bitdefender · miishuistr · Oct 6, 2018 · Oct 6, 2018 · Oct 7, 2018 · Oct 8, 2018
diff --git a/BUILD_INSTRUCTIONS_WINDOWS.txt b/BUILD_INSTRUCTIONS_WINDOWS.txt
@@ -0,0 +1,4 @@
+1. git clone <river_repository> <your_directory>
+2. cd <your_directory>
+3. cmake .. DESTDIR=<where your binaries end up> // please override this as it defaults to c:\Program Files
+4. cmake --build .
diff --git a/BinLoader/CMakeLists.txt b/BinLoader/CMakeLists.txt
@@ -10,7 +10,9 @@ add_library(${LIBRARY_NAME} STATIC
 	Unified.Loader.cpp
 	LoaderAPI.cpp
 	Inproc.Mapper.cpp
+	Extern.Mapper.cpp
 	Shm.Mapper.cpp
+	Mem.Mapper.cpp
 	Inproc.Native.Importer.cpp
 	)
 

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,9 +1,11 @@
 cmake_minimum_required(VERSION 2.8)
-set(CMAKE_SYSTEM_NAME Linux)
+##set(CMAKE_SYSTEM_NAME Linux)
 project(RIVER C CXX ASM)
 
 set(CMAKE_ASM_CREATE_SHARED_LIBRARY ${CMAKE_C_CREATE_SHARED_LIBRARY})
-set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_INSTALL_PREFIX}/bin)
+set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 
 set(CMAKE_POSITION_INDEPENDENT_CODE false)
 
@@ -24,6 +26,7 @@ add_subdirectory(revtracer-wrapper)
 add_subdirectory(revtracer)
 add_subdirectory(ipclib)
 add_subdirectory(Execution)
+add_subdirectory(loader.setup)
 add_subdirectory(loader)
 add_subdirectory(SymbolicEnvironment)
 add_subdirectory(benchmarking-payload)
diff --git a/Execution/CMakeLists.txt b/Execution/CMakeLists.txt
@@ -1,16 +1,25 @@
 ## Execution CMakeLists.txt
 
 set(LIBRARY_NAME execution)
-set(FLAGS_CROSS "-D__cdecl=\"\" -D__stdcall=\"\"")
+if(WIN32)
+set(FLAGS_CROSS "-D_cdecl=\"__cdecl\" \
+	-D_stdcall=\"__stdcall\"")
+else(WIN32)
+set(FLAGS_CROSS "-D_cdecl=\"__attribute__((cdecl))\" \
+	-D_stdcall=\"__attribute__((stdcall))\"")
+endif()
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32 -std=c++11 -D_EXECUTION_EXPORTS \
 	-DBLOCK_CACHE_READ_ONLY ${FLAGS_CROSS}")
 
 include_directories(../BinLoader)
 add_library(${LIBRARY_NAME} SHARED
 	Debugger.cpp
 	ExternExecutionController.Linux.cpp
+	ExternExecutionController.Windows.cpp
 	DualAllocator.Linux.cpp
+	DualAllocator.Windows.cpp
 	TokenRingInit.Linux.cpp
+	TokenRingInit.Windows.cpp
 	LargeStack.cpp
 	CommonExecutionController2.cpp
 	InprocessExecutionController.cpp
@@ -22,15 +31,22 @@ add_library(${LIBRARY_NAME} SHARED
 	../libproc/libproc.cpp
 	)
 
+if (UNIX AND NOT APPLE)
+set (OS_LIBS rt dl)
+else ()
+set (OS_LIBS ntdll)
+endif ()
+
 target_link_libraries(${LIBRARY_NAME}
 	binloader
 	wrappersetup
+	loadersetup
 	virtualmemory
-	rt
-	dl)
+	${OS_LIBS})
 
 set_target_properties(${LIBRARY_NAME} PROPERTIES PUBLIC_HEADER "Execution.h")
 install(TARGETS ${LIBRARY_NAME}
+  DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
   LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
   PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/Execution
   )
diff --git a/Execution/Main.cpp b/Execution/Main.cpp
@@ -2,10 +2,6 @@
 #include "ExternExecutionController.h"
 #endif
 
