capabilities' on page 5 un
 defined on input line 412.

-<images//classic_bpf.jpg, id=534, 588.1975pt x 432.61626pt>
+<images//classic_bpf.jpg, id=552, 588.1975pt x 432.61626pt>
 File: images//classic_bpf.jpg Graphic file (type jpg)
 <use images//classic_bpf.jpg>
 Package pdftex.def Info: images//classic_bpf.jpg  used on input line 426.
@@ -1222,36 +1222,36 @@ Package pdftex.def Info: images//classic_bpf.jpg  used on input line 426.
 [5

 ] [6 <./images//classic_bpf.jpg>]
-<images//cbpf_prog.jpg, id=552, 403.5075pt x 451.6875pt>
+<images//cbpf_prog.jpg, id=570, 403.5075pt x 451.6875pt>
 File: images//cbpf_prog.jpg Graphic file (type jpg)
 <use images//cbpf_prog.jpg>
 Package pdftex.def Info: images//cbpf_prog.jpg  used on input line 453.
 (pdftex.def)             Requested size: 227.62204pt x 254.80415pt.
 [7 <./images/cBPF_prog.jpg>]
-<images//bpf_instructions.png, id=562, 380.92313pt x 475.27562pt>
+<images//bpf_instructions.png, id=580, 380.92313pt x 475.27562pt>
 File: images//bpf_instructions.png Graphic file (type png)
 <use images//bpf_instructions.png>
 Package pdftex.def Info: images//bpf_instructions.png  used on input line 493.
 (pdftex.def)             Requested size: 227.62204pt x 283.99998pt.
 [8 <./images//bpf_instructions.png>]
-<images//bpf_address_mode.png, id=572, 417.05812pt x 313.67188pt>
+<images//bpf_address_mode.png, id=590, 417.05812pt x 313.67188pt>
 File: images//bpf_address_mode.png Graphic file (type png)
 <use images//bpf_address_mode.png>
 Package pdftex.def Info: images//bpf_address_mode.png  used on input line 509.
 (pdftex.def)             Requested size: 227.62204pt x 171.19905pt.
 [9 <./images//bpf_address_mode.png>]
-<images//tcpdump_example.png, id=585, 534.99875pt x 454.69875pt>
+<images//tcpdump_example.png, id=603, 534.99875pt x 454.69875pt>
 File: images//tcpdump_example.png Graphic file (type png)
 <use images//tcpdump_example.png>
 Package pdftex.def Info: images//tcpdump_example.png  used on input line 524.
 (pdftex.def)             Requested size: 284.52756pt x 241.82869pt.
-<images//cBPF_prog_ex_sol.png, id=588, 242.9075pt x 321.2pt>
+<images//cBPF_prog_ex_sol.png, id=606, 242.9075pt x 321.2pt>
 File: images//cBPF_prog_ex_sol.png Graphic file (type png)
 <use images//cBPF_prog_ex_sol.png>
 Package pdftex.def Info: images//cBPF_prog_ex_sol.png  used on input line 535.
 (pdftex.def)             Requested size: 170.71652pt x 225.74026pt.
 [10 <./images//tcpdump_example.png>] [11 <./images//cBPF_prog_ex_sol.png>]
-<images//ebpf_arch.jpg, id=606, 739.76375pt x 472.76625pt>
+<images//ebpf_arch.jpg, id=624, 739.76375pt x 472.76625pt>
 File: images//ebpf_arch.jpg Graphic file (type jpg)
 <use images//ebpf_arch.jpg>
 Package pdftex.def Info: images//ebpf_arch.jpg  used on input line 574.
@@ -1268,16 +1268,16 @@ Overfull \hbox (17.02478pt too wide) in paragraph at lines 627--628
 []

 [14]
-Overfull \hbox (56.55217pt too wide) in paragraph at lines 677--688
+Overfull \hbox (56.55217pt too wide) in paragraph at lines 678--689
 [][] 
 []


 LaTeX Warning: Reference `table:ebpf_maps' on page 15 undefined on input line 6
-92.
+93.


