📄 544.htm
字号:
Sigfunc * signal ( int signo, Sigfunc * func ); <br>
static Sigfunc * Signal ( int signo, Sigfunc * func ); /* for our si <br>
gnal <br>
() function */ <br>
static void terminate ( void ); <br>
static void usage ( char * arg ); <br>
/*----------------------------------------------------------------------*/ <br>
static void Atexit ( void ( * func ) ( void ) ) <br>
{ <br>
if ( atexit( func ) != 0 ) <br>
{ <br>
exit( FAILURE ); <br>
} <br>
return; <br>
} /* end of Atexit */ <br>
static void bpf_dump ( struct bpf_program * p, int option ) <br>
{ <br>
struct bpf_insn * insn; <br>
int i; <br>
int n = p->bf_len; <br>
insn = p->bf_insns; <br>
if ( option > 2 ) <br>
{ <br>
fprintf( stderr, "%d\n", n ); <br>
for ( i = 0; i < n; ++insn, ++i ) <br>
{ <br>
fprintf( stderr, "%u %u %u %u\n", insn->code, <br>
insn->jt, insn->jf, insn->k ); <br>
} <br>
return; <br>
} <br>
if ( option > 1 ) <br>
{ <br>
for ( i = 0; i < n; ++insn, ++i ) <br>
{ <br>
fprintf( stderr, "{ 0x%x, %d, %d, 0x%08x },\n", <br>
insn->code, insn->jt, insn->jf, insn->k ); <br>
} <br>
return; <br>
} <br>
for ( i = 0; i < n; ++insn, ++i ) <br>
{ <br>
puts( bpf_image( insn, i ) ); <br>
} <br>
} /* end of bpf_dump */ <br>
char * bpf_image ( struct bpf_insn * p, int n ) <br>
{ <br>
int v; <br>
char * fmt; <br>
char * op; <br>
static char image[256]; <br>
char operand64]; <br>
v = p->k; <br>
switch ( p->code ) <br>
{ <br>
default: <br>
op = "unimp"; <br>
fmt = "0x%x"; <br>
v = p->code; <br>
break; <br>
case BPF_RET|BPF_K: <br>
op = "ret"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_RET|BPF_A: <br>
op = "ret"; <br>
fmt = ""; <br>
break; <br>
case BPF_LD|BPF_W|BPF_ABS: <br>
op = "ld"; <br>
fmt = "[%d]"; <br>
break; <br>
case BPF_LD|BPF_H|BPF_ABS: <br>
op = "ldh"; <br>
fmt = "[%d]"; <br>
break; <br>
case BPF_LD|BPF_B|BPF_ABS: <br>
op = "ldb"; <br>
fmt = "[%d]"; <br>
break; <br>
case BPF_LD|BPF_W|BPF_LEN: <br>
op = "ld"; <br>
fmt = "#pktlen"; <br>
break; <br>
case BPF_LD|BPF_W|BPF_IND: <br>
op = "ld"; <br>
fmt = "[x + %d]"; <br>
break; <br>
case BPF_LD|BPF_H|BPF_IND: <br>
op = "ldh"; <br>
fmt = "[x + %d]"; <br>
break; <br>
case BPF_LD|BPF_B|BPF_IND: <br>
op = "ldb"; <br>
fmt = "[x + %d]"; <br>
break; <br>
case BPF_LD|PF_IMM: <br>
op = "ld"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_LDX|BPF_IMM: <br>
op = "ldx"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_LDX|BPF_MSH|BPF_B: <br>
op = "ldxb"; <br>
fmt = "4*([%d]&0xf)"; <br>
break; <br>
case BPF_LD|BPF_MEM: <br>
op = "ld"; <br>
fmt = "M[%d]"; <br>
break; <br>
case BPF_LDX|BPF_MEM: <br>
op = "ldx"; <br>
fmt = "M[%d]"; <br>
break; <br>
case BPF_ST: <br>
op = "st"; <br>
fmt = "M[%d]"; <br>
break; <br>
case BPF_STX: <br>
op = "stx"; <br>
fmt = "M[%d]"; <br>
break; <br>
case BPF_JMP|BPF_JA: <br>
op = "ja"; <br>
fmt = "%d"; <br>
v = n + 1 + p->k; <br>
break; <br>
case BPF_JMP|BPF_JGT|BPF_K: <br>
op = "jgt"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_JMP|BPF_JGE|BPF_K: <br>
