SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Windows dependency update (#261)

Browse Source 
* win018

* fuzzer fmt

* reorder

* comment

* does
This commit is contained in:
Toka 2021-08-15 06:04:13 +09:00 committed by GitHub
parent 1418e836a0
commit 511237ce9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fuzzers/baby_fuzzer/src/main.rs
View File

@ -1,5 +1,8 @@
use std::path::PathBuf; use std::path::PathBuf;
#[cfg(windows)]
use std::ptr::write_volatile;
use libafl::{ use libafl::{
bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
@ -36,7 +39,17 @@ pub fn main() {
if buf.len() > 1 && buf[1] == b'b' { if buf.len() > 1 && buf[1] == b'b' {
signals_set(2); signals_set(2);
if buf.len() > 2 && buf[2] == b'c' { if buf.len() > 2 && buf[2] == b'c' {
panic!("=)"); unsafe {
#[cfg(unix)]
panic!("=(");
// panic!() raises a STATUS_STACK_BUFFER_OVERRUN exception which cannot be caught by the exception handler.
// Here we make it raise STATUS_ACCESS_VIOLATION instead.
// Extending the windows exception handler is a TODO. Maybe we can refer to what winafl code does.
// https://github.com/googleprojectzero/winafl/blob/ea5f6b85572980bb2cf636910f622f36906940aa/winafl.c#L728
#[cfg(windows)]
write_volatile(0 as *mut u32, 0);
}
} }
} }
} }

4
libafl/Cargo.toml
View File

@ -96,8 +96,8 @@ lock_api = "0.4.3"
regex = "1.4.5" regex = "1.4.5"
[target.'cfg(windows)'.dependencies] [target.'cfg(windows)'.dependencies]
windows = "0.4.0" windows = "0.18.0"
uuid = { version = "0.8", features = ["v4"] } uuid = { version = "0.8", features = ["v4"] }
[target.'cfg(windows)'.build-dependencies] [target.'cfg(windows)'.build-dependencies]
windows = "0.4.0" windows = "0.18.0"

11
libafl/build.rs
View File

@ -7,11 +7,12 @@ fn main() {
#[cfg(target_os = "windows")] #[cfg(target_os = "windows")]
#[allow(clippy::ptr_arg, clippy::upper_case_acronyms)] #[allow(clippy::ptr_arg, clippy::upper_case_acronyms)]
windows::build!( windows::build!(
windows::win32::system_services::{HANDLE, BOOL, PAGE_TYPE, PSTR, ExitProcess}, Windows::Win32::Foundation::{HANDLE, BOOL, PSTR, CloseHandle, NTSTATUS},
windows::win32::windows_programming::CloseHandle, Windows::Win32::System::{
// API needed for the shared memory Memory::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile, FILE_MAP, PAGE_TYPE},
windows::win32::system_services::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile}, Diagnostics::Debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER},
windows::win32::debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER} Threading::ExitProcess,
}
); );
// Set cfg flags depending on release channel // Set cfg flags depending on release channel

11
libafl/src/bolts/os/windows_exceptions.rs
View File

@ -1,8 +1,11 @@
//! Exception handling for Windows //! Exception handling for Windows
pub use crate::bolts::bindings::windows::win32::debug::{ pub use crate::bolts::bindings::Windows::Win32::System::Diagnostics::Debug::{
SetUnhandledExceptionFilter, EXCEPTION_POINTERS, SetUnhandledExceptionFilter, EXCEPTION_POINTERS,
}; };
pub use crate::bolts::bindings::Windows::Win32::Foundation::NTSTATUS;
use crate::Error; use crate::Error;
use std::os::raw::{c_long, c_void}; use std::os::raw::{c_long, c_void};
@ -315,11 +318,11 @@ unsafe extern "system" fn handle_exception(exception_pointers: *mut EXCEPTION_PO
let code = exception_pointers let code = exception_pointers
.as_mut() .as_mut()
.unwrap() .unwrap()
.exception_record .ExceptionRecord
.as_mut() .as_mut()
.unwrap() .unwrap()
.exception_code; .ExceptionCode;
let exception_code = ExceptionCode::try_from(code).unwrap(); let exception_code = ExceptionCode::try_from(code.0).unwrap();
// println!("Received {}", exception_code); // println!("Received {}", exception_code);
let ret = internal_handle_exception(exception_code, exception_pointers); let ret = internal_handle_exception(exception_code, exception_pointers);
if let Some(prev_handler) = PREVIOUS_HANDLER { if let Some(prev_handler) = PREVIOUS_HANDLER {