-#ifndef DISABLE_EXTERN_EXECUTION
-#include "ExternExecutionController.h"
-#endif
-
 #ifndef DISABLE_INPROCESS_EXECUTION
 #include "InprocessExecutionController.h"
 #endif

diff --git a/SymbolicEnvironment/CMakeLists.txt b/SymbolicEnvironment/CMakeLists.txt
@@ -1,7 +1,13 @@
 ## SymbolicEnvironment CMakeLists.txt
 
 set(LIBRARY_NAME symbolicenvironment)
-set(FLAGS_CROSS "-D__cdecl=\"\" -D__stdcall=\"\"")
+if(WIN32)
+set(FLAGS_CROSS "-D_cdecl=\"__cdecl\" \
+	-D_stdcall=\"__stdcall\"")
+else(WIN32)
+set(FLAGS_CROSS "-D_cdecl=\"__attribute__((cdecl))\" \
+	-D_stdcall=\"__attribute__((stdcall))\"")
+endif()
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11 \
 	-D_BUILDING_ENVIRONMENT_DLL -D_NO_TRACK_CALLBACKS_ ${FLAGS_CROSS}")
 
@@ -20,6 +26,7 @@ set_target_properties(${LIBRARY_NAME} PROPERTIES
   )
 
 install(TARGETS ${LIBRARY_NAME}
+  DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
   LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
   PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/SymbolicEnvironment
   )
diff --git a/VirtualMemory/CMakeLists.txt b/VirtualMemory/CMakeLists.txt
@@ -6,6 +6,7 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11")
 add_library(${LIBRARY_NAME} STATIC
 	VirtualMem.cpp
 	MemoryLayout.Linux.cpp
+	MemoryLayout.Windows.cpp
 	../libproc/libproc.cpp
 	)
 

diff --git a/VirtualMemory/MemoryLayout.Linux.cpp b/VirtualMemory/MemoryLayout.Linux.cpp
@@ -1,4 +1,4 @@
-#if __linux__
+#ifdef __linux__
 
 #include "../libproc/os-linux.h"
 
@@ -12,14 +12,14 @@ namespace vmem {
 	class LinMemoryLayout : public MemoryLayout {
 	private:
 		process_t pid;
-		std::vector<MemoryRegionInfo> regions;
+		std::vector<MemoryRegionInformation> regions;
 	public :
 		LinMemoryLayout(process_t p) {
 			pid = p;
 		}
 
 		virtual bool Snapshot() {
-			MemoryRegionInfo mTmp;
+			MemoryRegionInformation mTmp;
 			struct map_iterator mi;
 			if (maps_init(&mi, pid) < 0) {
 				//dbg_log("[DualAllocator] Cannot retrieve /proc/%d/maps\n", pid);
@@ -72,7 +72,7 @@ namespace vmem {
 			maps_close(&mi);
 		}
 
-		virtual bool Query(void *addr, MemoryRegionInfo &out) {
+		virtual bool Query(void *addr, MemoryRegionInformation &out) {
 			for (auto it = regions.begin(); it != regions.end(); ++it) {
 				if (addr < it->allocationBase)
 					continue;

diff --git a/VirtualMemory/MemoryLayout.Windows.cpp b/VirtualMemory/MemoryLayout.Windows.cpp
@@ -53,7 +53,7 @@ namespace vmem {
 			return true;
 		}
 
-		virtual bool Query(void *addr, MemoryRegionInfo &out) {
+		virtual bool Query(void *addr, MemoryRegionInformation &out) {
 			MEMORY_BASIC_INFORMATION32 mbi;
 
 			if (0 == VirtualQueryEx(process, addr, (PMEMORY_BASIC_INFORMATION)&mbi, sizeof(mbi))) {

diff --git a/VirtualMemory/MemoryLayout.h b/VirtualMemory/MemoryLayout.h
@@ -1,4 +1,5 @@
 #ifndef _MEMORY_LAYOUT_H_
+#define _MEMORY_LAYOUT_H_
 
