admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-24 10:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated some style aspects, updated positions of tables and figures, other changes.

Browse Source
This commit is contained in:
h3xduck
2022-06-11 16:32:00 -04:00
parent e5bb65925d
commit e697dc867d
16 changed files with 1135 additions and 1099 deletions
Download Patch File Download Diff File Expand all files Collapse all files

403
docs/document.log
View File

@@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 11 JUN 2022 12:59
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 11 JUN 2022 16:30
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
@@ -1089,7 +1089,7 @@ File: t1txss.fd 2000/12/15 v3.1
)
LaTeX Font Info: Font shape `T1/txss/m/n' will be
(Font) scaled to size 11.39996pt on input line 186.
<images//Portada_Logo.png, id=285, 456.2865pt x 45.99pt>
<images//Portada_Logo.png, id=293, 456.2865pt x 45.99pt>
File: images//Portada_Logo.png Graphic file (type png)
<use images//Portada_Logo.png>
Package pdftex.def Info: images//Portada_Logo.png used on input line 190.
@@ -1102,7 +1102,7 @@ LaTeX Font Info: Font shape `T1/txss/m/n' will be
(Font) scaled to size 23.63593pt on input line 201.
LaTeX Font Info: Font shape `T1/txss/m/n' will be
(Font) scaled to size 19.70294pt on input line 205.
<images/creativecommons.png, id=287, 338.76563pt x 118.19156pt>
<images/creativecommons.png, id=295, 338.76563pt x 118.19156pt>
File: images/creativecommons.png Graphic file (type png)
<use images/creativecommons.png>
Package pdftex.def Info: images/creativecommons.png used on input line 215.
@@ -1187,13 +1187,13 @@ File: utxsyc.fd 2000/12/15 v3.1
\openout7 = `document.lof'.
[12] [13]
(./document.lot [14
])
(./document.lot)
\tf@lot=\write8
\openout8 = `document.lot'.
[15] [16] (./chapters/chapter1.tex
[14
] [15] [16] (./chapters/chapter1.tex
Chapter 1.
LaTeX Font Info: Trying to load font information for TS1+txr on input line 1
8.
@@ -1210,7 +1210,7 @@ Overfull \hbox (0.50073pt too wide) in paragraph at lines 43--44
[3]) (./chapters/chapter2.tex [4]
Chapter 2.
<images//classic_bpf.jpg, id=722, 588.1975pt x 432.61626pt>
<images//classic_bpf.jpg, id=728, 588.1975pt x 432.61626pt>
File: images//classic_bpf.jpg Graphic file (type jpg)
<use images//classic_bpf.jpg>
Package pdftex.def Info: images//classic_bpf.jpg used on input line 20.
@@ -1218,193 +1218,175 @@ Package pdftex.def Info: images//classic_bpf.jpg used on input line 20.
[5
] [6 <./images//classic_bpf.jpg>]
<images//cbpf_prog.jpg, id=740, 403.5075pt x 451.6875pt>
<images//cbpf_prog.jpg, id=749, 403.5075pt x 451.6875pt>
File: images//cbpf_prog.jpg Graphic file (type jpg)
<use images//cbpf_prog.jpg>
Package pdftex.def Info: images//cbpf_prog.jpg used on input line 47.
Package pdftex.def Info: images//cbpf_prog.jpg used on input line 55.
(pdftex.def) Requested size: 227.62204pt x 254.80415pt.
[7 <./images/cBPF_prog.jpg>]
<images//bpf_instructions.png, id=751, 380.92313pt x 475.27562pt>
<images//bpf_instructions.png, id=761, 380.92313pt x 475.27562pt>
File: images//bpf_instructions.png Graphic file (type png)
<use images//bpf_instructions.png>
Package pdftex.def Info: images//bpf_instructions.png used on input line 87.
Package pdftex.def Info: images//bpf_instructions.png used on input line 96.
(pdftex.def) Requested size: 227.62204pt x 283.99998pt.
[8 <./images//bpf_instructions.png>]
<images//bpf_address_mode.png, id=761, 417.05812pt x 313.67188pt>
<images//bpf_address_mode.png, id=765, 417.05812pt x 313.67188pt>
File: images//bpf_address_mode.png Graphic file (type png)
<use images//bpf_address_mode.png>
Package pdftex.def Info: images//bpf_address_mode.png used on input line 103.
Package pdftex.def Info: images//bpf_address_mode.png used on input line 105.
(pdftex.def) Requested size: 227.62204pt x 171.19905pt.
[9 <./images//bpf_address_mode.png>]
<images//tcpdump_example.png, id=773, 534.99875pt x 454.69875pt>
[8] [9 <./images//bpf_instructions.png> <./images//bpf_address_mode.png>]
<images//tcpdump_example.png, id=780, 534.99875pt x 454.69875pt>
File: images//tcpdump_example.png Graphic file (type png)
<use images//tcpdump_example.png>
Package pdftex.def Info: images//tcpdump_example.png used on input line 118.
Package pdftex.def Info: images//tcpdump_example.png used on input line 117.
