2 files changed, 97 insertions, 0 deletions
diff --git a/crash/10123.c b/crash/10123.c
new file mode 100644
index 0000000..48a9304
--- /dev/null
+++ b/crash/10123.c
@@ -0,0 +1,32 @@
+/*
+ *Excerpt of the bug's description:
+ GDB fails to interrupt the program being debugged if the program is blocking SIGINT.
+ When using the sigwait function to retrieve signals, the program is expected to block them.  SIGINT is a commonly handled signal.  Any
+ program using sigwait to retrieve signals and handling SIGINT this way will not be interruptible by GDB.
+ */
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <signal.h>
+int main(){
+    sigset_t sigs;
+    sigfillset(&sigs);
+    sigprocmask(SIG_SETMASK, &sigs, NULL);
+    if(fork()){
+        sleep(1); // to be sure that
+        kill(getppid(), SIGINT);
+        _exit(0);
+    }
+    while(1){
+        pause();
+        printf("[*] No GBD detected\n");
+        /*
+         * Put your code here
+         */
+    }
+    return 0;
+}
diff --git a/crash/header_screwer.c b/crash/header_screwer.c
new file mode 100644
index 0000000..735aecd
--- /dev/null
+++ b/crash/header_screwer.c
@@ -0,0 +1,65 @@
+/*
+ * Elf header screwer, based on an idea of svenka's crackme, named Thellurik (http://crackmes.de/users/svenka/thellurik/)
+ * Unfortunately for me, ioactive was quicker than me : http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
+ * Kudos to them !
+ *
+ */
+#include <stdio.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <elf.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+int main(int argc, char** argv){
+    int f;
+    static Elf32_Ehdr* header;
+    printf(".: Elf corrupt :.\n");
+    if(argc < 2){
+        printf("Usage: %s file", argv[0]);
+        return 1;
+    }
+    if((f = open(argv[1], O_RDWR)) < 0){
+        perror("open");
+        return 1;
+    }
+    //MAP_SHARED is required to actually update the file
+    if((header = (Elf32_Ehdr *) mmap(NULL, sizeof(header), PROT_READ | PROT_WRITE, MAP_SHARED, f, 0)) == MAP_FAILED){
+        perror("mmap");
+        close(f);
+        return 1;
+    }
+    printf("[*] Current header values:\n");
+    printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
+            header->e_shoff, header->e_shnum, header->e_shstrndx);
+    header->e_shoff = 0xffff;
+    header->e_shnum = 0xffff;
+    header->e_shstrndx = 0xffff;
+    printf("[*] Patched header values:\n");
+    printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
+            header->e_shoff, header->e_shnum, header->e_shstrndx);
+    if(msync(NULL, 0, MS_SYNC) == -1){
+        perror("msync");
+        close(f);
+        return 1;
+    }
+    close(f);
+    munmap(header, 0);
+    printf("You should no more be able to run \"%s\" inside GDB\n", argv[1]);
+    return 0;
+}

diff --git a/crash/10123.c b/crash/10123.c new file mode 100644 index 0000000..48a9304 --- /dev/null +++ b/crash/10123.c
@@ -0,0 +1,32 @@
	1	/*
	2	*Excerpt of the bug's description:
	3	GDB fails to interrupt the program being debugged if the program is blocking SIGINT.
	4
	5	When using the sigwait function to retrieve signals, the program is expected to block them. SIGINT is a commonly handled signal. Any
	6	program using sigwait to retrieve signals and handling SIGINT this way will not be interruptible by GDB.
	7	*/
	8
	9	#include <stddef.h>
	10	#include <stdio.h>
	11	#include <unistd.h>
	12	#include <signal.h>
	13
	14	int main(){
	15	sigset_t sigs;
	16	sigfillset(&sigs);
	17	sigprocmask(SIG_SETMASK, &sigs, NULL);
	18
	19	if(fork()){
	20	sleep(1); // to be sure that
	21	kill(getppid(), SIGINT);
	22	_exit(0);
	23	}
	24	while(1){
	25	pause();
	26	printf("[*] No GBD detected\n");
	27	/*
	28	* Put your code here
	29	*/
	30	}
	31	return 0;
	32	}


diff --git a/crash/header_screwer.c b/crash/header_screwer.c new file mode 100644 index 0000000..735aecd --- /dev/null +++ b/crash/header_screwer.c
@@ -0,0 +1,65 @@
	1	/*
	2	* Elf header screwer, based on an idea of svenka's crackme, named Thellurik (http://crackmes.de/users/svenka/thellurik/)
	3	* Unfortunately for me, ioactive was quicker than me : http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html
	4	* Kudos to them !
	5	*
	6	*/
	7
	8
	9	#include <stdio.h>
	10	#include <sys/mman.h>
	11	#include <unistd.h>
	12	#include <stdlib.h>
	13	#include <elf.h>
	14	#include <sys/stat.h>
	15	#include <sys/types.h>
	16	#include <sys/procfs.h>
	17	#include <fcntl.h>
	18
	19
	20	int main(int argc, char** argv){
	21	int f;
	22	static Elf32_Ehdr* header;
	23
	24	printf(".: Elf corrupt :.\n");
	25
	26	if(argc < 2){
	27	printf("Usage: %s file", argv[0]);
	28	return 1;
	29	}
	30
	31	if((f = open(argv[1], O_RDWR)) < 0){
	32	perror("open");
	33	return 1;
	34	}
	35
	36	//MAP_SHARED is required to actually update the file
	37	if((header = (Elf32_Ehdr *) mmap(NULL, sizeof(header), PROT_READ \| PROT_WRITE, MAP_SHARED, f, 0)) == MAP_FAILED){
	38	perror("mmap");
	39	close(f);
	40	return 1;
	41	}
	42
	43	printf("[*] Current header values:\n");
	44	printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
	45	header->e_shoff, header->e_shnum, header->e_shstrndx);
	46
	47	header->e_shoff = 0xffff;
	48	header->e_shnum = 0xffff;
	49	header->e_shstrndx = 0xffff;
	50
	51	printf("[*] Patched header values:\n");
	52	printf("\te_shoff:%d\n\te_shnum:%d\n\te_shstrndx:%d\n",
	53	header->e_shoff, header->e_shnum, header->e_shstrndx);
	54
	55	if(msync(NULL, 0, MS_SYNC) == -1){
	56	perror("msync");
	57	close(f);
	58	return 1;
	59	}
	60
	61	close(f);
	62	munmap(header, 0);
	63	printf("You should no more be able to run \"%s\" inside GDB\n", argv[1]);
	64	return 0;
	65	}