Merge branch 'dev' of github.com:AFLplusplus/AFLplusplus into dev

author: Andrea Fioraldi <andreafioraldi@gmail.com> 2021-10-19 13:59:38 +0200
committer: Andrea Fioraldi <andreafioraldi@gmail.com> 2021-10-19 13:59:38 +0200
commit: 23e69f11075b20c4907ebe902af08dcbb13ec175 (patch)
tree: 9bd59c8786c8a81370373484778c0aeb1770d095 /unicorn_mode/samples
parent: 77a63d8ccfd4b409c35227e174f1d6e809256e41 (diff)
parent: bb8a4d71da8f2b748a78ccc4416df6bffb393d80 (diff)
download: afl++-23e69f11075b20c4907ebe902af08dcbb13ec175.tar.gz
1 files changed, 20 insertions, 23 deletions
diff --git a/unicorn_mode/samples/speedtest/rust/src/main.rs b/unicorn_mode/samples/speedtest/rust/src/main.rs
index 105ba4b4..89e10833 100644
--- a/unicorn_mode/samples/speedtest/rust/src/main.rs
+++ b/unicorn_mode/samples/speedtest/rust/src/main.rs
@@ -12,11 +12,11 @@ use std::{
 
 use unicornafl::{
     unicorn_const::{uc_error, Arch, Mode, Permission},
-    RegisterX86::{self, *},
-    Unicorn, UnicornHandle,
+    RegisterX86::*,
+    Unicorn,
 };
 
-const BINARY: &str = &"../target";
+const BINARY: &str = "../target";
 
 // Memory map for the code to be tested
 // Arbitrary address where code to test will be loaded
@@ -47,7 +47,7 @@ fn read_file(filename: &str) -> Result<Vec<u8>, io::Error> {
 fn parse_locs(loc_name: &str) -> Result<Vec<u64>, io::Error> {
     let contents = &read_file(&format!("../target.offsets.{}", loc_name))?;
     //println!("Read: {:?}", contents);
-    Ok(str_from_u8_unchecked(&contents)
+    Ok(str_from_u8_unchecked(contents)
         .split('\n')
         .map(|x| {
             //println!("Trying to convert {}", &x[2..]);
@@ -87,8 +87,7 @@ fn main() {
 }
 
 fn fuzz(input_file: &str) -> Result<(), uc_error> {
-    let mut unicorn = Unicorn::new(Arch::X86, Mode::MODE_64, 0)?;
-    let mut uc: UnicornHandle<'_, _> = unicorn.borrow();
+    let mut uc = Unicorn::new(Arch::X86, Mode::MODE_64, 0)?;
 
     let binary =
         read_file(BINARY).unwrap_or_else(|_| panic!("Could not read modem image: {}", BINARY));
@@ -105,7 +104,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
     // Set the program counter to the start of the code
     let main_locs = parse_locs("main").unwrap();
     //println!("Entry Point: {:x}", main_locs[0]);
-    uc.reg_write(RegisterX86::RIP as i32, main_locs[0])?;
+    uc.reg_write(RIP, main_locs[0])?;
 
     // Setup the stack.
     uc.mem_map(
@@ -114,14 +113,14 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
         Permission::READ | Permission::WRITE,
     )?;
     // Setup the stack pointer, but allocate two pointers for the pointers to input.
-    uc.reg_write(RSP as i32, STACK_ADDRESS + STACK_SIZE - 16)?;
+    uc.reg_write(RSP, STACK_ADDRESS + STACK_SIZE - 16)?;
 
