From bc6a032843b5b858d62c0a95ce4b408c85662d96 Mon Sep 17 00:00:00 2001
From: Dongjia Zhang <tokazerkje@outlook.com>
Date: Tue, 31 May 2022 06:06:37 +0900
Subject: [PATCH] Windows CI for frida (#658)

* harness & makefile.toml

* Update build_and_test.yml

* Update build_and_test.yml

* Update build_and_test.yml

* rename

* no stdout

* Update harness_win.cpp

* Update harness_win.cpp

* Update Makefile.toml

* Update build_and_test.yml

* Update Makefile.toml

* Update Makefile.toml

* fix
---
 .github/workflows/build_and_test.yml |  5 +++-
 fuzzers/frida_libpng/Makefile.toml   | 35 ++++++++++++++++++++++------
 fuzzers/frida_libpng/harness_win.cpp | 18 ++++++++++++++
 3 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 fuzzers/frida_libpng/harness_win.cpp

diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
index a2e4479d03..62c155e265 100644
--- a/.github/workflows/build_and_test.yml
+++ b/.github/workflows/build_and_test.yml
@@ -212,8 +212,11 @@ jobs:
         directory: ${{ runner.temp }}/llvm
     - name: Set LIBCLANG_PATH
       run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV
+    - name: install cargo-make
+      run: cargo install --force cargo-make
+    - uses: ilammy/msvc-dev-cmd@v1
     - name: Build frida
-      run: cd fuzzers/frida_libpng/ && cargo build --release
+      run: cd fuzzers/frida_libpng/ && cargo make test
       
   macos:
     runs-on: macOS-latest
diff --git a/fuzzers/frida_libpng/Makefile.toml b/fuzzers/frida_libpng/Makefile.toml
index abf1155f4e..087961191a 100644
--- a/fuzzers/frida_libpng/Makefile.toml
+++ b/fuzzers/frida_libpng/Makefile.toml
@@ -1,8 +1,7 @@
 # Variables
 [env]
-FUZZER_NAME='frida_fuzzer'
+FUZZER_NAME={ source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = "frida_fuzzer", mapping = {"linux" = "frida_fuzzer", "macos" = "frida_fuzzer", "windows" = "frida_fuzzer.exe"} }
 FUZZER = './target/release/${FUZZER_NAME}'
-PROJECT_DIR = { script = ["pwd"] }
 
 [tasks.unsupported]
 script_runner="@shell"
@@ -34,7 +33,7 @@ windows_alias = "unsupported"
 script_runner="@shell"
 script='''
 cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes
-cd "${PROJECT_DIR}"
+cd ..
 make -C libpng-1.6.37
 '''
 dependencies = [ "libpng" ]
@@ -43,7 +42,7 @@ dependencies = [ "libpng" ]
 [tasks.harness]
 linux_alias = "harness_unix"
 mac_alias = "harness_unix"
-windows_alias = "unsupported"
+windows_alias = "harness_windows"
 
 [tasks.harness_unix]
 script_runner="@shell"
@@ -53,6 +52,11 @@ clang++ -O3 harness.o libpng-1.6.37/.libs/libpng16.a -shared -lz -o libpng-harne
 '''
 dependencies = [ "lib" ]
 
+[tasks.harness_windows]
+script_runner="@shell"
+script='''
+cl /c harness_win.cpp && link harness_win.obj /dll
+'''
 
 # Fuzzer
 [tasks.fuzzer]
@@ -66,7 +70,7 @@ cp ./target/release/${FUZZER_NAME} .
 [tasks.run]
 linux_alias = "run_unix"
 mac_alias = "run_unix"
-windows_alias = "unsupported"
+windows_alias = "run_windows"
 
 [tasks.run_unix]
 script_runner = "@shell"
@@ -75,11 +79,18 @@ script='''
 '''
 dependencies = [ "fuzzer", "harness" ]
 
+[tasks.run_windows]
+script_runner = "@shell"
+script='''
+./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./harness_win.dll -l ./harness_win.dll --cores=0
+'''
+dependencies = [ "fuzzer", "harness" ]
+
 # Test
 [tasks.test]
 linux_alias = "test_unix"
 mac_alias = "test_unix"
-windows_alias = "unsupported"
+windows_alias = "test_windows"
 
 [tasks.test_unix]
 script_runner = "@shell"
@@ -89,6 +100,16 @@ timeout 10s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l
 '''
 dependencies = [ "fuzzer", "harness" ]
 
+[tasks.test_windows]
+script_runner = "@shell"
+script='''
+start "" "frida_fuzzer.exe" -F LLVMFuzzerTestOneInput -H ./harness_win.dll -l ./harness_win.dll --cores=0
+#ping is for timeout
+ping -n 10 127.0.0.1>NUL && taskkill /im frida_fuzzer.exe /F
+>nul 2>nul dir /a-d "corpus_discovered\*" && (echo Files exist) || (exit /b 1337)
+'''
+dependencies = [ "fuzzer", "harness" ]
+
 # Clean up
 [tasks.clean]
 linux_alias = "clean_unix"
@@ -103,4 +124,4 @@ script='''
 rm -f ./${FUZZER_NAME}
 make -C libpng-1.6.37 clean
 cargo clean
-'''
\ No newline at end of file
+'''
diff --git a/fuzzers/frida_libpng/harness_win.cpp b/fuzzers/frida_libpng/harness_win.cpp
new file mode 100644
index 0000000000..5ccc0c104f
--- /dev/null
+++ b/fuzzers/frida_libpng/harness_win.cpp
@@ -0,0 +1,18 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+extern "C" __declspec(dllexport) size_t
+    LLVMFuzzerTestOneInput(const char *data, unsigned int len) {
+  if (data[0] == 'b') {
+    if (data[1] == 'a') {
+      if (data[2] == 'd') {
+        // STATUS_ACCESS_VIOLATION
+        int volatile *p = 0x0;
+        *p = 0;
+      }
+    }
+  }
+  return 0;
+}