From 511237ce9ee31128a748a49315485eb75de688b0 Mon Sep 17 00:00:00 2001
From: Toka <tokazerkje@outlook.com>
Date: Sun, 15 Aug 2021 06:04:13 +0900
Subject: [PATCH] Windows dependency update (#261)

* win018

* fuzzer fmt

* reorder

* comment

* does
---
 fuzzers/baby_fuzzer/src/main.rs           | 15 ++++++++++++++-
 libafl/Cargo.toml                         |  4 ++--
 libafl/build.rs                           | 11 ++++++-----
 libafl/src/bolts/os/windows_exceptions.rs | 11 +++++++----
 libafl/src/bolts/shmem.rs                 | 15 +++++++--------
 libafl/src/executors/inprocess.rs         |  6 +++---
 6 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/fuzzers/baby_fuzzer/src/main.rs b/fuzzers/baby_fuzzer/src/main.rs
index d2f0ffac8f..8a70554920 100644
--- a/fuzzers/baby_fuzzer/src/main.rs
+++ b/fuzzers/baby_fuzzer/src/main.rs
@@ -1,5 +1,8 @@
 use std::path::PathBuf;
 
+#[cfg(windows)]
+use std::ptr::write_volatile;
+
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
     corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
@@ -36,7 +39,17 @@ pub fn main() {
             if buf.len() > 1 && buf[1] == b'b' {
                 signals_set(2);
                 if buf.len() > 2 && buf[2] == b'c' {
-                    panic!("=)");
+                    unsafe {
+                        #[cfg(unix)]
+                        panic!("=(");
+
+                        // panic!() raises a STATUS_STACK_BUFFER_OVERRUN exception which cannot be caught by the exception handler.
+                        // Here we make it raise STATUS_ACCESS_VIOLATION instead.
+                        // Extending the windows exception handler is a TODO. Maybe we can refer to what winafl code does.
+                        // https://github.com/googleprojectzero/winafl/blob/ea5f6b85572980bb2cf636910f622f36906940aa/winafl.c#L728
+                        #[cfg(windows)]
+                        write_volatile(0 as *mut u32, 0);
+                    }
                 }
             }
         }
diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml
index 8ceb645cd8..bb79c57b6d 100644
--- a/libafl/Cargo.toml
+++ b/libafl/Cargo.toml
@@ -96,8 +96,8 @@ lock_api = "0.4.3"
 regex = "1.4.5"
 
 [target.'cfg(windows)'.dependencies]
-windows = "0.4.0"
+windows = "0.18.0"
 uuid = { version = "0.8", features = ["v4"] }
 
 [target.'cfg(windows)'.build-dependencies]
-windows = "0.4.0"
+windows = "0.18.0"
diff --git a/libafl/build.rs b/libafl/build.rs
index 8baee9213b..ce038b7cf1 100644
--- a/libafl/build.rs
+++ b/libafl/build.rs
@@ -7,11 +7,12 @@ fn main() {
     #[cfg(target_os = "windows")]
     #[allow(clippy::ptr_arg, clippy::upper_case_acronyms)]
     windows::build!(
-        windows::win32::system_services::{HANDLE, BOOL, PAGE_TYPE, PSTR, ExitProcess},
-        windows::win32::windows_programming::CloseHandle,
-        // API needed for the shared memory
-        windows::win32::system_services::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile},
-        windows::win32::debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER}
+        Windows::Win32::Foundation::{HANDLE, BOOL, PSTR, CloseHandle, NTSTATUS},
+        Windows::Win32::System::{
+            Memory::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile, FILE_MAP, PAGE_TYPE},
+            Diagnostics::Debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER},
+            Threading::ExitProcess,
+        }
     );
 
     // Set cfg flags depending on release channel
diff --git a/libafl/src/bolts/os/windows_exceptions.rs b/libafl/src/bolts/os/windows_exceptions.rs
index f50e8e0564..4187a669f4 100644
--- a/libafl/src/bolts/os/windows_exceptions.rs
+++ b/libafl/src/bolts/os/windows_exceptions.rs
@@ -1,8 +1,11 @@
 //! Exception handling for Windows
 
-pub use crate::bolts::bindings::windows::win32::debug::{
+pub use crate::bolts::bindings::Windows::Win32::System::Diagnostics::Debug::{
     SetUnhandledExceptionFilter, EXCEPTION_POINTERS,
 };
+
+pub use crate::bolts::bindings::Windows::Win32::Foundation::NTSTATUS;
+
 use crate::Error;
 use std::os::raw::{c_long, c_void};
 
@@ -315,11 +318,11 @@ unsafe extern "system" fn handle_exception(exception_pointers: *mut EXCEPTION_PO
     let code = exception_pointers
         .as_mut()
         .unwrap()
-        .exception_record
+        .ExceptionRecord
         .as_mut()
         .unwrap()
-        .exception_code;
-    let exception_code = ExceptionCode::try_from(code).unwrap();
+        .ExceptionCode;
+    let exception_code = ExceptionCode::try_from(code.0).unwrap();
     // println!("Received {}", exception_code);
     let ret = internal_handle_exception(exception_code, exception_pointers);
     if let Some(prev_handler) = PREVIOUS_HANDLER {
diff --git a/libafl/src/bolts/shmem.rs b/libafl/src/bolts/shmem.rs
index 691d8339a0..c1e635bf5f 100644
--- a/libafl/src/bolts/shmem.rs
+++ b/libafl/src/bolts/shmem.rs
@@ -1061,11 +1061,11 @@ pub mod win32_shmem {
     use crate::{
         bolts::{
             bindings::{
-                windows::win32::system_services::{
-                    CreateFileMappingA, MapViewOfFile, OpenFileMappingA, UnmapViewOfFile,
+                Windows::Win32::Foundation::{CloseHandle, BOOL, HANDLE, PSTR},
+                Windows::Win32::System::Memory::{
+                    CreateFileMappingA, MapViewOfFile, OpenFileMappingA, UnmapViewOfFile, FILE_MAP,
+                    FILE_MAP_ALL_ACCESS, PAGE_READWRITE,
                 },
-                windows::win32::system_services::{BOOL, HANDLE, PAGE_TYPE, PSTR},
-                windows::win32::windows_programming::CloseHandle,
             },
             shmem::{ShMem, ShMemId, ShMemProvider},
         },
@@ -1077,7 +1077,6 @@ pub mod win32_shmem {
     use uuid::Uuid;
 
     const INVALID_HANDLE_VALUE: isize = -1;
-    const FILE_MAP_ALL_ACCESS: u32 = 0xf001f;
 
     /// The default Sharedmap impl for windows using shmctl & shmget
     #[derive(Clone, Debug)]
@@ -1098,7 +1097,7 @@ pub mod win32_shmem {
                 let handle = CreateFileMappingA(
                     HANDLE(INVALID_HANDLE_VALUE),
                     ptr::null_mut(),
-                    PAGE_TYPE::PAGE_READWRITE,
+                    PAGE_READWRITE,
                     0,
                     map_size as u32,
                     PSTR(map_str_bytes.as_mut_ptr()),
@@ -1129,9 +1128,9 @@ pub mod win32_shmem {
         fn from_id_and_size(id: ShMemId, map_size: usize) -> Result<Self, Error> {
             unsafe {
                 let map_str_bytes = id.id;
-
+                // Unlike MapViewOfFile this one needs u32
                 let handle = OpenFileMappingA(
-                    FILE_MAP_ALL_ACCESS,
+                    FILE_MAP_ALL_ACCESS.0,
                     BOOL(0),
                     PSTR(&map_str_bytes as *const u8 as *mut u8),
                 );
diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs
index 8b34d0a972..5b22f9aca5 100644
--- a/libafl/src/executors/inprocess.rs
+++ b/libafl/src/executors/inprocess.rs
@@ -563,7 +563,7 @@ mod windows_exception_handler {
 
     use crate::{
         bolts::{
-            bindings::windows::win32::system_services::ExitProcess,
+            bindings::Windows::Win32::System::Threading::ExitProcess,
             os::windows_exceptions::{
                 ExceptionCode, Handler, CRASH_EXCEPTIONS, EXCEPTION_POINTERS,
             },
@@ -680,10 +680,10 @@ mod windows_exception_handler {
                 let crash_addr = exception_pointers
                     .as_mut()
                     .unwrap()
-                    .exception_record
+                    .ExceptionRecord
                     .as_mut()
                     .unwrap()
-                    .exception_address as usize;
+                    .ExceptionAddress as usize;
 
                 println!(
                 "We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.",