diff options
| author | van Hauser <vh@thc.org> | 2022-01-26 11:00:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-26 11:00:55 +0100 |
| commit | 143c9d175e9357ba548413ee7dcee6a8de23f733 (patch) | |
| tree | a82736c060150480df81d19b50dfb7939cda7524 /unicorn_mode/samples/speedtest | |
| parent | a790bf6cc2bb63f0659d8c96b46f5f4db2f9d4bc (diff) | |
| parent | b0758ac8db0a2ec833b5ef7a60ab2d04cc7f6a9a (diff) | |
| download | afl++-4.00c.tar.gz | |
Merge pull request #1301 from AFLplusplus/dev 4.00c
v4.00c release
Diffstat (limited to 'unicorn_mode/samples/speedtest')
| -rw-r--r-- | unicorn_mode/samples/speedtest/README.md | 48 | ||||
| -rw-r--r-- | unicorn_mode/samples/speedtest/c/Makefile | 36 | ||||
| -rw-r--r-- | unicorn_mode/samples/speedtest/c/harness.c | 9 | ||||
| -rw-r--r-- | unicorn_mode/samples/speedtest/rust/Cargo.toml | 2 |
4 files changed, 33 insertions, 62 deletions
diff --git a/unicorn_mode/samples/speedtest/README.md b/unicorn_mode/samples/speedtest/README.md index bd5ba8d0..f46a5772 100644 --- a/unicorn_mode/samples/speedtest/README.md +++ b/unicorn_mode/samples/speedtest/README.md @@ -5,7 +5,11 @@ to show the raw speed of C, Rust, and Python harnesses. ## Compiling... -Make sure, you built unicornafl first (`../../build_unicorn_support.sh`). +Make sure you built unicornafl first (`../../build_unicorn_support.sh`). +Build the target using the provided Makefile. +This will also run the [./get_offsets.py](./get_offsets.py) script, +which finds some relevant addresses in the target binary using `objdump`, +and dumps them to different files. Then, follow these individual steps: ### Rust @@ -13,7 +17,7 @@ Then, follow these individual steps: ```bash cd rust cargo build --release -../../../afl-fuzz -i ../sample_inputs -o out -- ./target/release/harness @@ +../../../../afl-fuzz -i ../sample_inputs -o out -U -- ./target/release/harness @@ ``` ### C @@ -21,52 +25,16 @@ cargo build --release ```bash cd c make -../../../afl-fuzz -i ../sample_inputs -o out -- ./harness @@ +../../../../afl-fuzz -i ../sample_inputs -o out -U -- ./harness @@ ``` ### python ```bash cd python -../../../afl-fuzz -i ../sample_inputs -o out -U -- python3 ./harness.py @@ +../../../../afl-fuzz -i ../sample_inputs -o out -U -- python3 ./harness.py @@ ``` ## Results TODO: add results here. - -## Compiling speedtest_target.c - -You shouldn't need to compile simple_target.c since a X86_64 binary version is -pre-built and shipped in this sample folder. This file documents how the binary -was built in case you want to rebuild it or recompile it for any reason. - -The pre-built binary (simple_target_x86_64.bin) was built using -g -O0 in gcc. - -Then load the binary and execute the main function directly. - -## Addresses for the harness - -To find the address (in hex) of main, run: - -```bash -objdump -M intel -D target | grep '<main>:' | cut -d" " -f1 -``` - -To find all call sites to magicfn, run: - -```bash -objdump -M intel -D target | grep '<magicfn>$' | cut -d":" -f1 -``` - -For malloc callsites: - -```bash -objdump -M intel -D target | grep '<malloc@plt>$' | cut -d":" -f1 -``` - -And free callsites: - -```bash -objdump -M intel -D target | grep '<free@plt>$' | cut -d":" -f1 -``` \ No newline at end of file diff --git a/unicorn_mode/samples/speedtest/c/Makefile b/unicorn_mode/samples/speedtest/c/Makefile index 46789954..d34f49fa 100644 --- a/unicorn_mode/samples/speedtest/c/Makefile +++ b/unicorn_mode/samples/speedtest/c/Makefile @@ -4,29 +4,28 @@ .POSIX: UNAME_S =$(shell uname -s)# GNU make UNAME_S:sh=uname -s # BSD make -_UNIQ=_QINU_ -LIBDIR = ../../../unicornafl +UNICORNAFL_LIB = ../../../unicornafl/build +UNICORN_LIB = ../../../unicornafl/unicorn/build BIN_EXT = AR_EXT = a # Verbose output? V ?