diff options
| author | Dominik Maier <domenukk@gmail.com> | 2019-12-18 12:23:35 +0100 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2019-12-18 12:23:35 +0100 |
| commit | fe74c68c4285b949718c41d23d5603fc969dde87 (patch) | |
| tree | 90c88950bfeedad9dc32d454be1ef74c2a34ee1f | |
| parent | cf70fe0c9e7c9aac36e22b96b0d89e411382dfea (diff) | |
| download | afl++-fe74c68c4285b949718c41d23d5603fc969dde87.tar.gz | |
afl_fuzz unmapping
| -rw-r--r-- | unicorn_mode/samples/compcov_x64/compcov_test_harness.py | 27 | ||||
| -rw-r--r-- | unicorn_mode/samples/simple/simple_test_harness.py | 33 | ||||
| m--------- | unicorn_mode/unicorn | 0 |
3 files changed, 8 insertions, 52 deletions
diff --git a/unicorn_mode/samples/compcov_x64/compcov_test_harness.py b/unicorn_mode/samples/compcov_x64/compcov_test_harness.py index 9a5da520..3861f205 100644 --- a/unicorn_mode/samples/compcov_x64/compcov_test_harness.py +++ b/unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ -59,35 +59,17 @@ def unicorn_debug_mem_invalid_access(uc, access, address, size, value, user_data else: print(" >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size)) -def force_crash(uc_error): - # This function should be called to indicate to AFL that a crash occurred during emulation. - # Pass in the exception received from Uc.emu_start() - mem_errors = [ - UC_ERR_READ_UNMAPPED, UC_ERR_READ_PROT, UC_ERR_READ_UNALIGNED, - UC_ERR_WRITE_UNMAPPED, UC_ERR_WRITE_PROT, UC_ERR_WRITE_UNALIGNED, - UC_ERR_FETCH_UNMAPPED, UC_ERR_FETCH_PROT, UC_ERR_FETCH_UNALIGNED, - ] - if uc_error.errno in mem_errors: - # Memory error - throw SIGSEGV - os.kill(os.getpid(), signal.SIGSEGV) - elif uc_error.errno == UC_ERR_INSN_INVALID: - # Invalid instruction - throw SIGILL - os.kill(os.getpid(), signal.SIGILL) - else: - # Not sure what happened - throw SIGABRT - os.kill(os.getpid(), signal.SIGABRT) - def main(): parser = argparse.ArgumentParser(description="Test harness for compcov_target.bin") parser.add_argument('input_file', type=str, help="Path to the file containing the mutated input to load") - parser.add_argument('-d', '--debug', default=False, action="store_true", help="Enables debug tracing") + parser.add_argument('-t', '--trace', default=False, action="store_true", help="Enables debug tracing") args = parser.parse_args() # Instantiate a MIPS32 big endian Unicorn Engine instance uc = Uc(UC_ARCH_X86, UC_MODE_64) - if args.debug: + if args.trace: uc.hook_add(UC_HOOK_BLOCK, unicorn_debug_block) uc.hook_add(UC_HOOK_CODE, unicorn_debug_instruction) uc.hook_add(UC_HOOK_MEM_WRITE | UC_HOOK_MEM_READ, unicorn_debug_mem_access) @@ -132,11 +114,6 @@ def main(): """ Callback that loads the mutated input into memory. """ - # Load the mutated input from disk - input_file = open(args.input_file, 'rb') - input = input_file.read() - input_file.close() - # Apply constraints to the mutated input if len(input) > DATA_SIZE_MAX: return diff --git a/unicorn_mode/samples/simple/simple_test_harness.py b/unicorn_mode/samples/simple/simple_test_harness.py index d85ec9f5..c05306ea 100644 --- a/unicorn_mode/samples/simple/simple_test_harness.py +++ b/unicorn_mode/samples/simple/simple_test_harness.py @@ -5,8 +5,8 @@ This loads the simple_target.bin binary (precompiled as MIPS code) into Unicorn's memory map for emulation, places the specified input into simple_target's buffer (hardcoded to be at 0x300000), and executes 'main()'. - If any crashes occur during emulation, this script throws a matching signal - to tell AFL that a crash occurred. + If any crashes occur during emulation, unicornafl will + tell AFL that a crash occurred. Run under AFL as follows: @@ -59,35 +59,17 @@ def unicorn_debug_mem_invalid_access(uc, access, address, size, value, user_data else: print(" >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size)) -def force_crash(uc_error): - # This function should be called to indicate to AFL that a crash occurred during emulation. - # Pass in the exception received from Uc.emu_start() - mem_errors = [ - UC_ERR_READ_UNMAPPED, UC_ERR_READ_PROT, UC_ERR_READ_UNALIGNED, - UC_ERR_WRITE_UNMAPPED, UC_ERR_WRITE_PROT, UC_ERR_WRITE_UNALIGNED, - UC_ERR_FETCH_UNMAPPED, UC_ERR_FETCH_PROT, UC_ERR_FETCH_UNALIGNED, - ] - if uc_error.errno in mem_errors: - # Memory error - throw SIGSEGV - os.kill(os.getpid(), signal.SIGSEGV) - elif uc_error.errno == UC_ERR_INSN_INVALID: - # Invalid instruction - throw SIGILL - os.kill(os.getpid(), signal.SIGILL) - else: - # Not sure what happened - throw SIGABRT - os.kill(os.getpid(), signal.SIGABRT) - def main(): parser = argparse.ArgumentParser(description="Test harness for simple_target.bin") parser.add_argument('input_file', type=str, help="Path to the file containing the mutated input to load") - parser.add_argument('-d', '--debug', default=False, action="store_true", help="Enables debug tracing") + parser.add_argument('-t', '--trace', default=False, action="store_true", help="Enables debug tracing") args = parser.parse_args() # Instantiate a MIPS32 big endian Unicorn Engine instance uc = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN) - if args.debug: + if args.trace: uc.hook_add(UC_HOOK_BLOCK, unicorn_debug_block) uc.hook_add(UC_HOOK_CODE, unicorn_debug_instruction) uc.hook_add(UC_HOOK_MEM_WRITE | UC_HOOK_MEM_READ, unicorn_debug_mem_access) @@ -120,6 +102,8 @@ def main(): uc.mem_map(STACK_ADDRESS, STACK_SIZE) uc.reg_write(UC_MIPS_REG_SP, STACK_ADDRESS + STACK_SIZE) + + print(STACK_ADDRESS + STACK_SIZE) # reserve some space for data uc.mem_map(DATA_ADDRESS, DATA_SIZE_MAX) @@ -129,11 +113,6 @@ def main(): # We did not pass in any data and don't use persistent mode, so we can ignore these params. # Be sure to check out the docstrings for the uc.afl_* functions. def place_input_callback(uc, input, persistent_round, data): - # Load the mutated input from disk - input_file = open(args.input_file, 'rb') - input = input_file.read() - input_file.close() - # Apply constraints to the mutated input if len(input) > DATA_SIZE_MAX: #print("Test input is too long (> {} bytes)") diff --git a/unicorn_mode/unicorn b/unicorn_mode/unicorn -Subproject aa5ebf5e16f4f5781cfe94229b41eee7ff93b35 +Subproject db248c8d8167e47ee07943961d1ce6244d57602 |