# Copyright 2018 syzkaller project authors. All rights reserved. # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. include include execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]]) execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]], flags flags[at_flags]) write$binfmt_script(fd fd, data ptr[in, binfmt_script], len bytesize[data]) write$binfmt_misc(fd fd, data ptr[in, binfmt_misc], len bytesize[data]) write$binfmt_aout(fd fd, data ptr[in, binfmt_aout], len bytesize[data]) write$binfmt_elf32(fd fd, data ptr[in, binfmt_elf32], len bytesize[data]) write$binfmt_elf64(fd fd, data ptr[in, binfmt_elf64], len bytesize[data]) binfmt_script { hdr stringnoz["#! "] bin stringnoz[filename] args array[binfmt_script_arg] nl const[0xa, int8] data array[int8] } [packed] binfmt_script_arg { sp const[0x20, int8] arg stringnoz } binfmt_misc { hdr stringnoz[binfmt_misc_headers] data array[int8] } binfmt_misc_headers = "syz0", "syz1" binfmt_aout { exec exec data array[int8] # Just to make the file of a non-trivial size. pad array[array[const[0, int64], 32], 0:10] } [packed] exec { magic flags[aouthdr_magics, int16] machtype int8 flags int8 a_text int32[0:1000] a_data int32[0:1000] a_bss int32 a_syms int32[0:1000] a_entry int32 a_trsize const[0, int32] a_drsize const[0, int32] } aouthdr_magics = OMAGIC, NMAGIC, ZMAGIC, QMAGIC type binfmt_elf32 binfmt_elf[int32, elf32_phdr, ELF32_PHDR_SIZE] type binfmt_elf64 binfmt_elf[int64, elf64_phdr, ELF64_PHDR_SIZE] type binfmt_elf[ADDR, PHDR, PHENTSIZE] { hdr elf_hdr[ADDR, PHENTSIZE] phdr array[PHDR, 1:2] data array[int8] # Just to make the file of a non-trivial size. pad array[array[const[0, int64], 32], 0:10] } [packed] type elf_hdr[ADDR, PHENTSIZE] { e_ident0 const[0x7f, int8] e_ident1 const[0x45, int8] e_ident2 const[0x4c, int8] e_ident3 const[0x46, int8] e_ident_class int8 e_ident_data int8 e_ident_ver int8 e_ident_osabi int8 e_ident_pad int64 e_type flags[elf_types, int16] e_machine flags[elf_machines, int16] e_version int32 e_entry ADDR[0:1000] e_phoff bytesize[parent, ADDR] e_shoff ADDR[0:1000] e_flags int32 e_ehsize int16 e_phentsize const[PHENTSIZE, int16] e_phnum int16[1:2] e_shentsize int16 e_shnum int16 e_shstrndx int16 } elf32_phdr { p_type flags[elf_ptypes, int32] p_offset int32 p_vaddr int32 p_paddr int32 p_filesz int32 p_memsz int32 p_flags int32 p_align int32 } [size[ELF32_PHDR_SIZE]] elf64_phdr { p_type flags[elf_ptypes, int32] p_flags int32 p_offset int64 p_vaddr int64 p_paddr int64 p_filesz int64 p_memsz int64 p_align int64 } [size[ELF64_PHDR_SIZE]] elf_types = ET_EXEC, ET_DYN elf_machines = EM_386, EM_486, EM_X86_64 elf_ptypes = PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_LOOS, PT_LOPROC, PT_GNU_STACK define ELF32_PHDR_SIZE sizeof(struct elf32_phdr) define ELF64_PHDR_SIZE sizeof(struct elf64_phdr)