diff options
| -rw-r--r-- | TODO.md | 1 | ||||
| -rw-r--r-- | custom_mutators/grammar_mutator/GRAMMAR_VERSION | 2 | ||||
| m--------- | custom_mutators/grammar_mutator/grammar_mutator | 0 | ||||
| -rw-r--r-- | custom_mutators/symcc/symcc.c | 28 | ||||
| -rw-r--r-- | docs/Changelog.md | 10 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 4 | ||||
| -rw-r--r-- | include/afl-mutations.h | 4 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-common.cc | 4 | ||||
| -rw-r--r-- | instrumentation/compare-transform-pass.so.cc | 14 | ||||
| -rw-r--r-- | src/afl-cc.c | 5 | ||||
| -rw-r--r-- | src/afl-common.c | 47 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 18 | ||||
| -rw-r--r-- | src/afl-showmap.c | 25 | ||||
| -rw-r--r-- | unicorn_mode/UNICORNAFL_VERSION | 2 | ||||
| -rw-r--r-- | unicorn_mode/helper_scripts/unicorn_dumper_lldb.py | 22 | ||||
| -rw-r--r-- | unicorn_mode/samples/python_simple/simple_test_harness.py | 2 |
19 files changed, 107 insertions, 88 deletions
diff --git a/TODO.md b/TODO.md index 20f3425f..ace07434 100644 --- a/TODO.md +++ b/TODO.md @@ -17,6 +17,7 @@ ## Should - afl-crash-analysis + - cmplog: add loop count resolving (byte -> loop cnt change, calc special values) - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values - afl-plot to support multiple plot_data diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index 3a019448..02119caf 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -5ed4f8d +95a6857 diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator -Subproject 5ed4f8d6e6524df9670af6b411b13031833d67d +Subproject 95a685773e571620cb6e2788dbbdba333e1b9bf diff --git a/custom_mutators/symcc/symcc.c b/custom_mutators/symcc/symcc.c index 86f23343..33e11772 100644 --- a/custom_mutators/symcc/symcc.c +++ b/custom_mutators/symcc/symcc.c @@ -22,10 +22,10 @@ afl_state_t *afl_struct; typedef struct my_mutator { afl_state_t *afl; - u8 * mutator_buf; - u8 * out_dir; - u8 * tmp_dir; - u8 * target; + u8 *mutator_buf; + u8 *out_dir; + u8 *tmp_dir; + u8 *target; uint32_t seed; } my_mutator_t; @@ -101,7 +101,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { /* When a new queue entry is added we run this input with the symcc instrumented binary */ -uint8_t afl_custom_queue_new_entry(my_mutator_t * data, +uint8_t afl_custom_queue_new_entry(my_mutator_t *data, const uint8_t *filename_new_queue, const uint8_t *filename_orig_queue) { @@ -176,7 +176,7 @@ uint8_t afl_custom_queue_new_entry(my_mutator_t * data, struct dirent **nl; int32_t items = scandir(data->tmp_dir, &nl, NULL, NULL); - u8 * origin_name = basename(filename_new_queue); + u8 *origin_name = basename(filename_new_queue); int32_t i; if (items > 0) { @@ -187,8 +187,8 @@ uint8_t afl_custom_queue_new_entry(my_mutator_t * data, DBG("test=%s\n", fn); if (stat(source_name, &st) == 0 && S_ISREG(st.st_mode) && st.st_size) { - u8 *destination_name = - alloc_printf("%s/%s.%s", data->out_dir, origin_name, nl[i]->d_name); + u8 *destination_name = alloc_printf("%s/%s.%s", data->out_dir, + origin_name, nl[i]->d_name); rename(source_name, destination_name); ck_free(destination_name); DBG("found=%s\n", source_name); @@ -248,7 +248,7 @@ uint32_t afl_custom_fuzz_count(my_mutator_t *data, const u8 *buf, for (i = 0; i < (u32)items; ++i) { struct stat st; - u8 * fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); + u8 *fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); DBG("test=%s\n", fn); if (stat(fn, &st) == 0 && S_ISREG(st.st_mode) && st.st_size) { @@ -282,12 +282,12 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, if (items <= 0) return 0; - for (i = 0; i < (u32)items; ++i) { + for (i = 0; i < (s32)items; ++i) { - struct stat st; - u8 * fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); + if (!done) { - if (done == 0) { + struct stat st; + u8 *fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); if (stat(fn, &st) == 0 && S_ISREG(st.st_mode) && st.st_size) { @@ -306,10 +306,10 