     // Setup our input space, and push the pointer to it in the function params
     uc.mem_map(INPUT_ADDRESS, INPUT_MAX as usize, Permission::READ)?;
     // We have argc = 2
-    uc.reg_write(RDI as i32, 2)?;
+    uc.reg_write(RDI, 2)?;
     // RSI points to our little 2 QWORD space at the beginning of the stack...
-    uc.reg_write(RSI as i32, STACK_ADDRESS + STACK_SIZE - 16)?;
+    uc.reg_write(RSI, STACK_ADDRESS + STACK_SIZE - 16)?;
     // ... which points to the Input. Write the ptr to mem in little endian.
     uc.mem_write(
         STACK_ADDRESS + STACK_SIZE - 16,
@@ -133,13 +132,13 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
     let already_allocated_malloc = already_allocated.clone();
     // We use a very simple malloc/free stub here,
     // that only works for exactly one allocation at a time.
-    let hook_malloc = move |mut uc: UnicornHandle<'_, _>, addr: u64, size: u32| {
+    let hook_malloc = move |uc: &mut Unicorn<'_, _>, addr: u64, size: u32| {
         if already_allocated_malloc.get() {
             println!("Double malloc, not supported right now!");
             abort();
         }
         // read the first param
-        let malloc_size = uc.reg_read(RDI as i32).unwrap();
+        let malloc_size = uc.reg_read(RDI).unwrap();
         if malloc_size > HEAP_SIZE_MAX {
             println!(
                 "Tried to allocate {} bytes, but we may only allocate up to {}",
@@ -147,20 +146,20 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
             );
             abort();
         }
-        uc.reg_write(RAX as i32, HEAP_ADDRESS).unwrap();
-        uc.reg_write(RIP as i32, addr + size as u64).unwrap();
+        uc.reg_write(RAX, HEAP_ADDRESS).unwrap();
+        uc.reg_write(RIP, addr + size as u64).unwrap();
         already_allocated_malloc.set(true);
     };
 
     let already_allocated_free = already_allocated;
     // No real free, just set the "used"-flag to false.
-    let hook_free = move |mut uc: UnicornHandle<'_, _>, addr, size| {
+    let hook_free = move |uc: &mut Unicorn<'_, _>, addr, size| {
         if already_allocated_free.get() {
             println!("Double free detected. Real bug?");
             abort();
         }
         // read the first param
-        let free_ptr = uc.reg_read(RDI as i32).unwrap();
+        let free_ptr = uc.reg_read(RDI).unwrap();
         if free_ptr != HEAP_ADDRESS {
             println!(
                 "Tried to free wrong mem region {:x} at code loc {:x}",
@@ -168,7 +167,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
             );
             abort();
         }
-        uc.reg_write(RIP as i32, addr + size as u64).unwrap();
+        uc.reg_write(RIP, addr + size as u64).unwrap();
         already_allocated_free.set(false);
     };
 
@@ -177,8 +176,8 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
     */
 
     // This is a fancy print function that we're just going to skip for fuzzing.
-    let hook_magicfn = move |mut uc: UnicornHandle<'_, _>, addr, size| {
-        uc.reg_write(RIP as i32, addr + size as u64).unwrap();
+    let hook_magicfn = move |uc: &mut Unicorn<'_, _>, addr, size| {
+        uc.reg_write(RIP, addr + size as u64).unwrap();
     };
 
     for addr in parse_locs("malloc").unwrap() {
@@ -195,7 +194,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
     }
 
     let place_input_callback =
-        |uc: &mut UnicornHandle<'_, _>, afl_input: &mut [u8], _persistent_round| {
+        |uc: &mut Unicorn<'_, _>, afl_input: &mut [u8], _persistent_round| {
             // apply constraints to the mutated input
             if afl_input.len() > INPUT_MAX as usize {
                 //println!("Skipping testcase with leng {}", afl_input.len());
@@ -209,9 +208,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> {
 
     // return true if the last run should be counted as crash
     let crash_validation_callback =
-        |_uc: &mut UnicornHandle<'_, _>, result, _input: &[u8], _persistent_round| {
-            result != uc_error::OK
-        };
+        |_uc: &mut Unicorn<'_, _>, result, _input: &[u8], _persistent_round| result != uc_error::OK;
 
     let end_addrs = parse_locs("main_ends").unwrap();
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2021-10-19 13:59:38 +0200
committer	Andrea Fioraldi <andreafioraldi@gmail.com>	2021-10-19 13:59:38 +0200
commit	23e69f11075b20c4907ebe902af08dcbb13ec175 (patch)
tree	9bd59c8786c8a81370373484778c0aeb1770d095 /unicorn_mode/samples
parent	77a63d8ccfd4b409c35227e174f1d6e809256e41 (diff)
parent	bb8a4d71da8f2b748a78ccc4416df6bffb393d80 (diff)
download	afl++-23e69f11075b20c4907ebe902af08dcbb13ec175.tar.gz