-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch.xml
6330 lines (5565 loc) · 959 KB
/
search.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<search>
<entry>
<title>2023 山东省大学生网络安全技能大赛 复盘</title>
<url>/2023/10/23/23sdnisc/</url>
<content><![CDATA[<h1 id="2023-网安省赛复盘"><a href="#2023-网安省赛复盘" class="headerlink" title="2023 网安省赛复盘"></a>2023 网安省赛复盘</h1><h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><ul>
<li>AiDai👴🏻🐂🍺</li>
</ul>
<h2 id="Misc-签到"><a href="#Misc-签到" class="headerlink" title="Misc - 签到"></a>Misc - 签到</h2><p>下载附件得到游戏地址,随便玩了三四关发现一共 17 关,👴🏻懒的打了,网页源码中发现注释的 <code>index.js</code>,搜 flag 有个 flag 函数,里头就有 flag:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20231023221659202.png" alt="image-20231023221659202"></p>
<figure class="highlight js"><table><tr><td class="code"><pre><span class="line"><span class="keyword">let</span> r = <span class="string">"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+="</span>;</span><br><span class="line"><span class="keyword">let</span> cars = [<span class="number">25</span>, <span class="number">38</span>, <span class="number">49</span>, <span class="number">33</span>, <span class="number">25</span>, <span class="number">55</span>, <span class="number">45</span>, <span class="number">37</span>, <span class="number">12</span>, <span class="number">22</span>, <span class="number">24</span>, <span class="number">50</span>, <span class="number">12</span>, <span class="number">51</span>, <span class="number">24</span>, <span class="number">51</span>, <span class="number">13</span>, <span class="number">3</span>, <span class="number">16</span>, <span class="number">52</span>, <span class="number">13</span>, <span class="number">38</span>, <span class="number">25</span>, <span class="number">38</span>, <span class="number">13</span>, <span class="number">54</span>, <span class="number">4</span>, <span class="number">52</span>, <span class="number">13</span>, <span class="number">19</span>, <span class="number">20</span>, <span class="number">55</span>, <span class="number">12</span>, <span class="number">38</span>, <span class="number">8</span>, <span class="number">51</span>, <span class="number">12</span>, <span class="number">38</span>, <span class="number">16</span>, <span class="number">49</span>, <span class="number">14</span>, <span class="number">22</span>, <span class="number">8</span>, <span class="number">54</span>, <span class="number">13</span>, <span class="number">35</span>, <span class="number">37</span>, <span class="number">33</span>, <span class="number">12</span>, <span class="number">55</span>, <span class="number">52</span>, <span class="number">63</span>];</span><br><span class="line"><span class="keyword">let</span> ff = <span class="string">""</span>;</span><br><span class="line"><span class="keyword">for</span> (<span class="keyword">var</span> iii = <span class="number">0</span>; iii < cars.<span class="property">length</span>; iii++) {</span><br><span class="line"> ff = ff + r[cars[iii]];</span><br><span class="line">}</span><br><span class="line"><span class="comment">/*this is flag*/</span></span><br></pre></td></tr></table></figure>
<p>扔到控制台里头🏃🏻♀️:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20231023221716239.png" alt="image-20231023221716239"></p>
<figure class="highlight plaintext"><table><tr><td class="code"><pre><span class="line">ZmxhZ3tlMWYyMzYzNDQ0NmZmN2E0NTU3MmIzMmQxOWI2NjlhM30=</span><br></pre></td></tr></table></figure>
<p>base64 解码得 flag</p>
<h2 id="Misc-啊吧啊吧的数据包"><a href="#Misc-啊吧啊吧的数据包" class="headerlink" title="Misc - 啊吧啊吧的数据包"></a>Misc - 啊吧啊吧的数据包</h2><p>通过筛选 POST 请求发现有 shell 交互:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20231023221757948.png" alt="image-20231023221757948"></p>
<p>解码 base64 发现这是一个查看 flag 的操作</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">echo Y2F0IGZsYWdfMTI2NDQzMTI= | base64 -d </span><br><span class="line">cat flag_12644312</span><br></pre></td></tr></table></figure>
<p>再结合后面的命令,这个 shell 在逐个字符爆破 flag,采用时间盲注,那么筛选这一段的 http 流数据(30147 - 35661),导出为 csv 便于 python 处理,删掉多余的列之后,保留 value 和时间, 写脚本处理即可:</p>
<figure class="highlight python"><table><tr><td class="code"><pre><span class="line"><span class="comment">#!/usr/bin/python3</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">import</span> re</span><br><span class="line"></span><br><span class="line"><span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">"data_out.csv"</span>, <span class="string">"r"</span>) <span class="keyword">as</span> f:</span><br><span class="line"> lines = f.readlines()</span><br><span class="line"> now_num = <span class="number">1</span></span><br><span class="line"> now_index = <span class="string">"cut -c{:d}"</span></span><br><span class="line"> old_line = <span class="string">""</span></span><br><span class="line"> attack_time = <span class="number">0</span></span><br><span class="line"> response_time = <span class="number">0</span></span><br><span class="line"> pattern = <span class="string">"cut -c\d+\) = \'(.)\'"</span></span><br><span class="line"> <span class="keyword">for</span> line <span class="keyword">in</span> lines:</span><br><span class="line"> <span class="keyword">try</span>:</span><br><span class="line"> t, payload = line.strip().split(<span class="string">","</span>)</span><br><span class="line"> <span class="keyword">if</span> payload == <span class="string">""</span>:</span><br><span class="line"> response_time = <span class="built_in">float</span>(t)</span><br><span class="line"> <span class="comment"># print(attack_time, response_time)</span></span><br><span class="line"> <span class="keyword">if</span> response_time - attack_time >= <span class="number">3</span>:</span><br><span class="line"> xxx = re.findall(pattern=pattern, string=old_line)</span><br><span class="line"> <span class="built_in">print</span>(xxx[<span class="number">0</span>], end=<span class="string">""</span>)</span><br><span class="line"> <span class="keyword">else</span>:</span><br><span class="line"> attack_time = <span class="built_in">float</span>(t)</span><br><span class="line"> old_line = line.strip()</span><br><span class="line"> <span class="keyword">except</span> Exception:</span><br><span class="line"> <span class="keyword">pass</span></span><br></pre></td></tr></table></figure>
<h2 id="Misc-我应该去爱你"><a href="#Misc-我应该去爱你" class="headerlink" title="Misc - 我应该去爱你"></a>Misc - 我应该去爱你</h2><p>扔到 Audacity 里看频谱,这玩意考眼神:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20231023222109483.png" alt="image-20231023222109483"></p>
<p>猜了好几遍才猜对,眼神不行了😅</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">flag{dfcba866efb361d89b7240c49653a782}</span><br></pre></td></tr></table></figure>
<h2 id="Misc-简单编码-补"><a href="#Misc-简单编码-补" class="headerlink" title="Misc - 简单编码(补)"></a>Misc - 简单编码(补)</h2><ul>
<li>比赛日下午脑子一团浆糊,最后十几分钟才意识到这玩意是不是 二进制和八进制</li>
<li>然后写脚本,寄在这个根据长度判断是二进制还是八进制(但凡判断条件里头加上个 <code>=</code> 就出 flag 了)<ul>
<li>出来的字符串先 base64 解码,然后 base32 解码,最后 hex2str</li>
</ul>
</li>
</ul>
<figure class="highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">import</span> base64</span><br><span class="line"><span class="keyword">import</span> binascii</span><br><span class="line"></span><br><span class="line"><span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">"./e949a66de57a5411f5e9935442787a5b.txt"</span>, <span class="string">"r"</span>) <span class="keyword">as</span> f:</span><br><span class="line"> data = f.read().split(<span class="string">" "</span>)</span><br><span class="line"> flag = <span class="string">""</span></span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> data:</span><br><span class="line"> <span class="keyword">if</span> <span class="built_in">len</span>(i) == <span class="number">0</span>:</span><br><span class="line"> <span class="keyword">continue</span></span><br><span class="line"> <span class="keyword">if</span> <span class="built_in">len</span>(i) <= <span class="number">4</span>:</span><br><span class="line"> flag += <span class="built_in">chr</span>(<span class="built_in">int</span>(i, <span class="number">8</span>))</span><br><span class="line"> <span class="keyword">else</span>:</span><br><span class="line"> flag += <span class="built_in">chr</span>(<span class="built_in">int</span>(i, <span class="number">2</span>))</span><br><span class="line"> </span><br><span class="line"> flag = base64.b64decode(flag)</span><br><span class="line"> flag = base64.b32decode(flag)</span><br><span class="line"> flag = binascii.a2b_hex(flag)</span><br><span class="line"> <span class="built_in">print</span>(flag)</span><br></pre></td></tr></table></figure>
<h2 id="Misc-神秘的-base-补"><a href="#Misc-神秘的-base-补" class="headerlink" title="Misc - 神秘的 base(补)"></a>Misc - 神秘的 base(补)</h2><ul>
<li>👴🏻之前没用过 base 换表,不晓得怎么改,找 b64decode 源码改了一通也不行<ul>
<li>原来只需要 translate 就行😅</li>
</ul>
</li>
<li>后续补的脚本:</li>
</ul>
<figure class="highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">import</span> base64</span><br><span class="line"><span class="keyword">import</span> itertools</span><br><span class="line"></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">DecodeB64</span>(<span class="params">text</span>):</span><br><span class="line"> old_table = <span class="string">"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"</span></span><br><span class="line"> l = <span class="string">"OYiv05"</span></span><br><span class="line"></span><br><span class="line"> <span class="built_in">all</span> = itertools.permutations(l, <span class="number">6</span>)</span><br><span class="line"> <span class="keyword">for</span> item <span class="keyword">in</span> <span class="built_in">all</span>:</span><br><span class="line"> item = <span class="string">""</span>.join(item)</span><br><span class="line"> table = <span class="string">"xbQTZqjN8ERuwlzVfUIrPkeHd{}LK697o2pSsGD+ncgm3CBh/Xy1MF4JAWta"</span>.<span class="built_in">format</span>(item)</span><br><span class="line"> decoded = base64.b64decode(text.translate(text.maketrans(old_table, table)))</span><br><span class="line"> <span class="keyword">if</span> decoded.endswith(<span class="string">b"}"</span>) <span class="keyword">and</span> decoded.isascii():</span><br><span class="line"> <span class="built_in">print</span>(decoded)</span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> __name__ == <span class="string">'__main__'</span>:</span><br><span class="line"> encoded_flag = <span class="string">"EvAzEwo6E9RO4qSAHq42E9KvEv5zHDt34GtdHGJaHD7NHG42bwd="</span></span><br><span class="line"> DecodeB64(encoded_flag)</span><br></pre></td></tr></table></figure>
<h2 id="Crypto-小试牛刀"><a href="#Crypto-小试牛刀" class="headerlink" title="Crypto - 小试牛刀"></a>Crypto - 小试牛刀</h2><p>给的密文:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">ipfm\x82Kj]p~l?\x82ogw\x85mt[K\x8br\x97</span><br></pre></td></tr></table></figure>
<p>猜测是根据 flag{} 进行变换的</p>
<p>那么找规律发现:</p>
<figure class="highlight python"><table><tr><td class="code"><pre><span class="line">In [<span class="number">11</span>]: <span class="built_in">ord</span>(<span class="string">'f'</span>) - <span class="built_in">ord</span>(<span class="string">'i'</span>)</span><br><span class="line">Out[<span class="number">11</span>]: -<span class="number">3</span></span><br><span class="line"></span><br><span class="line">In [<span class="number">12</span>]: <span class="built_in">ord</span>(<span class="string">'l'</span>) - <span class="built_in">ord</span>(<span class="string">'p'</span>)</span><br><span class="line">Out[<span class="number">12</span>]: -<span class="number">4</span></span><br></pre></td></tr></table></figure>
<p>写解题脚本得到 flag:</p>
<figure class="highlight python"><table><tr><td class="code"><pre><span class="line">d = <span class="string">b"ipfm\x82Kj]p~l?\x82ogw\x85mt[K\x8br\x97"</span></span><br><span class="line"><span class="keyword">for</span> i, v <span class="keyword">in</span> <span class="built_in">enumerate</span>(d):</span><br><span class="line"> <span class="built_in">print</span>(<span class="built_in">chr</span>(v-i-<span class="number">3</span>), end=<span class="string">""</span>)</span><br><span class="line"></span><br><span class="line"><span class="comment"># flag{CaSer_1s_VerY_E4sY}</span></span><br></pre></td></tr></table></figure>
<h2 id="Reverse-人生模拟-补"><a href="#Reverse-人生模拟-补" class="headerlink" title="Reverse - 人生模拟(补)"></a>Reverse - 人生模拟(补)</h2><ul>
<li>👴🏻好久不用 Ghidra 的 patch,给忘了导出要选 ELF(👴🏻选的Binary,👴🏻脑子瓦特了),就说怎么 patch 的程序直接执行不了</li>
</ul>
<p>简单看了看程序逻辑,猜测 flag 会在 FUN_0040350f 函数中打印出来,想要执行到这里必须要活到 60 岁,在主函数中的 while 循环里的 FUN_00403914 函数应该是获取当前的年龄:</p>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20231024160930613.png" alt="image-20231024160930613" style="zoom:50%;" />