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, } unlink(fn); + ck_free(fn); } - ck_free(fn); free(nl[i]); } diff --git a/docs/Changelog.md b/docs/Changelog.md index 6736e42b..ba7eb6a3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -5,6 +5,9 @@ ### Version ++4.21a (dev) * afl-fuzz + - fixed a regression in afl-fuzz that resulted in a 5-10% performace loss + do a switch from gettimeofday() to clock_gettime() which should be rather + three times faster. The reason for this is unknown. - added AFL_DISABLE_REDUNDANT for huge queues - fix AFL_PERSISTENT_RECORD - run custom_post_process after standard trimming @@ -23,9 +26,11 @@ - disable xml/curl/g_ string transform functions because we do not check for null pointers ... TODO - ensure shared memory variables are visible in weird build setups + - compatability to new LLVM 19 changes * afl-cmin - work with input files that have a space * afl-showmap + - fix memory leak on shmem testcase usage (thanks to @ndrewh) - minor fix to collect coverage -C (thanks to @bet4it) * enhanced the ASAN configuration @@ -63,12 +68,13 @@ - afl-whatsup: - now also displays current average speed - small bugfixes - - Fixes for aflpp custom mutator and standalone tool + - custom mutators: + - fixes for aflpp custom mutator and standalone tool + - important fix to the symcc custom mutator - Minor edits to afl-persistent-config - Prevent temporary files being left behind on aborted afl-whatsup - More CPU benchmarks added to benchmark/ - ### Version ++4.10c (release) - afl-fuzz: - default power schedule is now EXPLORE, due a fix in fast schedules diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 5efe5144..74b04fdb 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -139,6 +139,10 @@ #define AFL_RAND_RETURN u32 #endif +#ifndef INTERESTING_32_LEN + #error INTERESTING_32_LEN not defined - BUG! +#endif + extern s8 interesting_8[INTERESTING_8_LEN]; extern s16 interesting_16[INTERESTING_8_LEN + INTERESTING_16_LEN]; extern s32 diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 79cf7c6a..1e5a6934 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -33,6 +33,10 @@ #define MUT_STRATEGY_ARRAY_SIZE 256 +#ifndef INTERESTING_32 + #error INTERESTING_32 is not defined - BUG! +#endif + s8 interesting_8[] = {INTERESTING_8}; s16 interesting_16[] = {INTERESTING_8, INTERESTING_16}; s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32}; diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index ed9268dc..50954324 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -136,7 +136,11 @@ bool isIgnoreFunction(const llvm::Function *F) { for (auto const &ignoreListFunc : ignoreList) { +#if LLVM_VERSION_MAJOR >= 19 + if (F->getName().starts_with(ignoreListFunc)) { return true; } +#else if (F->getName().startswith(ignoreListFunc)) { return true; } +#endif } diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 496d69fc..36149f35 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -54,6 +54,12 @@ #define nullptr 0 #endif +#if LLVM_MAJOR >= 19 + #define STARTSWITH starts_with +#else + #define STARTSWITH startswith +#endif + #include <set> #include "afl-llvm-common.h" @@ -532,10 +538,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, } if (!isSizedcmp) needs_null = true; - if (Callee->getName().startswith("g_") || - Callee->getName().startswith("curl_") || - Callee->getName().startswith("Curl_") || - Callee->getName().startswith("xml")) + if (Callee->getName().STARTSWITH("g_") || + Callee->getName().STARTSWITH("curl_") || + Callee->getName().STARTSWITH("Curl_") || + Callee->getName().STARTSWITH("xml")) nullCheck = true; Value *sizedValue = isSizedcmp ? callInst->getArgOperand(2) : NULL; diff --git a/src/afl-cc.c b/src/afl-cc.c index c872b2eb..7afab850 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2366,8 +2366,7 @@ static void add_aflpplib(aflcc_state_t *aflcc) { insert_param(aflcc, afllib); #ifdef __APPLE__ - insert_param(aflcc, "-Wl,-undefined"); - insert_param(aflcc, "dynamic_lookup"); + insert_param(aflcc, "-Wl,-undefined,dynamic_lookup"); #endif } @@ -2844,7 +2843,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { " The best is LTO but it often needs RANLIB and AR settings outside " "of afl-cc.