(pdftex.def) Requested size: 284.52756pt x 241.82869pt.
<images//cBPF_prog_ex_sol.png, id=776, 242.9075pt x 321.2pt>
<images//cBPF_prog_ex_sol.png, id=783, 242.9075pt x 321.2pt>
File: images//cBPF_prog_ex_sol.png Graphic file (type png)
<use images//cBPF_prog_ex_sol.png>
Package pdftex.def Info: images//cBPF_prog_ex_sol.png used on input line 129.
Package pdftex.def Info: images//cBPF_prog_ex_sol.png used on input line 128.
(pdftex.def) Requested size: 170.71652pt x 225.74026pt.
[10 <./images//tcpdump_example.png>] [11 <./images//cBPF_prog_ex_sol.png>]
<images//ebpf_arch.jpg, id=794, 739.76375pt x 472.76625pt>
[10 <./images//tcpdump_example.png>]
<images//ebpf_arch.jpg, id=796, 739.76375pt x 472.76625pt>
File: images//ebpf_arch.jpg Graphic file (type jpg)
<use images//ebpf_arch.jpg>
Package pdftex.def Info: images//ebpf_arch.jpg used on input line 168.
Package pdftex.def Info: images//ebpf_arch.jpg used on input line 167.
(pdftex.def) Requested size: 426.79134pt x 272.75464pt.
[12 <./images//ebpf_arch.jpg>]
Overfull \hbox (3.10062pt too wide) in paragraph at lines 195--212
[11 <./images//cBPF_prog_ex_sol.png>]
Overfull \hbox (3.10062pt too wide) in paragraph at lines 193--210
[][]
[]
[13]
Overfull \hbox (17.02478pt too wide) in paragraph at lines 221--222
[]\T1/txr/m/n/12 Therefore, when us-ing JIT com-pil-ing (a set-ting de-fined by
the vari-able \T1/txr/m/it/12 bpf_jit_enable\T1/txr/m/n/12 [[][]30[][]],
[]
[14]
Overfull \hbox (56.55217pt too wide) in paragraph at lines 272--283
[][]
[]
LaTeX Warning: Reference `table:ebpf_maps' on page 15 undefined on input line 2
87.
Overfull \hbox (11.26865pt too wide) in paragraph at lines 287--288
[12 <./images//ebpf_arch.jpg>] [13]
Overfull \hbox (11.26865pt too wide) in paragraph at lines 269--270
\T1/txr/m/n/12 de-vel-op-ment of our rootkit, we will mainly fo-cus on hash map
s (BPF_MAP_TYPE_HASH),
[]
[15]
LaTeX Warning: Reference `table:bpf_syscall' on page 16 undefined on input line
297.
Overfull \hbox (42.01218pt too wide) in paragraph at lines 300--316
Overfull \hbox (56.55217pt too wide) in paragraph at lines 272--283
[][]
[]
[16]
LaTeX Warning: Reference `section:TODO' on page 17 undefined on input line 343.
[14]
Overfull \hbox (42.01218pt too wide) in paragraph at lines 298--314
[][]
[]
LaTeX Warning: Reference `section:TODO' on page 15 undefined on input line 341.
Overfull \hbox (13.5802pt too wide) in paragraph at lines 353--383
[15] [16]
Overfull \hbox (13.5802pt too wide) in paragraph at lines 351--381
[][]
[]
[17]
<images//xdp_diag.jpg, id=874, 649.42625pt x 472.76625pt>
<images//xdp_diag.jpg, id=887, 649.42625pt x 472.76625pt>
File: images//xdp_diag.jpg Graphic file (type jpg)
<use images//xdp_diag.jpg>
Package pdftex.def Info: images//xdp_diag.jpg used on input line 399.
Package pdftex.def Info: images//xdp_diag.jpg used on input line 404.
(pdftex.def) Requested size: 426.79134pt x 310.69934pt.
[18] [19 <./images//xdp_diag.jpg>]
Overfull \hbox (5.80417pt too wide) in paragraph at lines 462--474
Overfull \hbox (5.80417pt too wide) in paragraph at lines 460--472
[][]
[]
[20] [21] [22] [23]
<images//libbpf_prog.jpg, id=933, 543.02875pt x 502.87875pt>
<images//libbpf_prog.jpg, id=943, 543.02875pt x 502.87875pt>
File: images//libbpf_prog.jpg Graphic file (type jpg)
<use images//libbpf_prog.jpg>
Package pdftex.def Info: images//libbpf_prog.jpg used on input line 572.
Package pdftex.def Info: images//libbpf_prog.jpg used on input line 570.
(pdftex.def) Requested size: 341.43306pt x 316.20142pt.
[24]
LaTeX Warning: Reference `TODO' on page 25 undefined on input line 600.
[25 <./images//libbpf_prog.jpg>]
Overfull \hbox (15.27466pt too wide) in paragraph at lines 608--636
LaTeX Warning: Reference `TODO' on page 24 undefined on input line 598.
