From fe74c68c4285b949718c41d23d5603fc969dde87 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 18 Dec 2019 12:23:35 +0100
Subject: afl_fuzz unmapping

---
 .../samples/compcov_x64/compcov_test_harness.py    | 27 ++----------------
 unicorn_mode/samples/simple/simple_test_harness.py | 33 ++++------------------
 2 files changed, 8 insertions(+), 52 deletions(-)

(limited to 'unicorn_mode/samples')

diff --git a/unicorn_mode/samples/compcov_x64/compcov_test_harness.py b/unicorn_mode/samples/compcov_x64/compcov_test_harness.py
index 9a5da520..3861f205 100644
--- a/unicorn_mode/samples/compcov_x64/compcov_test_harness.py
+++ b/unicorn_mode/samples/compcov_x64/compcov_test_harness.py
@@ -59,35 +59,17 @@ def unicorn_debug_mem_invalid_access(uc, access, address, size, value, user_data
     else:
         print("        >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size))   
 
-def force_crash(uc_error):
-    # This function should be called to indicate to AFL that a crash occurred during emulation.
-    # Pass in the exception received from Uc.emu_start()
-    mem_errors = [
-        UC_ERR_READ_UNMAPPED, UC_ERR_READ_PROT, UC_ERR_READ_UNALIGNED,
-        UC_ERR_WRITE_UNMAPPED, UC_ERR_WRITE_PROT, UC_ERR_WRITE_UNALIGNED,
-        UC_ERR_FETCH_UNMAPPED, UC_ERR_FETCH_PROT, UC_ERR_FETCH_UNALIGNED,
-    ]
-    if uc_error.errno in mem_errors:
-        # Memory error - throw SIGSEGV
-        os.kill(os.getpid(), signal.SIGSEGV)
-    elif uc_error.errno == UC_ERR_INSN_INVALID:
-        # Invalid instruction - throw SIGILL
-        os.kill(os.getpid(), signal.SIGILL)
-    else:
-        # Not sure what happened - throw SIGABRT
-        os.kill(os.getpid(), signal.SIGABRT)
-
 def main():
 
     parser = argparse.ArgumentParser(description="Test harness for compcov_target.bin")
     parser.add_argument('input_file', type=str, help="Path to the file containing the mutated input to load")
-    parser.add_argument('-d', '--debug', default=False, action="store_true", help="Enables debug tracing")
+    parser.add_argument('-t', '--trace', default=False, action="store_true", help="Enables debug tracing")
     args = parser.parse_args()
 
     # Instantiate a MIPS32 big endian Unicorn Engine instance
     uc = Uc(UC_ARCH_X86, UC_MODE_64)
 
-    if args.debug:
+    if args.trace:
         uc.hook_add(UC_HOOK_BLOCK, unicorn_debug_block)
         uc.hook_add(UC_HOOK_CODE, unicorn_debug_instruction)
         uc.hook_add(UC_HOOK_MEM_WRITE | UC_HOOK_MEM_READ, unicorn_debug_mem_access)
@@ -132,11 +114,6 @@ def main():
         """
         Callback that loads the mutated input into memory.
         """
-        # Load the mutated input from disk
-        input_file = open(args.input_file, 'rb')
-        input = input_file.read()
-        input_file.close()
-
         # Apply constraints to the mutated input
         if len(input) > DATA_SIZE_MAX:
             return
diff --git a/unicorn_mode/samples/simple/simple_test_harness.py b/unicorn_mode/samples/simple/simple_test_harness.py
index d85ec9f5..c05306ea 100644
--- a/unicorn_mode/samples/simple/simple_test_harness.py
+++ b/unicorn_mode/samples/simple/simple_test_harness.py
@@ -5,8 +5,8 @@
    This loads the simple_target.bin binary (precompiled as MIPS code) into
    Unicorn's memory map for emulation, places the specified input into
    simple_target's buffer (hardcoded to be at 0x300000), and executes 'main()'.
-   If any crashes occur during emulation, this script throws a matching signal
-   to tell AFL that a crash occurred.
+   If any crashes occur during emulation, unicornafl will 
+   tell AFL that a crash occurred.
 
