syscall_injection/
syscall_injection.rs

1use panda::plugins::osi::OSI;
2use panda::prelude::*;
3use panda::syscall_injection::{run_injector, syscall};
4
5const GET_PID: target_ulong = 39;
6const GET_UID: target_ulong = 102;
7
8async fn getpid() -> target_ulong {
9    syscall(GET_PID, ()).await
10}
11
12async fn getuid() -> target_ulong {
13    syscall(GET_UID, ()).await
14}
15
16#[panda::on_all_sys_enter]
17fn any_syscall(cpu: &mut CPUState, pc: SyscallPc, syscall_num: target_ulong) {
18    if FORBIDDEN_SYSCALLS.contains(&syscall_num) || in_same_asid(cpu) {
19        return;
20    }
21
22    let current_pid = OSI.get_current_process(cpu).unwrap().pid;
23    println!("OSI PID: {}", current_pid);
24
25    run_injector(pc, async {
26        println!("PID: {}", getpid().await);
27        println!("UID: {}", getuid().await);
28        println!("PID (again): {}", getpid().await);
29    });
30}
31
32fn main() {
33    Panda::new()
34        .generic("x86_64")
35        //.args(&["-loadvm", "root"])
36        .run();
37}
38
39// The rest is to prevent applying syscall injectors to syscalls which might
40// cause issues
41
42use std::sync::atomic::{AtomicU64, Ordering};
43
44fn in_same_asid(cpu: &mut CPUState) -> bool {
45    static LAST_ASID: AtomicU64 = AtomicU64::new(0x1234);
46
47    let asid = unsafe { panda::sys::panda_current_asid(cpu) };
48
49    LAST_ASID.swap(asid, Ordering::SeqCst) == asid
50}
51
52const FORBIDDEN_SYSCALLS: &[target_ulong] = &[FORK, VFORK, EXIT_GROUP, RT_SIGRETURN];
53
54const FORK: target_ulong = 57;
55const VFORK: target_ulong = 58;
56const EXIT_GROUP: target_ulong = 231;
57const RT_SIGRETURN: target_ulong = 15;
syscall_injection/syscall_injection.rs

syscall_injection/
syscall_injection.rs