[24] [25 <./images//libbpf_prog.jpg>]
Overfull \hbox (15.27466pt too wide) in paragraph at lines 606--634
[][]
[]
Overfull \hbox (144.2746pt too wide) in paragraph at lines 648--649
Overfull \hbox (121.2826pt too wide) in paragraph at lines 646--647
[]\T1/txr/bx/n/12 Unprivileged users \T1/txr/m/n/12 can only load and at-tach e
BPF pro-grams of type BPF_PROG_TYPE_SOCKET_FILTER[[][]68[][]],
BPF pro-grams of type BPF_PROG_TYPE_SOCKET_FILTER
[]
[26]
Overfull \hbox (33.33205pt too wide) in paragraph at lines 674--675
Overfull \hbox (33.33205pt too wide) in paragraph at lines 672--673
[]\T1/txr/m/n/12 Therefore, eBPF net-work pro-grams usu-ally re-quire both CAP_
BPF and CAP_NET_ADMIN,
[]
[27]
<images//mem_arch_pages.jpg, id=979, 593.21625pt x 434.62375pt>
[26] [27]
<images//mem_arch_pages.jpg, id=992, 593.21625pt x 434.62375pt>
File: images//mem_arch_pages.jpg Graphic file (type jpg)
<use images//mem_arch_pages.jpg>
Package pdftex.def Info: images//mem_arch_pages.jpg used on input line 711.
Package pdftex.def Info: images//mem_arch_pages.jpg used on input line 709.
(pdftex.def) Requested size: 369.88582pt x 271.00914pt.
[28 <./images//mem_arch_pages.jpg>]
<images//mem_major_page_fault.jpg, id=990, 639.38875pt x 425.59pt>
<images//mem_major_page_fault.jpg, id=1000, 639.38875pt x 425.59pt>
File: images//mem_major_page_fault.jpg Graphic file (type jpg)
<use images//mem_major_page_fault.jpg>
Package pdftex.def Info: images//mem_major_page_fault.jpg used on input line 7
21.
19.
(pdftex.def) Requested size: 312.9803pt x 208.32661pt.
<images//mem_minor_page_fault.jpg, id=992, 654.445pt x 555.07375pt>
<images//mem_minor_page_fault.jpg, id=1002, 654.445pt x 555.07375pt>
File: images//mem_minor_page_fault.jpg Graphic file (type jpg)
<use images//mem_minor_page_fault.jpg>
Package pdftex.def Info: images//mem_minor_page_fault.jpg used on input line 7
29.
27.
(pdftex.def) Requested size: 312.9803pt x 265.45834pt.
[29 <./images//mem_major_page_fault.jpg>]
<images//memory.jpg, id=998, 310.15875pt x 569.12625pt>
<images//memory.jpg, id=1004, 310.15875pt x 569.12625pt>
File: images//memory.jpg Graphic file (type jpg)
<use images//memory.jpg>
Package pdftex.def Info: images//memory.jpg used on input line 739.
Package pdftex.def Info: images//memory.jpg used on input line 738.
(pdftex.def) Requested size: 170.71652pt x 313.25488pt.
[30 <./images//mem_minor_page_fault.jpg>]
Overfull \hbox (0.23746pt too wide) in paragraph at lines 744--745
Overfull \hbox (0.23746pt too wide) in paragraph at lines 735--742
[]\T1/txr/m/n/12 Figure [][]2.13[][] de-scribes how vir-tual mem-ory is dis-tri
buted within a pro-cess in the x86_64
[]
[31 <./images//memory.jpg>]
<images//stack_pres.jpg, id=1012, 707.64375pt x 283.0575pt>
[29 <./images//mem_major_page_fault.jpg>] [30 <./images//mem_minor_page_fault.j
pg> <./images//memory.jpg>]
<images//stack_pres.jpg, id=1017, 707.64375pt x 283.0575pt>
File: images//stack_pres.jpg Graphic file (type jpg)
<use images//stack_pres.jpg>
Package pdftex.def Info: images//stack_pres.jpg used on input line 763.
Package pdftex.def Info: images//stack_pres.jpg used on input line 760.
(pdftex.def) Requested size: 398.33858pt x 159.33606pt.
[32 <./images//stack_pres.jpg>]
<images//stack_ops.jpg, id=1021, 524.96124pt x 694.595pt>
[31 <./images//stack_pres.jpg>]
<images//stack_ops.jpg, id=1028, 524.96124pt x 694.595pt>
File: images//stack_ops.jpg Graphic file (type jpg)
<use images//stack_ops.jpg>
Package pdftex.def Info: images//stack_ops.jpg used on input line 797.
Package pdftex.def Info: images//stack_ops.jpg used on input line 794.
(pdftex.def) Requested size: 284.52756pt x 376.47473pt.
LaTeX Font Info: Trying to load font information for T1+txtt on input line 8
04.
00.
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
File: t1txtt.fd 2000/12/15 v3.1
)
<images//stack_before.jpg, id=1022, 712.6625pt x 315.1775pt>
<images//stack_before.jpg, id=1031, 712.6625pt x 315.1775pt>
File: images//stack_before.jpg Graphic file (type jpg)
<use images//stack_before.jpg>
Package pdftex.def Info: images//stack_before.jpg used on input line 808.
