summary refs log tree commit diff
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2020-01-26 15:14:23 +0100
committervan Hauser <vh@thc.org>2020-01-26 15:14:23 +0100
commit2d68cb399e42ae4e8a90093968652fbeac5b0060 (patch)
tree04f11b510f0a0b3f417b73b3f01fdabd8a7d343c
parent77f20d8e4d855fa9585e786ad879aeebdb3fb5d0 (diff)
downloadafl-dyninst-2d68cb399e42ae4e8a90093968652fbeac5b0060.tar.gz
better docu and greater dockerfile
-rw-r--r--Dockerfile36
-rw-r--r--README.md41
-rw-r--r--afl-dyninst.cpp4
3 files changed, 58 insertions, 23 deletions
diff --git a/Dockerfile b/Dockerfile
index d28f75b..444e3ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-FROM ubuntu:trusty
-MAINTAINER rjohnson@moflow.org/vh@thc.org
+FROM kalilinux/kali-rolling AS afl-dyninst-base
+MAINTAINER mh@mh-sec.de
 
-# dyninst ubuntu 14.04/x64
-RUN apt-get update && apt-get install -y \
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get upgrade && apt-get install -y \
         build-essential \
         gcc \
         g++ \
@@ -14,33 +14,45 @@ RUN apt-get update && apt-get install -y \
         gzip \
         vim \
         curl \
+        apt-utils \
         libelf-dev \
         libelf1 \
         libiberty-dev \
         libboost-all-dev \
-    && rm -rf /var/lib/apt/lists/*
+        libtbb2 \
+        libtbb-dev \
+    && apt-get -y autoremove && rm -rf /var/lib/apt/lists/*
 
 RUN git clone https://github.com/dyninst/dyninst \
         && cd dyninst && mkdir build && cd build \
         && cmake .. \
         && make \
         && make install \
-        && cd ../..
+        && cd .. ; rm -rf build ; cd ..
 
-RUN curl http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz | tar -zxvf - \
-        && cd afl-* \
-        && make \
+RUN git clone https://github.com/vanhauser-thc/AFLplusplus \
+        && cd AFLplusplus \
+        && make source-only \
         && make install \
+        && make clean \
         && cd ..
 
 RUN git clone https://github.com/vanhauser-thc/afl-dyninst \
         && cd afl-dyninst \
-        && ln -s `ls -d1 ../afl-2* | tail -1` afl \
+        && ln -s ../AFLplusplus afl \
         && make \
         && make install \
+        && make clean \
         && cd .. \
         && echo "/usr/local/lib" > /etc/ld.so.conf.d/dyninst.conf && ldconfig \
         && echo "export DYNINSTAPI_RT_LIB=/usr/local/lib/libdyninstAPI_RT.so" >> .bashrc
 
-# output usage and give a shell 
-CMD afl-dyninst ; /bin/bash -i
+ENV DYNINSTAPI_RT_LIB /usr/local/lib/libdyninstAPI_RT.so
+
+# the afl-dyninst image:
+FROM afl-dyninst-base AS afl-dyninst
+CMD afl-dyninst.sh
+
+# the afl-fuzz-dyninst image (with afl++):
+FROM afl-dyninst-base AS afl-fuzz-dyninst
+CMD afl-fuzz-dyninst.sh
diff --git a/README.md b/README.md
index 8c95f2c..2a2ef14 100644
--- a/README.md
+++ b/README.md
@@ -12,13 +12,31 @@ callback either at _init or at specified entry point.
 
 ## Building / Compiling
 
+### docker
+
+simply run
+```
+docker build .
+```
+which will take ~25 minutes.
+Afterwards you have two docker containers you can run directly.
+
+One for instrumenting binaries:
+```
+docker run afl-dyninst
+```
+And one for fuzzing the instrumented binaries:
+```
+docker run afl-fuzz-dyninst
+```
+
+### on your own
+
 1. Clone, compile and install dyninst: https://github.com/dyninst/dyninst/
 
 Note that you could also use dyninst 9.3.2, but has less platform support and
 quite a few bugs. For using dyninst 9.x you have to edit the Makefile
-Using at least 10.0.1 is highly recommended.
-
-NOTE: You should use at least dyninst 10.0.1 !
+Using at least 10.1.0 is highly recommended!
 
