I am new to qemu development. I am trying to modify qemu to emulate some features of SGX processor on x86 machines using QEMU emulator. Here is what I want to do.
I want to add the following to qemu. I want to start a qemu process with a new argument EECREATE. This when given to qemu-i386 binary should create an encrypted space in memory with few new data structures inside. Like for example,
qemu-system-i386 -hda ubuntu.img -eecreate -m 2G
This command should boot an ubuntu.img and create a encrypted space (need not be big) of memory for the image (In this case create an encrypted space within 2G that is assigned to the ubuntu-img. Basically, the encrypted space should be within a address space of the image.)
Can anyone please let me know the process involved as what needs to be followed to get it working? What files I need to modify? A brief explaination of how the flow of code will be?
I am not able to get any documentation on web and am stuck as where and how to begin.Any help is greatly appreciated.
Thanks
The short answer is "modify vl.c and qemu-options.hx". The latter is there as all the options processing is integrated into the help provision and so forth - i.e. the code is built dynamically. My normal approach is to pick a similar option and see how it's done.
The longer answer is that if you want the code upstreamed, you should probably discuss your proposal on the qemu-devel mailing list.
The #qemu IRC channel on on irc.oftc.net is also helpful. You will no doubt get some feedback. However, I'd suggest you might consider implementing this as a machine parameter rather than a command line option, unless you are going to make it work for all virtual machine types.
Related
I am very new at this and trying to get an understanding of this. I have read a lot on the DroneKit-Python site trying to figure out how exactly am I able to communicate with it.
Drone I am currently using is Iris+
I have looked more and there are software that already provide this, but I want to be able to control it plus more.
I want to set waypoints, tell it to then fly give the way points and keep going to them. Also, to be able to arm itself, which is in the example, and override the safety mechanism.
Here is the basic of what I am trying to use it for. Have it fly up at a certain time. Go to the waypoints 1,2,3,1,etc.. Then after X amount of time or on low battery go back to launch point and land.
I have found plenty of code that provides what i need to do, though I don't know if it will work and more importantly I don't even know how to start programming for this. Maybe I have the wrong approach in doing this?
I kind of want this to be a light API, so that in the future I can make a simple UI on my phone and insert some coordinates to give it ways points and that is it. I know there is software out there already that does it, but I want to remove the need for touching the drone. I want it to start and end autonomously.
If anyone could help provide some info that much would be greatly appreciated.
Assuming you have no companion computer (Iris+ does not by default), you are OK with running a ground station app (you won't be out of range to send commands to "end mission on time expiry") and that driving the behaviour from your phone is important, I would be looking at DroneKit Android.
Some notes:
You're going to have to touch the drone at some point to attach the
batteries.
You can arm the device from dronekit
You can override the safety mechanism from a script. I hope you have
a lot of money to pay for the new drones you're going to have to buy when they crash and all the litigation from damaged people and property (in other words "don't do it".
The default behaviour is to return the device to launch (RTL) on low battery. This is convigurable
Setting a time is more "problematic". You can have a timer in a script that then sends return-to-launch but the script needs to be connected to the UAV. This means that either you have to be running in a connected ground station (which might potentially be out of range) or on a companion computer.
Iris+ does not have a companion computer. You have to install one or connect from a Ground Control Station.
DroneKit-Python runs on Linux, MacOSX or Windows. You can't just run it on an ordinary phone, though you could find some other mechanism to send messages/scripts to it running on a companion Computer.
DroneKit Android runs on Android. We do have a planned iOS version too. In theory these could run on a companion computer, but in practice currently these are only used as ground stations.
I am new to device driver programming. I've followed the available tutorials on the web which has provided helpful information to get started. However now I have embarked on a new project where the exclusive goal is to search for functions which have been hooked by malware or keyloggers. So I think I have sorted out what I need to accomplish this though I still need to be able to locate the load address of the system dll's (i.e. kernel32.dll, user32.dll and the like) that are already loaded in memory. I need the load address so that I can parse their PE to get to the export and import sections. Furthermore adding the load address to the file size will give me a address range to cross reference the addresses of the export functions no ? Cross referencing the the IMPORT address will be a little more involved but it can be done according to my estimates. I thought that building a kernel mode driver would be the right way to go since accessing memory outside the kernel driver's address range would not be an issue for the driver as opposed to a user mode app. How else will I be able to access the addresses located in the EAT and IAT of the target dll ? I know there exist a user mode API that can provide the load address mainly being GetModuleHandle but I would like to find the equivalent in kernel mode. I could write a user mode application that could relay this information to the driver but prefer that this all be done in kernel mode if possible. Any suggestions or comments would be most welcome.