Package pdftex.def Info: images//stack_before.jpg used on input line 804.
(pdftex.def) Requested size: 398.33858pt x 176.16635pt.
[33 <./images//stack_ops.jpg>]
<images//stack.jpg, id=1027, 707.64375pt x 381.425pt>
<images//stack.jpg, id=1032, 707.64375pt x 381.425pt>
File: images//stack.jpg Graphic file (type jpg)
<use images//stack.jpg>
Package pdftex.def Info: images//stack.jpg used on input line 815.
Package pdftex.def Info: images//stack.jpg used on input line 811.
(pdftex.def) Requested size: 398.33858pt x 214.70816pt.
[34 <./images//stack_before.jpg> <./images//stack.jpg>]
<images//stack_ret_hij_simple.jpg, id=1043, 774.895pt x 674.52pt>
[32] [33 <./images//stack_ops.jpg> <./images//stack_before.jpg>] [34 <./images
//stack.jpg>]
<images//stack_ret_hij_simple.jpg, id=1068, 774.895pt x 674.52pt>
File: images//stack_ret_hij_simple.jpg Graphic file (type jpg)
<use images//stack_ret_hij_simple.jpg>
Package pdftex.def Info: images//stack_ret_hij_simple.jpg used on input line 8
55.
51.
(pdftex.def) Requested size: 426.79134pt x 371.51205pt.
[35]
[36 <./images//stack_ret_hij_simple.jpg>]
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2020/03/24 1.8d listings language file
)
@@ -1412,243 +1394,250 @@ File: lstlang1.sty 2020/03/24 1.8d listings language file
File: lstmisc.sty 2020/03/24 1.8d (Carsten Heinz)
)
Package hyperref Info: bookmark level for unknown lstlisting defaults to 0 on i
nput line 867.
nput line 863.
LaTeX Font Info: Font shape `T1/txtt/b/n' in size <10> not available
(Font) Font shape `T1/txtt/bx/n' tried instead on input line 868.
<images//buffer_overflow.jpg, id=1064, 707.64375pt x 343.2825pt>
(Font) Font shape `T1/txtt/bx/n' tried instead on input line 864.
[35] [36 <./images//stack_ret_hij_simple.jpg>]
<images//buffer_overflow.jpg, id=1089, 707.64375pt x 343.2825pt>
File: images//buffer_overflow.jpg Graphic file (type jpg)
<use images//buffer_overflow.jpg>
Package pdftex.def Info: images//buffer_overflow.jpg used on input line 883.
Package pdftex.def Info: images//buffer_overflow.jpg used on input line 879.
(pdftex.def) Requested size: 426.79134pt x 207.03964pt.
<images//buffer_overflow_shellcode.jpg, id=1066, 707.64375pt x 379.4175pt>
<images//buffer_overflow_shellcode.jpg, id=1091, 707.64375pt x 379.4175pt>
File: images//buffer_overflow_shellcode.jpg Graphic file (type jpg)
<use images//buffer_overflow_shellcode.jpg>
Package pdftex.def Info: images//buffer_overflow_shellcode.jpg used on input l
ine 894.
ine 890.
(pdftex.def) Requested size: 426.79134pt x 228.8333pt.
[37 <./images//buffer_overflow.jpg>]
LaTeX Warning: Reference `TODO probably an Annex' on page 38 undefined on input
line 899.
LaTeX Warning: Reference `TODO' on page 38 undefined on input line 911.
LaTeX Warning: Reference `TODO probably an Annex' on page 37 undefined on input
line 895.
[37 <./images//buffer_overflow.jpg>]
LaTeX Warning: Reference `TODO' on page 38 undefined on input line 907.
[38 <./images//buffer_overflow_shellcode.jpg>]
<images//ROPcompound.jpg, id=1091, 1296.845pt x 790.955pt>
<images//ROPcompound.jpg, id=1107, 1296.845pt x 790.955pt>
File: images//ROPcompound.jpg Graphic file (type jpg)
<use images//ROPcompound.jpg>
Package pdftex.def Info: images//ROPcompound.jpg used on input line 933.
Package pdftex.def Info: images//ROPcompound.jpg used on input line 929.
(pdftex.def) Requested size: 455.24408pt x 277.65909pt.
Overfull \hbox (28.45273pt too wide) in paragraph at lines 933--934
Overfull \hbox (28.45273pt too wide) in paragraph at lines 929--930
[][]
[]
[39]
LaTeX Warning: Reference `TODO' on page 40 undefined on input line 945.
LaTeX Warning: Reference `TODO' on page 40 undefined on input line 941.
[40 <./images//ROPcompound.jpg>]
<images//frame.jpg, id=1111, 695.59875pt x 705.63625pt>
<images//frame.jpg, id=1127, 695.59875pt x 705.63625pt>
File: images//frame.jpg Graphic file (type jpg)
<use images//frame.jpg>
Package pdftex.def Info: images//frame.jpg used on input line 958.
Package pdftex.def Info: images//frame.jpg used on input line 954.