 2. Download and install afl++ from https://github.com/vanhauser-thc/AFLplusplus
 It's an up to date and enhanced version to the original afl with better
@@ -33,18 +51,20 @@ performance, new features and bugfixes.
 
 ### Building dyninst 10
 
-building dyninst10 is a pain. I recommend the following steps:
+Building dyninst10 can be a pain.
+If you are not on debian-testing or kali-rolling, I recommend the following steps:
 1. remove elfutils if installed as a distribution package
-2. download the newest elfutils, make and (!) make install
-3. install libboost-all-dev for your distribution
-4. execute (depending where your libboost is installed, for me its /usr/lib/x86_64-linux-gnu):
+2. install libboost-all-dev for your distribution
+3. execute (depending where your libboost is installed, for me its /usr/lib/x86_64-linux-gnu):
 ```shell
 cd /usr/lib/x86_64-linux-gnu && for i in libboost*.so libboost*.a; do
   n=`echo $i|sed 's/\./-mt./'`
   ln -s $i $n 2> /dev/null
 done
 ```
-5. git clone https://github.com/dyninst/dyninst ; mkdir build ; cd build ; cmake .. ; make ; make install
+4. git clone https://github.com/dyninst/dyninst ; mkdir build ; cd build ; cmake .. ; make ; make install
+If dyninst complains about any missing packages - install them.
+Depending on the age of your Linux OS you can try to use packages from your distro, and install from source otherwise.
 
 
 ## Commandline options
@@ -173,12 +193,15 @@ Dyninst is making big changes to the code, and hence more often than not
 things are not working anymore.
 
 Problem 1: The binary does not work (crashes or hangs)
+
 Solution: increase the -m parameter. -m 8 is the minimum recommended, on some
           targets -m 16 is required etc.
-          You can also try to remove -x performance enhancers.
+          You can also try to remove -x performance enhancers
+
 
 Problem 2: Basically every fuzzing test case is reported as crash although it
            does not when running it from the command line
+
 Solution: This happens if the target is using throw/catch, and dyninst's
           modification result in that the cought exception is not resetted and
           hence abort() is triggered.
diff --git a/afl-dyninst.cpp b/afl-dyninst.cpp
index e5e7ff6..35e55f3 100644
--- a/afl-dyninst.cpp
+++ b/afl-dyninst.cpp
@@ -54,7 +54,7 @@ const char *functions[] = { "main", "_main", "_initproc", "_init", "start", "_st
 const char *instLibrary = "libAflDyninst.so";
 
 static const char *OPT_STR = "fi:o:l:e:E:vs:dr:m:S:Dx";
-static const char *USAGE = "-dfvxD -i <binary> -o <binary> -l <library> -e <address> -E <address> -s <number> -S <funcname> -m <size>\n \
+static const char *USAGE = " -dfvxD -i <binary> -o <binary> -l <library> -e <address> -E <address> -s <number> -S <funcname> -m <size>\n \
   -i: input binary \n \
   -o: output binary\n \
   -d: do not instrument the binary, only supplied libraries\n \
@@ -345,7 +345,7 @@ int main(int argc, char **argv) {
   char *func2patch = NULL;
   int loop;
   
-  cout << "afl-dyninst (c) 2017-2019 by Aleksandar Nikolic and Marc Heuse [https://github.com/vanhauser-thc/afl-dyninst] Apache 2.0 License" << endl;
+  cout << "afl-dyninst (c) 2017-2020 by Aleksandar Nikolic and Marc Heuse [https://github.com/vanhauser-thc/afl-dyninst] Apache 2.0 License" << endl;
 
   if (argc < 3 || strncmp(argv[1], "-h", 2) == 0 || strncmp(argv[1], "--h", 3) == 0) {
     cout << "Usage: " << argv[0] << USAGE;