about summary refs log tree commit diff
path: root/unicorn_mode
diff options
context:
space:
mode:
Diffstat (limited to 'unicorn_mode')
-rw-r--r--unicorn_mode/UNICORNAFL_VERSION2
-rwxr-xr-xunicorn_mode/build_unicorn_support.sh4
-rw-r--r--unicorn_mode/samples/c/harness.c2
-rw-r--r--unicorn_mode/samples/compcov_x64/compcov_test_harness.py12
-rw-r--r--unicorn_mode/samples/persistent/Makefile4
-rw-r--r--unicorn_mode/samples/persistent/harness.c42
m---------unicorn_mode/unicornafl0
7 files changed, 38 insertions, 28 deletions
diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION
index bb3959ea..e0ef19cd 100644
--- a/unicorn_mode/UNICORNAFL_VERSION
+++ b/unicorn_mode/UNICORNAFL_VERSION
@@ -1 +1 @@
-5833117
+a6e943c
diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh
index 79a5a4a9..841728d7 100755
--- a/unicorn_mode/build_unicorn_support.sh
+++ b/unicorn_mode/build_unicorn_support.sh
@@ -198,11 +198,11 @@ echo "[*] Unicornafl bindings installed successfully."
 # Compile the sample, run it, verify that it works!
 echo "[*] Testing unicornafl python functionality by running a sample test harness"
 
-cd ../samples/simple || exit 1
+cd ../samples/simple || echo "Cannot cd"
 
 # Run afl-showmap on the sample application. If anything comes out then it must have worked!
 unset AFL_INST_RATIO
-echo 0 | ../../../afl-showmap -U -m none -t 2000 -q -o ./.test-instr0 -- $PYTHONBIN ./simple_test_harness.py ./sample_inputs/sample1.bin || exit 1
+echo 0 | ../../../afl-showmap -U -m none -t 2000 -q -o ./.test-instr0 -- $PYTHONBIN ./simple_test_harness.py ./sample_inputs/sample1.bin || echo "Showmap"
 
 if [ -s ./.test-instr0 ]
 then
diff --git a/unicorn_mode/samples/c/harness.c b/unicorn_mode/samples/c/harness.c
index 18c59c3f..4bda6e2d 100644
--- a/unicorn_mode/samples/c/harness.c
+++ b/unicorn_mode/samples/c/harness.c
@@ -184,7 +184,7 @@ int main(int argc, char **argv, char **envp) {
 
     // Map memory.
     mem_map_checked(uc, BASE_ADDRESS, len, UC_PROT_ALL);
-    printf("Len: %lx", len);
+    printf("Len: %lx\n", len);
     fflush(stdout);
 
     // write machine code to be emulated to memory
diff --git a/unicorn_mode/samples/compcov_x64/compcov_test_harness.py b/unicorn_mode/samples/compcov_x64/compcov_test_harness.py
index 3861f205..b9ebb61d 100644
--- a/unicorn_mode/samples/compcov_x64/compcov_test_harness.py
+++ b/unicorn_mode/samples/compcov_x64/compcov_test_harness.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-""" 
+"""
    Simple test harness for AFL's Unicorn Mode.
 
    This loads the compcov_target.bin binary (precompiled as MIPS code) into
@@ -11,7 +11,7 @@
    Run under AFL as follows:
 
    $ cd <afl_path>/unicorn_mode/samples/simple/
-   $ ../../../afl-fuzz -U -m none -i ./sample_inputs -o ./output -- python compcov_test_harness.py @@ 
+   $ AFL_COMPCOV_LEVEL=2 ../../../afl-fuzz -U -m none -i ./sample_inputs -o ./output -- python compcov_test_harness.py @@
 """
 
 import argparse
@@ -42,22 +42,22 @@ try:
             print("    Instr: {:#016x}:\t{}\t{}".format(address, cs_mnemonic, cs_opstr))
 except ImportError:
     def unicorn_debug_instruction(uc, address, size, user_data):
-        print("    Instr: addr=0x{0:016x}, size=0x{1:016x}".format(address, size))    
+        print("    Instr: addr=0x{0:016x}, size=0x{1:016x}".format(address, size))
 