<p>这个函数长这样:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line"><span class="number">00403914</span> <span class="number">55</span> PUSH RBP</span><br><span class="line"><span class="number">00403915</span> <span class="number">48</span> <span class="number">89</span> e5 MOV RBP,RSP</span><br><span class="line"><span class="number">00403918</span> <span class="number">48</span> <span class="number">89</span> <span class="number">7</span>d f8 MOV qword ptr [RBP + local_10],RDI</span><br><span class="line"><span class="number">0040391</span>c <span class="number">48</span> <span class="number">8b</span> <span class="number">45</span> f8 MOV RAX,qword ptr [RBP + local_10]</span><br><span class="line"><span class="number">00403920</span> <span class="number">8b</span> <span class="number">40</span> <span class="number">04</span> MOV EAX,dword ptr [RAX + <span class="number">0x4</span>]</span><br><span class="line"><span class="number">00403923</span> <span class="number">5</span>d POP RBP</span><br><span class="line"><span class="number">00403924</span> c3 RET</span><br><span class="line"><span class="number">00403925</span> <span class="number">90</span> ?? <span class="number">90</span>h</span><br><span class="line"></span><br><span class="line">undefined4 <span class="title function_">FUN_00403914</span><span class="params">(<span class="type">long</span> param_1)</span></span><br><span class="line"></span><br><span class="line">{</span><br><span class="line"> <span class="keyword">return</span> *(param_1 + <span class="number">4</span>);</span><br><span class="line">}</span><br></pre></td></tr></table></figure>
<p>那直接 patch, 直接返回 60:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line"><span class="number">00403914</span> <span class="number">55</span> PUSH RBP</span><br><span class="line"><span class="number">00403915</span> <span class="number">48</span> <span class="number">89</span> e5 MOV RBP,RSP</span><br><span class="line"><span class="number">00403918</span> <span class="number">48</span> <span class="number">89</span> <span class="number">7</span>d f8 MOV qword ptr [RBP + local_10],RDI</span><br><span class="line"><span class="number">0040391</span>c <span class="number">48</span> c7 c0 MOV RAX,<span class="number">0x3c</span></span><br><span class="line"> <span class="number">3</span>c <span class="number">00</span> <span class="number">00</span> <span class="number">00</span></span><br><span class="line"><span class="number">00403923</span> <span class="number">5</span>d POP RBP</span><br><span class="line"><span class="number">00403924</span> c3 RET</span><br><span class="line"><span class="number">00403925</span> <span class="number">90</span> ?? <span class="number">90</span>h</span><br><span class="line"></span><br><span class="line">undefined8 <span class="title function_">get_age</span><span class="params">(<span class="type">void</span>)</span></span><br><span class="line"></span><br><span class="line">{</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0x3c</span>;</span><br><span class="line">}</span><br></pre></td></tr></table></figure>
<p>然后 <code>FUN_0040350f</code> 函数里有这样的条件判断:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line"><span class="keyword">if</span> ((((<span class="number">0</span> < param_2) && (<span class="number">0</span> < param_3)) && (<span class="number">0</span> < param_4)) &&</span><br><span class="line"> (((<span class="number">0</span> < param_5 && (param_1 == <span class="number">0x3c</span>)) && (local_f0 == <span class="number">0x11120c94</span>))))</span><br></pre></td></tr></table></figure>
<p>直接把对应条件判断指令反过来写, 改完:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line"><span class="keyword">if</span> ((((<span class="literal">true</span>) && (<span class="literal">true</span>)) && (<span class="literal">true</span>)) && (((<span class="literal">true</span> && (param_1 == <span class="number">60</span>)) && (local_f0 != <span class="number">0x11120c94</span>))))</span><br></pre></td></tr></table></figure>
<p>Patch 完直接导出 ELF 文件, 运行之后崩溃在了 <code>0x4035de</code> 处(<code>idiv rcx</code>, 此时 rcx 是 0),直接 nop 掉,重新导出运行就能拿到flag:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"> ./simulation2</span><br><span class="line">==============================================================================</span><br><span class="line">|| ||</span><br><span class="line">|| It's another year of Shandong competition. ||</span><br><span class="line">|| Welcome to the life simulator ||</span><br><span class="line">|| ||</span><br><span class="line">|| author: Mr_hello ||</span><br><span class="line">|| ||</span><br><span class="line">|| ||</span><br><span class="line">==============================================================================</span><br><span class="line">你出生了,你是一名男孩</span><br><span class="line">flag{76bce138e9f529db4d684e1d5e7875e4}</span><br></pre></td></tr></table></figure>
]]></content>
<categories>
<category>CTF</category>
</categories>
<tags>
<tag>Writeup</tag>
</tags>
</entry>
<entry>
<title>AFL++ QEMU mode (aarch64)</title>
<url>/2024/06/18/AFLplusplus-QEMU-enchanced/</url>
<content><![CDATA[<h1 id="AFL-QEMU-mode-(aarch64)高级应用"><a href="#AFL-QEMU-mode-(aarch64)高级应用" class="headerlink" title="AFL++ QEMU mode (aarch64)高级应用"></a>AFL++ QEMU mode (aarch64)高级应用</h1><blockquote>
<p>参考资料: </p>
<ul>
<li><a href="https://antel0p3.github.io/2023/07/20/AFL-QEMU/">使用 AFL++-QEMU 和 LIBPROTOBUF 的高级二进制模糊:语法感知和内存中持续模糊的实际案例</a></li>
<li><a href="https://github.com/AFLplusplus/AFLplusplus/blob/stable/qemu_mode/README.persistent.md">How to use the persistent mode in AFL++’s QEMU mode</a></li>
</ul>
</blockquote>
<p>AFL++ 的 QEMU 模式在物联网(IoT)和车联网(V2X)领域有着重要的应用。由于这些设备和系统通常包含大量闭源软件,且运行在多种不同架构上(如 ARM、MIPS 等),传统的源代码插桩方法往往不可行。利用 QEMU 模式,AFL++ 能够在不需要源代码的情况下直接对这些设备的固件或二进制文件进行模糊测试。</p>
<p>但 QEMU 模式的执行速度比编译时插桩模式慢得多,因为 QEMU 模式需要进行二进制翻译和仿真,而这些操作比直接运行编译过的插桩代码要耗费更多的时间和资源。</p>
<p>为了优化提升 QEMU mode 测试效率,我们可以通过对下述环境变量进行配置,具体内容可参考<a href="https://github.com/AFLplusplus/AFLplusplus/blob/stable/qemu_mode/README.md">官方说明文档</a></p>
<ul>
<li><p>插桩和覆盖率:</p>
<ul>
<li><code>AFL_INST_LIBS</code> (如果需要对使用的库进行插桩,可启用该选项)</li>
<li><code>AFL_QEMU_INST_RANGES</code> (用于指定插桩的地址范围)</li>
</ul>
</li>
<li><p>突变:</p>
<ul>
<li><code>AFL_CUSTOM_MUTATOR_LIBRARY</code></li>
<li><code>AFL_CUSTOM_MUTATOR_ONLY</code></li>
</ul>
</li>
<li><p>变异:</p>
<ul>
<li><code>AFL_ENTRYPOINT</code></li>
<li><code>AFL_QEMU_PERSISTENT_ADDR</code>/ <code>AFL_QEMU_PERSISTENT_ADDR_RET</code></li>
<li><code>AFL_QEMU_PERSISTENT_HOOK</code></li>
<li><code>AFL_DISABLE_TRIM</code></li>
<li><code>AFL_DEBUG</code>/ <code>AFL_DEBUG_CHILD</code></li>
</ul>
</li>
</ul>
<p>本文将以 <a href="https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a">libjpeg</a> 为例,在 aarch64 架构下进行编译与测试,测试目标是 libjpeg 库中自带的 cjpeg 程序。它是一个二进制文件,能够将输入的图片文件转换为 jpeg 文件。</p>
<p>编译目标程序:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">按照交叉编译环境</span> </span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">sudo apt install gcc-aarch64-linux-gnu</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">生成 Makefile</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">./configure --prefix=<span class="string">"<span class="subst">$(pwd)</span>/install"</span> --enable-shared --enable-static CC=aarch64-linux-gnu-gcc --host=aarch64-linux</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">make -j && make install</span></span><br></pre></td></tr></table></figure>
<p>运行(AFL++ 的 QEMU mode 已经预先编译安装完成(aarch64)):</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">QEMU_LD_PREFIX=/usr/aarch64-linux-gnu LD_LIBRARY_PATH=./install/lib afl-qemu-trace ./install/bin/cjpeg -h</span></span><br><span class="line">usage: ./cjpeg [switches] [inputfile]</span><br><span class="line">......</span><br></pre></td></tr></table></figure>
<ul>
<li>种子应当寻找对应的合法类型文件,例如这里可以寻找 ppm 类型样例文件<ul>
<li>这里由于程序较简单,种子只写了一个 a,任其随机变异</li>
</ul>
</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd install</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">创建种子文件</span></span><br><span class="line">mkdir input && echo a > input/test</span><br></pre></td></tr></table></figure>
<ul>
<li>由于该程序是动态链接的,且使用了 libjpeg.so 库,在对其进行模糊测试时需要装载:</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">!/bin/bash</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">fuzz.sh 文件内容:</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">配置 ld 路径</span></span><br><span class="line">export QEMU_LD_PREFIX=/usr/aarch64-linux-gnu</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">指定 libjpeg.so 所在的路径</span></span><br><span class="line">export LD_LIBRARY_PATH=./lib</span><br><span class="line">afl-fuzz -i ./input -o ./output -Q -m 10240 -- ./bin/cjpeg @@</span><br></pre></td></tr></table></figure>
<p>发现第一个 crash 用时 44s,exec speed 在 700 ~ 1000/sec 浮动:</p>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture202408130857834.png" alt="image-20240617100028263" style="zoom:80%;" />
<h2 id="入口点更改"><a href="#入口点更改" class="headerlink" title="入口点更改"></a>入口点更改</h2><p>默认情况下,AFL++ 会自动将程序的入口点设置为 AFL 的入口点( <code>_start</code> 函数),这种情况下,每次迭代都会完整地运行整个目标</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">可以通过开启 AFL_DEBUG 选项查看入口点:</span></span><br><span class="line">[AFL++ ebb70fcf6696] ~/libjpeg/install # AFL_DEBUG=1 ./fuzz.sh | grep entrypoint</span><br><span class="line">AFL forkserver entrypoint: 0x5500001840</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">使用 r2 查询 _start 函数地址:</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">r2 -c <span class="string">"aa; pdf@0x1840"</span> bin/cjpeg</span></span><br><span class="line"> ;-- _start:</span><br><span class="line"> ;-- pc:</span><br><span class="line"> ; XREFS(30)</span><br><span class="line">┌ 48: entry0 (func rtld_fini, int64_t argc, char **ubp_av); // noreturn</span><br><span class="line">│ ; arg func rtld_fini @ x0</span><br><span class="line">│ ; arg int64_t argc @ sp+0x0</span><br><span class="line">│ ; arg char **ubp_av @ sp+0x8</span><br><span class="line">│ 0x00001840 1f2003d5 nop</span><br><span class="line">│ 0x00001844 1d0080d2 mov x29, 0</span><br><span class="line">│ 0x00001848 1e0080d2 mov x30, 0</span><br><span class="line">│ 0x0000184c e50300aa mov x5, x0 ; func rtld_fini</span><br><span class="line">│ 0x00001850 e10340f9 ldr x1, [sp] ; pstate ; int argc</span><br><span class="line">│ 0x00001854 e2230091 add x2, ubp_av ; char **ubp_av</span><br><span class="line">│ 0x00001858 e6030091 mov x6, sp ; void *stack_end</span><br><span class="line">│ 0x0000185c a00000d0 adrp x0, 0x17000</span><br><span class="line">│ 0x00001860 00f847f9 ldr x0, [x0, 0xff0] ; 0x1480</span><br><span class="line">│ ; dbg.main ; func main</span><br><span class="line">│ 0x00001864 030080d2 mov x3, 0 ; func init</span><br><span class="line">│ 0x00001868 040080d2 mov x4, 0 ; func fini</span><br><span class="line">└ 0x0000186c 89feff97 bl sym.imp.__libc_start_main ; int __libc_start_main(func main, int argc, char **ubp_av, func init, func fini, func rtld_fini, void *stack_end)</span><br></pre></td></tr></table></figure>
<p>接下来使用 <code>AFL_ENTRYPOINT</code> 指定入口点到程序的主函数,跳过 _start 函数中的初始化工作:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">找到 main 函数偏移地址: 0x1480</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">r2 -c <span class="string">"aa; afl"</span> bin/cjpeg 2> /dev/null | grep main</span></span><br><span class="line">0x00001290 1 16 sym.imp.__libc_start_main</span><br><span class="line">0x00001480 35 896 main</span><br></pre></td></tr></table></figure>
<p>将偏移地址加上基地址得到最终的目标函数地址(aarch64 架构下,base addr 为 0x5500000000),那么 main 函数的目标地址为:<code>0x5500001480</code></p>
<ul>
<li>对于 amd64: 添加 0x4000000000</li>
<li>对于 x86: 添加 0x40000000</li>
<li>对于 aarch64: 添加 0x5500000000</li>
<li>对于 arm: 无需添加</li>
<li>具体的实际加载地址可以通过 <code>AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace TARGET-BINARY</code> 查看</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">在 fuzz.sh 中添加 AFL_ENTRYPOINT 选项</span></span><br><span class="line">export AFL_ENTRYPOINT=0x5500001480</span><br></pre></td></tr></table></figure>
<p>使用同样的种子,发现第一个 crash 用时 28s,exec speed 在 1000~1500/sec 浮动</p>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture202408130904840.png" alt="51ygiak3.y5b" style="zoom:80%;" />
<h2 id="持续模式"><a href="#持续模式" class="headerlink" title="持续模式"></a>持续模式</h2><p>“持续模式”是允许 AFL++ 避免每个迭代都调用 <code>fork</code> 的特性。相反,它在到达某个地址(<code>AFL_QEMU_PERSISTENT_ADDR</code>)时保存子节点的状态,并在到达另一个地址( <code>AFL_QEMU_PERSISTENT_RET</code>)时恢复此状态。(aarch64 架构下无法使用 <code>AFL_QEMU_PERSISTENT_RETADDR_OFFSET</code>)</p>
<ul>
<li>需要注意,<code>AFL_QEMU_PERSISTENT_ADDR</code> 必须指向程序中一个能够循环调用的函数,并且该函数返回后能够再次被调用。</li>
<li>99% 的情况下,需要附加 <code>AFL_QEMU_PERSISTENT_GPR=1</code>(用于恢复通用寄存器的状态,如果不添加该环境变量,第二次迭代循环开始之后会丢失参数值,例如 main 函数的 argc 值将丢失)</li>
</ul>
<p>在 cjpeg 中,我们目前需要重点关注的是解析文件、处理文件部分的函数,计算偏移后指定持续模式的起始地址与返回地址,期望能够持续测试目标部分如下:</p>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture202408130914230.png" alt="ytnr04bx.hkh" style="zoom:80%;" />