Thanks in advance
Victor
p.s This post has been edited for more clarity. Hopefully it will make it more clear as what I am trying to accomplish.
This is probably not a very good idea to do in kernel mode. When are you going to actually do this and guarantee the process is in a state where you could walk the IAT?
What if the process is in the middle of loading a DLL? If you're executing in-thread (i.e. from a syscall or device IOCTL), what if other threads are executing too? Doing this when you're not the OS is a very difficult proposition to correctly do, and it's very easy to destabilize your customers' machines (hell, it's reasonably hard to do even if you are the OS)
Take a look at LdrGetProcedureAddress and the rest of the gang.
Edit:
MmGetSystemRoutineAddress might also be helpful.
Just wanted to thank everyone for their contribution. I did manage to some further research and discovered that there is a kernel mode API called PsLoadImageNotifyCallback that is able to find the base addresss of any process.
Would like to ask for advice.
there is a need for binary to have a mechanism for self update. Lets imagine binary rolls on host A and updates-server is server B.
Lobster method is to fork bash script with wget/ftp/ncftp/etc getter wich will download and replace. But ehm...there is no such tools on A and they will not be installed.
In short I can't use any external software tools(external to running binary).I can just hardcode mechanism in running binary.
As binary image runs it can load binary(and md5 file) simply via tcp sockets in tmp file,then do md5 compare and if everything ok then replace binary and restart itself. Its easy to do, but I have some strange feeling...dunno.
Mb someone can share and advice?:)Thank you in advance.
Conditions: binary is written in pure c. freebsd is binary rolling side and update-serve is centos. So java/python/c++/any is available at server side but not on free. Y, tobe honest its is possbile install some tools on client side and openfirewall for ftp, but want to avoid and hardcode :)
ADDED: must be noted that the enviroment between A and B is secured..eghm...as we think, in any way security and access problem and spoofing/sniffing out of our world there :) its just local update implementation mechanism for some binary which nowdays we update from center within expect scripts via ssh.
You will have to reimplement a whole host of functionality if you want to do so. My easiest suggestion would be to link to libcurl, hardcode the download path into your executable and write the image of your executable back to $ARGV[0]. However, you should definitely rethink your distribution concept, most distributions do some form of package management, and using it is the easiest alternative for all parties involved.
First of all check if you can modify a binary when a process is executing it, some system does not allow it.
You say you can not use external tool so probbly you can not create another "updater program" which will do the chenge instead of your binary.
Probalby you can download such program (from where you want to downlaod your update), execute it (exec, replaces current process with the new one)
that executed process will download and upded your main one, and then exec to it.
I want to make a program that reads a serial port (V.24).
with the info from the serial port I need to split a string up, and add it to a MySQL database.
I don't know C very well, so I need some help with what functions I should use
The program has to run under windows XP, and I have to make it an service.
thanks,
Sebastian
Services are a pain to debug. I suggest writing your code as a normal application first - command line will do - and then, once it works, converting it to a service (which is a mechanical process).
In general, Windows GUI based apps in C are a PITA to write for the first time. Very finicky, very sensitive. A command line app or a service will be quite a bit easier.
I recommend reading this. As for if this will work as a service, I am not sure, but it should.
You can also look at existing open source projects, to see if you can take that source as a starting point, or if they already solve your problems.
Is it possible to read damaged media (cd, hdd, dvd,...) even if windows explorer bombs out?
What I mean to ask is, whether there is a set of APIs or something that can access the disk at a very low level (below explorer?) and read whatever can be retrieved even if it is only partial, especially if you can still see the file is there from explorer, but can't do anything with it because it is damaged somehow (scratch on cd, etc)?