 def unicorn_debug_block(uc, address, size, user_data):
     print("Basic Block: addr=0x{0:016x}, size=0x{1:016x}".format(address, size))
-    
+
 def unicorn_debug_mem_access(uc, access, address, size, value, user_data):
     if access == UC_MEM_WRITE:
         print("        >>> Write: addr=0x{0:016x} size={1} data=0x{2:016x}".format(address, size, value))
     else:
-        print("        >>> Read: addr=0x{0:016x} size={1}".format(address, size))    
+        print("        >>> Read: addr=0x{0:016x} size={1}".format(address, size))
 
 def unicorn_debug_mem_invalid_access(uc, access, address, size, value, user_data):
     if access == UC_MEM_WRITE_UNMAPPED:
         print("        >>> INVALID Write: addr=0x{0:016x} size={1} data=0x{2:016x}".format(address, size, value))
     else:
-        print("        >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size))   
+        print("        >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size))
 
 def main():
 
diff --git a/unicorn_mode/samples/persistent/Makefile b/unicorn_mode/samples/persistent/Makefile
index 9596facc..80a47550 100644
--- a/unicorn_mode/samples/persistent/Makefile
+++ b/unicorn_mode/samples/persistent/Makefile
@@ -38,13 +38,13 @@ harness.o: harness.c ../../unicornafl/include/unicorn/*.h
 	${MYCC} ${CFLAGS} -O3 -c harness.c
 
 harness-debug.o: harness.c ../../unicornafl/include/unicorn/*.h
-	${MYCC} ${CFLAGS} -g -c harness.c -o $@
+	${MYCC} ${CFLAGS} -DAFL_DEBUG=1 -g -c harness.c -o $@
 
 harness: harness.o
 	${MYCC} -L${LIBDIR} harness.o ../../unicornafl/libunicornafl.a $(LDFLAGS) -o $@
 
 debug: harness-debug.o
-	${MYCC} -L${LIBDIR} harness.o ../../unicornafl/libunicornafl.a $(LDFLAGS) -o harness-debug
+	${MYCC} -L${LIBDIR} harness-debug.o ../../unicornafl/libunicornafl.a $(LDFLAGS) -o harness-debug
 
 fuzz: harness
 	../../../afl-fuzz -m none -i sample_inputs -o out -- ./harness @@
diff --git a/unicorn_mode/samples/persistent/harness.c b/unicorn_mode/samples/persistent/harness.c
index 3d379f46..30013b4c 100644
--- a/unicorn_mode/samples/persistent/harness.c
+++ b/unicorn_mode/samples/persistent/harness.c
@@ -68,7 +68,7 @@ static void hook_code(uc_engine *uc, uint64_t address, uint32_t size, void *user
 
 /*
 The sample uses strlen, since we don't have a loader or libc, we'll fake it.
-We know the strlen will return the lenght of argv[1] that we just planted.
+We know the strlen will return the length of argv[1] that we just planted.
 It will be a lot faster than an actual strlen for this specific purpose.
 */
 static void hook_strlen(uc_engine *uc, uint64_t address, uint32_t size, void *user_data) {
@@ -86,7 +86,7 @@ static void hook_strlen(uc_engine *uc, uint64_t address, uint32_t size, void *us
 static uint64_t pad(uint64_t size) {
     if (size % ALIGNMENT == 0) return size;
     return ((size / ALIGNMENT) + 1) * ALIGNMENT;
-} 
+}
 
 /* returns the filesize in bytes, -1 or error. */
 static off_t afl_mmap_file(char *filename, char **buf_ptr) {
@@ -100,9 +100,9 @@ static off_t afl_mmap_file(char *filename, char **buf_ptr) {
 
     off_t in_len = st.st_size;
     if (in_len == -1) {
-	/* This can only ever happen on 32 bit if the file is exactly 4gb. */
-	fprintf(stderr, "Filesize of %s too large\n", filename);
-	goto exit;
+    /* This can only ever happen on 32 bit if the file is exactly 4gb. */
+    fprintf(stderr, "Filesize of %s too large\n", filename);
+    goto exit;
     }
 