<ul>
<li>要注意,持续模式起始地址需要囊括读取文件部分(否则无法获取到模糊测试输入数据)</li>
</ul>
<p>在本样例程序中,文件读取、解析操作都在 main 函数中,因此起始地址仍需配置为 main 函数开始,返回地址可以适当前移(文件关闭句柄之前)</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">export AFL_QEMU_PERSISTENT_ADDR=0x5500001480</span><br><span class="line">export AFL_QEMU_PERSISTENT_RET=0x5500001668</span><br></pre></td></tr></table></figure>
<p>另外需要注意本程序中某个分支下有一个能够导致程序退出的 return,持续模式下如果包含能够导致程序退出的分支,需要指定:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">export AFL_QEMU_PERSISTENT_EXITS=1</span><br></pre></td></tr></table></figure>
<ul>
<li>启用该选项后,如果遇到 exit 不会退出程序,而是返回到 START 重新执行</li>
</ul>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture202408130914241.png" alt="tptd4hcc.nan" style="zoom:80%;" />
<p>如果执行时如果遇到下述问题,需要考虑修改起始地址、返回地址及上述相关配置:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">[AFL] ERROR: no persistent iteration executed</span><br><span class="line"></span><br><span class="line">[-] Unable to communicate with fork server. Some possible reasons:</span><br><span class="line"></span><br><span class="line"> - You've run out of memory. Use -m to increase the the memory limit</span><br><span class="line"> to something higher than 10240.</span><br><span class="line"> - The binary or one of the libraries it uses manages to create</span><br><span class="line"> threads before the forkserver initializes.</span><br><span class="line"> - The binary, at least in some circumstances, exits in a way that</span><br><span class="line"> also kills the parent process - raise() could be the culprit.</span><br><span class="line"> - If using persistent mode with QEMU, AFL_QEMU_PERSISTENT_ADDR is</span><br><span class="line"> probably not valid (hint: add the base address in case of PIE)</span><br><span class="line"></span><br><span class="line">If all else fails you can disable the fork server via AFL_NO_FORKSRV=1.</span><br><span class="line"></span><br><span class="line">[-] PROGRAM ABORT : Unable to communicate with fork server</span><br><span class="line"> Location : afl_fsrv_run_target(), src/afl-forkserver.c:1990</span><br></pre></td></tr></table></figure>
<p>对样例程序进行模糊测试:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">!/bin/bash</span></span><br><span class="line">export QEMU_LD_PREFIX=/usr/aarch64-linux-gnu</span><br><span class="line">export LD_LIBRARY_PATH=./lib</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash"><span class="built_in">export</span> AFL_INST_LIBS=1</span></span><br><span class="line">export AFL_ENTRYPOINT=0x5500001480</span><br><span class="line">export AFL_QEMU_PERSISTENT_ADDR=0x5500001480</span><br><span class="line">export AFL_QEMU_PERSISTENT_RET=0x5500001668</span><br><span class="line">export AFL_QEMU_PERSISTENT_GPR=1</span><br><span class="line">export AFL_QEMU_PERSISTENT_EXITS=1</span><br><span class="line">export AFL_QEMU_PERSISTENT_CNT=1000</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash"><span class="built_in">export</span> AFL_DEBUG=1</span></span><br><span class="line">afl-fuzz -i ./input -o ./output -Q -m 10240 -- ./bin/cjpeg @@</span><br></pre></td></tr></table></figure>
<ul>
<li>目标中的循环越稳定,可以运行的时间越长,循环越不稳定,循环计数应该越低。较低值为 100,最大值应为 10000。默认值为 1000。可以使用 <code>AFL_QEMU_PERSISTENT_CNT</code> 设置该值(根据具体情况适当调整该值即可,这里设为 1000)</li>
</ul>
<p>发现第一个 crash 用时 8s,exec speed 在 6000+/sec </p>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture202408130906519.png" alt="aqexs3jf.v4a" style="zoom:80%;" />
<h2 id="内存模糊测试"><a href="#内存模糊测试" class="headerlink" title="内存模糊测试"></a>内存模糊测试</h2><p>目标:直接从模糊器的内存中读取输入,跳过文件打开读取操作</p>
<p>钩子:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line"><span class="comment">/*</span></span><br><span class="line"><span class="comment"> * Inspired by https://github.com/AFLplusplus/AFLplusplus/blob/stable/utils/qemu_persistent_hook/read_into_rdi.c</span></span><br><span class="line"><span class="comment"> */</span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">"api.h"</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string"><string.h></span></span></span><br><span class="line"></span><br><span class="line"><span class="meta">#<span class="keyword">define</span> g2h(x) ((void *)((unsigned long)(x) + guest_base))</span></span><br><span class="line"><span class="meta">#<span class="keyword">define</span> h2g(x) ((uint64_t)(x) - guest_base)</span></span><br><span class="line"></span><br><span class="line"><span class="type">void</span> <span class="title function_">afl_persistent_hook</span><span class="params">(<span class="keyword">struct</span> arm64_regs *regs, <span class="type">uint64_t</span> guest_base, <span class="type">uint8_t</span> *input_buf, <span class="type">uint32_t</span> input_buf_len)</span> {</span><br><span class="line"> <span class="comment">// Make sure we don't overflow the target buffer</span></span><br><span class="line"> <span class="keyword">if</span> (input_buf_len > <span class="number">4096</span>)</span><br><span class="line"> input_buf_len = <span class="number">4096</span>;</span><br><span class="line"></span><br><span class="line"> <span class="comment">// Copy the fuzz data to the target's memory</span></span><br><span class="line"> <span class="built_in">memcpy</span>(g2h(regs->x0), input_buf, input_buf_len);</span><br><span class="line"></span><br><span class="line"> <span class="comment">// 根据实际情况修改寄存器的数据</span></span><br><span class="line">}</span><br><span class="line"></span><br><span class="line"><span class="type">int</span> <span class="title function_">afl_persistent_hook_init</span><span class="params">(<span class="type">void</span>)</span> {</span><br><span class="line"> <span class="comment">// 1 for shared memory input (faster), 0 for normal input (you have to use</span></span><br><span class="line"> <span class="comment">// read(), input_buf will be NULL)</span></span><br><span class="line"> <span class="keyword">return</span> <span class="number">1</span>;</span><br><span class="line">}</span><br></pre></td></tr></table></figure>
<ul>
<li>注意: <code>api.h</code> 来自 <code>AFLplusplus/qemu_mode/qemuafl/qemuafl/api.h</code></li>
<li>编译 hook 代码:<code>gcc -shared -fPIC -o libhook.so hook.c</code></li>
<li>加载 hook 代码:<code>export AFL_QEMU_PERSISTENT_HOOK="./libhook.so"</code></li>
</ul>
<p>修改持续模式的 START 地址到待测试的目标函数,根据反汇编信息,修改各参数对应的寄存器数据,启动模糊测试(暂无实例演示)</p>
]]></content>
<categories>
<category>Tool</category>
</categories>
<tags>
<tag>Fuzzing</tag>
<tag>Tutorial</tag>
</tags>
</entry>
<entry>
<title>Arch Linux 折腾记</title>
<url>/2020/03/04/Arch/</url>
<content><![CDATA[<h1 id="Arch-Linux-安装及配置"><a href="#Arch-Linux-安装及配置" class="headerlink" title="Arch Linux 安装及配置"></a>Arch Linux 安装及配置</h1><h2 id="安装"><a href="#安装" class="headerlink" title="安装"></a>安装</h2><blockquote>
<p>对小白很友好的安装教程:<a href="https://www.bilibili.com/video/av81146687">https://www.bilibili.com/video/av81146687</a></p>
<p>有基础的请自行查看 ArchWiki 上最新的<a href="https://wiki.archlinuxcn.org/wiki/%E5%AE%89%E8%A3%85%E6%8C%87%E5%8D%97">安装教程</a></p>
</blockquote>
<h3 id="虚拟机"><a href="#虚拟机" class="headerlink" title="虚拟机"></a>虚拟机</h3><p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304150816592.png" alt="VMware UEFI引导"></p>
<p>默认选择第一个进入安装页面:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304150900152.png"></p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304151037265.png"></p>
<p><code>ip link</code> 查看互联网设备</p>
<p><code>ip addr</code> 查看当前 ip 地址信息</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304151254501.png" alt="image-20200304151254501"></p>
<ul>
<li>开启 ntp 服务更新系统时间:</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">timedatectl set-ntp true</span><br></pre></td></tr></table></figure>
<h4 id="磁盘分区"><a href="#磁盘分区" class="headerlink" title="磁盘分区"></a>磁盘分区</h4><ul>
<li>查看当前磁盘设备:</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">fdisk -l</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304151648520.png" alt="image-20200304151648520"></p>
<ul>
<li>分区说明</li>
</ul>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304151907375.png"></p>
<table>
<thead>
<tr>
<th>分区</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>/boot</td>
<td>引导分区</td>
</tr>
<tr>
<td>/</td>
<td>主分区</td>
</tr>
<tr>
<td>swap</td>
<td>交换空间,相当于虚拟内存</td>
</tr>
</tbody></table>
<ul>
<li>进行磁盘分区</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cfdisk # 一个图形化的分区工具, 操作简单</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304152332949.png" alt="选择gpt"></p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304152452030.png" alt="设置各分区"></p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304152554256.png" alt="执行write操作后"></p>
<ul>
<li>进行磁盘格式化</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mkfs.fat -F32 /dev/sda1 # 引导分区必须格式化为FAT32格式</span><br><span class="line">mkfs.ext4 /dev/sda3 # 系统主分区格式化</span><br><span class="line">mkswap /dev/sda2 # 交换空间格式化</span><br><span class="line">swapon /dev/sda2 # 启用交换空间</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304152851864.png" alt="image-20200304152851864"></p>
<h4 id="修改安装源顺序"><a href="#修改安装源顺序" class="headerlink" title="修改安装源顺序"></a>修改安装源顺序</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim /etc/pacman.d/mirrorlist</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304153612268.png" alt="将国内源置于最顶部"></p>
<h4 id="挂载分区"><a href="#挂载分区" class="headerlink" title="挂载分区"></a>挂载分区</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mount /dev/sda3 /mnt # 挂载根目录</span><br><span class="line">mkdir /mnt/boot # 创建引导目录</span><br><span class="line">mount /dev/sda1 /mnt/boot # 挂载引导目录</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304153829387.png" alt="image-20200304153829387"></p>
<h4 id="执行安装"><a href="#执行安装" class="headerlink" title="执行安装"></a>执行安装</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacstrap /mnt base linux linux-firmware # 安装Arch、linux、linux框架</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304154059922.png" alt="安装完成"></p>
<h4 id="生成fstab文件"><a href="#生成fstab文件" class="headerlink" title="生成fstab文件"></a>生成fstab文件</h4><ul>
<li>fstab 是用来存放文件系统的静态信息的文件,当系统启动的时候,系统会自动地从这个文件读取信息,并且会自动将此文件中指定的文件系统挂载到指定的目录。</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">genfstab -U /mnt >> /mnt/etc/fstab</span><br></pre></td></tr></table></figure>
<h4 id="进入系统进行配置"><a href="#进入系统进行配置" class="headerlink" title="进入系统进行配置"></a>进入系统进行配置</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">arch-chroot /mnt # 进入安装好之后的系统</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304154337458.png" alt="image-20200304154337458"></p>
<ul>
<li>设置时区</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime</span><br></pre></td></tr></table></figure>
<ul>
<li>同步时间</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">hwclock --systohc</span><br></pre></td></tr></table></figure>
<ul>
<li>安装相关基础软件</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -Sy # 更新安装源信息</span><br><span class="line">pacman -S vim</span><br></pre></td></tr></table></figure>
<ul>
<li>本地化</li>
</ul>
<figure class="highlight plaintext"><table><tr><td class="code"><pre><span class="line">vim /etc/locale.gen</span><br></pre></td></tr></table></figure>
<p>去除 <code>en_US.UTF-8 UTF-8</code> 和 <code>zh_CN.UTF-8 UTF-8</code> 前面的 #</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">locale-gen</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304155023590.png" alt="image-20200304155023590"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim /etc/locale.conf</span><br><span class="line"></span><br><span class="line">LANG=en_US.UTF-8 # 设置系统语言为英语</span><br></pre></td></tr></table></figure>
<ul>
<li>设置hosts</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim /etc/hostname</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304155406391.png" alt="image-20200304155406391"></p>
<ul>
<li>设置登录密码</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">passwd</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304155434937.png" alt="image-20200304155434937"></p>
<h4 id="创建新用户"><a href="#创建新用户" class="headerlink" title="创建新用户"></a>创建新用户</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">useradd -m xxx</span><br><span class="line">passwd xxx</span><br><span class="line">usermod -aG wheel,audio,video,optical,storage xxx</span><br><span class="line">visudo</span><br><span class="line">xxx ALL=(ALL) ALL</span><br><span class="line">xxx ALL=(ALL)NOPASSWD:ALL</span><br></pre></td></tr></table></figure>
<h4 id="安装引导"><a href="#安装引导" class="headerlink" title="安装引导"></a>安装引导</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S grub efibootmgr intel-ucode os-prober</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">efibootmgr EFI启动需安装</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">intel-ucode 或 amd-ucode</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">os-prober 多系统需安装</span></span><br><span class="line"></span><br><span class="line">mkdir /boot/grub</span><br><span class="line"></span><br><span class="line">grub-mkconfig > /boot/grub/grub.cfg # 生成配置文件</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304155753419.png" alt="image-20200304155753419"></p>
