+++ /dev/null
-{-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE TemplateHaskell, FlexibleInstances #-}
-{-# LANGUAGE ForeignFunctionInterface #-}
-module Main where
-
-import Data.Binary
-import Data.String
-import System.Environment hiding (getEnv)
-import qualified Data.Map as M
-import qualified Data.ByteString.Lazy as B
-
-import Text.Printf
-
-import Control.Monad
-
-import qualified JVM.Assembler as J
-import JVM.Assembler hiding (Instruction)
-import JVM.Common
-import JVM.ClassFile
-import JVM.Converter
-import JVM.Dump
-
-import Foreign
-import Foreign.Ptr
-import Foreign.C.Types
-
-import Harpy
-import Harpy.X86Disassembler
-
-
-foreign import ccall "dynamic"
- code_void :: FunPtr (CInt -> IO CInt) -> (CInt -> IO CInt)
-
-foreign import ccall "getaddr"
- getaddr :: CUInt
-
-foreign import ccall "callertrap"
- callertrap :: IO ()
-
-
-$(callDecl "callAsWord32" [t|Word32|])
-
-main = do
- args <- getArgs
- case args of
- [clspath] -> do
- clsFile <- decodeFile clspath
- let cp = constsPool (clsFile :: Class Pointers)
- putStrLn "==== constpool: ===="
- putStrLn $ showListIx $ M.elems cp
- cf <- parseClassFile clspath
- putStrLn "==== classfile dump: ===="
- dumpClass cf
- putStrLn "==== random stuff: ===="
- let mainmethod = lookupMethod "main" cf -- "main|([Ljava/lang/String;)V" cf
- case mainmethod of
- Nothing -> putStrLn "no main found"
- Just main ->
- case attrByName main "Code" of
- Nothing -> putStrLn "no code attr found"
- Just bytecode -> do
- putStrLn "woot, running now"
- allocaArray 26 (\ p -> mapM_ (\ i -> poke (advancePtr p i) 0) [0..25] >> runstuff p bytecode)
- _ -> error "Synopsis: dump-class File.class"
-
-runstuff :: Ptr Int32 -> B.ByteString -> IO ()
-runstuff env bytecode = do
- let emittedcode = (compile (fromIntegral getaddr)) $ codeInstructions $ decodeMethod bytecode
- (_, Right ((entryPtr, endOffset), disasm)) <- runCodeGen emittedcode env ()
- printf "entry point: 0x%08x\n" ((fromIntegral $ ptrToIntPtr entryPtr) :: Int)
-
- let entryFuncPtr = ((castPtrToFunPtr entryPtr) :: FunPtr (CInt -> IO CInt))
- result <- code_void entryFuncPtr (fromIntegral 0x1337)
- let iresult::Int; iresult = fromIntegral result
- printf "result: 0x%08x\n" iresult -- expecting (2 * 0x1337) + 0x42 = 0x26b0
-
- result2 <- code_void entryFuncPtr (fromIntegral (-0x20))
- let iresult2::Int; iresult2 = fromIntegral result2
- printf "result: 0x%08x\n" iresult2 -- expecting 0x2
-
-
- -- s/mov ebx 0x6666/mov eax 0x6666/
- let patchit = plusPtr entryPtr 0xb
- poke patchit (0xb8 :: Word8)
-
- result3 <- code_void entryFuncPtr (fromIntegral 0)
- let iresult3::Int; iresult3 = fromIntegral result3
- printf "result: 0x%08x\n" iresult3 -- expecting 0x6666
-
- printf "disasm:\n"
- mapM_ (putStrLn . showAtt) disasm
-
- printf "patched disasm:\n"
- Right newdisasm <- disassembleBlock entryPtr endOffset
- mapM_ (putStrLn . showAtt) $ newdisasm
-
- let addr :: Int; addr = (fromIntegral getaddr :: Int)
- printf "getaddr: 0x%08x\n" addr
-
- return ()
-
-
-entryCode :: CodeGen e s ()
-entryCode = do push ebp
- mov ebp esp
-
-exitCode :: CodeGen e s ()
-exitCode = do mov esp ebp
- pop ebp
- ret
-
-compile :: Word32 -> [J.Instruction] -> CodeGen (Ptr Int32) s ((Ptr Word8, Int), [Instruction])
-compile trapaddr insn = do
- entryCode
- mapM compile_ins insn
- push eax
- mov ecx (trapaddr :: Word32)
- call ecx
- -- call trapaddr -- Y U DON'T WORK? (ask mr. gdb for help)
- pop eax
- exitCode
- d <- disassemble
- c <- getEntryPoint
- end <- getCodeOffset
- return ((c,end),d)
-
-compile_ins :: J.Instruction -> CodeGen (Ptr Int32) s ()
-compile_ins (BIPUSH w8) = do mov eax ((fromIntegral w8) :: Word32)
-compile_ins (PUTSTATIC w16) = do add eax (Disp 8, ebp) -- add first argument to %eax
-compile_ins (GETSTATIC w16) = do nop
-compile_ins ICONST_2 = do mov ebx (0x6666 :: Word32) -- patch me!