\n\n"); -#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) +#if LLVM_MAJOR >= 11 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) #define NATIVE_MSG \ " LLVM-NATIVE: use llvm's native PCGUARD instrumentation (less " \ "performant)\n" diff --git a/src/afl-common.c b/src/afl-common.c index 9a27824d..efdb5d60 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -59,27 +59,6 @@ u8 last_intr = 0; #define AFL_PATH "/usr/local/lib/afl/" #endif -/* - Some BSD (i.e.: FreeBSD) offer the FAST clock source as - * equivalent to Linux COARSE clock source. Aliasing COARSE to - * FAST on such systems when COARSE is not already defined. - * - macOS has no support of CLOCK_MONOTONIC_COARSE clock type. - */ -#if defined(OS_DARWIN) || defined(OS_SUNOS) || defined(__APPLE__) || \ - defined(__sun) || defined(__NetBSD__) - #define CLOCK_MONOTONIC_COARSE CLOCK_MONOTONIC -#elif defined(OS_FREEBSD) - #define CLOCK_MONOTONIC_COARSE CLOCK_MONOTONIC_FAST -#endif - -/* Convert seconds to milliseconds. */ -#define SEC_TO_MS(sec) ((sec) * 1000) -/* Convert seconds to microseconds. */ -#define SEC_TO_US(sec) ((sec) * 1000000) -/* Convert nanoseconds to milliseconds. */ -#define NS_TO_MS(ns) ((ns) / 1000000) -/* Convert nanoseconds to microseconds. */ -#define NS_TO_US(ns) ((ns) / 1000) - void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) { @@ -997,33 +976,25 @@ void read_bitmap(u8 *fname, u8 *map, size_t len) { inline u64 get_cur_time(void) { - struct timespec ts; - int rc = clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); - if (rc == -1) { + struct timeval tv; + struct timezone tz; - PFATAL("Failed to obtain timestamp (errno = %i: %s)\n", errno, - strerror(errno)); + gettimeofday(&tv, &tz); - } - - return SEC_TO_MS((uint64_t)ts.tv_sec) + NS_TO_MS((uint64_t)ts.tv_nsec); + return (tv.tv_sec * 1000ULL) + (tv.tv_usec / 1000); } /* Get unix time in microseconds */ -u64 get_cur_time_us(void) { +inline u64 get_cur_time_us(void) { - struct timespec ts; - int rc = clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); - if (rc == -1) { + struct timeval tv; + struct timezone tz; - PFATAL("Failed to obtain timestamp (errno = %i: %s)\n", errno, - strerror(errno)); - - } + gettimeofday(&tv, &tz); - return SEC_TO_US((uint64_t)ts.tv_sec) + NS_TO_US((uint64_t)ts.tv_nsec); + return (tv.tv_sec * 1000000ULL) + tv.tv_usec; } diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index beb6bdeb..a082982c 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -578,7 +578,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path); fsrv->nyx_handlers->nyx_config_set_workdir_path(nyx_config, workdir_path); - fsrv->nyx_handlers->nyx_config_set_input_buffer_size(nyx_config, fsrv->max_length); + fsrv->nyx_handlers->nyx_config_set_input_buffer_size(nyx_config, + fsrv->max_length); fsrv->nyx_handlers->nyx_config_set_input_buffer_write_protection(nyx_config, true); diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 2318df60..784b377a 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -1301,7 +1301,8 @@ inline u8 *queue_testcase_get(afl_state_t *afl, struct queue_entry *q) { static u32 do_once = 0; // because even threaded we would want this. WIP while (unlikely( - afl->q_testcase_cache_size + len >= afl->q_testcase_max_cache_size || + (afl->q_testcase_cache_size + len >= afl->q_testcase_max_cache_size && + afl->q_testcase_cache_count > 1) || afl->q_testcase_cache_count >= afl->q_testcase_max_cache_entries - 1)) { /* We want a max number of entries to the cache that we learn. diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index b62db1ea..4e2cceff 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -1195,3 +1195,4 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { return 0; } + diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index ffe56cde..eafeebba 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -322,7 +322,8 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; } #endif u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time; - u64 overhead_ms = (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000; + u64 overhead_ms = + (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000; if (!runtime_ms) { runtime_ms = 1; } fprintf( @@ -632,7 +633,8 @@ void show_stats_normal(afl_state_t *afl) { if (afl->most_time_key && afl->queue_cycle) { - if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) { + if (afl->most_time * 1000 + afl->sync_time_us / 1000 < + cur_ms - afl->start_time) { afl->most_time_key = 2; afl->stop_soon = 2; @@ -1329,7 +1331,9 @@ void show_stats_normal(afl_state_t *afl) { sprintf(tmp, "disabled, "); - } else if (unlikely(!afl->bytes_trim_out)) { + } else if (unlikely(!afl->bytes_trim_out || + + afl->bytes_trim_in <= afl->bytes_trim_out)) { sprintf(tmp, "n/a, "); @@ -1346,7 +1350,9 @@ void show_stats_normal(afl_state_t *afl) { strcat(tmp, "disabled"); - } else if (unlikely(!afl->blocks_eff_total)) { + } else if (unlikely(!afl->blocks_eff_total || + + afl->blocks_eff_select >= afl->blocks_eff_total)) { strcat(tmp, "n/a"); @@ -1462,7 +1468,8 @@ void show_stats_pizza(afl_state_t *afl) { if (afl->most_time_key && afl->queue_cycle) { - if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) { + if (afl->most_time * 1000 + afl->sync_time_us / 1000 < + cur_ms - afl->start_time) { afl->most_time_key = 2; afl->stop_soon = 2; @@ -2503,3 +2510,4 @@ void update_sync_time(afl_state_t *afl, u64 *time) { *time = cur; } + diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 7e875040..1712e634 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -225,8 +225,13 @@ static void at_exit_handler(void) { if (remove_shm) { + remove_shm = false; if (shm.map) afl_shm_deinit(&shm); - if (fsrv->use_shmem_fuzz) deinit_shmem(fsrv, shm_fuzz); + if ((shm_fuzz && shm_fuzz->shmemfuzz_mode) || fsrv->use_shmem_fuzz) { + + shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + + } } @@ -1527,6 +1532,8 @@ int main(int argc, char **argv_orig, char **envp) { /* initialize cmplog_mode */ shm_fuzz->cmplog_mode = 0; + atexit(at_exit_handler); + u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1); shm_fuzz->shmemfuzz_mode = true; if (!map) { FATAL("BUG: Zero return from afl_shm_init."); } @@ -1676,8 +1683,6 @@ int main(int argc, char **argv_orig, char **envp) { } - atexit(at_exit_handler); - if (get_afl_env("AFL_DEBUG")) { int j = optind; @@ -1694,9 +1699,12 @@ int main(int argc, char **argv_orig, char **envp) { map_size = fsrv->map_size; - if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) + if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) { + shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + } + if (in_dir) { if (execute_testcases(in_dir) == 0) { @@ -1728,9 +1736,12 @@ int main(int argc, char **argv_orig, char **envp) { } else { - if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) + if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) { + shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + } + #ifdef __linux__ if (!fsrv->nyx_mode) { @@ -1777,9 +1788,9 @@ int main(int argc, char **argv_orig, char **envp) { } - remove_shm = 0; + remove_shm = false; afl_shm_deinit(&shm); - if (fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + if (fsrv->use_shmem_fuzz) { shm_fuzz = deinit_shmem(fsrv, shm_fuzz); } u32 ret; diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index da17452d..deac0bf9 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -764b66b2 +4b4fdab1 diff --git a/unicorn_mode/helper_scripts/unicorn_dumper_lldb.py b/unicorn_mode/helper_scripts/unicorn_dumper_lldb.py index 179d062a..7e60f95f 100644 --- a/unicorn_mode/helper_scripts/unicorn_dumper_lldb.py +++ b/unicorn_mode/helper_scripts/unicorn_dumper_lldb.py @@ -136,7 +136,7 @@ def overlap_alignments(segments, memory): # https://github.com/llvm-mirror/llvm/blob/master/include/llvm/ADT/Triple.h def get_arch(): - arch, arch_vendor, arch_os = lldb.target.GetTriple().split("-") + arch, arch_vendor, arch_os, *arch_remains = lldb.debugger.GetSelectedTarget().GetTriple().split("-") if arch == "x86_64": return "x64" elif arch == "x86" or arch == "i386": @@ -165,7 +165,7 @@ def dump_arch_info(): def dump_regs(): reg_state = {} - for reg_list in lldb.frame.GetRegisters(): + for reg_list in lldb.debugger.GetSelectedTarget().GetProcess().GetSelectedThread().GetSelectedFrame().GetRegisters(): if "general purpose registers" in reg_list.GetName().lower(): for reg in reg_list: reg_state[reg.GetName()] = int(reg.GetValue(), 16) @@ -180,8 +180,9 @@ def get_section_info(sec): module_name = sec.addr.module.file.GetFilename() module_name = module_name if module_name is not None else "" long_name = module_name + "." + name + load_addr = sec.addr.GetLoadAddress(lldb.debugger.GetSelectedTarget()) - return sec.addr.load_addr, (sec.addr.load_addr + sec.size), sec.size, long_name + return load_addr, (load_addr + sec.size), sec.size, long_name def dump_process_memory(output_dir): @@ -191,7 +192,7 @@ def dump_process_memory(output_dir): # 1st pass: # Loop over the segments, fill in the segment info dictionary - for module in lldb.target.module_iter(): + for module in lldb.debugger.GetSelectedTarget().module_iter(): for seg_ea in module.section_iter(): seg_info = {"module": module.file.GetFilename()} ( @@ -201,8 +202,8 @@ def dump_process_memory(output_dir): seg_info["name"], ) = get_section_info(seg_ea) # TODO: Ugly hack for -1 LONG address on 32-bit - if seg_info["start"] >= sys.maxint or seg_size <= 0: - print "Throwing away page: {}".format(seg_info["name"]) + if seg_info["start"] >= sys.maxsize or seg_size <= 0: + print ("Throwing away page: {}".format(seg_info["name"])) continue # Page-align segment @@ -212,7 +213,7 @@ def dump_process_memory(output_dir): raw_segment_list.append(seg_info) # Add the stack memory region (just hardcode 0x1000 around the current SP) - sp = lldb.frame.GetSP() + sp = lldb.debugger.GetSelectedTarget().GetProcess().GetSelectedThread().GetSelectedFrame().GetSP() start_sp = ALIGN_PAGE_DOWN(sp) raw_segment_list.append( {"start": start_sp, "end": start_sp + 0x1000, "name": "STACK"} @@ -228,7 +229,7 @@ def dump_process_memory(output_dir): start_addr = -1 next_region_addr = 0 while next_region_addr > start_addr: - err = lldb.process.GetMemoryRegionInfo(next_region_addr, mem_info) + err = lldb.debugger.GetSelectedTarget().GetProcess().GetMemoryRegionInfo(next_region_addr, mem_info) # TODO: Should check err.success. If False, what do we do? if not err.success: break @@ -267,7 +268,7 @@ def dump_process_memory(output_dir): region_name = seg_info["name"] # Compress and dump the content to a file err = lldb.SBError() - seg_content = lldb.process.ReadMemory( + seg_content = lldb.debugger.GetSelectedTarget().GetProcess().ReadMemory( start_addr, end_addr - start_addr, err ) if seg_content == None: @@ -340,11 +341,12 @@ def main(): index_file.close() print ("Done.") - except Exception, e: + except Exception as e: print ("!!! ERROR:\n\t{}".format(repr(e))) if __name__ == "__main__": + lldb.debugger = lldb.SBDebugger.Create() main() elif lldb.debugger: main() diff --git a/unicorn_mode/samples/python_simple/simple_test_harness.py b/unicorn_mode/samples/python_simple/simple_test_harness.py index 8758192e..e32cdf81 100644 --- a/unicorn_mode/samples/python_simple/simple_test_harness.py +++ b/unicorn_mode/samples/python_simple/simple_test_harness.py @@ -119,7 +119,7 @@ def main(): binary_code = binary_file.read() binary_file.close() - # Apply constraints to the mutated input + # Assert that the binary size is within limits if len(binary_code) > CODE_SIZE_MAX: print("Binary code is too large (> {} bytes)".format(CODE_SIZE_MAX)) return |