<p>确认系统架构:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">uname -m</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304155834476.png" alt="确认系统架构"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">grub-install --target=x86_64-efi --efi-directory=/boot</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200304155947052.png" alt="安装grub"></p>
<h4 id="安装一些基础软件"><a href="#安装一些基础软件" class="headerlink" title="安装一些基础软件"></a>安装一些基础软件</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S net-tools networkmanager dhcpcd openssh</span><br></pre></td></tr></table></figure>
<h4 id="退出重启"><a href="#退出重启" class="headerlink" title="退出重启"></a>退出重启</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">exit</span><br><span class="line">reboot</span><br></pre></td></tr></table></figure>
<p>安装结束</p>
<h3 id="物理机"><a href="#物理机" class="headerlink" title="物理机"></a>物理机</h3><p>安装步骤同虚拟机,分区挂载视具体情况确定。</p>
<p><strong>无线网络启用</strong>:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S iw</span><br><span class="line">ip link set wlp0s20f3 up # 开启网卡, 网卡名称视实际情况自行修改</span><br><span class="line">nmcli dev wifi # 扫描无线网络</span><br><span class="line">iw dev wlp0s20f3 scan | grep SSID # 扫描无线网络</span><br></pre></td></tr></table></figure>
<h2 id="桌面安装"><a href="#桌面安装" class="headerlink" title="桌面安装"></a>桌面安装</h2><blockquote>
<p>该部分参考:</p>
<p><a href="https://blog.csdn.net/ackjack_niuniu/article/details/12996987">https://blog.csdn.net/ackjack_niuniu/article/details/12996987</a></p>
<p><a href="https://www.cnblogs.com/kainhuck/p/10698671.html">https://www.cnblogs.com/kainhuck/p/10698671.html</a></p>
</blockquote>
<h3 id="1-安装sddm"><a href="#1-安装sddm" class="headerlink" title="1.安装sddm"></a>1.安装sddm</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S sddm sddm-kcm</span><br></pre></td></tr></table></figure>
<h3 id="2-开启sddm服务"><a href="#2-开启sddm服务" class="headerlink" title="2.开启sddm服务"></a>2.开启sddm服务</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">systemctl enable sddm</span><br></pre></td></tr></table></figure>
<h3 id="3-安装KDE桌面"><a href="#3-安装KDE桌面" class="headerlink" title="3.安装KDE桌面"></a>3.安装KDE桌面</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S plasma kde-applications</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/2020-04-13_12-08.png" alt="我的KDE桌面"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S conky # 一个系统监控的工具</span><br></pre></td></tr></table></figure>
<h2 id="基础配置"><a href="#基础配置" class="headerlink" title="基础配置"></a>基础配置</h2><h3 id="中文字体及美化"><a href="#中文字体及美化" class="headerlink" title="中文字体及美化"></a>中文字体及美化</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">安装字体</span></span><br><span class="line">pacman -S wqy-zenhei wqy-microhei ttf-arphic-ukai ttf-arphic-uming </span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">手动安装字体</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">把TTF字体复制到 /usr/share/fonts/TTF目录下</span></span><br><span class="line">fc-cache -vf # 更新字体库</span><br></pre></td></tr></table></figure>
<p>字体美化:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/b7de7e09c93d70cf828f82ecf1dcd100bba12b3e.jpg" alt="该图片源自百度贴吧"></p>
<p>另外可从Windows中拷贝TTF字体:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">C:/Windows/System32/Fonts</span><br></pre></td></tr></table></figure>
<h3 id="软件包相关配置"><a href="#软件包相关配置" class="headerlink" title="软件包相关配置"></a>软件包相关配置</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">yay安装</span></span><br><span class="line">pacman -S base-devel</span><br><span class="line">git clone https://aur.archlinux.org/pakku.git</span><br><span class="line">cd pakku</span><br><span class="line">makepkg -si</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">yaourt</span></span><br><span class="line">pacman -S yaourt</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">图形化软件包管理</span></span><br><span class="line">pacman -S pamac-aur</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">配置/etc/pacman.conf,文件末尾添加</span></span><br><span class="line">[archlinuxcn]</span><br><span class="line">SigLevel = Optional TrustAll</span><br><span class="line">Server = https://mirrors.ustc.edu.cn/archlinuxcn/$arch</span><br><span class="line"></span><br></pre></td></tr></table></figure>
<h3 id="安装配置输入法"><a href="#安装配置输入法" class="headerlink" title="安装配置输入法"></a>安装配置输入法</h3><blockquote>
<p><a href="https://zhuanlan.zhihu.com/p/74931620">https://zhuanlan.zhihu.com/p/74931620</a></p>
<p>KDE桌面环境</p>
<p>(需要archlinuxcn源)</p>
</blockquote>
<ul>
<li>该方法现已有BUG,安装失败(2020-07-14)</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S fcitx-lilydjwg-git fcitx-sogoupinyin</span><br><span class="line">sudo pacman -S kcm-fcitx</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim ~/.xprofile</span><br><span class="line"></span><br><span class="line">export GTK_IM_MODULE=fcitx</span><br><span class="line">export QT_IM_MODULE=fcitx</span><br><span class="line">export XMODIFIERS="@im=fcitx"</span><br></pre></td></tr></table></figure>
<h3 id="硬件相关"><a href="#硬件相关" class="headerlink" title="硬件相关"></a>硬件相关</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">modprobe acpi-cpufreq</span><br></pre></td></tr></table></figure>
<h4 id="硬盘分区支持"><a href="#硬盘分区支持" class="headerlink" title="硬盘分区支持"></a>硬盘分区支持</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ntfs挂载支持</span></span><br><span class="line">pacman -S ntfs-3g gvfs-mtp </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">exfat格式化支持</span></span><br><span class="line">pacman -S exfat-utils</span><br></pre></td></tr></table></figure>
<h4 id="显卡驱动"><a href="#显卡驱动" class="headerlink" title="显卡驱动"></a>显卡驱动</h4><blockquote>
<p>Intel wiki: <a href="https://wiki.archlinux.org/index.php/Intel_graphics_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Intel_graphics_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a><br>NVIDIA wiki: <a href="https://wiki.archlinux.org/index.php/NVIDIA_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/NVIDIA_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<p><a href="https://www.cnblogs.com/tonyc/p/7732119.html">https://www.cnblogs.com/tonyc/p/7732119.html</a></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S nvidia bbswitch optimus-manager-qt-kde </span><br></pre></td></tr></table></figure>
<h4 id="蓝牙驱动"><a href="#蓝牙驱动" class="headerlink" title="蓝牙驱动"></a>蓝牙驱动</h4><blockquote>
<p><a href="https://www.jianshu.com/p/b340992b06dc">https://www.jianshu.com/p/b340992b06dc</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S bluez bluez-utils</span><br><span class="line"></span><br><span class="line">systemctl start bluetooth.service</span><br><span class="line">systemctl enable bluetooth.service</span><br></pre></td></tr></table></figure>
<h4 id="触摸板驱动"><a href="#触摸板驱动" class="headerlink" title="触摸板驱动"></a>触摸板驱动</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S xf86-input-synaptics # 笔记本触摸板驱动</span><br></pre></td></tr></table></figure>
<h4 id="摄像头"><a href="#摄像头" class="headerlink" title="摄像头"></a>摄像头</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S cheese</span><br></pre></td></tr></table></figure>
<h4 id="多屏幕"><a href="#多屏幕" class="headerlink" title="多屏幕"></a>多屏幕</h4><blockquote>
<p>wiki: <a href="https://wiki.archlinux.org/index.php/Multihead_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Multihead_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<h4 id="配置声音"><a href="#配置声音" class="headerlink" title="配置声音"></a>配置声音</h4><blockquote>
<p><a href="https://www.jianshu.com/p/43a03df9acb3">https://www.jianshu.com/p/43a03df9acb3</a><br><a href="https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S alsa-utils # 声卡驱动</span><br><span class="line">pacman -S pavucontrol # 可视化声卡配置</span><br><span class="line">pacman -S pulseeffects # 音效</span><br></pre></td></tr></table></figure>
<blockquote>
<p>使用PulseEffect调整全局音效: <a href="https://ywnz.com/linuxjc/3788.html">https://ywnz.com/linuxjc/3788.html</a></p>
<p>Linux音效软件 PulseEffects App 3.2.1:<a href="https://www.bilibili.com/video/av21958431/">https://www.bilibili.com/video/av21958431/</a></p>
</blockquote>
<h4 id="电源管理"><a href="#电源管理" class="headerlink" title="电源管理"></a>电源管理</h4><blockquote>
<p><a href="https://www.jianshu.com/p/894d24567a70">https://www.jianshu.com/p/894d24567a70</a></p>
<p><a href="https://wiki.archlinux.org/index.php/TLP_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/TLP_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S tlp tlp-rdw tlpui-git</span><br><span class="line"></span><br><span class="line">sudo systemctl enable tlp.service</span><br><span class="line">sudo systemctl enable tlp-sleep.service</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">屏蔽以下服务以避免冲突,并确保 TLP 的无线电设备切换选项的正确操作</span></span><br><span class="line">sudo systemctl mask systemd-rfkill.service</span><br><span class="line">sudo systemctl mask systemd-rfkill.socket</span><br><span class="line"></span><br><span class="line">sudo tlp-stat -b # 显示电池信息</span><br><span class="line"></span><br><span class="line">sudo vim /etc/tlp.conf # 配置文件路径</span><br></pre></td></tr></table></figure>
<h3 id="sudo配置"><a href="#sudo配置" class="headerlink" title="sudo配置"></a>sudo配置</h3><blockquote>
<p><a href="https://wiki.archlinux.org/index.php/Sudo_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Sudo_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S sudo</span><br></pre></td></tr></table></figure>
<h2 id="常用软件"><a href="#常用软件" class="headerlink" title="常用软件"></a>常用软件</h2><blockquote>
<p><a href="https://wiki.archlinux.org/index.php/List_of_applications_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/List_of_applications_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<h3 id="虚拟机-1"><a href="#虚拟机-1" class="headerlink" title="虚拟机"></a>虚拟机</h3><h4 id="VMware-Workstation"><a href="#VMware-Workstation" class="headerlink" title="VMware Workstation"></a>VMware Workstation</h4><h4 id="VirtualBox"><a href="#VirtualBox" class="headerlink" title="VirtualBox"></a>VirtualBox</h4><h4 id="Docker"><a href="#Docker" class="headerlink" title="Docker"></a>Docker</h4><blockquote>
<p><a href="https://wiki.archlinux.org/index.php/Docker_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Docker_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<h3 id="浏览器"><a href="#浏览器" class="headerlink" title="浏览器"></a>浏览器</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S chromiun vivaldi opera opera-ffmpeg-codecs</span><br><span class="line">yay -S flashplugin-focusfix # firefox的flash插件</span><br><span class="line">yay -S google-chrome-beta </span><br></pre></td></tr></table></figure>
<h3 id="Office"><a href="#Office" class="headerlink" title="Office"></a>Office</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S wps-office-cn # 安装WPS</span><br><span class="line">sudo pacman -S wps-office-mui-zh-cn # 安装中文语言包</span><br></pre></td></tr></table></figure>
<h3 id="多媒体软件"><a href="#多媒体软件" class="headerlink" title="多媒体软件"></a>多媒体软件</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S nomacs # 图片</span><br><span class="line">pacman -S gimp # 图片编辑</span><br><span class="line">pacman —S krita # 画板</span><br><span class="line">pacman -S mypaint # 画图板</span><br><span class="line">pacman -S mpv # 视频</span><br><span class="line">pacman -S sox # 终端音频播放</span><br><span class="line">pacman -S cmus # 终端音乐播放器</span><br><span class="line">pacman -S handbrake handbrake-cli # 视频压缩转码</span><br><span class="line">yay -S losslesscut # 视频剪切工具</span><br><span class="line">pacman -S simplescreenrecorder # 录屏工具</span><br><span class="line">pacman -S deepin-screen-recorder # deepin录屏工具</span><br><span class="line">pacman -S deepin-screenshot # deepin录音工具</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200310214323308.png" alt="gimp"></p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200310213834026.png" alt="cmus"></p>
<h3 id="笔记"><a href="#笔记" class="headerlink" title="笔记"></a>笔记</h3><ul>
<li>Typora</li>
</ul>
<h3 id="wine-放弃使用,体验极差"><a href="#wine-放弃使用,体验极差" class="headerlink" title="wine(放弃使用,体验极差)"></a>wine(放弃使用,体验极差)</h3><blockquote>
<p><a href="https://www.jianshu.com/p/a49fe89ae0f6">https://www.jianshu.com/p/a49fe89ae0f6</a></p>
<p><a href="https://taifua.com/ubuntu16-wine-tim.html">https://taifua.com/ubuntu16-wine-tim.html</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S wine wine-mono wine_gecko</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">配置</span></span><br><span class="line">env WINEPREFIX="$HOME/.deepinwine/Deepin-TIM" winecfg</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S playonlinux</span><br></pre></td></tr></table></figure>