    Run under AFL as follows:
 
@@ -59,35 +59,17 @@ def unicorn_debug_mem_invalid_access(uc, access, address, size, value, user_data
     else:
         print("        >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size))   
 
-def force_crash(uc_error):
-    # This function should be called to indicate to AFL that a crash occurred during emulation.
-    # Pass in the exception received from Uc.emu_start()
-    mem_errors = [
-        UC_ERR_READ_UNMAPPED, UC_ERR_READ_PROT, UC_ERR_READ_UNALIGNED,
-        UC_ERR_WRITE_UNMAPPED, UC_ERR_WRITE_PROT, UC_ERR_WRITE_UNALIGNED,
-        UC_ERR_FETCH_UNMAPPED, UC_ERR_FETCH_PROT, UC_ERR_FETCH_UNALIGNED,
-    ]
-    if uc_error.errno in mem_errors:
-        # Memory error - throw SIGSEGV
-        os.kill(os.getpid(), signal.SIGSEGV)
-    elif uc_error.errno == UC_ERR_INSN_INVALID:
-        # Invalid instruction - throw SIGILL
-        os.kill(os.getpid(), signal.SIGILL)
-    else:
-        # Not sure what happened - throw SIGABRT
-        os.kill(os.getpid(), signal.SIGABRT)
-
 def main():
 
     parser = argparse.ArgumentParser(description="Test harness for simple_target.bin")
     parser.add_argument('input_file', type=str, help="Path to the file containing the mutated input to load")
-    parser.add_argument('-d', '--debug', default=False, action="store_true", help="Enables debug tracing")
+    parser.add_argument('-t', '--trace', default=False, action="store_true", help="Enables debug tracing")
     args = parser.parse_args()
 
     # Instantiate a MIPS32 big endian Unicorn Engine instance
     uc = Uc(UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN)
 
-    if args.debug:
+    if args.trace:
         uc.hook_add(UC_HOOK_BLOCK, unicorn_debug_block)
         uc.hook_add(UC_HOOK_CODE, unicorn_debug_instruction)
         uc.hook_add(UC_HOOK_MEM_WRITE | UC_HOOK_MEM_READ, unicorn_debug_mem_access)
@@ -120,6 +102,8 @@ def main():
 
     uc.mem_map(STACK_ADDRESS, STACK_SIZE)
     uc.reg_write(UC_MIPS_REG_SP, STACK_ADDRESS + STACK_SIZE)
+    
+    print(STACK_ADDRESS + STACK_SIZE)
 
     # reserve some space for data
     uc.mem_map(DATA_ADDRESS, DATA_SIZE_MAX)
@@ -129,11 +113,6 @@ def main():
     # We did not pass in any data and don't use persistent mode, so we can ignore these params.
     # Be sure to check out the docstrings for the uc.afl_* functions.
     def place_input_callback(uc, input, persistent_round, data):
-        # Load the mutated input from disk
-        input_file = open(args.input_file, 'rb')
-        input = input_file.read()
-        input_file.close()
-
         # Apply constraints to the mutated input
         if len(input) > DATA_SIZE_MAX:
             #print("Test input is too long (> {} bytes)")
-- 
cgit 1.4.1


From c283487d94c8e17e8282c3e9476f99698bdcc686 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 18 Dec 2019 13:49:36 +0100
Subject: removed debug print

---
 unicorn_mode/samples/simple/simple_test_harness.py | 2 --
 1 file changed, 2 deletions(-)

(limited to 'unicorn_mode/samples')

diff --git a/unicorn_mode/samples/simple/simple_test_harness.py b/unicorn_mode/samples/simple/simple_test_harness.py
index c05306ea..f4002ca8 100644
--- a/unicorn_mode/samples/simple/simple_test_harness.py
+++ b/unicorn_mode/samples/simple/simple_test_harness.py
@@ -102,8 +102,6 @@ def main():
 
     uc.mem_map(STACK_ADDRESS, STACK_SIZE)
     uc.reg_write(UC_MIPS_REG_SP, STACK_ADDRESS + STACK_SIZE)
-    
-    print(STACK_ADDRESS + STACK_SIZE)
 
     # reserve some space for data
     uc.mem_map(DATA_ADDRESS, DATA_SIZE_MAX)
-- 
cgit 1.4.1