-compile_ins IMUL = do nop
- -- mov eax (0 :: Word32)
- -- jmp eax
-compile_ins RETURN = do nop
-compile_ins _ = do nop
-
--- TODO: actually this function already exists in hs-java-0.3!
-lookupMethod :: B.ByteString -> Class Resolved -> Maybe (Method Resolved)
-lookupMethod name cls = look (classMethods cls)
- where
- look [] = Nothing
- look (f:fs)
- | methodName f == name = Just f
- | otherwise = look fs
-== DEPENDENCIES ==
-$ cabal install harpy
-$ cabal install hs-java # 0.2 at the moment!
+$ make
+./stackoverflow_segv
+entry point: 0x0a0e97e0
+welcome back
+$ # however, when executing binray from shell...
+$ ./stackoverflow_segv
+entry point: 0x0916b7e0
+Segmentation fault (core dumped)
+
+
+
+# some information about the system
+$ cat /etc/issue
+Ubuntu 12.04 LTS \n \l
+$ uname -a
+Linux matevm-dev 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:41:14 UTC 2012 i686 athlon i386 GNU/Linux
+$ ghc --version
+The Glorious Glasgow Haskell Compilation System, version 7.4.1
+$ gcc --version
+gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3
+Copyright (C) 2011 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+$ make --version
+GNU Make 3.81
+Copyright (C) 2006 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.
+There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE.
+
+This program built for i686-pc-linux-gnu
+$ ghc-pkg list
+/var/lib/ghc/package.conf.d:
+ Cabal-1.14.0
+ array-0.4.0.0
+ base-4.5.0.0
+ bin-package-db-0.0.0.0
+ binary-0.5.1.0
+ bytestring-0.9.2.1
+ containers-0.4.2.1
+ deepseq-1.3.0.0
+ directory-1.1.0.2
+ extensible-exceptions-0.1.1.4
+ filepath-1.3.0.0
+ (ghc-7.4.1)
+ ghc-prim-0.2.0.0
+ (haskell2010-1.1.0.1)
+ (haskell98-2.0.0.1)
+ hoopl-3.8.7.3
+ hpc-0.5.1.1
+ integer-gmp-0.4.0.0
+ old-locale-1.0.0.4
+ old-time-1.1.0.0
+ pretty-1.1.1.0
+ process-1.1.0.1
+ rts-1.0
+ template-haskell-2.7.0.0
+ time-1.4
+ unix-2.5.1.0
+
+/home/lewurm/.ghc/i386-linux-7.4.1/package.conf.d:
+ HUnit-1.2.4.2
+ MissingH-1.1.1.0
+ QuickCheck-2.4.2
+ binary-state-0.1.1
+ control-monad-exception-0.10.2
+ data-binary-ieee754-0.4.2.1
+ disassembler-0.1.0.1
+ failure-0.2.0.1
+ ghc-paths-0.1.0.8
+ harpy-0.4.3.0
+ haskell-src-1.0.1.5
+ heap-1.0.0
+ hs-java-0.2
+ hslogger-1.1.5
+ monadloc-0.6
+ mtl-1.1.1.1
+ mtl-2.1.1
+ network-2.3.0.13
+ parsec-2.1.0.1
+ plugins-1.5.2.1
+ random-1.0.1.1
+ regex-base-0.93.2
+ regex-compat-0.95.1
+ regex-posix-0.95.1
+ syb-0.3.6.1
+ transformers-0.3.0.0
+ utf8-string-0.3.7