<h3 id="远程桌面"><a href="#远程桌面" class="headerlink" title="远程桌面"></a>远程桌面</h3><p>RealVNC</p>
<blockquote>
<p><a href="https://blog.csdn.net/cc1969281777/article/details/100116496">https://blog.csdn.net/cc1969281777/article/details/100116496</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">/usr/bin/vnclicense -add VKUPN-MTHHC-UDHGS-UWD76-6N36A</span><br></pre></td></tr></table></figure>
<h3 id="解压缩"><a href="#解压缩" class="headerlink" title="解压缩"></a>解压缩</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S p7zip rar zip unzip</span><br></pre></td></tr></table></figure>
<h3 id="启动器"><a href="#启动器" class="headerlink" title="启动器"></a>启动器</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yay -S utools</span><br><span class="line">pacman -S latte-dock</span><br></pre></td></tr></table></figure>
<h3 id="同步软件"><a href="#同步软件" class="headerlink" title="同步软件"></a>同步软件</h3><p>微力同步:<a href="http://www.verysync.com/">http://www.verysync.com/</a></p>
<p>Onedrive上传工具:<a href="https://www.moerats.com/archives/1006/">https://www.moerats.com/archives/1006/</a></p>
<h3 id="密码保存"><a href="#密码保存" class="headerlink" title="密码保存"></a>密码保存</h3><p>Enpass: <a href="https://www.enpass.io/">https://www.enpass.io/</a></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S enpass-bin</span><br></pre></td></tr></table></figure>
<h3 id="远程终端连接"><a href="#远程终端连接" class="headerlink" title="远程终端连接"></a>远程终端连接</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yaourt -S asbru-cm-git</span><br><span class="line">yay -S termius</span><br><span class="line">pacman -S putty</span><br><span class="line"></span><br><span class="line">wget www.hostbuf.com/downloads/finalshell_install_linux.sh</span><br></pre></td></tr></table></figure>
<h3 id="其他软件"><a href="#其他软件" class="headerlink" title="其他软件"></a>其他软件</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">wxHexEditor</span></span><br><span class="line">pacman -S wxhexeditor</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">sublime</span></span><br><span class="line">yay -S sublime-text-dev</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">vscode</span></span><br><span class="line">yay -S vistual-studio-code-bin</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ftp</span></span><br><span class="line">pacman -S filezilla</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">git可视化管理工具</span></span><br><span class="line">pacman -S gitkraken</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">GrubCustomizer</span></span><br><span class="line">pacman -S grub-customizer</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">KDE 分区管理器</span></span><br><span class="line">pacman -S partitionmanager</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">steam</span></span><br><span class="line">pacman -S lib32-nvidia-utils steam</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">nc</span></span><br><span class="line">pacman -S gnu-netcat</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">gem</span></span><br><span class="line">pacman -S rubygems</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">密码爆破工具(需要安装mariadb)</span></span><br><span class="line">pacman -S hydra</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">mathpix <span class="comment"># https://mathpix.com/</span></span></span><br><span class="line">yay -S mathpix-snipping-tool</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">DBeaver 数据库可视化管理工具</span></span><br><span class="line">pacman -S dbeaver</span><br><span class="line"></span><br><span class="line">gem sources --remove https://rubygems.org/</span><br><span class="line">gem sources -a http://gems.ruby-china.com/</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">screenkey</span></span><br><span class="line">pacman -S screenkey</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S flameshot # 截图工具</span><br><span class="line">flameshot gui # 启动截图</span><br><span class="line">pacman -S spectacle # 截图工具,可延时截图</span><br><span class="line">pacman -S deepin-screenshot # 深度截图工具</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">peek # GIF录制工具</span><br><span class="line">kolourpaint # 画图软件</span><br><span class="line">zeal # API 帮助文档</span><br><span class="line">kchmviewer # chm文档查看器</span><br><span class="line">gitnote # 笔记</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S fsearch-git # 文件搜索(类似everything)</span><br></pre></td></tr></table></figure>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200306160654856.png" alt="fsearch" style="zoom:50%;" />
<h4 id="usb控制手机"><a href="#usb控制手机" class="headerlink" title="usb控制手机"></a>usb控制手机</h4><blockquote>
<p><a href="https://www.iplaysoft.com/scrcpy.html">https://www.iplaysoft.com/scrcpy.html</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yay -S scrcpy</span><br></pre></td></tr></table></figure>
<table>
<thead>
<tr>
<th>Scrcpy 的命令参数</th>
<th></th>
</tr>
</thead>
<tbody><tr>
<td><strong>关闭手机屏幕</strong></td>
<td><code>scrcpy -S</code></td>
</tr>
<tr>
<td><strong>限制画面分辨率</strong></td>
<td><code>scrcpy -m 1024</code> (比如限制为 1024)</td>
</tr>
<tr>
<td><strong>修改视频码率</strong></td>
<td><code>scrcpy -b 4M</code> (默认 8Mbps,改成 4Mbps)</td>
</tr>
<tr>
<td><strong>裁剪画面</strong></td>
<td><code>scrcpy -c 1224:1440:0:0</code> 表示分辨率 1224x1440 并且偏移坐标为 (0,0)</td>
</tr>
<tr>
<td><strong>多设备切换</strong></td>
<td><code>scrcpy -s 设备ID</code> (使用 <code>adb devices</code> 命令查看设备ID)</td>
</tr>
<tr>
<td><strong>窗口置顶</strong></td>
<td><code>scrcpy -T</code></td>
</tr>
<tr>
<td><strong>显示触摸点击</strong></td>
<td><code>scrcpy -t</code> 在演示或录制教程时,可在画面上对应显示出点击动作</td>
</tr>
<tr>
<td><strong>全屏显示</strong></td>
<td><code>scrcpy -f</code></td>
</tr>
<tr>
<td><strong>文件传输默认路径</strong></td>
<td><code>scrcpy --push-target /你的/目录</code> 将文件拖放到 scrcpy 可以传输文件,此命令指定默认保存目录</td>
</tr>
<tr>
<td><strong>只读模式(仅显示不控制)</strong></td>
<td><code>scrcpy -n</code></td>
</tr>
<tr>
<td><strong>屏幕录像</strong></td>
<td><code>scrcpy -r 视频文件名.mp4</code> 或 <code>.mkv</code></td>
</tr>
<tr>
<td><strong>屏幕录像 (禁用电脑显示)</strong></td>
<td><code>scrcpy -Nr 文件名.mkv</code></td>
</tr>
<tr>
<td><strong>设置窗口标题</strong></td>
<td><code>scrcpy --window-title '异次元好棒!'</code></td>
</tr>
<tr>
<td><strong>同步传输声音</strong></td>
<td>可借助 <a href="https://github.com/rom1v/usbaudio">USBaudio</a> 这个开源项目实现,但仅支持 <a href="https://www.iplaysoft.com/os/linux-platform">Linux</a> 系统</td>
</tr>
</tbody></table>
<h4 id="使用-WIFi-连接手机"><a href="#使用-WIFi-连接手机" class="headerlink" title="使用 WIFi 连接手机"></a>使用 WIFi 连接手机</h4><p>Scrcpy 使用 adb 与 Android 设备通讯,而 adb 本身是支持无线连接的。因此除了 USB 数据线之外,我们也能无线使用。前提是需要保证手机和电脑处于同一<a href="https://www.iplaysoft.com/tag/%E5%B1%80%E5%9F%9F%E7%BD%91">局域网</a> (连接到相同的 <a href="https://www.iplaysoft.com/tag/wifi">WiFi</a> 路由器),步骤如下:</p>
<ol>
<li>查询设备当前的 IP 地址 (设置 →关于手机→状态)</li>
<li>启用 adb TCP/IP 连接,执行命令:<code>adb tcpip 5555</code>,其中 5555 为端口号</li>
<li>拔掉你的数据线</li>
<li>通过 WiFi 进行连接,执行命令:<code>adb connect 设备IP地址:5555</code></li>
<li>重新启动 scrcpy 即可</li>
<li>如果 WiFi 较慢,可以调整码率:<code>scrcpy -b 3M -m 800</code>,意思是限制 3 Mbps,画面分辨率限制 800,数值可以随意调整。</li>
<li>如需切换回 USB 模式,执行:<code>adb usb</code></li>
</ol>
<p><strong>dwm</strong></p>
<p>安装编译环境及依赖包:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S base-devel gcc make xorg xorg-xinit xorg-server xorg-apps </span><br></pre></td></tr></table></figure>
<p>安装dwm:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">git clone https://git.suckless.org/dwm</span><br></pre></td></tr></table></figure>
<p>安装st:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">git clone https://git.suckless.org/st</span><br><span class="line"></span><br><span class="line">wget https://st.suckless.org/patches/alpha/st-alpha-0.8.2.diff</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">打补丁:</span></span><br><span class="line">patch < st-alpha-0.8.2.diff</span><br></pre></td></tr></table></figure>
<p>配置启动文件:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">echo "exec dwm" > ~/.xinitrc</span><br></pre></td></tr></table></figure>
<p><strong>桌面壁纸</strong></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S feh</span><br><span class="line">echo "exec feh --bg-scale ./bg.jpg" >> ~/.xinitrc</span><br></pre></td></tr></table></figure>
<h2 id="开发环境安装"><a href="#开发环境安装" class="headerlink" title="开发环境安装"></a>开发环境安装</h2><h3 id="Java"><a href="#Java" class="headerlink" title="Java"></a>Java</h3><blockquote>
<p><a href="https://wiki.archlinux.org/index.php/Java_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">JDK</a> </p>
</blockquote>
<p>JDK与OpenJDK不同,OpenJDK源代码不完整,且不包含部署功能,只包含最精简的JDK,</p>
<p>Oracle官网下载:</p>
<p>Java SE Development Kit 8u241: <a href="https://www.oracle.com/java/technologies/javase-jdk8-downloads.html">https://www.oracle.com/java/technologies/javase-jdk8-downloads.html</a></p>
<p>配置环境:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim /etc/profile</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">根据解压的目录修改添加</span></span><br><span class="line">export JAVA_HOME=/[path]/jdk1.8.0_241</span><br><span class="line">export JRE_HOME=$JAVA_HOME/jre</span><br><span class="line">export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH</span><br><span class="line">export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">配置字体反锯齿</span></span><br><span class="line">export _JAVA_OPTIONS='-Dawt.useSystemAAFontSettings=lcd'</span><br></pre></td></tr></table></figure>
<blockquote>
<p><a href="https://wiki.archlinux.org/index.php/Eclipse_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">Eclipse</a></p>
</blockquote>
<h3 id="MySQL"><a href="#MySQL" class="headerlink" title="MySQL"></a>MySQL</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S mysql</span><br></pre></td></tr></table></figure>
<p>根据提示进行初始化操作:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200309122605908.png" alt="image-20200309122605908"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo mysqld --initialize --user=mysql --basedir=/usr --datadir=/var/lib/mysql</span><br></pre></td></tr></table></figure>
<p>得到临时密码</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200309122832930.png" alt="image-20200309122832930"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo systemctl start mysqld # 启动MySQL服务</span><br><span class="line">mysql_secure_installation</span><br></pre></td></tr></table></figure>
<h3 id="Mariadb"><a href="#Mariadb" class="headerlink" title="Mariadb"></a>Mariadb</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -S mariadb</span><br></pre></td></tr></table></figure>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200328172207737.png" alt="image-20200328172207737"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql</span><br><span class="line">sudo systemctl start mysqld.service # 启动服务</span><br><span class="line">sudo mysql_secure_installation</span><br></pre></td></tr></table></figure>
<h3 id="Redis"><a href="#Redis" class="headerlink" title="Redis"></a>Redis</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">可视化管理工具</span></span><br><span class="line">pacman -S redis-desktop-manager</span><br></pre></td></tr></table></figure>
<h3 id="PHP-Apache"><a href="#PHP-Apache" class="headerlink" title="PHP&Apache"></a>PHP&Apache</h3><blockquote>
<p><a href="https://wiki.archlinux.org/index.php/Apache_HTTP_Server_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Apache_HTTP_Server_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S httpd php php-apache</span><br><span class="line">yay -S phpstorm # 最好自己去官网下载安装</span><br></pre></td></tr></table></figure>
<h3 id="Python"><a href="#Python" class="headerlink" title="Python"></a>Python</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S python</span><br><span class="line">pacman -S pycharm # 最好自己去官网下载安装</span><br></pre></td></tr></table></figure>
<h2 id="系统备份"><a href="#系统备份" class="headerlink" title="系统备份"></a>系统备份</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S timeshift</span><br></pre></td></tr></table></figure>
<blockquote>
<p><a href="https://www.jianshu.com/p/b03a51c682a5">https://www.jianshu.com/p/b03a51c682a5</a></p>
</blockquote>
<h2 id="系统软件"><a href="#系统软件" class="headerlink" title="系统软件"></a>系统软件</h2><h3 id="防病毒-无必要"><a href="#防病毒-无必要" class="headerlink" title="防病毒(无必要)"></a>防病毒(无必要)</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S clamav clamtk</span><br><span class="line"></span><br><span class="line">sudo freshclam # 更新病毒库</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="comment">## 更新速度太慢,手动下载 ###</span></span></span><br><span class="line">http://database.clamav.net/main.cvd</span><br><span class="line">http://database.clamav.net/daily.cvd</span><br><span class="line">http://database.clamav.net/bytecode.cvd</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">拷贝到 /var/lib/clamav 目录下</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="comment">##</span></span></span><br><span class="line"></span><br><span class="line">sudo systemctl start clamav-daemon</span><br><span class="line">sudo systemctl enable clamav-daemon # 开启自动更新病毒库</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">进行扫描</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">clamscan myfile</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">clamscan -r -i /home</span></span><br><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">clamscan -r -i --exclude-dir=<span class="string">'^/sys|^/proc|^/dev|^/lib|^/bin|^/sbin'</span> /</span></span><br></pre></td></tr></table></figure>