-Overfull \hbox (11.26865pt too wide) in paragraph at lines 692--693
+Overfull \hbox (11.26865pt too wide) in paragraph at lines 693--694
 \T1/txr/m/n/12 de-vel-op-ment of our rootkit, we will mainly fo-cus on hash map
 s (BPF_MAP_TYPE_HASH),
 []
@@ -1285,67 +1285,67 @@ s (BPF_MAP_TYPE_HASH),
 [15]

 LaTeX Warning: Reference `table:bpf_syscall' on page 16 undefined on input line
- 702.
+ 703.


-Overfull \hbox (42.01218pt too wide) in paragraph at lines 705--721
+Overfull \hbox (42.01218pt too wide) in paragraph at lines 706--722
 [][] 
 []

 [16]

-LaTeX Warning: Reference `section:TODO' on page 17 undefined on input line 748.
+LaTeX Warning: Reference `section:TODO' on page 17 undefined on input line 749.



-Overfull \hbox (13.5802pt too wide) in paragraph at lines 758--788
+Overfull \hbox (13.5802pt too wide) in paragraph at lines 759--789
 [][] 
 []

 [17]
-<images//xdp_diag.jpg, id=686, 649.42625pt x 472.76625pt>
+<images//xdp_diag.jpg, id=704, 649.42625pt x 472.76625pt>
 File: images//xdp_diag.jpg Graphic file (type jpg)
 <use images//xdp_diag.jpg>
-Package pdftex.def Info: images//xdp_diag.jpg  used on input line 804.
+Package pdftex.def Info: images//xdp_diag.jpg  used on input line 805.
 (pdftex.def)             Requested size: 426.79134pt x 310.69934pt.
 [18] [19 <./images//xdp_diag.jpg>]
-Overfull \hbox (5.80417pt too wide) in paragraph at lines 867--879
+Overfull \hbox (5.80417pt too wide) in paragraph at lines 868--880
 [][] 
 []

 [20] [21] [22] [23]
-<images//libbpf_prog.jpg, id=745, 543.02875pt x 502.87875pt>
+<images//libbpf_prog.jpg, id=763, 543.02875pt x 502.87875pt>
 File: images//libbpf_prog.jpg Graphic file (type jpg)
 <use images//libbpf_prog.jpg>
-Package pdftex.def Info: images//libbpf_prog.jpg  used on input line 977.
+Package pdftex.def Info: images//libbpf_prog.jpg  used on input line 978.
 (pdftex.def)             Requested size: 341.43306pt x 316.20142pt.
 [24]

-LaTeX Warning: Reference `TODO' on page 25 undefined on input line 1005.
+LaTeX Warning: Reference `TODO' on page 25 undefined on input line 1006.

 [25 <./images//libbpf_prog.jpg>] [26]
 Chapter 3.

-Overfull \hbox (15.27466pt too wide) in paragraph at lines 1029--1057
+Overfull \hbox (15.27466pt too wide) in paragraph at lines 1027--1055
 [][] 
 []

 [27

 ]
-Overfull \hbox (144.2746pt too wide) in paragraph at lines 1069--1070
+Overfull \hbox (144.2746pt too wide) in paragraph at lines 1067--1068
 []\T1/txr/bx/n/12 Unprivileged users \T1/txr/m/n/12 can only load and at-tach e
 BPF pro-grams of type BPF_PROG_TYPE_SOCKET_FILTER[[][]53[][]],
 []

 [28]
-Overfull \hbox (33.33205pt too wide) in paragraph at lines 1095--1096
+Overfull \hbox (33.33205pt too wide) in paragraph at lines 1093--1094
 []\T1/txr/m/n/12 Therefore, eBPF net-work pro-grams usu-ally re-quire both CAP_
 BPF and CAP_NET_ADMIN,
 []

 [29]
-Overfull \hbox (18.75664pt too wide) in paragraph at lines 1125--1126
+Overfull \hbox (18.75664pt too wide) in paragraph at lines 1123--1124
 \T1/txr/m/n/12 can also ex-plore all the avail-able maps in the sys-tem by us-i
 ng the BPF_MAP_GET_NEXT_ID
 []
@@ -1357,152 +1357,199 @@ File: lstlang1.sty 2020/03/24 1.8d listings language file
 File: lstmisc.sty 2020/03/24 1.8d (Carsten Heinz)
 )
 Package hyperref Info: bookmark level for unknown lstlisting defaults to 0 on i
-nput line 1141.
+nput line 1139.
 [30]
 LaTeX Font Info:    Trying to load font information for T1+txtt on input line 1
-141.
+139.