 #include "VirtualMem.h"
 
@@ -13,7 +14,7 @@ namespace vmem {
 #define MEMORY_REGION_WRITE			0x2
 #define MEMORY_REGION_EXECUTE		0x1
 
-	struct MemoryRegionInfo {
+	struct MemoryRegionInformation {
 		void *baseAddress;
 		void *allocationBase;
 
@@ -31,7 +32,7 @@ namespace vmem {
 	class MemoryLayout {
 	public:
 		virtual bool Snapshot() = 0;
-		virtual bool Query(void *addr, MemoryRegionInfo &out) = 0;
+		virtual bool Query(void *addr, vmem::MemoryRegionInformation &out) = 0;
 		virtual bool Release() = 0;
 
 		virtual bool Debug() = 0;

diff --git a/VirtualMemory/VirtualMem.cpp b/VirtualMemory/VirtualMem.cpp
@@ -15,7 +15,7 @@ namespace vmem {
 		}
 
 		while (dwOffset < 0x2FFF0000) {
-			MemoryRegionInfo mri;
+			MemoryRegionInformation mri;
 			nodep::DWORD regionSize = 0xFFFFFFFF;
 			bool regionFree = true;
 
@@ -77,7 +77,7 @@ namespace vmem {
 		}
 
 		while (dwOffset < 0x2FFF0000) {
-			MemoryRegionInfo mri;
+			MemoryRegionInformation mri;
 			nodep::DWORD regionSize = 0xFFFFFFFF;
 			bool regionFree = true;
 

diff --git a/ipclib/CMakeLists.txt b/ipclib/CMakeLists.txt
@@ -7,4 +7,6 @@ add_library(${LIBRARY_NAME} SHARED
 	ipclib.cpp
 	)
 
+target_compile_definitions(${LIBRARY_NAME} PRIVATE _BUILDING_IPC_DLL)
+
 install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib)
diff --git a/libproc/libproc.cpp b/libproc/libproc.cpp
@@ -24,6 +24,8 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
 
+#ifdef __linux__
+
 #include "os-linux.h"
 #include <fcntl.h>
 #include <sys/mman.h>
@@ -298,3 +300,5 @@ long get_rss() {
 	fclose( fp );
 	return (size_t)resident * (size_t)sysconf( _SC_PAGESIZE);
 }
+
+#endif
diff --git a/loader.setup/CMakeLists.txt b/loader.setup/CMakeLists.txt
@@ -0,0 +1,13 @@
+## loader.setup CMakeLists.txt
+
+set(LIBRARY_NAME "loadersetup")
+
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32 -std=c++11")
+set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS}")
+set(CMAKE_CXX_FLAGS_DEBUG "-g ${CMAKE_CXX_FLAGS}")
+
+add_library(${LIBRARY_NAME} STATIC
+	Setup.Windows.cpp
+	)
+
+install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib)
diff --git a/loader/CMakeLists.txt b/loader/CMakeLists.txt
@@ -4,7 +4,7 @@ set(LIBRARY_NAME "loader")
 
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32 -std=c++11")
 set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS}")
-set(CMAKE_CXX_FLAGS_DEGUB "-g ${CMAKE_CXX_FLAGS}")
+set(CMAKE_CXX_FLAGS_DEBUG "-g ${CMAKE_CXX_FLAGS}")
 
 set(CMAKE_ASM_COMPILER as)
 set(CMAKE_ASM_FLAGS "--32")
@@ -14,12 +14,15 @@ set(CMAKE_ASM_FLAGS_DEBUG "-g ${CMAKE_ASM_FLAGS}")
 add_library(${LIBRARY_NAME} SHARED
 	Loader.Linux.cpp
 	Loader.Linux.Stub.S
+	Loader.Windows.cpp
 	)
 
+if (UNIX AND NOT APPLE)
 target_link_libraries(${LIBRARY_NAME}
 	rt
 	dl
-	)
+)
+endif()
 