<h3 id="优化管理"><a href="#优化管理" class="headerlink" title="优化管理"></a>优化管理</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yay -S stacer</span><br></pre></td></tr></table></figure>
<img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200311125032644.png" alt="image-20200311125032644" style="zoom:50%;" />
<h3 id="常用防火墙配置"><a href="#常用防火墙配置" class="headerlink" title="常用防火墙配置"></a>常用防火墙配置</h3><blockquote>
<p><a href="https://www.cnblogs.com/gavinpan/p/11220474.html">https://www.cnblogs.com/gavinpan/p/11220474.html</a></p>
<p><a href="https://wiki.archlinux.org/index.php/Iptables_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)">https://wiki.archlinux.org/index.php/Iptables_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)</a></p>
</blockquote>
<p><strong>IPv4 防火墙</strong>:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">systemctl enable iptables</span><br><span class="line">systemctl start iptables</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT #允许本地回环接口(即运行本机访问本机)</span><br><span class="line">iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #允许已建立的或相关连的通行</span><br><span class="line">iptables -A OUTPUT -j ACCEPT #允许所有本机向外的访问</span><br><span class="line">iptables -A INPUT -p tcp --dport 22 -j ACCEPT #允许访问22端口</span><br><span class="line">iptables -A INPUT -p tcp --dport 80 -j ACCEPT #允许访问80端口</span><br><span class="line">iptables -A INPUT -j REJECT #禁止其他未允许的规则访问</span><br><span class="line">iptables -A FORWARD -j REJECT #禁止其他未允许的规则访问</span><br><span class="line"></span><br><span class="line">iptables-save > /etc/iptables/iptables.rules #保存配置</span><br></pre></td></tr></table></figure>
<p><strong>IPv6 防火墙</strong>:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">systemctl start ip6tables</span><br><span class="line">systemctl enable ip6tables</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">ip6tables -A INPUT -s ::1 -d ::1 -j ACCEPT</span><br><span class="line">ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT </span><br><span class="line">ip6tables -A INPUT -p ipv6-icmp -j ACCEPT </span><br><span class="line">ip6tables -A OUTPUT -j ACCEPT</span><br><span class="line">ip6tables -A INPUT -j REJECT</span><br><span class="line">ip6tables -A FORWARD -j REJECT</span><br><span class="line"></span><br><span class="line">ip6tables-save > /etc/iptables/ip6tables.rules #保存配置</span><br></pre></td></tr></table></figure>
<blockquote>
<p><code>ip6tables -A INPUT -p ipv6-icmp -j ACCEPT</code> </p>
<p>只有IPv6 icmp数据包可以经过网络传输时,SLAAC才可以正常工作。所以在要配置IPv6的计算机上,<strong>必须</strong>修改防火墙,允许ipv6-icmp数据包进入。</p>
</blockquote>
<h2 id="bash-优化"><a href="#bash-优化" class="headerlink" title="bash 优化"></a>bash 优化</h2><ul>
<li>zsh + <a href="https://github.com/romkatv/powerlevel10k">powerlevel10k</a></li>
</ul>
<h2 id="垃圾清理"><a href="#垃圾清理" class="headerlink" title="垃圾清理"></a>垃圾清理</h2><blockquote>
<p><a href="https://blog.csdn.net/weixin_43968923/article/details/88768951">https://blog.csdn.net/weixin_43968923/article/details/88768951</a></p>
<p><a href="https://www.cnblogs.com/archer-yjun/p/11013306.html">https://www.cnblogs.com/archer-yjun/p/11013306.html</a></p>
</blockquote>
<p>清理系统中无用的包:(尽量保留 linux linux-headers 等重要软件包以防滚崩)</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -R $(pacman -Qdtq)</span><br></pre></td></tr></table></figure>
<p>清除已下载的安装包</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -Scc</span><br></pre></td></tr></table></figure>
<p>查看日志文件大小:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo journalctl --disk-usage</span><br></pre></td></tr></table></figure>
<p>删除指定大小的日志文件:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo journalctl --vacuum-size=50M</span><br></pre></td></tr></table></figure>
<p>删除崩溃日志:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo rm /var/lib/systemd/coredump/*</span><br></pre></td></tr></table></figure>
<h2 id="问题解决"><a href="#问题解决" class="headerlink" title="问题解决"></a>问题解决</h2><h3 id="invalid-or-corrupted-package-PGP-signature"><a href="#invalid-or-corrupted-package-PGP-signature" class="headerlink" title="invalid or corrupted package (PGP signature))"></a>invalid or corrupted package (PGP signature))</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim /etc/pacman.conf</span><br><span class="line"></span><br><span class="line">修改或添加:</span><br><span class="line">[archlinuxcn]</span><br><span class="line">SigLevel = Never # ***</span><br><span class="line">Server = http://mirrors.163.com/archlinux-cn/$arch</span><br></pre></td></tr></table></figure>
<h3 id="更新系统内核后无法进入系统"><a href="#更新系统内核后无法进入系统" class="headerlink" title="更新系统内核后无法进入系统"></a>更新系统内核后无法进入系统</h3><blockquote>
<p>情况:upgrad linux (5.5.7.arch1-1 -> 5.5.8.arch1-1)</p>
<p>时间:2020-03-08</p>
</blockquote>
<p>引导后提示:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">Loading Linux linux ...</span><br><span class="line">error: premature end of file /vmlinuz-linux.</span><br><span class="line">Loading initial ramdisk ...</span><br><span class="line">error: you need to load the kernel first.</span><br><span class="line"></span><br><span class="line">Press any key to continue...</span><br></pre></td></tr></table></figure>
<p>解决方案:</p>
<p>进LiveCD,挂载 <code>/</code> 和 <code>/boot</code> </p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">arch-chroot /mnt # 进入系统</span><br></pre></td></tr></table></figure>
<p>切换内核到LTS版本(临时)</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S linux-lts linux-lts-headers</span><br></pre></td></tr></table></figure>
<p>安装完成后,重启进入 grub 引导时按 e 进行编辑</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">原为 linux /vmlinuz-linux</span></span><br><span class="line">linux /vmlinuz-linux-lts</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">原为 initrd /initramfs-linux.img</span></span><br><span class="line">initrd /initramfs-linux-lts.img</span><br></pre></td></tr></table></figure>
<p>F10 进入即可,</p>
<p>进入系统后发现独立显卡驱动无法正常工作,LiveCD 中尝试卸载当前内核发现:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">:: removing linux breaks dependency 'linux' required by bbswitch</span><br><span class="line">:: removing linux breaks dependency 'linux' required by nvidia</span><br></pre></td></tr></table></figure>
<h4 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h4><p>卸载当前系列的包,重新安装最新版本:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -R bbswitch nvidia</span><br><span class="line">pacman -R linux</span><br><span class="line">pacman -S linux</span><br><span class="line">pacman -S nvidia bbswitch</span><br></pre></td></tr></table></figure>
<p>重启即可</p>
<p><strong>安装有NVIDIA驱动的可以在更新前先卸载,更新完内核后重新安装即可避免更新后出现上述情况</strong></p>
<blockquote>
<p>该方法于2020-03-15更新时有效</p>
<p>upgraded linux (5.5.8.arch1-1 -> 5.5.9.arch1-2)</p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo pacman -R bbswitch nvidia</span><br><span class="line">sudo pacman -Syu</span><br><span class="line">sudo pacman -S nvidia bbswitch</span><br></pre></td></tr></table></figure>
<h3 id="日常更新之更新出错"><a href="#日常更新之更新出错" class="headerlink" title="日常更新之更新出错"></a>日常更新之更新出错</h3><blockquote>
<p>发生时间:2020-05-05</p>
</blockquote>
<p>出现的问题:</p>
<p><code>pacman</code> 更新失败、同时 linux 内核更新失败,<code>pacman</code> 丢失无法使用,重启后无法进入系统(无内核)</p>
<p>更新日志:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">[2020-05-05T08:54:19+0800] [PACMAN] Running 'pacman -Su'</span><br><span class="line">[2020-05-05T08:54:19+0800] [PACMAN] starting full system upgrade</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] running '60-mkinitcpio-remove.hook'...</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] running '70-dkms-remove.hook'...</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] transaction started</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] upgraded ca-certificates-mozilla (3.51.1-1 -> 3.52-1)</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] upgraded libtool (2.4.6+42+gb88cebd5-11 -> 2.4.6+42+gb88cebd5-12)</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] upgraded ipython (7.13.0-1 -> 7.14.0-2)</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] upgraded nss (3.51.1-1 -> 3.52-1)</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] upgraded lib32-nss (3.51.1-1 -> 3.52-1)</span><br><span class="line">[2020-05-05T08:54:35+0800] [ALPM] upgraded libmicrohttpd (0.9.70-1 -> 0.9.70-2)</span><br><span class="line">[2020-05-05T08:54:36+0800] [ALPM] upgraded linux (5.6.8.arch1-1 -> 5.6.10.arch1-1)</span><br><span class="line">[2020-05-05T08:54:39+0800] [ALPM] upgraded linux-headers (5.6.8.arch1-1 -> 5.6.10.arch1-1)</span><br><span class="line">[2020-05-05T08:54:39+0800] [ALPM] upgraded linux-lts (5.4.36-1 -> 5.4.38-1)</span><br><span class="line">[2020-05-05T08:54:41+0800] [ALPM] upgraded linux-lts-headers (5.4.36-1 -> 5.4.38-1)</span><br><span class="line">[2020-05-05T08:54:41+0800] [ALPM] transaction failed</span><br></pre></td></tr></table></figure>
<p>猜测发生原因:更新了<code>pacman</code> ,而保存软件包的 <code>/var/cache/pacman/pkg</code> 文件夹被我之前整成软连接了,可能在此次更新过程中被当莫名删掉了,然后就找不到下载的安装包,导致后来的内核、pacman都安装失败(然而都已经卸载了。。。)</p>
<h4 id="解决途径:"><a href="#解决途径:" class="headerlink" title="解决途径:"></a>解决途径:</h4><p>回到 Arch 安装盘,挂载分区和引导之后重新安装内核:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacstrap /mnt linux </span><br></pre></td></tr></table></figure>
<p>删除 <code>/var/lib/pacman/local/pacman-5.2.1-5</code> 文件夹,然后再安装</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacstarp /mnt pacman</span><br></pre></td></tr></table></figure>
<h3 id="回滚操作"><a href="#回滚操作" class="headerlink" title="回滚操作"></a>回滚操作</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">安装包缓存位置:</span></span><br><span class="line">cd /var/cache/pacman/pkg</span><br><span class="line"></span><br><span class="line">pacman -S downgrade</span><br><span class="line"></span><br><span class="line">downgrade 软件名</span><br></pre></td></tr></table></figure>
<h3 id="卸载MySQL更换Mariadb"><a href="#卸载MySQL更换Mariadb" class="headerlink" title="卸载MySQL更换Mariadb"></a>卸载MySQL更换Mariadb</h3><p>执行 <code>sudo mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql</code> 时报错:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">Installing MariaDB/MySQL system tables in '/var/lib/mysql' ...</span><br><span class="line">2020-03-28 17:24:00 0 [ERROR] InnoDB: Invalid flags 0x4800 in ./ibdata1</span><br><span class="line">2020-03-28 17:24:00 0 [ERROR] InnoDB: Plugin initialization aborted with error Data structure corruption</span><br><span class="line">2020-03-28 17:24:01 0 [ERROR] Plugin 'InnoDB' init function returned error.</span><br><span class="line">2020-03-28 17:24:01 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.</span><br><span class="line">2020-03-28 17:24:01 0 [ERROR] Unknown/unsupported storage engine: InnoDB</span><br><span class="line">2020-03-28 17:24:01 0 [ERROR] Aborting</span><br><span class="line"></span><br><span class="line">Installation of system tables failed! Examine the logs in</span><br><span class="line">/var/lib/mysql for more information.</span><br></pre></td></tr></table></figure>
<p>解决方法:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo rm -rf /var/lib/mysql</span><br></pre></td></tr></table></figure>
<h3 id="plasma桌面特效失效"><a href="#plasma桌面特效失效" class="headerlink" title="plasma桌面特效失效"></a>plasma桌面特效失效</h3><p>一次开机突然所有的桌面特效失效了,包括透明效果、动画等等</p>
<blockquote>
<p><a href="https://blog.csdn.net/u011054333/article/details/53653506">https://blog.csdn.net/u011054333/article/details/53653506</a></p>
</blockquote>
<p>解决方法:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200331082850039.png" alt="进入设置-显示与监控"></p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/image-20200331082903245.png" alt="进入混成器设置"></p>
<p>重新选择渲染后端后应用即可解决。</p>
<h3 id="pacman-报错"><a href="#pacman-报错" class="headerlink" title="pacman 报错"></a>pacman 报错</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">:: 正在同步软件包数据库...</span><br><span class="line">错误:无法升级 core (无法锁定数据库)</span><br><span class="line">错误:无法升级 extra (无法锁定数据库)</span><br><span class="line">错误:无法升级 community (无法锁定数据库)</span><br><span class="line">错误:无法升级 multilib (无法锁定数据库)</span><br><span class="line">错误:无法升级 archlinuxcn (无法锁定数据库)</span><br></pre></td></tr></table></figure>
<p>解决方法:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo rm /var/lib/pacman/db.lck</span><br></pre></td></tr></table></figure>
<h2 id="Linux常用命令"><a href="#Linux常用命令" class="headerlink" title="Linux常用命令"></a>Linux常用命令</h2><h3 id="磁盘测速"><a href="#磁盘测速" class="headerlink" title="磁盘测速"></a>磁盘测速</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo hdparm -tT /dev/sdb2</span><br><span class="line"></span><br><span class="line">/dev/sdb2:</span><br><span class="line"> Timing cached reads: 31986 MB in 1.99 seconds = 16111.27 MB/sec</span><br><span class="line"> Timing buffered disk reads: 1308 MB in 3.00 seconds = 435.61 MB/sec</span><br><span class="line"></span><br></pre></td></tr></table></figure>
<h3 id="修改卷标"><a href="#修改卷标" class="headerlink" title="修改卷标"></a>修改卷标</h3><blockquote>
<p><a href="https://linux.cn/article-1978-1.html">https://linux.cn/article-1978-1.html</a></p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo blkid -c /dev/null # 查看卷标信息</span><br><span class="line">sudo e2label /dev/sda3 Arch_home</span><br></pre></td></tr></table></figure>
<h3 id="视频合并"><a href="#视频合并" class="headerlink" title="视频合并"></a>视频合并</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">pacman -S mencoder</span><br><span class="line">mencoder -ovc copy -oac mp3lame xxx.mkv xxxx.mkv -o out.mkv </span><br></pre></td></tr></table></figure>
]]></content>
<categories>
<category>折腾记</category>
</categories>
<tags>
<tag>Tutorial</tag>
<tag>Linux</tag>
</tags>
</entry>
<entry>
<title>GDB 使用指南</title>
<url>/2022/09/01/GDB/</url>
<content><![CDATA[<h1 id="GDB"><a href="#GDB" class="headerlink" title="GDB"></a>GDB</h1><div class="note default"><p><strong><a href="https://zh.wikipedia.org/wiki/GNU%E4%BE%A6%E9%94%99%E5%99%A8">Wikipedia</a></strong></p>
<p>GNU调试器(英语:GNU Debugger,缩写:GDB),是GNU软件系统中的标准调试器,此外GDB也是个具有移携性的调试器,经过移携需求的调修与重新编译,如今许多的类UNIX操作系统上都可以使用GDB,而现有GDB所能支持调试的编程语言有C、C++、Pascal以及FORTRAN。</p>
</div>
<blockquote>
<p>相关链接: <a href="https://www.sourceware.org/gdb/">GDB: The GNU Project Debugger</a></p>
</blockquote>
<details class="note info"><summary><p>本文参考资料</p>
</summary>
<ul>
<li><a href="http://csapp.cs.cmu.edu/3e/docs/gdbnotes-x86-64.pdf">GDBNotes</a></li>
<li><a href="https://sourceware.org/gdb/onlinedocs/gdb/">Debugging with GDB</a></li>
<li><a href="https://evilpan.com/2020/09/13/gdb-tips/">GDB的那些奇淫技巧-evilpan</a></li>
</ul>
</details>
<h2 id="GDB-的基本使用"><a href="#GDB-的基本使用" class="headerlink" title="GDB 的基本使用"></a>GDB 的基本使用</h2><p>接下来只涉及一小部分常用的命令,更多的常用命令查阅上面提到的参考资料</p>
<div class="note primary"><p><strong>💡 样例程序</strong><br>这里以 CSAPP 的 BombLab 的 phase_1 阶段为例:</p>
<ul>
<li>实验简介:只有在输入正确的字符串后才可避免💣爆炸,目标是正确拆除所有💣</li>
<li><a href="http://csapp.cs.cmu.edu/3e/bomblab.pdf">实验说明书</a></li>
<li><a href="http://csapp.cs.cmu.edu/3e/bomb.tar">下载链接</a></li>
</ul>
</div>
<div class="note default"><p><strong>实验环境</strong></p>
<ul>
<li>Ubuntu 20.04 LTS</li>
<li>GDB Version: GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2</li>
<li>不安装 gef、peda、pwndbg 等</li>
</ul>
</div>
<h3 id="启动程序"><a href="#启动程序" class="headerlink" title="启动程序"></a>启动程序</h3><p>使用 GDB 调试目标程序:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">❯ gdb bomb</span><br><span class="line">GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2</span><br><span class="line">Copyright (C) 2020 Free Software Foundation, Inc.</span><br><span class="line">License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html></span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line">Type "show copying" and "show warranty" for details.</span><br><span class="line">This GDB was configured as "x86_64-linux-gnu".</span><br><span class="line">Type "show configuration" for configuration details.</span><br><span class="line">For bug reporting instructions, please see:</span><br><span class="line"><http://www.gnu.org/software/gdb/bugs/>.</span><br><span class="line">Find the GDB manual and other documentation resources online at:</span><br><span class="line"> <http://www.gnu.org/software/gdb/documentation/>.</span><br><span class="line"></span><br><span class="line">For help, type "help".</span><br><span class="line">Type "apropos word" to search for commands related to "word"...</span><br><span class="line">Reading symbols from bomb...</span><br><span class="line">(gdb)</span><br></pre></td></tr></table></figure>
<p>此时目标程序尚未运行,不过可以使用 <code>info functions</code> 查看函数符号表:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) info functions</span><br><span class="line">All defined functions:</span><br><span class="line"></span><br><span class="line">File bomb.c:</span><br><span class="line"><span class="number">36</span>: <span class="type">int</span> <span class="title function_">main</span><span class="params">(<span class="type">int</span>, <span class="type">char</span> **)</span>;</span><br><span class="line"></span><br><span class="line">Non-debugging symbols:</span><br><span class="line"><span class="number">0x0000000000400ac0</span> _init</span><br><span class="line"><span class="number">0x0000000000400ae0</span> getenv@plt</span><br><span class="line"><span class="number">0x0000000000400af0</span> __errno_location@plt</span><br><span class="line"><span class="number">0x0000000000400b00</span> <span class="built_in">strcpy</span>@plt</span><br><span class="line">...</span><br><span class="line"><span class="number">0x0000000000400ee0</span> phase_1</span><br><span class="line"><span class="number">0x0000000000400efc</span> phase_2</span><br><span class="line"><span class="number">0x0000000000400f43</span> phase_3</span><br><span class="line"><span class="number">0x0000000000400fce</span> func4</span><br><span class="line"><span class="number">0x000000000040100c</span> phase_4</span><br><span class="line"><span class="number">0x0000000000401062</span> phase_5</span><br><span class="line"><span class="number">0x00000000004010f4</span> phase_6</span><br><span class="line"><span class="number">0x0000000000401204</span> fun7</span><br><span class="line">...</span><br></pre></td></tr></table></figure>
<p>使用 <code>disassemble</code> 命令(简写 disass)反编译指定的函数:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) disass phase_1</span><br><span class="line">Dump of assembler code <span class="keyword">for</span> function phase_1:</span><br><span class="line"> <span class="number">0x0000000000400ee0</span> <+<span class="number">0</span>>: sub $<span class="number">0x8</span>,%rsp</span><br><span class="line"> <span class="number">0x0000000000400ee4</span> <+<span class="number">4</span>>: mov $<span class="number">0x402400</span>,%esi</span><br><span class="line"> <span class="number">0x0000000000400ee9</span> <+<span class="number">9</span>>: callq <span class="number">0x401338</span> <strings_not_equal></span><br><span class="line"> <span class="number">0x0000000000400eee</span> <+<span class="number">14</span>>: test %eax,%eax</span><br><span class="line"> <span class="number">0x0000000000400ef0</span> <+<span class="number">16</span>>: je <span class="number">0x400ef7</span> <phase_1+<span class="number">23</span>></span><br><span class="line"> <span class="number">0x0000000000400ef2</span> <+<span class="number">18</span>>: callq <span class="number">0x40143a</span> <explode_bomb></span><br><span class="line"> <span class="number">0x0000000000400ef7</span> <+<span class="number">23</span>>: add $<span class="number">0x8</span>,%rsp</span><br><span class="line"> <span class="number">0x0000000000400efb</span> <+<span class="number">27</span>>: retq</span><br><span class="line">End of assembler dump.</span><br></pre></td></tr></table></figure>
<p>此时的汇编语法是 AT&T 风格的,可以使用 <code>set disassembly-flavor intel</code> 切换至 intel 风格:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) <span class="built_in">set</span> disassembly-flavor <span class="title function_">intel</span></span><br><span class="line"><span class="params">(gdb)</span> disass phase_1</span><br><span class="line">Dump of assembler code <span class="keyword">for</span> function phase_1:</span><br><span class="line"> 0x0000000000400ee0 <+0>: sub rsp,0x8</span><br><span class="line"> 0x0000000000400ee4 <+4>: mov esi,0x402400</span><br><span class="line"> 0x0000000000400ee9 <+9>: call 0x401338 <strings_not_equal></span><br><span class="line"> 0x0000000000400eee <+14>: test eax,eax</span><br><span class="line"> 0x0000000000400ef0 <+16>: je 0x400ef7 <phase_1+23></span><br><span class="line"> 0x0000000000400ef2 <+18>: call 0x40143a <explode_bomb></span><br><span class="line"> 0x0000000000400ef7 <+23>: add rsp,0x8</span><br><span class="line"> 0x0000000000400efb <+27>: ret</span><br><span class="line">End of assembler dump.</span><br></pre></td></tr></table></figure>
<details class="note success"><summary><p>📌 AT&T 与 intel 语法有何区别?</p>
</summary>
<p><a href="https://timothyqiu.com/archives/difference-between-att-and-intel-asm-syntax/">AT&T 和 Intel 汇编语法的主要区别</a></p>
</details>
<blockquote>
<p>后续内容默认使用 intel 汇编语法</p>
</blockquote>
<p>使用 break 命令添加断点:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) b phase_1</span><br><span class="line">Breakpoint <span class="number">1</span> at <span class="number">0x400ee0</span></span><br><span class="line">(gdb)</span><br></pre></td></tr></table></figure>
<div class="note default"><p><strong>break 命令</strong></p>
<ul>
<li>可以直接在指定地址处下断点: <code>break *0x400ee0</code></li>
<li>也可以在已知的函数符号后加一定的偏移处下断点: <code>break *main+10</code></li>
</ul>
</div>
<div class="note default"><p><strong>断点相关</strong></p>
<ul>
<li>查看已经存在的断点信息: <code>info breakpoints</code></li>
<li>删除指定断点:<code>del 1</code></li>
</ul>
</div>
<p>使用 <code>run</code> 或 <code>start</code> 命令启动程序:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) run</span><br><span class="line">Starting program: /home/ubuntu/Datas/study/bomb/bomb</span><br><span class="line">Welcome to my fiendish little bomb. You have <span class="number">6</span> phases with</span><br><span class="line">which to blow yourself up. Have a nice day!</span><br><span class="line">ABCD <span class="comment">// 这里是输入的内容</span></span><br><span class="line"></span><br><span class="line">Breakpoint <span class="number">1</span>, <span class="number">0x0000000000400ee0</span> in <span class="title function_">phase_1</span> <span class="params">()</span></span><br><span class="line"><span class="params">(gdb)</span></span><br></pre></td></tr></table></figure>
<details class="note success"><summary><p>📌 <code>run</code> 与 <code>start</code> 命令的区别是什么?</p>
</summary>
<ul>
<li><code>run</code> 会一直执行程序,直到执行到设置的断点处停下;</li>
<li><code>start</code> 会执行程序到 <code>main()</code> 函数起始处停下,等同于先执行了 <code>break main</code> 后执行 <code>run</code></li>
</ul>
</details>
<h3 id="分析-phase-1"><a href="#分析-phase-1" class="headerlink" title="分析 phase_1"></a>分析 phase_1</h3><p>执行 disass,会反汇编得到当前断点处所在的函数(<code>phase_1</code>)的汇编代码:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) disass</span><br><span class="line">Dump of assembler code <span class="keyword">for</span> function phase_1:</span><br><span class="line">=> <span class="number">0x0000000000400ee0</span> <+<span class="number">0</span>>: sub rsp,<span class="number">0x8</span></span><br><span class="line"> <span class="number">0x0000000000400ee4</span> <+<span class="number">4</span>>: mov esi,<span class="number">0x402400</span> <span class="comment">// 这里可以看到第二个参数传递了一个全局变量地址</span></span><br><span class="line"> <span class="number">0x0000000000400ee9</span> <+<span class="number">9</span>>: call <span class="number">0x401338</span> <strings_not_equal></span><br><span class="line"> <span class="number">0x0000000000400eee</span> <+<span class="number">14</span>>: test eax,eax</span><br><span class="line"> <span class="number">0x0000000000400ef0</span> <+<span class="number">16</span>>: je <span class="number">0x400ef7</span> <phase_1+<span class="number">23</span>></span><br><span class="line"> <span class="number">0x0000000000400ef2</span> <+<span class="number">18</span>>: call <span class="number">0x40143a</span> <explode_bomb></span><br><span class="line"> <span class="number">0x0000000000400ef7</span> <+<span class="number">23</span>>: add rsp,<span class="number">0x8</span></span><br><span class="line"> <span class="number">0x0000000000400efb</span> <+<span class="number">27</span>>: ret</span><br><span class="line">End of assembler dump.</span><br></pre></td></tr></table></figure>
<p>第一个参数则是会通过 rdi 寄存器进行传参,接下来查看 rdi 的值:</p>
<ul>
<li>使用 <code>info reg</code> 可以查看当前的所有寄存器信息:</li>