 (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
 File: t1txtt.fd 2000/12/15 v3.1
 )
 LaTeX Font Info:    Font shape `T1/txtt/b/n' in size <10> not available
-(Font)              Font shape `T1/txtt/bx/n' tried instead on input line 1143.
+(Font)              Font shape `T1/txtt/bx/n' tried instead on input line 1141.

- [31] [32] [33]
-Overfull \hbox (55.2727pt too wide) in paragraph at lines 1303--1304
+ [31] [32]
+Overfull \hbox (55.2727pt too wide) in paragraph at lines 1284--1285
 \T1/txr/m/n/12 As we in-tro-duced in the pre-vi-ous sub-sec-tion, the bpf_probe
 _read_user() and bpf_probe_read_kernel()
 []

+[33]

-LaTeX Warning: Reference `TODO' on page 34 undefined on input line 1307.
+LaTeX Warning: Reference `TODO' on page 34 undefined on input line 1288.


-Overfull \hbox (47.97661pt too wide) in paragraph at lines 1312--1313
+Overfull \hbox (47.97661pt too wide) in paragraph at lines 1293--1294
 \T1/txr/m/n/12 helper. It will only work if the ker-nel was com-piled with the 
 CON-FIG_BPF_KPROBE_OVERRIDE
 []

-[34] [35]
-Overfull \hbox (62.0767pt too wide) in paragraph at lines 1354--1355
+[34]
+Overfull \hbox (62.0767pt too wide) in paragraph at lines 1335--1336
 \T1/txr/m/n/12 the bounds of func-tion pa-ram-e-ters via the helpers bpf_probe_
 read_user() and bpf_probe_read_kernel().
 []

-<images//mem_arch_pages.jpg, id=928, 593.21625pt x 434.62375pt>
+[35]
+<images//mem_arch_pages.jpg, id=945, 593.21625pt x 434.62375pt>
 File: images//mem_arch_pages.jpg Graphic file (type jpg)
 <use images//mem_arch_pages.jpg>
-Package pdftex.def Info: images//mem_arch_pages.jpg  used on input line 1367.
+Package pdftex.def Info: images//mem_arch_pages.jpg  used on input line 1348.
 (pdftex.def)             Requested size: 369.88582pt x 271.00914pt.
-[36]
-<images//mem_major_page_fault.jpg, id=936, 639.38875pt x 425.59pt>
+ [36]
+<images//mem_major_page_fault.jpg, id=953, 639.38875pt x 425.59pt>
 File: images//mem_major_page_fault.jpg Graphic file (type jpg)
 <use images//mem_major_page_fault.jpg>
 Package pdftex.def Info: images//mem_major_page_fault.jpg  used on input line 1
-377.
+358.
 (pdftex.def)             Requested size: 312.9803pt x 208.32661pt.
 [37 <./images//mem_arch_pages.jpg>]
-<images//mem_minor_page_fault.jpg, id=943, 654.445pt x 555.07375pt>
+<images//mem_minor_page_fault.jpg, id=960, 654.445pt x 555.07375pt>
 File: images//mem_minor_page_fault.jpg Graphic file (type jpg)
 <use images//mem_minor_page_fault.jpg>
 Package pdftex.def Info: images//mem_minor_page_fault.jpg  used on input line 1
-385.
+366.
 (pdftex.def)             Requested size: 312.9803pt x 265.45834pt.
+<images//memory.jpg, id=961, 310.15875pt x 519.9425pt>
+File: images//memory.jpg Graphic file (type jpg)
+<use images//memory.jpg>
+Package pdftex.def Info: images//memory.jpg  used on input line 1376.
+(pdftex.def)             Requested size: 170.71652pt x 286.18347pt.
 [38 <./images//mem_major_page_fault.jpg> <./images//mem_minor_page_fault.jpg>]
- [39]
+ [39 <./images//memory.jpg>]
+<images//stack_pres.jpg, id=975, 707.64375pt x 283.0575pt>
+File: images//stack_pres.jpg Graphic file (type jpg)
+<use images//stack_pres.jpg>
+Package pdftex.def Info: images//stack_pres.jpg  used on input line 1399.
+(pdftex.def)             Requested size: 398.33858pt x 159.33606pt.
+
+[40 <./images//stack_pres.jpg>]
+<images//stack_ops.jpg, id=984, 524.96124pt x 694.595pt>
+File: images//stack_ops.jpg Graphic file (type jpg)
+<use images//stack_ops.jpg>
+Package pdftex.def Info: images//stack_ops.jpg  used on input line 1433.
+(pdftex.def)             Requested size: 284.52756pt x 376.47473pt.
+<images//stack_before.jpg, id=985, 712.6625pt x 315.1775pt>
+File: images//stack_before.jpg Graphic file (type jpg)
+<use images//stack_before.jpg>
+Package pdftex.def Info: images//stack_before.jpg  used on input line 1444.
+(pdftex.def)             Requested size: 398.33858pt x 176.16635pt.
+ [41 <./images//stack_ops.jpg>]
+<images//stack.jpg, id=990, 707.64375pt x 381.425pt>
+File: images//stack.jpg Graphic file (type jpg)
+<use images//stack.jpg>
+Package pdftex.def Info: images//stack.jpg  used on input line 1451.
+(pdftex.def)             Requested size: 398.33858pt x 214.70816pt.
+
+
+LaTeX Warning: Citation '8664_params_abi_p18' on page 42 undefined on input lin
+e 1461.
+
+[42 <./images//stack_before.jpg> <./images//stack.jpg>]
+
+LaTeX Warning: Citation 'write_helper_non_fault' on page 43 undefined on input 
+line 1479.
+
+[43] [44]
 Chapter 4.
-[40
+[45