     *buf_ptr = mmap(0, in_len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
@@ -117,10 +117,10 @@ exit:
 
 /* Place the input at the right spot inside unicorn */
 static bool place_input_callback(
-    uc_engine *uc, 
-    char *input, 
-    size_t input_len, 
-    uint32_t persistent_round, 
+    uc_engine *uc,
+    char *input,
+    size_t input_len,
+    uint32_t persistent_round,
     void *data
 ){
     // printf("Placing input with len %ld to %x\n", input_len, DATA_ADDRESS);
@@ -129,12 +129,22 @@ static bool place_input_callback(
         return false;
     }
 
+#if defined(AFL_DEBUG)
+    printf("[d] harness: input len=%ld, [ ", input_len);
+    int i = 0;
+    for (i = 0; i < input_len && i < 16; i++) {
+        printf("0x%02x ", (unsigned char) input[i]);
+    }
+    if (input_len > 16) printf("... ");
+    printf("]\n");
+#endif
+
     // For persistent mode, we have to set up stack and memory each time.
     uc_reg_write(uc, UC_X86_REG_RIP, &CODE_ADDRESS); // Set the instruction pointer back
     // Set up the function parameters accordingly RSI, RDI (see calling convention/disassembly)
     uc_reg_write(uc, UC_X86_REG_RSI, &INPUT_LOCATION); // argv
     uc_reg_write(uc, UC_X86_REG_RDI, &EMULATED_ARGC);  // argc == 2
-   
+
     // We need a valid c string, make sure it never goes out of bounds.
     input[input_len-1] = '\0';
     // Write the testcase to unicorn.
@@ -188,13 +198,13 @@ int main(int argc, char **argv, char **envp) {
         return -2;
     }
     if (len == 0) {
-	fprintf(stderr, "File at '%s' is empty\n", BINARY_FILE);
-	return -3;
+    fprintf(stderr, "File at '%s' is empty\n", BINARY_FILE);
+    return -3;
     }
 
     // Map memory.
     mem_map_checked(uc, BASE_ADDRESS, len, UC_PROT_ALL);
-    printf("Len: %lx", len);
+    printf("Len: %lx\n", len);
     fflush(stdout);
 
     // write machine code to be emulated to memory
@@ -209,7 +219,7 @@ int main(int argc, char **argv, char **envp) {
     uint64_t start_address = CODE_ADDRESS;      // address of entry point of main()
     uint64_t end_address = END_ADDRESS; // Address of last instruction in main()
     uc_reg_write(uc, UC_X86_REG_RIP, &start_address); // address of entry point of main()
-    
+
     // Setup the Stack
     mem_map_checked(uc, STACK_ADDRESS - STACK_SIZE, STACK_SIZE, UC_PROT_READ | UC_PROT_WRITE);
     uint64_t stack_val = STACK_ADDRESS;
@@ -219,7 +229,7 @@ int main(int argc, char **argv, char **envp) {
     // reserve some space for our input data
     mem_map_checked(uc, INPUT_LOCATION, INPUT_SIZE_MAX, UC_PROT_READ);
 
-    // build a "dummy" argv with lenth 2 at 0x10000: 
+    // build a "dummy" argv with length 2 at 0x10000:
     // 0x10000 argv[0]  NULL
     // 0x10008 argv[1]  (char *)0x10016 --. points to the next offset.
     // 0x10016 argv[1][0], ...          <-^ contains the acutal input data. (INPUT_LOCATION + INPUT_OFFSET)
@@ -264,6 +274,6 @@ int main(int argc, char **argv, char **envp) {
             break;
         default:
             break;
-    } 
+    }
     return 0;
 }
diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl
-Subproject 5833117abf55d54c4191ead81312764df03a48b
+Subproject a6e943c683ecb3aba1baaddc7a02eefd2c5a5ad