</ul>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) info reg</span><br><span class="line">rax <span class="number">0x603780</span> <span class="number">6305664</span></span><br><span class="line">rbx <span class="number">0x402210</span> <span class="number">4203024</span></span><br><span class="line">rcx <span class="number">0x4</span> <span class="number">4</span></span><br><span class="line">rdx <span class="number">0x1</span> <span class="number">1</span></span><br><span class="line">rsi <span class="number">0x603780</span> <span class="number">6305664</span></span><br><span class="line">rdi <span class="number">0x603780</span> <span class="number">6305664</span></span><br><span class="line">rbp <span class="number">0x0</span> <span class="number">0x0</span></span><br><span class="line">rsp <span class="number">0x7fffffffe348</span> <span class="number">0x7fffffffe348</span></span><br><span class="line">r8 <span class="number">0x603780</span> <span class="number">6305664</span></span><br><span class="line">r9 <span class="number">0x7c</span> <span class="number">124</span></span><br><span class="line">r10 <span class="number">0xfffffffffffffe34</span> <span class="number">-460</span></span><br><span class="line">r11 <span class="number">0x7ffff7e004a0</span> <span class="number">140737352041632</span></span><br><span class="line">r12 <span class="number">0x400c90</span> <span class="number">4197520</span></span><br><span class="line">r13 <span class="number">0x7fffffffe440</span> <span class="number">140737488348224</span></span><br><span class="line">r14 <span class="number">0x0</span> <span class="number">0</span></span><br><span class="line">r15 <span class="number">0x0</span> <span class="number">0</span></span><br><span class="line">rip <span class="number">0x400ee0</span> <span class="number">0x400ee0</span> <phase_1></span><br><span class="line">eflags <span class="number">0x206</span> [ PF IF ]</span><br><span class="line">cs <span class="number">0x33</span> <span class="number">51</span></span><br><span class="line">ss <span class="number">0x2b</span> <span class="number">43</span></span><br><span class="line">ds <span class="number">0x0</span> <span class="number">0</span></span><br><span class="line">es <span class="number">0x0</span> <span class="number">0</span></span><br><span class="line">fs <span class="number">0x0</span> <span class="number">0</span></span><br><span class="line">gs <span class="number">0x0</span> <span class="number">0</span></span><br><span class="line">(gdb)</span><br></pre></td></tr></table></figure>
<ul>
<li>或者使用 <code>print</code> 来输出当前的 rdi 寄存器值:</li>
</ul>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) print /x $rdi <span class="comment">// 以十六进制形式打印 rdi 寄存器的值</span></span><br><span class="line">$<span class="number">1</span> = <span class="number">0x603780</span></span><br><span class="line">(gdb)</span><br></pre></td></tr></table></figure>
<p>使用 x 命令打印出其中的字符串内容:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) x/s <span class="number">0x603780</span> <span class="comment">// 打印出指定地址存储的字符串</span></span><br><span class="line"><span class="number">0x603780</span> <input_strings>: <span class="string">"ABCD"</span></span><br><span class="line"><span class="comment">// 一并打印下第二个参数指向的数据内容:</span></span><br><span class="line">(gdb) x/s <span class="number">0x402400</span></span><br><span class="line"><span class="number">0x402400</span>: <span class="string">"Border relations with Canada have never been better."</span></span><br></pre></td></tr></table></figure>
<details class="note default"><summary><p><strong>print 与 x 命令的更多帮助信息</strong></p>
</summary>
<ul>
<li>可以直接使用 help 命令查询:<ul>
<li>例如: <code>help x</code></li>
</ul>
</li>
<li>查询GDB手册<ul>
<li>例如:<a href="https://sourceware.org/gdb/onlinedocs/gdb/Memory.html">Examining Menory - command <code>x</code></a></li>
</ul>
</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">(gdb) help x</span><br><span class="line">Examine memory: x/FMT ADDRESS.</span><br><span class="line">ADDRESS is an expression for the memory address to examine.</span><br><span class="line">FMT is a repeat count followed by a format letter and a size letter.</span><br><span class="line">Format letters are o(octal), x(hex), d(decimal), u(unsigned decimal),</span><br><span class="line"> t(binary), f(float), a(address), i(instruction), c(char), s(string)</span><br><span class="line"> and z(hex, zero padded on the left).</span><br><span class="line">Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes).</span><br><span class="line">The specified number of objects of the specified size are printed</span><br><span class="line">according to the format. If a negative number is specified, memory is</span><br><span class="line">examined backward from the address.</span><br><span class="line"></span><br><span class="line">Defaults for format and size letters are those previously used.</span><br><span class="line">Default count is 1. Default address is following last thing printed</span><br><span class="line">with this command or "print".</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">x/nfu addr</span><br><span class="line"></span><br><span class="line">n: 输出单元的个数</span><br><span class="line">f: 输出单元的格式 o/x/d/u/t/f/a/i/c/s/z</span><br><span class="line">u: 每个输出单元的长度 b/h/w/g</span><br></pre></td></tr></table></figure>
</details>
<div class="note default"><p><strong>打印栈上的数据</strong><br>我们也可以使用 x 命令来打印栈的数据:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) x/<span class="number">10</span>gx $rsp</span><br><span class="line"><span class="number">0x7fffffffe348</span>: <span class="number">0x0000000000400e3f</span> <span class="number">0x0000000000402210</span></span><br><span class="line"><span class="number">0x7fffffffe358</span>: <span class="number">0x00007ffff7df0083</span> <span class="number">0x0000000000000000</span></span><br><span class="line"><span class="number">0x7fffffffe368</span>: <span class="number">0x00007fffffffe448</span> <span class="number">0x0000000100000000</span></span><br><span class="line"><span class="number">0x7fffffffe378</span>: <span class="number">0x0000000000400da0</span> <span class="number">0x0000000000402210</span></span><br><span class="line"><span class="number">0x7fffffffe388</span>: <span class="number">0x4f838435c81d5e78</span> <span class="number">0x0000000000400c90</span></span><br></pre></td></tr></table></figure></div>
<p>比较明显的可以得知,接下来程序会对比这两个字符串是否一致,一致时💣可以被解除</p>
<p>重新执行 run,输入刚刚发现的目标字符串</p>
<p>为了方便调试,可以执行 <code>layout regs</code> 来切换到下面的布局:</p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/Pasted%20image%2020220901172524.png" alt="Pasted image 20220901172524"></p>
<div class="note default"><p><strong>tui 相关</strong><br><a href="https://sourceware.org/gdb/onlinedocs/gdb/TUI.html">GDB手册 - GDB Text User Interface</a></p>
<ul>
<li>关闭上面的界面,回归正常模式: <code>tui disable</code></li>
</ul>
</div>
<p>进行单步执行:<code>stepi</code> / <code>nexti</code></p>
<p><img src="https://raw.githubusercontent.com/ex7l0it/ImageHosting/master/Picture/Pasted%20image%2020220901173832.png" alt="Pasted image 20220901173832"></p>
<p>函数返回值存储在 rax 中,值为 0 表示两个字符串相等,然后会跳过 <code>explode_bomb</code> 函数,继续执行程序</p>
<details class="note success"><summary><p>📌 <code>stepi</code> 与 <code>nexti</code> 的区别是什么?</p>
</summary>
<ul>
<li>stepi(si):执行一条指令,遇到函数调用时进入函数内部</li>
<li>nexti(ni):类似于stepi,但是遇到函数调用时不会进入,直接跳过</li>
</ul>
</details>
<p>继续执行程序 <code>continue</code>,可以发现💣解除了一个:</p>
<figure class="highlight c"><table><tr><td class="code"><pre><span class="line">(gdb) c</span><br><span class="line">Continuing.</span><br><span class="line">Phase <span class="number">1</span> defused. How about the next one?</span><br></pre></td></tr></table></figure>
<h2 id="GDB-Pwndbg-常用命令"><a href="#GDB-Pwndbg-常用命令" class="headerlink" title="GDB + Pwndbg 常用命令"></a>GDB + Pwndbg 常用命令</h2><p>整理一下 gdb + pwndbg 的一些常用命令</p>
<h3 id="运行"><a href="#运行" class="headerlink" title="运行"></a>运行</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_">$ </span><span class="language-bash">gdb program</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">运行程序,简写r</span></span><br><span class="line">(gdb) run</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">带参数运行程序(method 1)</span></span><br><span class="line">(gdb) run arg1 arg2 </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">带参数运行程序(method 2)</span></span><br><span class="line">(gdb) set args arg1 arg2</span><br><span class="line">(gdb) run</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">指定标准输入</span></span><br><span class="line">(gdb) run <file</span><br><span class="line">(gdb) run < <(python3 -c 'print(b"A"*10)')</span><br><span class="line">(gdb) run <<<$(python3 -c 'print(b"A"*10)')</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">链接到正在运行的进程,并进行调试</span></span><br><span class="line">(gdb) attach {process-id}</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">断开链接</span></span><br><span class="line">(gdb) detach</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">查看历史命令</span></span><br><span class="line">(gdb) show commands</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">执行上一条命令</span></span><br><span class="line">(gdb) <enter></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">从文件中加载gdb命令</span></span><br><span class="line">(gdb) source {filepath}</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">退出gdb (简写q)</span></span><br><span class="line">(gdb) quit</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">帮助</span></span><br><span class="line">(gdb) help</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">查看 pwndbg 命令帮助</span></span><br><span class="line"><span class="meta prompt_">pwndbg> </span><span class="language-bash">pwndbg</span></span><br></pre></td></tr></table></figure>
<h3 id="断点"><a href="#断点" class="headerlink" title="断点"></a>断点</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加断点(指定函数名)</span></span><br><span class="line">(gdb) break main</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加断点(指定内存地址)</span></span><br><span class="line">(gdb) break *0x00400123</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">列出所有断点信息(简写info b)</span></span><br><span class="line">(gdb) info breakpoints </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">删除编号为1的断点</span></span><br><span class="line">(gdb) delete 1</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">删除所有断点(简写del)</span></span><br><span class="line">(gdb) delete</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">删除内存地址的断点</span></span><br><span class="line">(gdb) clear *0x00400123</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">禁用指定编号断点</span></span><br><span class="line">(gdb) disable 2</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">启用指定编号断点</span></span><br><span class="line">(gdb) enable 2</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">条件断点</span></span><br><span class="line">(gdb) condition {id} {expr}</span><br><span class="line"> 2 i == 10 # 只有在 i==10 成立时2号断点生效</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">继续执行(简写c)</span></span><br><span class="line">(gdb) continue</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">单步进入(遇到函数会进入)</span></span><br><span class="line">(gdb) stepi</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">单步跳过(遇到函数不会进入)</span></span><br><span class="line">(gdb) nexti</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">结束当前函数</span></span><br><span class="line">(gdb) finish</span><br></pre></td></tr></table></figure>
<h3 id="源代码及反汇编"><a href="#源代码及反汇编" class="headerlink" title="源代码及反汇编"></a>源代码及反汇编</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">查看指定函数附近的代码</span></span><br><span class="line">(gdb) list main </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">查看指定地址的代码</span></span><br><span class="line">(gdb) list *0x00400800</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加源代码搜索路径</span></span><br><span class="line">(gdb) dir {dirpath}</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">复原源代码搜索路径</span></span><br><span class="line">(gdb) dir </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">查看源代码搜索路径</span></span><br><span class="line">(gdb) show directories</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">打印当前执行函数的汇编代码</span></span><br><span class="line">(gdb) disas</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">打印指定函数的反汇编代码</span></span><br><span class="line">(gdb) disas main</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">对指定地址进行反汇编</span></span><br><span class="line">(gdb) disas {address}</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">打印程序中的函数</span></span><br><span class="line">(gdb) info functions</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">更改显示风格</span></span><br><span class="line">(gdb) set disassembly-flavor att</span><br><span class="line">(gdb) set disassembly-flavor intel</span><br></pre></td></tr></table></figure>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">设置默认只显示源代码段</span></span><br><span class="line"><span class="meta prompt_">pwndbg> </span><span class="language-bash"><span class="built_in">set</span> context-sections code</span> </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">显示源代码段</span></span><br><span class="line"><span class="meta prompt_">pwndbg> </span><span class="language-bash">ctx code</span> </span><br></pre></td></tr></table></figure>