-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
135 lines (97 loc) · 4.83 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
Atratus (http://atratus.org)
Run Linux binaries on Windows!
WHAT IS IT?
Atratus is a Windows program that can run Linux binaries.
It can load an ELF format executable created with
gcc on Linux run it.
WHAT WORKS?
* To use the binary package:
1) extract it to your Desktop
2) open the atratus-v0.X-bin directory
3) double click on one of the batch files (e.g. vitetris.bat)
* Some busybox programs, robotfindskitten, vitetris, some BSD games,
dropbear's ssh client (dbclient)
LIMITATIONS?
* This code has been tested with 32bit Windows XP and Windows 7.
It may not work correctly on Windows 8, and does not work on
Windows 2000 or any 64bit Windows in its current state.
* Performance of TLS emulation needs to be worked on.
TECHNICAL DETAILS?
* The "kernel" and "userland" are separate Windows processes. The
userland process's memory is allocated from a shared section owned
by the kernel.
* fork() is implemented using NtCreateProcess() which is an NT system
call not exposed to Win32 userland
* Linux system calls are caught using the NT debugger interface.
* The "kernel" is using co-operative multi-tasking (i.e. yield())
to keep things simple and reliable for the moment.
* Memory is allocated in the kernel in a shared section, and that
section is also mapped into the client process's address space.
Windows allocates in chunks of 64k, but Linux allocates in chunks
of 4k, however this Windows allows page protection to be changed
in granularity of the page size (4k). Using page protections,
allocates under 64k emulated in the client.
BUILD INSTRUCTIONS
This software should build on Ubuntu 12.04 LTS (x86) and Debian Wheezy (AMD64)
* apt-get install gcc-mingw32 build-essential libx11-dev
* run "make" in the top level directory
DEBUGGING
* The -D flag creates a debug log that logs the system calls handled
by the server process. e.g
C:\Documents and Settings\Mike\Desktop\atratus-v0.6-alpha>bin\atratus.exe -D ls.log bin/ls -la
* When any signal is caught, debugging information is dumped.
The contents are:
- the instruction that caused the fault
- the registers at the time of the fault
- the exception
- the top 256 bytes of the stack
- the allocated address ranges
- a simple backtrace (walking ESP and EBP), assuming -fframe-pointers
An example is show below:
not a syscall: 0f b6
EAX:5fffff2c EBX:00fff956 ECX:00fff956 EDX:000006a6
ESI:5fffff28 EDI:fffffffc EBP:5ffff890 ESP:5ffff880
EIP:00017b74 EFLAGS: 00010217
CS:001b DS:0023 ES:0023 SS:0023 GS:0038 FS:0038
Exception:
Code: c0000005
Flags: 00000000
Address: 00017b74
Params: 00000002
[0] -> 00000000
[1] -> 60fff87e
stack @5FFFF880
5FFFF880 fb ff ff 00 fb ff ff ff 24 ff ff 5f bb ff ff 5f ........$.._..._
...
5FFFF970 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Address space details:
Address range Base Protect State Protect Type
00010000-00026000 00010000 00000001 commit rwx 00020000 <--- ld-linux.so.2
00026000-00030000 00010000 00000001 commit --- 00020000
00030000-00031000 00030000 00000004 commit r-x 00020000
00040000-00042000 00040000 00000001 commit rwx 00020000
00042000-00050000 00040000 00000001 commit --- 00020000
00050000-00052000 00050000 00000001 commit rwx 00020000
00052000-00060000 00050000 00000001 commit --- 00020000
00400000-00401000 00400000 00000080 commit r-- 01000000 <--- stub linux.exe
00401000-00402000 00400000 00000080 commit r-x 01000000
00402000-00403000 00400000 00000080 commit 00000008 01000000
08040000-08048000 08040000 00000001 commit --- 00020000 <--- ELF image
08048000-08135000 08040000 00000001 commit rwx 00020000
08135000-08140000 08040000 00000001 commit --- 00020000
5ff00000-60000000 5ff00000 00000040 commit rwx 00020000 <--- stack
7c900000-7c901000 7c900000 00000080 commit r-- 01000000 <--- ntdll.dll
7c901000-7c97e000 7c900000 00000080 commit r-x 01000000
7c97e000-7c983000 7c900000 00000080 commit 00000008 01000000
7c983000-7c9b2000 7c900000 00000080 commit r-- 01000000
7ffb0000-7ffd4000 7ffb0000 00000002 commit r-- 00040000 <--- Windows PEB, TEB, etc
7ffd8000-7ffd9000 7ffd8000 00000004 commit rw- 00020000
7ffdf000-7ffe0000 7ffdf000 00000004 commit rw- 00020000
7ffe0000-7ffe1000 7ffe0000 00000002 commit r-- 00020000
7ffe1000-7fff0000 7ffe0000 00000002 reserve --- 00020000
Esp Ebp Eip
0: 5ffff880 5ffff890 5ffff8bc
1: 5ffff890 00000002 <invalid frame>
CONTRIBUTIONS & FEEDBACK?
Feedback and patches are welcome. There is a mailing list at: