diff options
Diffstat (limited to 'qemu_mode')
| -rw-r--r-- | qemu_mode/QEMUAFL_VERSION | 2 | ||||
| -rw-r--r-- | qemu_mode/README.md | 2 | ||||
| -rwxr-xr-x | qemu_mode/build_qemu_support.sh | 2 | ||||
| -rw-r--r-- | qemu_mode/libcompcov/compcovtest.cc | 163 | ||||
| m--------- | qemu_mode/qemuafl | 0 |
5 files changed, 101 insertions, 68 deletions
diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 8d95c359..0fb33ae2 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -ddc4a9748d +d73b0336b4 diff --git a/qemu_mode/README.md b/qemu_mode/README.md index a14cbe64..4aa2133e 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -141,7 +141,7 @@ To enable it you must pass on the command line of afl-fuzz: ## 9) Wine mode -AFL++ QEMU can use Wine to fuzz WIn32 PE binaries. Use the -W flag of afl-fuzz. +AFL++ QEMU can use Wine to fuzz Win32 PE binaries. Use the -W flag of afl-fuzz. Note that some binaries require user interaction with the GUI and must be patched. diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 38085389..6436d43a 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -360,6 +360,8 @@ if ! command -v "$CROSS" > /dev/null ; then make -C unsigaction && echo "[+] unsigaction ready" echo "[+] Building libqasan ..." make -C libqasan && echo "[+] unsigaction ready" + echo "[+] Building qemu libfuzzer helpers ..." + make -C ../utils/aflpp_driver else echo "[!] Cross compiler $CROSS could not be found, cannot compile libcompcov libqasan and unsigaction" fi diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index d70bba91..3c975e15 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -1,67 +1,98 @@ -///////////////////////////////////////////////////////////////////////// -// -// Author: Mateusz Jurczyk (mjurczyk@google.com) -// -// Copyright 2019-2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -// solution: echo -ne 'The quick brown fox jumps over the lazy -// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest - -#include <cstdint> -#include <cstdio> -#include <cstdlib> -#include <cstring> - -int main() { - - char buffer[44] = {/* zero padding */}; - fread(buffer, 1, sizeof(buffer) - 1, stdin); - - if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || - strncmp(&buffer[20], "jumps over ", 11) != 0 || - strcmp(&buffer[31], "the lazy dog") != 0) { - - return 1; - - } - - uint64_t x = 0; - fread(&x, sizeof(x), 1, stdin); - if (x != 0xCAFEBABECAFEBABE) { return 2; } - - uint32_t y = 0; - fread(&y, sizeof(y), 1, stdin); - if (y != 0xDEADC0DE) { return 3; } - - uint16_t z = 0; - fread(&z, sizeof(z), 1, stdin); - - switch (z) { - - case 0xBEEF: - break; - - default: - return 4; - - } - - printf("Puzzle solved, congrats!\n"); - abort(); - return 0; - -} +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy +// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include "../../include/config.h" + +#include <cstdint> +#include <cstdio> +#include <cstdlib> +#include <cstring> + +int main(int argc, char **argv) { + + char buffer[44] = {/* zero padding */}; + + FILE *file = stdin; + + if (argc > 1) { + + if ((file = fopen(argv[1], "r")) == NULL) { + + perror(argv[1]); + exit(-1); + + } + + } + + fread(buffer, 1, sizeof(buffer) - 1, file); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + + if (argc > 1) { fclose(file); } + return 1; + + } + + uint64_t x = 0; + fread(&x, sizeof(x), 1, file); + if (x != 0xCAFEBABECAFEBABE) { + + if (argc > 1) { fclose(file); } + return 2; + + } + + uint32_t y = 0; + fread(&y, sizeof(y), 1, file); + if (y != 0xDEADC0DE) { + + if (argc > 1) { fclose(file); } + return 3; + + } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, file); + + switch (z) { + + case 0xBEEF: + break; + + default: + if (argc > 1) { fclose(file); } + return 4; + + } + + printf("Puzzle solved, congrats!\n"); + abort(); + + if (argc > 1) { fclose(file); } + + return 0; + +} diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl -Subproject 0fb212daab492411b3e323bc18a3074c1aecfd3 +Subproject d73b0336b451fd034e5f469089fb7ee96c80adf |