pkmoore / crashsimulator Goto Github PK

Fails on a call to open("/dev/tty") replacing a call to fstat64(1, ...)
During the recorded execution, the application called fstat64 on STDOUT at this point

Looks like failure occurs during a call to setlocale in http_atotm
this function must 1) store the old locale 2) set the LC_TIME's locale to NULL to support some solaris weirdness 3) generate the time_t to be returned 4) restore the old locale. It is the restoration of this old locale where the failure occurs. Commenting out this step allows the replay to proceed further.

TCSETSW -> What does this do? Any out parameters?
FIONBIO -> What does this do? Any out parameters?

For example:

We don't want to replay "open" calls that result in file descriptors that are eventually mmap()'d
We don't want to replay write calls that are output that tell us how the program is responding to our injections
We might want to replay write calls to file descriptors that update program state that we are replaying later (or maybe this doesn't matter)

Should be one command to recompile test programs, re-create traces, and re-execute all test scripts. This is too manual right now.

Sendmsg bundles an out parameter with each msg_hdr that is updated by the kernel to reflect how many bytes of each message were sent.

Config file should have at minimum contain the command and path to the trace.

Right now __llseek is always replayed. This is probably not what we want to happen. I believe this is causing an issue with FTP replay when execution attempts to move the file cursor around in non-replayed files

Seen when in the netcat execution (not under replay) when you make an invalid HTTP request to Google.

There is a weird issue around a replay delta with resolve.conf

Currently this is being worked around by disabling the name resolution machinery and entering host information in the hosts file. Current hypothesis is that there is some sort of caching or external mechanism causing problems.

Since the vDSO fix was put in place this delta presents itself as a call to gettimeofday() rather than a call to close() during the name resolution recvfrom() + poll() loop (in wget).

netcat: connect to localhost port 6666 (tcp) failed: Unknown error 3223857

Error message comes from openbsd warn().
warn() is like perror
3223857 is the value in errno at the time this warn() was called
warn() is called if vflag is set -> verbosity on and timeout_connect does not return 0
timeout_connect sets errno to optval returned from getsockopt (likely source of bug)

4484 getsockopt(3, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
results in:
DEBUG:root:Optval: 111
DEBUG:root:Optval Length: 4
DEBUG:root:Nooping the current system call in pid: 4705
DEBUG:root:Writing values
C: poke_address: child: 4705
C: poke_address: address: bfffb900
C: poke_address: data: 3223857
C: poke_address: child: 4705
C: poke_address: address: bfffb904
C: poke_address: data: 52