(pdftex.def) Requested size: 398.33858pt x 404.07954pt.
[41] [42 <./images//frame.jpg>]
<images//tcp_conn.jpg, id=1130, 452.69125pt x 405.515pt>
[41 <./images//frame.jpg>]
<images//tcp_conn.jpg, id=1142, 452.69125pt x 405.515pt>
File: images//tcp_conn.jpg Graphic file (type jpg)
<use images//tcp_conn.jpg>
Package pdftex.def Info: images//tcp_conn.jpg used on input line 1006.
Package pdftex.def Info: images//tcp_conn.jpg used on input line 1002.
(pdftex.def) Requested size: 341.43306pt x 305.84947pt.
[43]
Overfull \hbox (0.11748pt too wide) in paragraph at lines 1011--1012
Overfull \hbox (0.11748pt too wide) in paragraph at lines 1007--1008
[]\T1/txr/m/n/12 As we can ob-serve in the fig-ure, the hosts in-ter-change a s
e-quence of SYN, SYN+ACK,
[]
<images//tcp_retransmission.jpg, id=1139, 523.9575pt x 485.815pt>
[42] [43 <./images//tcp_conn.jpg>]
<images//tcp_retransmission.jpg, id=1156, 523.9575pt x 485.815pt>
File: images//tcp_retransmission.jpg Graphic file (type jpg)
<use images//tcp_retransmission.jpg>
Package pdftex.def Info: images//tcp_retransmission.jpg used on input line 102
2.
Package pdftex.def Info: images//tcp_retransmission.jpg used on input line 101
8.
(pdftex.def) Requested size: 341.43306pt x 316.58401pt.
[44 <./images//tcp_conn.jpg>] [45 <./images//tcp_retransmission.jpg>]
Overfull \hbox (1.1025pt too wide) in paragraph at lines 1061--1062
[44 <./images//tcp_retransmission.jpg>]
Overfull \hbox (1.1025pt too wide) in paragraph at lines 1057--1058
[]|\T1/txr/m/n/12 Permissions|
[]
Overfull \hbox (5.55525pt too wide) in paragraph at lines 1070--1070
Overfull \hbox (5.55525pt too wide) in paragraph at lines 1066--1066
[]|\T1/txr/m/n/12 .got.plt|
[]
Overfull \hbox (5.55525pt too wide) in paragraph at lines 1072--1072
Overfull \hbox (5.55525pt too wide) in paragraph at lines 1068--1068
[]|\T1/txr/m/n/12 .plt.got|
[]
[46]
LaTeX Warning: Reference `TODO' on page 47 undefined on input line 1085.
LaTeX Warning: Reference `TODO' on page 45 undefined on input line 1081.
Overfull \hbox (26.32735pt too wide) in paragraph at lines 1091--1092
Overfull \hbox (26.32735pt too wide) in paragraph at lines 1087--1088
\T1/txr/m/n/12 stub (in the .plt sec-tion) is called. Snip-pet [][]2.3[][] show
s a call to the func-tion timerfd_settime,
[]
[47]
<images//sch_gdb_plt.png, id=1175, 1040.88875pt x 146.5475pt>
[45] [46]
<images//sch_gdb_plt.png, id=1186, 1040.88875pt x 146.5475pt>
File: images//sch_gdb_plt.png Graphic file (type png)
<use images//sch_gdb_plt.png>
Package pdftex.def Info: images//sch_gdb_plt.png used on input line 1104.
Package pdftex.def Info: images//sch_gdb_plt.png used on input line 1100.
(pdftex.def) Requested size: 441.01772pt x 62.09065pt.
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1104--1105
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1100--1101
[][]
[]
<images//sch_gdb_got_prev.png, id=1176, 529.98pt x 39.14626pt>
<images//sch_gdb_got_prev.png, id=1187, 529.98pt x 39.14626pt>
File: images//sch_gdb_got_prev.png Graphic file (type png)
<use images//sch_gdb_got_prev.png>
Package pdftex.def Info: images//sch_gdb_got_prev.png used on input line 1111.
Package pdftex.def Info: images//sch_gdb_got_prev.png used on input line 1107.
(pdftex.def) Requested size: 441.01772pt x 32.57559pt.
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1111--1112
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1107--1108
[][]
[]
<images//sch_gdb_got_after.png, id=1180, 532.99126pt x 41.15375pt>
<images//sch_gdb_got_after.png, id=1191, 532.99126pt x 41.15375pt>
File: images//sch_gdb_got_after.png Graphic file (type png)
<use images//sch_gdb_got_after.png>
Package pdftex.def Info: images//sch_gdb_got_after.png used on input line 1120
Package pdftex.def Info: images//sch_gdb_got_after.png used on input line 1116
.
(pdftex.def) Requested size: 441.01772pt x 34.05334pt.
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1120--1121
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1116--1117
[][]
[]
<images//sch_glibc_func.png, id=1181, 585.18625pt x 89.33376pt>
<images//sch_glibc_func.png, id=1192, 585.18625pt x 89.33376pt>
File: images//sch_glibc_func.png Graphic file (type png)
<use images//sch_glibc_func.png>
Package pdftex.def Info: images//sch_glibc_func.png used on input line 1127.