 # disable -${LIBRARY_NAME}_EXPORTS
 set_target_properties(${LIBRARY_NAME}

diff --git a/revtracer-wrapper/CMakeLists.txt b/revtracer-wrapper/CMakeLists.txt
@@ -1,17 +1,28 @@
 ## revtracer-wrapper CMakeLists.txt
 
 set(LIBRARY_NAME "revtracerwrapper")
+
+
+
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -m32 -std=c++11")
 
 add_library(${LIBRARY_NAME} SHARED
 	RevtracerWrapper.cpp
 	Wrapper.Linux.cpp
 	Wrapper.Windows.cpp
-	)
+)
+
+target_compile_definitions(${LIBRARY_NAME} PRIVATE _BUILDING_REVTRACER_WRAPPER_DLL)
+
+if (UNIX AND NOT APPLE)
+set (OS_LIBS dl)
+else ()
+set (OS_LIBS)
+endif ()
 
 target_link_libraries(${LIBRARY_NAME}
 	binloader
-	dl
-	)
+	${OS_LIBS}
+)
 
 install(TARGETS ${LIBRARY_NAME} DESTINATION ${CMAKE_INSTALL_PREFIX}/lib)
diff --git a/revtracer/CMakeLists.txt b/revtracer/CMakeLists.txt
@@ -3,8 +3,14 @@
 set(CMAKE_VERBOSE_MAKEFILE true)
 set(CMAKE_CXX_COMPILER i686-w64-mingw32-g++)
 
+if(WIN32)
+set(FLAGS_CROSS "-D_cdecl=\"__cdecl\" \
+	-D_stdcall=\"__stdcall\"")
+else(WIN32)
 set(FLAGS_CROSS "-D_cdecl=\"__attribute__((cdecl))\" \
 	-D_stdcall=\"__attribute__((stdcall))\"")
+endif()
+
 set(CMAKE_CXX_FLAGS "-g -m32 -march=i386 -fno-exceptions \
 	-fno-stack-protector -fcheck-new -std=c++11 ${FLAGS_CROSS} \
 	-D_BUILDING_REVTRACER_DLL")
@@ -68,5 +74,6 @@ set_target_properties(revtracer
 	)
 
 install(TARGETS revtracer
+  DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
   LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
   PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/revtracer)
diff --git a/revtracer/callgates.cpp b/revtracer/callgates.cpp
@@ -30,11 +30,23 @@ void SetEsp(struct ExecutionEnvironment *pEnv, nodep::DWORD esp) {
 
 #ifdef _MSC_VER
 #define GET_RETURN_ADDR _ReturnAddress
+#define GET_ESP() ( int _esp; __asm mov _esp, esp; esp; )
 #define CALLING_CONV(conv) __##conv
+
+nodep::DWORD __declspec(naked) EspAddr() {
+	__asm mov eax, esp
+	__asm ret
+}
 #else
 #define GET_RETURN_ADDR() ({ int addr; asm volatile("mov 4(%%ebp), %0" : "=r" (addr)); addr; })
 #define GET_ESP() ({ int esp; asm volatile("mov %%esp, %0" : "=r" (esp)); esp; })
 #define CALLING_CONV(conv) __attribute__((conv))
+#define ATTRIBUTE(conv) __attribute__((conv))
+
+nodep::DWORD __attribute__((naked)) EspAddr() {
+	return (nodep::DWORD)GET_ESP();
+}
+
 #endif
 
 #define _RET_ADDR_FUNC_2(conv, paramCount, ...) \
@@ -44,10 +56,6 @@ void SetEsp(struct ExecutionEnvironment *pEnv, nodep::DWORD esp) {
 
 #define _RET_ADDR_FUNC_(conv, paramCount, ...) _RET_ADDR_FUNC_2(conv, paramCount, __VA_ARGS__)
 
-nodep::DWORD CALLING_CONV(naked) EspAddr () {
-	return (nodep::DWORD)GET_ESP();
-}
-
 
 _RET_ADDR_FUNC_(cdecl, 0);
 _RET_ADDR_FUNC_(cdecl, 1, void *);