Skip to content
/ Crashme-- Public

Crashme-- is a simplified fork of Crashme v2.8.5. It executes random bytecode, and aggregates errors.

Notifications You must be signed in to change notification settings

28mm/Crashme--

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Crashme--

Crashme-- is a simplified fork of George Carrette's crashme program, which executes random bytecode as a test of system stability. As its name suggests, crashme-- is less featureful than crashme: it removes suppport for VMS, Windows, and HP_UX; it doesn't have its own prng routines; it won't log in as much detail; and it supports fewer configurable options.

This is a work in progresss.

How it Works

Crashme-- fills an array of bytes with random values, and executes it via a function pointer. This is very simple to do, as the listing below illustrates. Note that mprotect(2) must be called to disable the NX bit on the memory pages containing fn_data.

#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>

#define NBYTES       666
#define SEED_DEFAULT 666

typedef void (*BADBOY) ();

int main(int argc, char **argv) {
  unsigned char fn_data[NBYTES];            /* Holds garbage program "TEXT" */
  BADBOY        fn_ptr = (BADBOY) &fn_data; /* Allows execution of same.    */

  mprotect( (void *) ((((long) fn_data) / getpagesize()) * getpagesize()),
            ((NBYTES / getpagesize()) + 1 ) * getpagesize(),
            PROT_READ | PROT_WRITE | PROT_EXEC);

  srand( argc > 1 ? atoi(argv[1]) : SEED_DEFAULT );
  for (int i=0; i < NBYTES; i++)
    fn_data[i] = rand() & 0xFF;

  fn_ptr ();
}

Building Crashme--

$ git clone https://github.com/28mm/crashme--
$ cd crashme--
$ make

Running Crashme--

Selinux may prevent crashme-- from working correctly.

$ sudo setenforce 0

Crashme-- has two modes: a worker mode, which executes random data; and a supervisor mode that spawns a specified number of children in worker mode.

$ crashme-- --bytes=1024 --seed=666 --worker
$ crashme-- --bytes=1024 --seed=666 --fork=4

About

Crashme-- is a simplified fork of Crashme v2.8.5. It executes random bytecode, and aggregates errors.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published