Package pdftex.def Info: images//sch_glibc_func.png used on input line 1123.
(pdftex.def) Requested size: 441.01772pt x 67.32729pt.
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1127--1128
Overfull \hbox (14.22636pt too wide) in paragraph at lines 1123--1124
[][]
[]
[48 <./images//sch_gdb_plt.png> <./images//sch_gdb_got_prev.png> <./images//sch
_gdb_got_after.png> <./images//sch_glibc_func.png>] [49] [50])
(./chapters/chapter3.tex [51]
[47 <./images//sch_gdb_plt.png> <./images//sch_gdb_got_prev.png> <./images//sch
_gdb_got_after.png>] [48 <./images//sch_glibc_func.png>])
(./chapters/chapter3.tex [49]
Chapter 3.
Overfull \hbox (18.75664pt too wide) in paragraph at lines 21--22
LaTeX Warning: Reference `subsection:access_control' on page 50 undefined on in
put line 13.
Overfull \hbox (18.75664pt too wide) in paragraph at lines 17--18
\T1/txr/m/n/12 can also ex-plore all the avail-able maps in the sys-tem by us-i
ng the BPF_MAP_GET_NEXT_ID
[]
[52
[50
] [53] [54] [55]
Overfull \hbox (55.2727pt too wide) in paragraph at lines 181--182
] [51] [52] [53]
Overfull \hbox (55.2727pt too wide) in paragraph at lines 176--177
\T1/txr/m/n/12 As we in-tro-duced in the pre-vi-ous sub-sec-tion, the bpf_probe
_read_user() and bpf_probe_read_kernel()
[]
LaTeX Warning: Reference `subsection_bpf_probe_write_apps' on page 56 undefined
on input line 185.
LaTeX Warning: Reference `subsection_bpf_probe_write_apps' on page 54 undefined
on input line 180.
[56]
Overfull \hbox (47.97661pt too wide) in paragraph at lines 190--191
Overfull \hbox (47.97661pt too wide) in paragraph at lines 185--186
\T1/txr/m/n/12 helper. It will only work if the ker-nel was com-piled with the
CON-FIG_BPF_KPROBE_OVERRIDE
[]
[57]
Overfull \hbox (62.0767pt too wide) in paragraph at lines 232--233
[54] [55]
Overfull \hbox (62.0767pt too wide) in paragraph at lines 227--228
\T1/txr/m/n/12 the bounds of func-tion pa-ram-e-ters via the helpers bpf_probe_
read_user() and bpf_probe_read_kernel().
[]
[58] [59]
Overfull \hbox (3.09538pt too wide) in paragraph at lines 257--258
[56]
Overfull \hbox (3.09538pt too wide) in paragraph at lines 252--253
\T1/txr/m/n/12 trac-ing pro-grams can read any user mem-ory lo-ca-tion with the
bpf_probe_read_user()
[]
<images//stack_scan_write_tech.jpg, id=1364, 829.0975pt x 315.1775pt>
[57]
<images//stack_scan_write_tech.jpg, id=1374, 829.0975pt x 315.1775pt>
File: images//stack_scan_write_tech.jpg Graphic file (type jpg)
<use images//stack_scan_write_tech.jpg>
Package pdftex.def Info: images//stack_scan_write_tech.jpg used on input line
273.
268.
(pdftex.def) Requested size: 455.24408pt x 173.0548pt.
Overfull \hbox (28.45273pt too wide) in paragraph at lines 273--274
Overfull \hbox (28.45273pt too wide) in paragraph at lines 268--269
[][]
[]
[60 <./images//stack_scan_write_tech.jpg>]
[58 <./images//stack_scan_write_tech.jpg>]
LaTeX Warning: Reference `TODO' on page 61 undefined on input line 295.
LaTeX Warning: Reference `TODO' on page 59 undefined on input line 290.
[61] [62] [63]
<images//tcp_exfiltrate_retrans.jpg, id=1420, 633.36626pt x 475.7775pt>
[59] [60] [61]
<images//tcp_exfiltrate_retrans.jpg, id=1427, 633.36626pt x 475.7775pt>
File: images//tcp_exfiltrate_retrans.jpg Graphic file (type jpg)
<use images//tcp_exfiltrate_retrans.jpg>
Package pdftex.def Info: images//tcp_exfiltrate_retrans.jpg used on input line
355.
350.
(pdftex.def) Requested size: 426.79134pt x 320.60597pt.
[64 <./images//tcp_exfiltrate_retrans.jpg>])
(./chapters/chapter4.tex [65]
[62 <./images//tcp_exfiltrate_retrans.jpg>])
(./chapters/chapter4.tex [63]
Chapter 4.
[66
[64
]
LaTeX Warning: Reference `TODO EVALUATION' on page 67 undefined on input line 2
LaTeX Warning: Reference `TODO EVALUATION' on page 65 undefined on input line 2
2.