 ]
 Chapter 5.
-[41
+[46

 ]
 Chapter 6.
-[42
+[47

 ]
-Overfull \hbox (5.34976pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (5.34976pt too wide) in paragraph at lines 1508--1508
 \T1/txtt/m/n/12 threat -[] intelligence / cyber -[] year -[] in -[] retrospect 
 / yir -[] cyber -[] threats -[]
 []

-[43
+[48


 ]
-Overfull \hbox (6.22696pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (6.22696pt too wide) in paragraph at lines 1508--1508
 []\T1/txr/m/it/12 Bpf fea-tures by linux ker-nel ver-sion\T1/txr/m/n/12 , io-vi
 -sor. [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https : / / github .
 []


-Overfull \hbox (7.34976pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (7.34976pt too wide) in paragraph at lines 1508--1508
 [][]$\T1/txtt/m/n/12 https : / / ebpf . io / what -[] is -[] ebpf / #loader -[]
 -[] verification -[] architecture$[][]\T1/txr/m/n/12 . 
 []


-Overfull \hbox (21.24973pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (21.24973pt too wide) in paragraph at lines 1508--1508
 \T1/txtt/m/n/12 vger . kernel . org / netconf2015Starovoitov -[] bpf _ collabsu
 mmit _ 2015feb20 .
 []

-[44]
-Overfull \hbox (9.14975pt too wide) in paragraph at lines 1424--1424
+[49]
+Overfull \hbox (9.14975pt too wide) in paragraph at lines 1508--1508
 \T1/txtt/m/n/12 ch02 . xhtml# :-[]: text = With % 20JIT % 20compiled % 20code %
 2C % 20i ,[] %20other %
 []


-Overfull \hbox (6.49615pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (6.49615pt too wide) in paragraph at lines 1508--1508
 []\T1/txr/m/n/12 D. Lavie. ^^P  A gen-tle in-tro-duc-tion to xdp.^^Q (Feb. 3, 2
 022), [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https :
 []

-[45]
-Overfull \hbox (0.76683pt too wide) in paragraph at lines 1424--1424
+[50]
+Overfull \hbox (0.76683pt too wide) in paragraph at lines 1508--1508
 []\T1/txr/m/n/12 ^^P  Bpf next ker-nel tree.^^Q (), [On-line]. Avail-able: [][]
 $\T1/txtt/m/n/12 https : / / kernel . googlesource .
 []


-Overfull \hbox (14.49278pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (14.49278pt too wide) in paragraph at lines 1508--1508
 []\T1/txr/m/it/12 Capabilities - overview of linux ca-pa-bil-i-ties\T1/txr/m/n/
 12 . [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 http : / / manpages .
 []

