Decai decompiling a malicious shellcode.
The instructions are not so readable, if you're not used to syscalls int 0x80. AI does it for you.
@ax6761 Well, you could call it an implementation glitch. #uname is *meant* to give you information about "the OS", but has always been implemented as a #syscall, therefore actually telling you something about the #kernel.
In #FreeBSD, the kernel doesn't *have* to be the exact same version as the userland, and for security updates, a new kernel is only built when some patch actually affects the kernel.
Note that on a #Linux system, it's arguably even "worse", as Linux is nothing but the kernel. TO know version information about the rest of your installed OS, you'll have to use distribution specific information (or more recently look at the now standardized /etc/osrelease).
I'm surprised at how badly #Ghidra decompiles this very simple function.
It's a syscall 0x57 which is unlink (remove a file).
I'm surprised it decompiles saying it *returns 0x57* ...
On thread vs. process permissions
In common Unix and POSIX systems, all threads in a process are supposed to have the same permission. So why does the vortex8 program work as exploited, where one thread sets different permissions than another one using setresuid/setresgid?
Reference: https://man7.org/linux/man-pages/man2/setresuid.2.html
Answer in thread.
Make Your Code Slower With Multithreading - With the performance of modern CPU cores plateauing recently, the main performance... - https://hackaday.com/2024/06/07/make-your-code-slower-with-multithreading/ #multithreading #softwarehacks #performance #profiling #spinlocks #syscall #futex #mutex #perf
Very useful website if you need a quick reference to Linux kernel syscalls (numbers and parameters for various architectures and kernel versions)
Trace Syscall Activity In Linux With Process Monitor (Procmon) #SystemCalls #Syscall #ProcessMonitor #Promon #SysinternalsSuite #Microsoft #Linux
https://ostechnix.com/trace-syscall-activity-in-linux-with-process-monitor-procmon/
Next up at 17:15 GMT at #OSSummit, Gabriel Krisman Bertazi presents "Efficient Syscall Emulation on Linux", where he'll look at the new #Syscall User Dispatch mechanism which arrived in #Linux 5.9. See you there! https://sched.co/eCDx #Wine #Windows #Gaming #OpenSource