<images//rop_evil_ebpf_1.jpg, id=1438, 789.95125pt x 395.4775pt>
<images//rop_evil_ebpf_1.jpg, id=1445, 789.95125pt x 395.4775pt>
File: images//rop_evil_ebpf_1.jpg Graphic file (type jpg)
<use images//rop_evil_ebpf_1.jpg>
Package pdftex.def Info: images//rop_evil_ebpf_1.jpg used on input line 30.
(pdftex.def) Requested size: 426.79134pt x 213.66933pt.
LaTeX Warning: Reference `TODO' on page 67 undefined on input line 38.
LaTeX Warning: Reference `TODO' on page 65 undefined on input line 38.
[67 <./images//rop_evil_ebpf_1.jpg>]
[65 <./images//rop_evil_ebpf_1.jpg>]
Overfull \hbox (4.42868pt too wide) in paragraph at lines 47--48
\T1/txr/m/n/12 the orig-i-nal data later) and we pro-ceed to over-write the sta
ck us-ing bpf_probe_write_user(),
[]
<images//rop_evil_ebpf_2.jpg, id=1449, 789.95125pt x 395.4775pt>
<images//rop_evil_ebpf_2.jpg, id=1455, 789.95125pt x 395.4775pt>
File: images//rop_evil_ebpf_2.jpg Graphic file (type jpg)
<use images//rop_evil_ebpf_2.jpg>
Package pdftex.def Info: images//rop_evil_ebpf_2.jpg used on input line 51.
(pdftex.def) Requested size: 426.79134pt x 213.66933pt.
[68 <./images//rop_evil_ebpf_2.jpg>]
<images//rop_evil_ebpf_3.jpg, id=1459, 789.95125pt x 369.38pt>
[66 <./images//rop_evil_ebpf_2.jpg>]
<images//rop_evil_ebpf_3.jpg, id=1465, 789.95125pt x 369.38pt>
File: images//rop_evil_ebpf_3.jpg Graphic file (type jpg)
<use images//rop_evil_ebpf_3.jpg>
Package pdftex.def Info: images//rop_evil_ebpf_3.jpg used on input line 62.
(pdftex.def) Requested size: 426.79134pt x 199.5693pt.
[69 <./images//rop_evil_ebpf_3.jpg>]
[67 <./images//rop_evil_ebpf_3.jpg>]
LaTeX Warning: Reference `table:aslr_offset' on page 70 undefined on input line
LaTeX Warning: Reference `table:aslr_offset' on page 68 undefined on input line
85.
<images//aslr_offset.jpg, id=1467, 597.23125pt x 273.02pt>
<images//aslr_offset.jpg, id=1474, 597.23125pt x 273.02pt>
File: images//aslr_offset.jpg Graphic file (type jpg)
<use images//aslr_offset.jpg>
Package pdftex.def Info: images//aslr_offset.jpg used on input line 90.
(pdftex.def) Requested size: 369.88582pt x 169.0915pt.
[70 <./images//aslr_offset.jpg>]
[68 <./images//aslr_offset.jpg>]
Overfull \hbox (0.26146pt too wide) in paragraph at lines 113--114
[]\T1/txr/m/n/12 This tech-nique works both in com-pil-ers with low hard-en-ing
fe-tau-res by de-fault (Clang)
@@ -1660,19 +1649,19 @@ Overfull \hbox (38.05193pt too wide) in paragraph at lines 117--119
m/it/12 en-ter \T1/txr/m/n/12 po-si-tion of syscall sys_timerfd_settime.
[]
[71]
<images//sch_firstcall.png, id=1484, 643.40375pt x 91.34125pt>
[69]
<images//sch_firstcall.png, id=1491, 643.40375pt x 91.34125pt>
File: images//sch_firstcall.png Graphic file (type png)
<use images//sch_firstcall.png>
Package pdftex.def Info: images//sch_firstcall.png used on input line 127.
(pdftex.def) Requested size: 369.88582pt x 52.51244pt.
) (./chapters/chapter5.tex [72 <./images//sch_firstcall.png>]
) (./chapters/chapter5.tex [70 <./images//sch_firstcall.png>]
Chapter 5.
) (./chapters/chapter6.tex [73
) (./chapters/chapter6.tex [71
]
Chapter 6.
) [74
) [72
]
Overfull \hbox (5.34976pt too wide) in paragraph at lines 338--338
@@ -1680,7 +1669,7 @@ Overfull \hbox (5.34976pt too wide) in paragraph at lines 338--338
/ yir -[] cyber -[] threats -[]
[]
[75
[73
]
@@ -1701,7 +1690,7 @@ Overfull \hbox (21.24973pt too wide) in paragraph at lines 338--338
mmit _ 2015feb20 .
[]
[76]
[74]
Overfull \hbox (9.14975pt too wide) in paragraph at lines 338--338
\T1/txtt/m/n/12 ch02 . xhtml# :-[]: text = With % 20JIT % 20compiled % 20code %
2C % 20i ,[] %20other %
@@ -1713,13 +1702,19 @@ Overfull \hbox (6.49615pt too wide) in paragraph at lines 338--338
022), [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https :
[]
[77]
[75]
Overfull \hbox (0.76683pt too wide) in paragraph at lines 338--338
[]\T1/txr/m/n/12 ^^P Bpf next ker-nel tree.^^Q (), [On-line]. Avail-able: [][]
$\T1/txtt/m/n/12 https : / / kernel . googlesource .
