SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Windows dependency update (#261)

Browse Source 
* win018

* fuzzer fmt

* reorder

* comment

* does
This commit is contained in:
Toka 2021-08-15 06:04:13 +09:00 committed by GitHub
parent 1418e836a0
commit 511237ce9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 39 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fuzzers/baby_fuzzer/src/main.rs
View File

@ -1,5 +1,8 @@
use std::path::PathBuf;
#[cfg(windows)]
use std::ptr::write_volatile;
use libafl::{
bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
@ -36,7 +39,17 @@ pub fn main() {
if buf.len() > 1 && buf[1] == b'b' {
signals_set(2);
if buf.len() > 2 && buf[2] == b'c' {
panic!("=)");
unsafe {
#[cfg(unix)]
panic!("=(");
// panic!() raises a STATUS_STACK_BUFFER_OVERRUN exception which cannot be caught by the exception handler.
// Here we make it raise STATUS_ACCESS_VIOLATION instead.
// Extending the windows exception handler is a TODO. Maybe we can refer to what winafl code does.
// https://github.com/googleprojectzero/winafl/blob/ea5f6b85572980bb2cf636910f622f36906940aa/winafl.c#L728
#[cfg(windows)]
write_volatile(0 as *mut u32, 0);
}
}
}
}

4
libafl/Cargo.toml
View File

@ -96,8 +96,8 @@ lock_api = "0.4.3"
regex = "1.4.5"
[target.'cfg(windows)'.dependencies]
windows = "0.4.0"
windows = "0.18.0"
uuid = { version = "0.8", features = ["v4"] }
[target.'cfg(windows)'.build-dependencies]
windows = "0.4.0"
windows = "0.18.0"

11
libafl/build.rs
View File

@ -7,11 +7,12 @@ fn main() {
#[cfg(target_os = "windows")]
#[allow(clippy::ptr_arg, clippy::upper_case_acronyms)]
windows::build!(
windows::win32::system_services::{HANDLE, BOOL, PAGE_TYPE, PSTR, ExitProcess},
windows::win32::windows_programming::CloseHandle,
// API needed for the shared memory
windows::win32::system_services::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile},
windows::win32::debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER}
Windows::Win32::Foundation::{HANDLE, BOOL, PSTR, CloseHandle, NTSTATUS},
Windows::Win32::System::{
Memory::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile, FILE_MAP, PAGE_TYPE},
Diagnostics::Debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER},
Threading::ExitProcess,
}
);
// Set cfg flags depending on release channel

11
libafl/src/bolts/os/windows_exceptions.rs
View File

@ -1,8 +1,11 @@
//! Exception handling for Windows
pub use crate::bolts::bindings::windows::win32::debug::{
pub use crate::bolts::bindings::Windows::Win32::System::Diagnostics::Debug::{
SetUnhandledExceptionFilter, EXCEPTION_POINTERS,
};
pub use crate::bolts::bindings::Windows::Win32::Foundation::NTSTATUS;
use crate::Error;
use std::os::raw::{c_long, c_void};
@ -315,11 +318,11 @@ unsafe extern "system" fn handle_exception(exception_pointers: *mut EXCEPTION_PO
let code = exception_pointers
.as_mut()
.unwrap()
.exception_record
.ExceptionRecord
.as_mut()
.unwrap()
.exception_code;
let exception_code = ExceptionCode::try_from(code).unwrap();
.ExceptionCode;
let exception_code = ExceptionCode::try_from(code.0).unwrap();
// println!("Received {}", exception_code);
let ret = internal_handle_exception(exception_code, exception_pointers);
if let Some(prev_handler) = PREVIOUS_HANDLER {

15
libafl/src/bolts/shmem.rs
View File

@ -1061,11 +1061,11 @@ pub mod win32_shmem {
use crate::{
bolts::{
bindings::{
windows::win32::system_services::{
CreateFileMappingA, MapViewOfFile, OpenFileMappingA, UnmapViewOfFile,
Windows::Win32::Foundation::{CloseHandle, BOOL, HANDLE, PSTR},
Windows::Win32::System::Memory::{
CreateFileMappingA, MapViewOfFile, OpenFileMappingA, UnmapViewOfFile, FILE_MAP,
FILE_MAP_ALL_ACCESS, PAGE_READWRITE,
},
windows::win32::system_services::{BOOL, HANDLE, PAGE_TYPE, PSTR},
windows::win32::windows_programming::CloseHandle,
},
shmem::{ShMem, ShMemId, ShMemProvider},
},
@ -1077,7 +1077,6 @@ pub mod win32_shmem {
use uuid::Uuid;
const INVALID_HANDLE_VALUE: isize = -1;
const FILE_MAP_ALL_ACCESS: u32 = 0xf001f;
/// The default Sharedmap impl for windows using shmctl & shmget
#[derive(Clone, Debug)]
@ -1098,7 +1097,7 @@ pub mod win32_shmem {
let handle = CreateFileMappingA(
HANDLE(INVALID_HANDLE_VALUE),
ptr::null_mut(),
PAGE_TYPE::PAGE_READWRITE,
PAGE_READWRITE,
0,
map_size as u32,
PSTR(map_str_bytes.as_mut_ptr()),
@ -1129,9 +1128,9 @@ pub mod win32_shmem {
fn from_id_and_size(id: ShMemId, map_size: usize) -> Result<Self, Error> {
unsafe {
let map_str_bytes = id.id;
// Unlike MapViewOfFile this one needs u32
let handle = OpenFileMappingA(
FILE_MAP_ALL_ACCESS,
FILE_MAP_ALL_ACCESS.0,
BOOL(0),
PSTR(&map_str_bytes as *const u8 as *mut u8),
);

6
libafl/src/executors/inprocess.rs
View File

@ -563,7 +563,7 @@ mod windows_exception_handler {
use crate::{
bolts::{
bindings::windows::win32::system_services::ExitProcess,
bindings::Windows::Win32::System::Threading::ExitProcess,
os::windows_exceptions::{
ExceptionCode, Handler, CRASH_EXCEPTIONS, EXCEPTION_POINTERS,
},
@ -680,10 +680,10 @@ mod windows_exception_handler {
let crash_addr = exception_pointers
.as_mut()
.unwrap()
.exception_record
.ExceptionRecord
.as_mut()
.unwrap()
.exception_address as usize;
.ExceptionAddress as usize;
println!(
"We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.",