diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-09-18 10:22:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-18 10:22:55 +0200 |
| commit | b55ea6409dfcadf3c43244fb8e72ea660fd4fcc2 (patch) | |
| tree | 8c2a81fde3312449b18cff1ab6ce27432db6e3e2 /src/afl-analyze.c | |
| parent | 68b3849d51e94e394334305b8ab7e4f613a8bbb9 (diff) | |
| parent | 5e56d3bf368df07d964de769aa5142ad98536330 (diff) | |
| download | afl++-b55ea6409dfcadf3c43244fb8e72ea660fd4fcc2.tar.gz | |
Merge pull request #60 from vanhauser-thc/wine_mode
Wine mode
Diffstat (limited to 'src/afl-analyze.c')
| -rw-r--r-- | src/afl-analyze.c | 88 |
1 files changed, 22 insertions, 66 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 4b157973..3e15ca35 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -61,7 +61,6 @@ u8* trace_bits; /* SHM with instrumentation bitmap */ static u8 *in_file, /* Analyzer input test case */ *prog_in, /* Targeted program input file */ - *target_path, /* Path to target binary */ *doc_path; /* Path to docs */ static u8* in_data; /* Input data for analysis */ @@ -760,7 +759,8 @@ static void usage(u8* argv0) { " -t msec - timeout for each run (%d ms)\n" " -m megs - memory limit for child process (%d MB)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" - " -U - use unicorn-based instrumentation (Unicorn mode)\n\n" + " -U - use unicorn-based instrumentation (Unicorn mode)\n" + " -W - use qemu-based instrumentation with Wine (Wine mode)\n\n" "Analysis settings:\n\n" @@ -829,78 +829,19 @@ static void find_binary(u8* fname) { } -/* Fix up argv for QEMU. */ - -static char** get_qemu_argv(u8* own_loc, char** argv, int argc) { - - char** new_argv = ck_alloc(sizeof(char*) * (argc + 4)); - u8 * tmp, *cp, *rsl, *own_copy; - - memcpy(new_argv + 3, argv + 1, sizeof(char*) * argc); - - /* Now we need to actually find qemu for argv[0]. */ - - new_argv[2] = target_path; - new_argv[1] = "--"; - - tmp = getenv("AFL_PATH"); - - if (tmp) { - - cp = alloc_printf("%s/afl-qemu-trace", tmp); - - if (access(cp, X_OK)) FATAL("Unable to find '%s'", tmp); - - target_path = new_argv[0] = cp; - return new_argv; - - } - - own_copy = ck_strdup(own_loc); - rsl = strrchr(own_copy, '/'); - - if (rsl) { - - *rsl = 0; - - cp = alloc_printf("%s/afl-qemu-trace", own_copy); - ck_free(own_copy); - - if (!access(cp, X_OK)) { - - target_path = new_argv[0] = cp; - return new_argv; - - } - - } else - - ck_free(own_copy); - - if (!access(BIN_PATH "/afl-qemu-trace", X_OK)) { - - target_path = new_argv[0] = BIN_PATH "/afl-qemu-trace"; - return new_argv; - - } - - FATAL("Unable to find 'afl-qemu-trace'."); - -} - /* Main entry point */ int main(int argc, char** argv) { s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0; + u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0, use_wine = 0; char** use_argv; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; SAYF(cCYA "afl-analyze" VERSION cRST " by <lcamtuf@google.com>\n"); - while ((opt = getopt(argc, argv, "+i:f:m:t:eQUh")) > 0) + while ((opt = getopt(argc, argv, "+i:f:m:t:eQUWh")) > 0) switch (opt) { @@ -989,6 +930,16 @@ int main(int argc, char** argv) { unicorn_mode = 1; break; + case 'W': /* Wine+QEMU mode */ + + if (use_wine) FATAL("Multiple -W options not supported"); + qemu_mode = 1; + use_wine = 1; + + if (!mem_limit_given) mem_limit = 0; + + break; + case 'h': usage(argv[0]); return -1; @@ -1011,9 +962,14 @@ int main(int argc, char** argv) { find_binary(argv[optind]); detect_file_args(argv + optind, prog_in); - if (qemu_mode) - use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind); - else + if (qemu_mode) { + + if (use_wine) + use_argv = get_wine_argv(argv[0], argv + optind, argc - optind); + else + use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind); + + } else use_argv = argv + optind; SAYF("\n"); |