[]
Overfull \hbox (14.49278pt too wide) in paragraph at lines 338--338
[]\T1/txr/m/it/12 Capabilities - overview of linux ca-pa-bil-i-ties\T1/txr/m/n/
12 . [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 http : / / manpages .
[]
[76]
Overfull \hbox (9.33742pt too wide) in paragraph at lines 338--338
\T1/txr/m/n/12 Avail-able: [][]$\T1/txtt/m/n/12 https : / / events19 . linuxfou
ndation . org / wp -[] content / uploads /
@@ -1761,25 +1756,19 @@ Overfull \hbox (21.2149pt too wide) in paragraph at lines 338--338
. com / blog / network -[] layers -[] explained/$[][]\T1/txr/m/n/12 .
[]
[78]
Overfull \hbox (4.29944pt too wide) in paragraph at lines 338--338
[]\T1/txr/m/n/12 ^^P Trans-mis-sion con-trol pro-to-col,^^Q IBM. (Apr. 19, 202
2), [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https :
[]
[77]
Overfull \hbox (6.53491pt too wide) in paragraph at lines 338--338
[]\T1/txr/m/n/12 H. Sidh-pur-wala. ^^P Hard-en-ing elf bi-na-ries us-ing re-lo
-ca-tion read-only (relro).^^Q (Jan. 28,
[]
Overfull \hbox (14.49278pt too wide) in paragraph at lines 338--338
[]\T1/txr/m/it/12 Capabilities - overview of linux ca-pa-bil-i-ties\T1/txr/m/n/
12 . [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 http : / / manpages .
[]
[79]
Overfull \hbox (53.32059pt too wide) in paragraph at lines 338--338
\T1/txr/m/it/12 sup-ple-ment\T1/txr/m/n/12 , Jan. 28, 2018, p. 148. [On-line].
Avail-able: [][]$\T1/txtt/m/n/12 https : / / raw . githubusercontent .
@@ -1803,7 +1792,7 @@ Overfull \hbox (39.98859pt too wide) in paragraph at lines 338--338
il-able: [][]$\T1/txtt/m/n/12 https : / / raw . githubusercontent .
[]
[80] (./chapters/annex.tex [81]
[78] (./chapters/annex.tex [79]
(/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2020/03/24 1.8d listings language file
)
@@ -1828,25 +1817,23 @@ l.346 \end{document}
LaTeX Warning: There were undefined references.
LaTeX Warning: Label(s) may have changed. Rerun to get cross-references right.
Package rerunfilecheck Info: File `document.out' has not changed.
(rerunfilecheck) Checksum: 73080A21CC6BDDF13751F7DFC4130C5D;5364.
Package biblatex Warning: Please (re)run Biber on the file:
(biblatex) document
(biblatex) and rerun LaTeX afterwards.
(rerunfilecheck) Checksum: 7A34DDECD47F12129DDDCF15A57C6F25;5503.
Package logreq Info: Writing requests to 'document.run.xml'.
\openout1 = `document.run.xml'.
)
Here is how much of TeX's memory you used:
29191 strings out of 481209
465022 string characters out of 5914747
1628963 words of memory out of 5000000
45101 multiletter control sequences out of 15000+600000
29195 strings out of 481209
465192 string characters out of 5914747
1628061 words of memory out of 5000000
45104 multiletter control sequences out of 15000+600000
459242 words of font info for 106 fonts, out of 8000000 for 9000
36 hyphenation exceptions out of 8191
88i,12n,90p,1029b,3715s stack positions out of 5000i,500n,10000p,200000b,80000s
88i,12n,90p,1029b,3721s stack positions out of 5000i,500n,10000p,200000b,80000s
{/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc}</usr/share/texliv
e/texmf-dist/fonts/type1/public/txfonts/rtcxi.pfb></usr/share/texlive/texmf-dis
t/fonts/type1/public/txfonts/rtcxr.pfb></usr/share/texlive/texmf-dist/fonts/typ
@@ -1859,9 +1846,9 @@ e/texmf-dist/fonts/type1/urw/helvetic/uhvb8a.pfb></usr/share/texlive/texmf-dist
/urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/u
tmb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmr8a.pfb></usr
/share/texlive/texmf-dist/fonts/type1/urw/times/utmri8a.pfb>
Output written on document.pdf (102 pages, 2221224 bytes).
Output written on document.pdf (100 pages, 2220915 bytes).
PDF statistics:
1984 PDF objects out of 2073 (max. 8388607)
545 named destinations out of 1000 (max. 500000)
758 words of extra memory for PDF output out of 10000 (max. 10000000)
1993 PDF objects out of 2073 (max. 8388607)
546 named destinations out of 1000 (max. 500000)
774 words of extra memory for PDF output out of 10000 (max. 10000000)