= 0 -CFLAGS += -Wall -Werror -Wextra -Wno-unused-parameter -I../../../unicornafl/include +CFLAGS += -Wall -I../../../unicornafl/unicorn/include -I../../../unicornafl/include -LDFLAGS += -L$(LIBDIR) -lpthread -lm +LDFLAGS += -L$(UNICORNAFL_LIB) -L$(UNICORN_LIB) -lpthread -lm -lunicornafl -lunicorn -lc++ -_LRT = $(_UNIQ)$(UNAME_S:Linux=) -__LRT = $(_LRT:$(_UNIQ)=-lrt) -LRT = $(__LRT:$(_UNIQ)=) +ifeq ($(UNAME), Linux) +# do something Linux-y +LRT = -lrt +else +LRT = +endif LDFLAGS += $(LRT) -_CC = $(_UNIQ)$(CROSS) -__CC = $(_CC:$(_UNIQ)=$(CC)) -MYCC = $(__CC:$(_UNIQ)$(CROSS)=$(CROSS)gcc) - .PHONY: all clean all: ../target harness @@ -38,17 +37,20 @@ afl-fuzz: ../../../../afl-fuzz clean: rm -rf *.o harness harness-debug -harness.o: harness.c ../../../unicornafl/include/unicorn/*.h - ${MYCC} ${CFLAGS} -O3 -c harness.c -o $@ +../../../unicornafl/build/libunicornafl.a: + cd ../../.. && ./build_unicorn_support.sh + +harness.o: harness.c ../../../unicornafl/unicorn/include/unicorn/*.h + ${CC} ${CFLAGS} -O3 -c harness.c -o $@ -harness-debug.o: harness.c ../../../unicornafl/include/unicorn/*.h - ${MYCC} ${CFLAGS} -fsanitize=address -g -Og -c harness.c -o $@ +harness-debug.o: harness.c ../../../unicornafl/unicorn/include/unicorn/*.h + ${CC} ${CFLAGS} -fsanitize=address -g -Og -c harness.c -o $@ harness: harness.o - ${MYCC} -L${LIBDIR} harness.o ../../../unicornafl/libunicornafl.a $(LDFLAGS) -o $@ + ${CC} harness.o $(LDFLAGS) -o $@ harness-debug: harness-debug.o - ${MYCC} -fsanitize=address -g -Og -L${LIBDIR} harness-debug.o ../../../unicornafl/libunicornafl.a $(LDFLAGS) -o harness-debug + ${CC} -fsanitize=address -g -Og harness-debug.o ../../../unicornafl/libunicornafl.a $(LDFLAGS) -o harness-debug ../target: $(MAKE) -C .. diff --git a/unicorn_mode/samples/speedtest/c/harness.c b/unicorn_mode/samples/speedtest/c/harness.c index e8de3d80..184934b9 100644 --- a/unicorn_mode/samples/speedtest/c/harness.c +++ b/unicorn_mode/samples/speedtest/c/harness.c @@ -8,9 +8,9 @@ Run under AFL as follows: - $ cd <afl_path>/unicorn_mode/samples/simple/ + $ cd <afl_path>/unicorn_mode/samples/speedtest/c $ make - $ ../../../afl-fuzz -m none -i sample_inputs -o out -- ./harness @@ + $ ../../../../afl-fuzz -i ../sample_inputs -o out -U -- ./harness @@ */ // This is not your everyday Unicorn. @@ -28,6 +28,7 @@ #include <sys/mman.h> #include <unicorn/unicorn.h> +#include <unicornafl/unicornafl.h> // Path to the file containing the binary to emulate #define BINARY_FILE ("../target") @@ -124,7 +125,7 @@ static void mem_map_checked(uc_engine *uc, uint64_t addr, size_t size, uint32_t //printf("SIZE %llx, align: %llx\n", size, ALIGNMENT); uc_err err = uc_mem_map(uc, addr, size, mode); if (err != UC_ERR_OK) { - printf("Error mapping %ld bytes at 0x%lx: %s (mode: %d)\n", size, addr, uc_strerror(err), mode); + printf("Error mapping %ld bytes at 0x%llx: %s (mode: %d)\n", (unsigned long) size, (unsigned long long) addr, uc_strerror(err), (int) mode); exit(1); } } @@ -306,7 +307,7 @@ int main(int argc, char **argv, char **envp) { exit(-1); } uint64_t start_address; - if(fscanf(f, "%lx", &start_address) == EOF) { + if(fscanf(f, "%llx", (unsigned long long) &start_address) == EOF) { puts("Start address not found in target.offests.main"); exit(-1); } diff --git a/unicorn_mode/samples/speedtest/rust/Cargo.toml b/unicorn_mode/samples/speedtest/rust/Cargo.toml index 9b81be0b..766b2f27 100644 --- a/unicorn_mode/samples/speedtest/rust/Cargo.toml +++ b/unicorn_mode/samples/speedtest/rust/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "unicornafl_harness" +name = "harness" version = "0.1.0" authors = ["Dominik Maier <domenukk@gmail.com>"] edition = "2018" |