blob: cbf3725310da623fe509703a8880ad207a7b1316 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#!/bin/sh
# Patcher
# Copyright (C) 2024 Nguy?n Gia Phong
#
# This file is part of taosc.
#
# Taosc is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Taosc is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with taosc. If not, see <https://www.gnu.org/licenses/>.
set -e
if test $# -ne 3
then
echo Usage: taosc-fix binary instruction-address working-directory
exit 1
fi
binary="$(realpath $1)"
address="$2"
wd="$(realpath $3)"
pushd DATA_DIR > /dev/null
trap 'popd > /dev/null' EXIT
collect="$wd/$(basename $binary).collect"
e9tool -M addr=$address -P 'log(state)@collect' -o "$collect.orig" "$binary"
afl-dyninst -i "$collect.orig" -o "$collect"
patched="$wd/$(basename $binary).patched"
e9tool -M addr=$address -P 'if dest(state)@patch goto' -o "$patched" "$binary"
taosc-scout "$binary" "$address" > "$wd/destinations"
#for dest in $(taosc-slice "$binary" "$address")
#do
# for dest in $(taosc-slice "$binary" "$address")
# do
# TAOSC_PREDICATE="<v15p0" TAOSC_DESTINATION=$dest $patched\
# -d /home/cnx/Sauces/apr/vulnfix/data/binutils/cve_2017_14745/exploit
# done
#done
|
