website Abstract enforces at runtime 3 contexts(Call type): which system call, how's call (Control Flow) (Argument Integrity) Bastion

Approach study: call stack integrety On the meeting at 1st March, this approach was proposed. Therefore, we are gonna look into the possibility and limitation of this approach. Core idea The core idea behind this method is to verify the call stack integrety, and determine if the process is compromised. To verify the call stack integrety, the approach states that given a call stack, if we can perform backtrace back to the entry point (_start in crt0.o), this call stack is sound Design for all programs in the system, we assume they are all compiled with gnu toolchain without bringing flags like: -fno-unwind-tables (see)

Introduction This article aims to explain how does GNU GCC plugins work, what can it do, and how to write one. According to kernel.org GCC plugins are loadable modules that provide extra features to the compiler [1]_. They are useful for runtime instrumentation and static analysis. We can analyse, change and add further code during compilation via callbacks [2]_, GIMPLE [3]_, IPA [4]_ and RTL passes [5]_. ...

[Embedded System] Deploy Linux v5.13 onto qemu vexpress-a9 Table of Contents [TOC] Beginners Guide Given the fact the the tutorials are mostly focused on Linux v4, and you will find that it doesnt work out by simply follow these tutorials to deploy v5.13, this blog aims to cover the latest Linux version of the time (2021/10/29), v5.13. If you are a total beginner to this, start here! Visit The Linux Kernel Archives

The discussion below is based on the assumption that we are talking about after Linux 2.6 Platform Devices and Drivers platform bus line, device and driver In the model of device driver, there are three instances we have to take care of: Bus line Device

This document is meant to record my experience of Linux kernel GPT MBR patch in Linux This is a lab that I try to understand more about MBR and GPT in linux kernel. In this work, I manage to use the secondary header to fix the wrecked up GPT. The note is over there: https://hackmd.io/@ztex/rypYsHWzP The code snippet in the kernel below is the logic how I figure out the alternative page table and use it to fix the primary table.

github: https://github.com/tony2037/LinuxKernel2021 測驗 $\alpha - 1$ #include <stdint.h> #define __DECLARE_ROTATE(bits, type) \ static inline type rotl##bits(const type v, int c) \ { \ const int mask = (bits) - (1); \ c &= mask; \

[name=ztex] :::info MBR (Master Boot Record) and GPT (GUID Partition Table) are two different ways of storing the partitioning information on a drive. This information includes where partitions start and begin, so your operating system knows which sectors belong to each partition and which partition is bootable. This is why you have to choose MBR or GPT before creating partitions on a drive. ::: MBR (Master Boot Record) :::info MBR does have its limitations. For starters, MBR only works with disks up to 2 TB in size. MBR also only supports up to four primary partitions—if you want more, you have to make one of your primary partitions an “extended partition” and create logical partitions inside it. This is a silly little hack and shouldn’t be necessary. :::

Netfilter hooks and packet flow see: https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/netfilter.h#L42 There are five hook point that your can hook to capture network packet. PRE_ROUTING: get the packets, regardless if the packet is for locol processes. The forwarded packets, as the result, can be captured at this point LOCAL_INPUT: packets sent to higher layers local processes, eg. SMB packet LOCAL_OUTPUT: packets sent from higher layers local processes FORWARDED: Forwarded packets

PCI (Peripheral Component Interconnect) Peripheral Component Interconnect[2] (abbreviated PCI, also referred to as Conventional PCI[citation needed] to differentiate from its successor PCI Express) is a local computer bus for attaching hardware devices in a computer and is part of the PCI Local Bus standard. The PCI bus supports the functions found on a processor bus but in a standardized format that is independent of any particular processor's native bus. Devices connected to the PCI bus appear to a bus master to be connected directly to its own bus and are assigned addresses in the processor's address space.[3] It is a parallel bus, synchronous to a single bus clock. see: Peripheral Component Interconnect PCI 是 local computer bus, 是 PCI Local Bus Standard 的一部分, 用來使其他硬體跟 CPU 溝通. PCI bus 支援處理器 bus 的功能. PCI 上的 Devices 會被配置位置 (cpu 上的 address space). 這是跟 single bus clock 平行 (parallel) 同步 (synchronous) 的. 所謂 local bus 是指直接跟 CPU 連接 (或者幾乎接近) 的 bus, 藉此減少額外產生的 bottleneck PCI configuration space

[name=ztex][time=2020,08,19] :memo: What is SCSI? The Small Computer System Interface (SCSI) is a set of parallel interface standards developed by the American National Standards Institute (ANSI) for attaching printers, disk drives, scanners and other peripherals to computers. :memo: original ATA(a.k.a PATA, parallel ATA) Parallel ATA (PATA), originally AT Attachment, is an interface standard for the connection of storage devices such as hard disk drives, floppy disk drives, and optical disc drives in computers. The standard is maintained by the X3/INCITS committee.[1] It uses the underlying AT Attachment (ATA) and AT Attachment Packet Interface (ATAPI) standards. The Parallel ATA standard is the result of a long history of incremental technical development, which began with the original AT Attachment interface, developed for use in early PC AT equipment. The ATA interface itself evolved in several stages from Western Digital's original Integrated Drive Electronics (IDE) interface. As a result, many near-synonyms for ATA/ATAPI and its previous incarnations are still in common informal use, in particular Extended IDE (EIDE) and Ultra ATA (UATA). After the introduction of Serial ATA (SATA) in 2003, the original ATA was renamed to Parallel ATA, or PATA for short.

Filesytem and device Filesytem is on block devices. LVM (logical volume manager), is a device mapper target that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume. compose of physical volume But here we don't dig into LVM. [name=ztex] 來說一下 LVM Physical Volume (PV)

In the article, we'll focus on raid [name=ztex] :memo: What's RAID? RAID ("Redundant Array of Inexpensive Disks" or "Redundant Array of Independent Disks") is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. :memo: LVM Concepts and Terminology see: https://www.digitalocean.com/community/tutorials/an-introduction-to-lvm-concepts-terminology-and-operations

[name=ztex] fio (flexible IO) Fio spawns a number of threads or processes doing a particular type of I/O action as specified by the user see: https://fio.readthedocs.io/en/latest/fio_doc.html job files

[name=ztex] :memo: Linux storage stack The block layer see A block layer introduction: part 1 the bio layer part 2 the request layer

:memo: GPIO pin /proc/device-tree How to? $> cat /proc/device-tree/internal_slot\@1/power_pin_gpio > /tmp/out $> xxd /tmp/out 00000000: 0000 0014 0000 0000 ........

:memo: What's bpf? The Berkeley Packet Filter is a technology used in certain computer operating systems for programs that need to, among other things, analyze network traffic. It provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received. It is available on most Unix-like operating systems. :memo: What's bcc? BPF Compiler Collection (BCC). BCC is a toolkit for creating efficient kernel tracing and manipulation programs references: https://blog.csdn.net/luckyapple1028/article/details/52972315 https://cloud.tencent.com/developer/article/1634120

View the book with " Book Mode". references: https://zhuanlan.zhihu.com/p/88875239 Abstract The three major thin film solar cell technologies amorphous silicon (α-Si)

Ping url: http://eens.ee.ncku.edu.tw:5104/ payload: 127.0.0.1 | cat flag/flag.txt detail: 127.0.0.1 | cat app.py from flask import Flask, render_template, request, url_for

View the book with " Book Mode". Resources Position Independent Executables (PIE) ghidra other writeup ltrace First step