#!/bin/sh # Executable patcher # Copyright (C) 2024-2025 Nguyễn Gia Phong # # This file is part of taosc. # # Taosc is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Taosc is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with taosc. If not, see . set -ex if test $# -lt 3 then echo Usage: taosc-fix binary address workdir option... exit 1 fi binary="$(realpath $1)" address="$2" wd="$(realpath $3)" bin="$wd/$(basename $binary)" opts="${@:4}" afl-dyninst -x "$binary" "$bin.fuzzee" pushd DATA_DIR > /dev/null trap 'popd > /dev/null' EXIT e9tool -M addr=$address -P 'log(state)@collect'\ -o "$bin.collect" "$binary" e9tool -M addr=$address -P 'if dest(state)@patch goto'\ -o "$bin.patched" "$binary" install -Dm 644 DATA_DIR/collection "$wd/vars/list" # TODO: augment number of executions afl-dyninst-env afl-fuzz -i "$wd/fuzz/exploits" -o "$wd/fuzz/crashes"\ -CE 10000 -- "$bin.fuzzee" $opts @@ install -d "$wd/vars/neg" find "$wd/fuzz/crashes/default/crashes" -name id:* | parallel\ TAOSC_OUTPUT="$wd/vars/neg/"'$(basename {})' "$bin.collect" $opts {} || true taosc-synth "$wd/vars" > "$wd/predicates" taosc-scout "$binary" "$address" > "$wd/destinations" # vim: filetype=sh.m4