-[46]
-Overfull \hbox (53.32059pt too wide) in paragraph at lines 1424--1424
+[51]
+Overfull \hbox (53.32059pt too wide) in paragraph at lines 1508--1508
 \T1/txr/m/it/12 sup-ple-ment\T1/txr/m/n/12 , Jan. 28, 2018, p. 148. [On-line]. 
 Avail-able: [][]$\T1/txtt/m/n/12 https : / / raw . githubusercontent .
 []


-Overfull \hbox (33.3497pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (33.3497pt too wide) in paragraph at lines 1508--1508
 \T1/txtt/m/n/12 20CON % 2029 % 20presentations / Guillaume % 20Fournier % 20Syl
 vain % 20Afchain %
 []


-Overfull \hbox (9.33742pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (9.33742pt too wide) in paragraph at lines 1508--1508
 \T1/txr/m/n/12 Avail-able: [][]$\T1/txtt/m/n/12 https : / / events19 . linuxfou
 ndation . org / wp -[] content / uploads /
 []


-Overfull \hbox (18.44974pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (18.44974pt too wide) in paragraph at lines 1508--1508
 \T1/txtt/m/n/12 2017 / 12 / MM -[] 101 -[] Introduction -[] to -[] Linux -[] Me
 mory -[] Management -[] Christoph -[]
 []


-Overfull \hbox (5.92503pt too wide) in paragraph at lines 1424--1424
+Overfull \hbox (5.92503pt too wide) in paragraph at lines 1508--1508
 []\T1/txr/m/n/12 D. Breaker. ^^P  Un-der-stand-ing page faults and mem-ory swap
 -in/outs.^^Q (Aug. 19, 2019),
 []

-[47] (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
+
+Overfull \hbox (40.56133pt too wide) in paragraph at lines 1508--1508
+\T1/txr/m/n/12 able: [][]$\T1/txtt/m/n/12 https : / / h3xduck . github . io / e
+xploit / 2021 / 05 / 23 / stackbufferoverflow -[]
+ []
+
+[52] (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
 File: lstlang1.sty 2020/03/24 1.8d listings language file
 )
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
@@ -1513,7 +1560,7 @@ File: lstlang1.sty 2020/03/24 1.8d listings language file
 been already used, duplicate ignored
 <to be read again> 
                   \relax 
-l.1484 \end{document}
+l.1568 \end{document}
                      [2

 ] (./document.aux)
@@ -1521,16 +1568,21 @@ l.1484 \end{document}
 LaTeX Warning: There were undefined references.

 Package rerunfilecheck Info: File `document.out' has not changed.
-(rerunfilecheck)             Checksum: 0B819AE1968F9045C84BF50A3A681D42;3703.
+(rerunfilecheck)             Checksum: FC2292DDA34492747A3EE632FD835264;3816.
+
+Package biblatex Warning: Please (re)run Biber on the file:
+(biblatex)                document
+(biblatex)                and rerun LaTeX afterwards.
+
 Package logreq Info: Writing requests to 'document.run.xml'.
 \openout1 = `document.run.xml'.

 ) 
 Here is how much of TeX's memory you used:
- 28299 strings out of 481209
- 450407 string characters out of 5914747
- 1343041 words of memory out of 5000000
- 44512 multiletter control sequences out of 15000+600000
+ 28364 strings out of 481209
+ 451535 string characters out of 5914747
+ 1344799 words of memory out of 5000000
+ 44554 multiletter control sequences out of 15000+600000
 459242 words of font info for 106 fonts, out of 8000000 for 9000
 36 hyphenation exceptions out of 8191
 88i,12n,90p,1029b,3681s stack positions out of 5000i,500n,10000p,200000b,80000s
@@ -1546,9 +1598,9 @@ e/texmf-dist/fonts/type1/urw/helvetic/uhvb8a.pfb></usr/share/texlive/texmf-dist
 /urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/u
 tmb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmr8a.pfb></usr
 /share/texlive/texmf-dist/fonts/type1/urw/times/utmri8a.pfb>
-Output written on document.pdf (65 pages, 944826 bytes).
+Output written on document.pdf (70 pages, 1111385 bytes).
 PDF statistics:
- 1258 PDF objects out of 1440 (max. 8388607)
- 286 named destinations out of 1000 (max. 500000)
- 483 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 1322 PDF objects out of 1440 (max. 8388607)
+ 304 named destinations out of 1000 (max. 500000)
+ 516 words of extra memory for PDF output out of 10000 (max. 10000000)