The main problem with Windows Explorer is that it doesn't support resuming copying after a read error. Most superficially scratched CDs, for example, will fail on different areas of the disk every time you eject and reinsert them.
Therefore, with a utility that supports resuming copy operations, it is possible to read the entire contents of a damaged CD with by doing "eject/reload/resume" a few times.
In fact, this is what a utility I wrote does, and I've never needed anything fancier to read scratched disks. (It simply uses ReadFile and WriteFile.)
One step lower would be opening the raw partition (i.e. disk image) by passing a string such as "\.\F:" (note: slashes are literal here) to CreateFile. It would allow you to read raw sectors from a drive, but reconstructing files from that data would be hard.
In fact, the "\.\" syntax allows you to open devices in the "\GLOBAL??" branch of the Windows Object Manager namespace as if they were files. It's not unlike calling dd with /dev/x as a parameter. There is also a "\Device" branch, but that's only accessible via DeviceIoControl() (i.e. ioctl()), meaning there's no simple ReadFile()/WriteFile() interface.
Anything lower level than that would be device-specific, I guess; like reading raw CD-ROM data (including ECC bits) the way some CD-burning programs do. You'd have to do some research on the specific media (CD, flash, DVD) and what your hardware allows you to do on them.
Note: The backslashes seem to get lost on the way to the web page; you need to pass "backslash backslash dot backslash DeviceName" to CreateFile. You need to escape them, too, of course.
If you want to do it, do it from the Linux side - see: http://sourceforge.net/projects/monkeycity/ opensource
or ready made app and freeware too: http://www.theabsolute.net/sware/dskinv.html
the first step is dd_rescue. After that, you're free to try anything to reconstruct the data.
And there's GNU ddrescue
GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying to rescue the good parts first in case of read errors.
Make sure to use the 3-arg version (manual):
ddrescue [options] infile outfile [mapfile]
That is, do use a mapfile even if it's optional, because:
If you use the mapfile feature of ddrescue, the data is rescued very efficiently, (only the needed blocks are read). Also you can interrupt the rescue at any time and resume it later at the same point. The mapfile is an essential part of ddrescue's effectiveness. Use it unless you know what you are doing.
And it's also included in Cygwin and Homebrew.
I don't know what layer exists between Windows Explorer and the Win32 APIs. You can try to write a program with the Win32 File I/O stuff. If that doesn't work, then you have to write your own device driver to get any lower.
I've had some luck from the linux side, or using BartPE (http://www.nu2.nu/pebuilder/), but just seeing the file doesn't always mean the file is going to be recoverable, whether you're trying from Windows or Linux. You're best bet might be to use a trial of a recovery program.
I have had two disks start to disintegrate on me. From the pattern of unreadable sectors I think they had internal flaking of their emulsion. WinXP Explorer just threw up its hands and said the drive didn't even exist.
In both cases I used "GetDataBack for NTFS" from Runtime Software (http://www.runtime.org/). You can download a free trial which will show you what you could get back if you paid for it. When I bought it it was $49, but I see it is now $79.
This program is amazing. It's not necessarily fast as it will reread some sectors over and over, trying to get a consensus value from multiple tries, but when it's done you can get back stuff that you thought was gone forever. I had one drive that it took over 10 hours to analyze, but when it was done I got back over 97% of a 500GB drive. Definitely worth the price.
Another great tool is Beyond Compare. I have rev 2.5.3, but it is currently at 3.?? and costs $30. They have a full-functionality, 30-day trail. It does a great job of copying large quantities of files (and only those that need to be copied) and, unlike Explorer, it doesn't blow up if something fails. It's sort of like a visual rsync for Windows, if you're familiar with that program from the Samba people.
I have no connection with either of the comapnies mentioned other than being a very satisfied customer.
The gold standard for recovering data from a magnetic storage device would have to be SpinRite. It's a commerical app though, so you probably wouldn't learn much from it.
If you have a Linux machine around, I can recommend dvdisaster. It is originally meant for creating error correction files, but it also reads DVDs into an image and ignores read errors; and you can use different drives one after another to get missing sectors filled in the image.