search

sslab-gatech / winnie

Winnie is an end-to-end system that makes fuzzing Windows applications easy
MIT License
534 stars 74 forks source link

Query about handle inherit in source code and paper #5

Closed 50u1w4y closed 3 years ago

50u1w4y commented 3 years ago

Hello, stong. Thank you for your sharing.

In your paper, you said you enumerate all relevant handles and manually mark them inheritable. And in your code, there is function MarkAllHandles(). But there seems no function called MarkAllHandles() to mark all relevant handles inheritable.

On the other hand, in function NtCreateUserProcess, there is a flag PROCESS_CREATE_FLAGS_INHERIT_HANDLES. Can I regard that this flag will make the child process inherit handles automatically?

stong commented 3 years ago

Thanks for the interest in the project.

MarkAllHandles

Please refer to this code. https://github.com/sslab-gatech/winnie/blob/master/forklib/handle_inherit.cpp#L134

Can I regard that this flag will make the child process inherit handles automatically

Only the handles marked as inheritable.

On Wed, May 12, 2021 at 22:17, 50u1w4y @.***> wrote:

Hello, stong. Thank you for your sharing.

In your paper, you said you enumerate all relevant handles and manually mark them inheritable. And in your code, there is function MarkAllHandles(). But there seems no function called MarkAllHandles() to mark all relevant handles inheritable.

On the other hand, in function NtCreateUserProcess, there is a flag PROCESS_CREATE_FLAGS_INHERIT_HANDLES. Can I regard that this flag will make the child process inherit handles automatically?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

50u1w4y commented 3 years ago

Hello, thanks for your answer, I copyed that only the handles marked as inheritable will be inherited.

Yes, I know function MarkAllHandles() is to enumerate handles and mark them inheritable. But what makes me confused is that there seems no function called MarkAllHandles().

As far as I know, before forkserver fork child process, it should call MarkAllHandles() to enumerate handles and mark them inheritable. But after I searched the solution, it shows:

Find all "MarkAllHandles", Subfolders, Find Results 1, Entire Solution, ""
  F:\Code\winnie\forklib\fork.h(9): __declspec(dllexport) BOOL MarkAllHandles();
  F:\Code\winnie\forklib\handle_inherit.cpp(134):extern "C" BOOL MarkAllHandles() {
  Matching lines: 2    Matching files: 2    Total files searched: 46

So, I will confuse that if the flag will automatically mark all flags inheritable and inherit them. Can you help me understand the call stack?

Thank you.

stong commented 3 years ago

We export this function for harness authors to call themselves, as not all harnesses need this functionality.

On Fri, May 14, 2021 at 19:49, 50u1w4y @.***> wrote:

Hello, thanks for your answer, I copyed that only the handles marked as inheritable will be inherited.

Yes, I know function MarkAllHandles() is to enumerate handles and mark them inheritable. But what makes me confused is that there seems no function called MarkAllHandles().

As far as I know, before forkserver fork child process, it should call MarkAllHandles() to enumerate handles and mark them inheritable. But after I searched the solution, it shows:

Find all "MarkAllHandles", Subfolders, Find Results 1, Entire Solution, "" F:\Code\winnie\forklib\fork.h(9): __declspec(dllexport) BOOL MarkAllHandles(); F:\Code\winnie\forklib\handle_inherit.cpp(134):extern "C" BOOL MarkAllHandles() { Matching lines: 2 Matching files: 2 Total files searched: 46

So, I will confuse that if the flag will automatically mark all flags inheritable and inherit them. Can you help me understand the call stack?

Thank you.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

50u1w4y commented 3 years ago

Oh, I see. Thank you