op = "jge"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_JMP|BPF_JEQ|BPF_K: <br>
op = "jeq"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_JMP|BPF_JSET|BPF_K: <br>
op = "jset"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_JMP|BPF_JGT|BPF_X: <br>
op = "jgt"; <br>
fmt = "x"; <br>
break; <br>
case BPF_JMP|BPF_JGE|BPF_X: <br>
op = "jge"; <br>
fmt = "x"; <br>
break; <br>
case BPF_JMP|BPF_JEQ|BPF_X: <br>
op = "jeq"; <br>
fmt = "x"; <br>
break; <br>
case BPF_JMP|BPF_JSET|BPF_X: <br>
op = "jset"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_ADD|BPF_X: <br>
op = "add"; <br>
fmt = ""; <br>
break; <br>
case BPF_ALU|BPF_SUB|BPF_X: <br>
op = "sub"; <br>
fmt = "x"; <br>
break; <br>
break; <br>
case BPF_ALU|BPF_MUL|BPF_X: <br>
op = "mul"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_DIV|BPF_X: <br>
op = "div"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_AND|BPF_X: <br>
op = "and"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_OR|BPF_X: <br>
op = "or"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_LSH|BPF_X: <br>
op = "lsh"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_RSH|BPF_X: <br>
op = "rsh"; <br>
fmt = "x"; <br>
break; <br>
case BPF_ALU|BPF_ADD|BPF_K: <br>
op = "add"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_ALU|BPF_SUB|BPF_K: <br>
op = "sub"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_ALU|BPF_MUL|BPF_K: <br>
op = "mul"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_ALU|BPF_DIV|BPF_K: <br>
op = "div"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_ALU|BPF_AND|BPF_K: <br>
op = "and"; <br>
fmt = "#0x%x"; <br>
break; <br>
break; <br>
case BPF_ALU|BPF_OR|BPF_K: <br>
op = "or"; <br>
fmt = "#0x%x"; <br>
break; <br>
case BPF_ALU|BPF_LSH|BPF_K: <br>
op = "lsh"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_ALU|BPF_RSH|BPF_K: <br>
op = "rsh"; <br>
fmt = "#%d"; <br>
break; <br>
case BPF_ALU|BPF_NEG: <br>
op = "neg"; <br>
fmt = ""; <br>
break; <br>
case BPF_MISC|BPF_TAX: <br>
op = "tax"; <br>
fmt = ""; <br>
break; <br>
case BPF_MISC|BPF_TXA: <br>
op = "txa"; <br>
fmt = ""; <br>
break; <br>
} /* end of switch */ <br>
( void )sprintf( operand, fmt, v ); <br>
( void )sprintf( image, ( BPF_CLASS( p->code ) == BPF_JMP && BPF_OP( p-> <br>
code <br>
) != BPF_JA ) ? <br>
"(%03d) %-8s %-16s jt %d\tjf %d" : "(%03d) %-8s %s", <br>
n, op, operand, n + 1 + p->jt, n + 1 + p->jf ); <br>
return image; <br>
} /* end of bpf_image */ <br>
static void outputBinary ( const u_char * byteArray, const size_t byteArrayL <br>
en ) <br>
{ <br>
u_long offset; <br>
int i, j, k; <br>
fprintf( stderr, "byteArray [ %lu bytes ] ----> \n", ( long unsigned int <br>
)by <br>
teArrayLen ); <br>
if ( byteArrayLen <= 0 ) <br>
{ <br>
return; <br>
} <br>
i = 0; <br>
offset = 0; for ( k = byteArrayLen / 16; k > 0; k--, offset += 16 ) <br>
{ <br>
fprintf( stderr, "%08X ", ( unsigned int )offset ); <br>
for ( j = 0; j < 16; j++, i++ ) <br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -