ludwig/windows-binary-fuzzing
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

regular delta

Browse Source
This commit is contained in:
Ludwig Lehnert 2025-04-29 11:55:01 +02:00
parent 3f1cf080f2
commit 05e29a3f22
Signed by: ludwig
SSH Key Fingerprint: SHA256:4vshH9GJ8TLO1RS2fY6rDDLnq7+KVvSClCY+uEhYYRA
18 changed files with 80 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.clangd
View File

@ -1,3 +0,0 @@
CompileFlags:
Add:
- "-I/var/home/ludwig/git/windows-binary-fuzzing/irdb-sdk/include"

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "irdb-sdk"]
path = irdb-sdk
url = https://git.zephyr-software.com/opensrc/irdb-sdk.git

6
clients/mov_to_nop/CMakeLists.txt Normal file
View File

@ -0,0 +1,6 @@
cmake_minimum_required(VERSION 3.7)
project(mov_to_nop)
find_package(DynamoRIO REQUIRED)
add_library(mov_to_nop SHARED mov_to_nop.c)
configure_DynamoRIO_client(mov_to_nop)

26
clients/mov_to_nop/mov_to_nop.c Normal file
View File

@ -0,0 +1,26 @@
#include "dr_api.h"
#include "dr_ir_opcodes_x86.h"
static dr_emit_flags_t event_basic_block(void *drcontext, void *tag,
instrlist_t *bb, bool for_trace, bool translating);
DR_EXPORT void dr_client_main(client_id_t id, int argc, const char *argv[]) {
dr_set_client_name("MOV-to-NOP Client (No drmgr)", "https://dynamorio.org/");
dr_register_bb_event(event_basic_block);
dr_printf("MOV-to-NOP client loaded (no drmgr).\n");
}
static dr_emit_flags_t event_basic_block(void *drcontext, void *tag,
instrlist_t *bb, bool for_trace, bool translating) {
for (instr_t *instr = instrlist_first_app(bb);
instr != NULL;
instr = instr_get_next_app(instr)) {
int opcode = instr_get_opcode(instr);
if (opcode == OP_mov_st || opcode == OP_mov_ld) {
instr_set_opcode(instr, OP_nop);
}
}
return DR_EMIT_DEFAULT;
}

7
container
View File

@ -1,7 +0,0 @@
#!/bin/bash
sudo chmod -R 777 transforms/
podman run --rm -it -v $(pwd):/work:Z -w /work git.zephyr-software.com:4567/opensrc/zipr/zipr-bin iagree
# ./do-build
# pszr programs/compiled/JustOpen.exe JustOpen.test

145
do-build
View File

@ -1,145 +0,0 @@
#!/bin/env python3
import os
import hashlib
import base64
import argparse
DIR = os.path.dirname(os.path.realpath(__file__))
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument('--force', action='store_true')
return parser.parse_args()
args = parse_args()
CXX = "g++"
LDFLAGS = "-Wl,-unresolved-symbols=ignore-in-shared-libs -L/opt/ps_zipr/irdb-libs/lib"
CXXFLAGS = f"-g -I{DIR}/irdb-sdk/include -std=c++11 -Wall -Werror -fmax-errors=2 -fPIC"
def list_hash(list: list[str]):
md5 = hashlib.md5()
for item in list:
md5.update(item.encode())
return md5.hexdigest()
def file_hash(file: str):
BUFSIZE = 65536
md5 = hashlib.md5()
with open(file, 'rb') as f:
data = f.read(BUFSIZE)
while data:
md5.update(data)
data = f.read(BUFSIZE)
return md5.hexdigest()
def needs_rebuild(file: str, libs: list[str] = []) -> bool:
return True
global args
hash = file_hash(file)
hash += list_hash(libs)
abspath = os.path.abspath(file)
b64path = os.path.join('/tmp', base64.b64encode(abspath.encode()).decode())
if not os.path.exists(b64path) or args.force:
return True
with open(b64path, 'r') as f:
return f.read() != hash
def signal_built(file: str, libs: list[str] = []) -> bool:
return
hash = file_hash(file)
hash += list_hash(libs)
abspath = os.path.abspath(file)
b64path = os.path.join('/tmp', base64.b64encode(abspath.encode()).decode())
with open(b64path, 'w') as f:
f.write(hash)
def build(targetObject: str, cppFile: str):
if not needs_rebuild(cppFile):
return
global CXXFLAGS
cmd = f'{CXX} -c "{cppFile}" -o "{targetObject}" {CXXFLAGS}'
print(cmd)
status = os.system(cmd)
if status == 0:
signal_built(cppFile)
return True
return False
def link(target: str, objects: list[str], libs: list[str]):
global LDFLAGS
cmd = f'{CXX} -shared -o {target}'
for object in objects:
cmd += f' {object}'
for lib in libs:
cmd += f' -l{lib}'
cmd += f' {LDFLAGS}'
print(cmd)
return os.system(cmd) == 0
def main():
for dir in os.listdir(f'{DIR}/transforms'):
path = os.path.join(f'{DIR}/transforms', dir)
if not os.path.isdir(path):
continue
libs: list[str] = []
if os.path.exists(os.path.join(path, '.libs')):
with open(os.path.join(path, '.libs'), 'r') as f:
libs = f.read().split()
libs = filter(lambda l: len(l.strip()) > 0, libs)
libs = list(libs)
hadError = False
objects: list[str] = []
for file in os.listdir(path):
if not file.endswith('.cpp'):
continue
filePath = os.path.join(path, file)
objectPath = os.path.splitext(filePath)[0] + '.o'
newError = not build(objectPath, filePath)
hadError = hadError or newError
objects += [objectPath]
if hadError:
continue
targetDir = os.path.join(DIR, 'plugins_install')
os.makedirs(targetDir, exist_ok=True)
target = os.path.join(targetDir, f'lib{dir}.so')
link(target, objects, libs)
if __name__ == '__main__':
main()

1
irdb-sdk

@ -1 +0,0 @@
Subproject commit f63323b8066c265b1c0c32a0ae8f19a877b1d4e1

BIN
programs/JustOpen.obj Normal file
View File

Binary file not shown.

10
programs/Makefile Normal file
View File

@ -0,0 +1,10 @@
all: compiled\Twice.exe compiled\JustOpen.exe
clean:
del /Q "compiled\*"
compiled\Twice.exe: source\Twice.c
cl /Fe:$@ source\Twice.c comdlg32.lib /link /MACHINE:X64
compiled\JustOpen.exe: source\JustOpen.c
cl /Fe:$@ source\JustOpen.c comdlg32.lib /link /MACHINE:X64

BIN
programs/Twice.obj Normal file
View File

Binary file not shown.

BIN
programs/compiled/JustOpen.exe
View File

Binary file not shown.

BIN
programs/compiled/Twice.exe Normal file
View File

Binary file not shown.

38
programs/source/Twice.c Normal file
View File

@ -0,0 +1,38 @@
#include <windows.h>
#include <commdlg.h>
#include <stdio.h>
#include <stdlib.h>
int main() {
char file[MAX_PATH] = {0};
OPENFILENAME ofn = {
.lStructSize = sizeof(ofn),
.lpstrFilter = "All Files\0*.*\0",
.lpstrFile = file,
.nMaxFile = MAX_PATH,
.lpstrTitle = "Select File",
.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST
};
int res = GetOpenFileName(&ofn);
if (!res) {
puts("GetOpenFileName(...) failed!");
exit(1);
}
FILE *f = fopen(ofn.lpstrFile, "r");
if (!f) {
perror("fopen(...)");
exit(1);
}
long input;
if (fscanf(f, "%ld", &input) != 1) {
puts("fscanf(...) failed to scan input number");
exit(1);
}
printf("%ld\n", 2 * input);
return 0;
}

1
set_env_vars
View File

@ -1 +0,0 @@
export PSPATH=$PSPATH:$(pwd)/plugins_install

1
transforms/forward_file_open/.libs
View File

@ -1 +0,0 @@
irdb-core irdb-transform

23
transforms/forward_file_open/driver.cpp
View File

@ -1,23 +0,0 @@
#include "irdb-core"
#include "logic.hpp"
#include <memory>
#include <vector>
class ForwardFileOpenDriver : public TransformStep_t {
public:
int parseArgs(const vector<string> args) override { return 0; }
int executeStep() override {
auto firp = getMainFileIR();
auto success = ForwardFileOpen(firp).execute();
return success ? 0 : 2;
}
string getStepName() const override { return "forward_file_open"; }
private:
};
extern "C" shared_ptr<TransformStep_t> getTransformStep(void) {
return shared_ptr<TransformStep_t>(new ForwardFileOpenDriver());
}

17
transforms/forward_file_open/logic.cpp
View File

@ -1,17 +0,0 @@
#include "logic.hpp"
#include "irdb-transform"
ForwardFileOpen::ForwardFileOpen(FileIR_t *p_variantIR)
: Transform_t(p_variantIR) {}
bool ForwardFileOpen::execute() {
const auto insts = getFileIR()->getInstructions();
cout << "Hello World!" << std::endl;
for (auto &inst : insts) {
cout << inst->getDisassembly() << std::endl;
}
return true;
}

19
transforms/forward_file_open/logic.hpp
View File

@ -1,19 +0,0 @@
#pragma once
#include <irdb-core>
#include <irdb-deep>
#include <irdb-transform>
#include <iostream>
#include <memory>
using namespace std;
using namespace IRDB_SDK;
class ForwardFileOpen : protected Transform_t {
public:
ForwardFileOpen(FileIR_t *p_variantIR);
bool execute();
private:
};