diff options
Diffstat (limited to 'src/afl-tmin.c')
| -rw-r--r-- | src/afl-tmin.c | 88 |
1 files changed, 22 insertions, 66 deletions
diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 8308d98d..fa9769b1 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -70,7 +70,6 @@ static u8* mask_bitmap; /* Mask for trace bits (-B) */ u8 *in_file, /* Minimizer input test case */ *output_file, /* Minimizer output file */ *out_file, /* Targeted program input file */ - *target_path, /* Path to target binary */ *doc_path; /* Path to docs */ s32 out_fd; /* Persistent fd for out_file */ @@ -934,7 +933,8 @@ static void usage(u8* argv0) { " -t msec - timeout for each run (%d ms)\n" " -m megs - memory limit for child process (%d MB)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" - " -U - use Unicorn-based instrumentation (Unicorn mode)\n\n" + " -U - use unicorn-based instrumentation (Unicorn mode)\n" + " -W - use qemu-based instrumentation with Wine (Wine mode)\n\n" " (Not necessary, here for consistency with other afl-* " "tools)\n\n" @@ -1006,65 +1006,6 @@ static void find_binary(u8* fname) { } -/* Fix up argv for QEMU. */ - -static char** get_qemu_argv(u8* own_loc, char** argv, int argc) { - - char** new_argv = ck_alloc(sizeof(char*) * (argc + 4)); - u8 * tmp, *cp, *rsl, *own_copy; - - memcpy(new_argv + 3, argv + 1, sizeof(char*) * argc); - - /* Now we need to actually find qemu for argv[0]. */ - - new_argv[2] = target_path; - new_argv[1] = "--"; - - tmp = getenv("AFL_PATH"); - - if (tmp) { - - cp = alloc_printf("%s/afl-qemu-trace", tmp); - - if (access(cp, X_OK)) FATAL("Unable to find '%s'", tmp); - - target_path = new_argv[0] = cp; - return new_argv; - - } - - own_copy = ck_strdup(own_loc); - rsl = strrchr(own_copy, '/'); - - if (rsl) { - - *rsl = 0; - - cp = alloc_printf("%s/afl-qemu-trace", own_copy); - ck_free(own_copy); - - if (!access(cp, X_OK)) { - - target_path = new_argv[0] = cp; - return new_argv; - - } - - } else - - ck_free(own_copy); - - if (!access(BIN_PATH "/afl-qemu-trace", X_OK)) { - - target_path = new_argv[0] = BIN_PATH "/afl-qemu-trace"; - return new_argv; - - } - - FATAL("Unable to find 'afl-qemu-trace'."); - -} - /* Read mask bitmap from file. This is for the -B option. */ static void read_bitmap(u8* fname) { @@ -1084,14 +1025,14 @@ static void read_bitmap(u8* fname) { int main(int argc, char** argv) { s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0; + u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0, use_wine = 0; char** use_argv; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; SAYF(cCYA "afl-tmin" VERSION cRST " by <lcamtuf@google.com>\n"); - while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeQUh")) > 0) + while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeQUWh")) > 0) switch (opt) { @@ -1192,6 +1133,16 @@ int main(int argc, char** argv) { unicorn_mode = 1; break; + case 'W': /* Wine+QEMU mode */ + + if (use_wine) FATAL("Multiple -W options not supported"); + qemu_mode = 1; + use_wine = 1; + + if (!mem_limit_given) mem_limit = 0; + + break; + case 'B': /* load bitmap */ /* This is a secret undocumented option! It is speculated to be useful @@ -1232,9 +1183,14 @@ int main(int argc, char** argv) { find_binary(argv[optind]); detect_file_args(argv + optind, out_file); - if (qemu_mode) - use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind); - else + if (qemu_mode) { + + if (use_wine) + use_argv = get_wine_argv(argv[0], argv + optind, argc - optind); + else + use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind); + + } else use_argv = argv + optind; exact_mode = !!getenv("AFL_TMIN_EXACT"); |