clang-format, nits, hexify entry_syscall

0vercl0k · Feb 17, 2024 · 9a57e0c · 9a57e0c
1 parent 36d65a3
commit 9a57e0c
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 75 deletions.
diff --git a/linux_mode/README.md b/linux_mode/README.md
@@ -19,6 +19,10 @@ snapshot in the first place.
 Currently, the snapshotting scripts are unable to create snapshots that are
 readable by wtf when the target VM has more than 2 GB of memory.
 
+### Symbolizing
+
+TODO
+
 ## Setting up the environment
 
 Change into the `linux_mode/qemu_snapshot` directory and run `setup.sh`:
@@ -174,13 +178,13 @@ user@pc:/wtf/targets/linux_crash_test$ echo a>inputs/a
 Run the master:
 
 ```console
-user@pc:/wtf/targets/linux_crash_test$ ../../src/build/wtf master --name linux_crash_test --runs=9999999999999 --max_len=10
+user@pc:/wtf/targets/linux_crash_test$ ../../src/build/wtf master --name linux_crash_test --max_len=10
 ```
 
 Run the fuzzee and note that crashes are found quickly.
 
 ```console
-user@pc:/wtf/targets/linux_crash_test$ $ ../../src/build/wtf fuzz --backend=bochscpu --name linux_crash_test
+user@pc:/wtf/targets/linux_crash_test$ ../../src/build/wtf fuzz --backend=bochscpu --name linux_crash_test
 Setting @fptw to 0xff'ff.
 The debugger instance is loaded with 16 items
 Setting debug register status to zero.
@@ -193,7 +197,7 @@ Dialing to tcp://localhost:31337/..
 To fuzz with KVM, create a coverage breakpoints file by loading the target file in IDA and running [scripts/gen_linux_coveragefile_ida.py](../scripts/gen_linux_coveragefile_ida.py). Transfer the coverage breakpoints file to the `coverage` subfolder in the target's directory. For example, for `linux_crash_test` transfer the coverage breakpoint file to `targets/linux_crash_test/coverage/a.cov`. Once transferred, KVM can be used for fuzzing:
 
 ```console
-$ sudo ../../src/build/wtf fuzz --backend=kvm --name linux_crash_test
+user@pc:/wtf/targets/linux_crash_test$ sudo ../../src/build/wtf fuzz --backend=kvm --name linux_crash_test
 Setting @fptw to 0xff'ff.
 The debugger instance is loaded with 16 items
 Parsing coverage/a.cov..

diff --git a/linux_mode/qemu_snapshot/gdb_qemu.py b/linux_mode/qemu_snapshot/gdb_qemu.py
@@ -213,7 +213,7 @@ def update_attr(val, limit):
         json.dump(data, f)
 
         # updates entry_syscall in symbol-store.json
-        gdb_utils.write_to_store({"entry_syscall": data["lstar"]})
+        gdb_utils.write_to_store({"entry_syscall": hex(data["lstar"])})
 
     # function that gets called when the cpu command has been called
     def invoke(self, args, from_tty):

diff --git a/src/wtf/fuzzer_linux_crash_test.cc b/src/wtf/fuzzer_linux_crash_test.cc
@@ -1,52 +1,51 @@
+// Jason Crowder - February 2024
 #include "backend.h"
 
 namespace linux_crash_test {
 
-
 bool InsertTestcase(const uint8_t *Buffer, const size_t BufferSize) {
 
-    if (BufferSize > 10) {
-        return true;
-    }
+  if (BufferSize > 10) {
+    return true;
+  }
 
-    if( !g_Backend->VirtWriteDirty(Gva_t(g_Backend->Rdi()), Buffer, BufferSize) ) {
-        fmt::print("Failed to write payload.\n");
-        return false;
-    }
+  if (!g_Backend->VirtWriteDirty(Gva_t(g_Backend->Rdi()), Buffer, BufferSize)) {
+    fmt::print("Failed to write payload.\n");
+    return false;
+  }
 
-    return true;
+  return true;
 }
 
 bool Init(const Options_t &Opts, const CpuState_t &) {
 
-    if (!g_Backend->SetCrashBreakpoint("asm_exc_page_fault")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
+  if (!g_Backend->SetCrashBreakpoint("asm_exc_page_fault")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
 
-    if (!g_Backend->SetCrashBreakpoint("asm_exc_divide_error")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
+  if (!g_Backend->SetCrashBreakpoint("asm_exc_divide_error")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
 
-    if (!g_Backend->SetCrashBreakpoint("force_sigsegv")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
+  if (!g_Backend->SetCrashBreakpoint("force_sigsegv")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
 
-    if (!g_Backend->SetCrashBreakpoint("page_fault_oops")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
+  if (!g_Backend->SetCrashBreakpoint("page_fault_oops")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
 
-    if (!g_Backend->SetBreakpoint("end_crash_test", [](Backend_t *Backend) {
+  if (!g_Backend->SetBreakpoint("end_crash_test", [](Backend_t *Backend) {
         Backend->Stop(Ok_t());
-    })) {
-        return false;
-    }
+      })) {
+    return false;
+  }
 
-
-    return true;
+  return true;
 }
 
 //

diff --git a/src/wtf/fuzzer_linux_page_fault_test.cc b/src/wtf/fuzzer_linux_page_fault_test.cc
@@ -1,53 +1,43 @@
+// Jason Crowder - February 2024
 #include "backend.h"
 
 namespace linux_page_fault_test {
 
-  constexpr bool LoggingOn = false;
+bool InsertTestcase(const uint8_t *Buffer, const size_t BufferSize) {
+  return true;
+}
 
-  template <typename... Args_t>
-  void DebugPrint(const char *Format, const Args_t &...args) {
-    if constexpr (LoggingOn) {
-      fmt::print("linux_page_fault_test: ");
-      fmt::print(fmt::runtime(Format), args...);
-    }
+bool Init(const Options_t &Opts, const CpuState_t &) {
+  if (!g_Backend->SetCrashBreakpoint("asm_exc_page_fault")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
   }
 
+  if (!g_Backend->SetCrashBreakpoint("asm_exc_divide_error")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
 
-bool InsertTestcase(const uint8_t *Buffer, const size_t BufferSize) {
-    return true;
-}
+  if (!g_Backend->SetCrashBreakpoint("force_sigsegv")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
 
-bool Init(const Options_t &Opts, const CpuState_t &) {
-    if (!g_Backend->SetCrashBreakpoint("asm_exc_page_fault")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
-
-    if (!g_Backend->SetCrashBreakpoint("asm_exc_divide_error")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
-
-    if (!g_Backend->SetCrashBreakpoint("force_sigsegv")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
-
-    if (!g_Backend->SetCrashBreakpoint("page_fault_oops")) {
-        fmt::print("Failed to insert crash breakpoint.\n");
-        return false;
-    }
-
-    if (!g_Backend->SetBreakpoint("done_with_test", [](Backend_t *Backend) {
-            Backend->Stop(Ok_t());
-        })) {
-        fmt::print("Failed to insert breakpoint.\n");
-        return false;
-    }
-
-    return true;
+  if (!g_Backend->SetCrashBreakpoint("page_fault_oops")) {
+    fmt::print("Failed to insert crash breakpoint.\n");
+    return false;
+  }
+
+  if (!g_Backend->SetBreakpoint("done_with_test", [](Backend_t *Backend) {
+        Backend->Stop(Ok_t());
+      })) {
+    fmt::print("Failed to insert breakpoint.\n");
+    return false;
+  }
+
+  return true;
 }
 
 Target_t linux_page_fault_test("linux_page_fault_test", Init, InsertTestcase);
 
-}
+} // namespace linux_page_fault_test