15
libafl/src/bolts/shmem.rs
View File

@ -1061,11 +1061,11 @@ pub mod win32_shmem {
use crate::{ use crate::{
bolts::{ bolts::{
bindings::{ bindings::{
windows::win32::system_services::{ Windows::Win32::Foundation::{CloseHandle, BOOL, HANDLE, PSTR},
CreateFileMappingA, MapViewOfFile, OpenFileMappingA, UnmapViewOfFile, Windows::Win32::System::Memory::{
CreateFileMappingA, MapViewOfFile, OpenFileMappingA, UnmapViewOfFile, FILE_MAP,
FILE_MAP_ALL_ACCESS, PAGE_READWRITE,
}, },
windows::win32::system_services::{BOOL, HANDLE, PAGE_TYPE, PSTR},
windows::win32::windows_programming::CloseHandle,
}, },
shmem::{ShMem, ShMemId, ShMemProvider}, shmem::{ShMem, ShMemId, ShMemProvider},
}, },
@ -1077,7 +1077,6 @@ pub mod win32_shmem {
use uuid::Uuid; use uuid::Uuid;
const INVALID_HANDLE_VALUE: isize = -1; const INVALID_HANDLE_VALUE: isize = -1;
const FILE_MAP_ALL_ACCESS: u32 = 0xf001f;
/// The default Sharedmap impl for windows using shmctl & shmget /// The default Sharedmap impl for windows using shmctl & shmget
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
@ -1098,7 +1097,7 @@ pub mod win32_shmem {
let handle = CreateFileMappingA( let handle = CreateFileMappingA(
HANDLE(INVALID_HANDLE_VALUE), HANDLE(INVALID_HANDLE_VALUE),
ptr::null_mut(), ptr::null_mut(),
PAGE_TYPE::PAGE_READWRITE, PAGE_READWRITE,
0, 0,
map_size as u32, map_size as u32,
PSTR(map_str_bytes.as_mut_ptr()), PSTR(map_str_bytes.as_mut_ptr()),
@ -1129,9 +1128,9 @@ pub mod win32_shmem {
fn from_id_and_size(id: ShMemId, map_size: usize) -> Result<Self, Error> { fn from_id_and_size(id: ShMemId, map_size: usize) -> Result<Self, Error> {
unsafe { unsafe {
let map_str_bytes = id.id; let map_str_bytes = id.id;
// Unlike MapViewOfFile this one needs u32
let handle = OpenFileMappingA( let handle = OpenFileMappingA(
FILE_MAP_ALL_ACCESS, FILE_MAP_ALL_ACCESS.0,
BOOL(0), BOOL(0),
PSTR(&map_str_bytes as *const u8 as *mut u8), PSTR(&map_str_bytes as *const u8 as *mut u8),
); );

6
libafl/src/executors/inprocess.rs
View File

@ -563,7 +563,7 @@ mod windows_exception_handler {
use crate::{ use crate::{
bolts::{ bolts::{
bindings::windows::win32::system_services::ExitProcess, bindings::Windows::Win32::System::Threading::ExitProcess,
os::windows_exceptions::{ os::windows_exceptions::{
ExceptionCode, Handler, CRASH_EXCEPTIONS, EXCEPTION_POINTERS, ExceptionCode, Handler, CRASH_EXCEPTIONS, EXCEPTION_POINTERS,
}, },
@ -680,10 +680,10 @@ mod windows_exception_handler {
let crash_addr = exception_pointers let crash_addr = exception_pointers
.as_mut() .as_mut()
.unwrap() .unwrap()
.exception_record .ExceptionRecord
.as_mut() .as_mut()
.unwrap() .unwrap()
.exception_address as usize; .ExceptionAddress as usize;
println!( println!(
"We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.", "We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.",