Rizin
unix-like reverse engineering framework and cli tools
Functions
driverbin.c File Reference
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <dirent.h>
#include <unistd.h>

Go to the source code of this file.

Functions

int LLVMFuzzerTestOneInput (const uint8_t *Data, size_t Size)
 
const char * cs_fuzz_arch (uint8_t arch)
 
int main (int argc, char **argv)
 

Function Documentation

◆ cs_fuzz_arch()

const char * cs_fuzz_arch ( uint8_t  arch)

Definition at line 217 of file fuzz_disasm.c.

217  {
218  return platforms[arch % sizeof(platforms)/sizeof(platforms[0])].cstoolname;
219 }
arch
cs_arch arch
Definition: cstool.c:13
platforms
struct platform platforms[]
Definition: fuzz_disasm.c:25
platform::cstoolname
const char * cstoolname
Definition: fuzz_disasm.c:20

References arch, platform::cstoolname, and platforms.

Referenced by main().

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const uint8_t data,
size_t  size 
)

This fuzz target attempts to compress the fuzzed data with the simple compression function with an output buffer that may be too small to ensure that the compressor never crashes.

This fuzz target attempts to decompress the fuzzed data with the simple decompression function to ensure the decompressor never crashes.

This fuzz target performs a lz4 round-trip test (compress & decompress), compares the result with the original, and calls abort() on corruption.

Definition at line 221 of file fuzz_disasm.c.

221  {
222  csh handle;
223  cs_insn *all_insn;
224  cs_detail *detail;
225  cs_err err;
226 
227  if (Size < 1) {
228  // 1 byte for arch choice
229  return 0;
230  } else if (Size > 0x1000) {
231  //limit input to 4kb
232  Size = 0x1000;
233  }
234  if (outfile == NULL) {
235  // we compute the output
236  outfile = fopen("/dev/null", "w");
237  if (outfile == NULL) {
238  return 0;
239  }
240  }
241 
242  int platforms_len = sizeof(platforms)/sizeof(platforms[0]);
243  int i = (int)Data[0] % platforms_len;
244 
245  err = cs_open(platforms[i].arch, platforms[i].mode, &handle);
246  if (err) {
247  return 0;
248  }
249  cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
250 
251  uint64_t address = 0x1000;
252  size_t count = cs_disasm(handle, Data+1, Size-1, address, 0, &all_insn);
253 
254  if (count) {
255  size_t j;
256  int n;
257 
258  for (j = 0; j < count; j++) {
259  cs_insn *i = &(all_insn[j]);
260  fprintf(outfile, "0x%"PRIx64":\t%s\t\t%s // insn-ID: %u, insn-mnem: %s\n",
261  i->address, i->mnemonic, i->op_str,
262  i->id, cs_insn_name(handle, i->id));
263 
264  detail = i->detail;
265 
266  if (detail->regs_read_count > 0) {
267  fprintf(outfile, "\tImplicit registers read: ");
268  for (n = 0; n < detail->regs_read_count; n++) {
269  fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_read[n]));
270  }
271  }
272 
273  if (detail->regs_write_count > 0) {
274  fprintf(outfile, "\tImplicit registers modified: ");
275  for (n = 0; n < detail->regs_write_count; n++) {
276  fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_write[n]));
277  }
278  }
279 
280  if (detail->groups_count > 0) {
281  fprintf(outfile, "\tThis instruction belongs to groups: ");
282  for (n = 0; n < detail->groups_count; n++) {
283  fprintf(outfile, "%s ", cs_group_name(handle, detail->groups[n]));
284  }
285  }
286  }
287  fprintf(outfile, "0x%"PRIx64":\n", all_insn[j-1].address + all_insn[j-1].size);
288  cs_free(all_insn, count);
289  }
290 
291  cs_close(&handle);
292 
293  return 0;
294 }
i
lzma_index ** i
Definition: index.h:629
err
static bool err
Definition: armass.c:435
handle
static mcore_handle handle
Definition: asm_mcore.c:8
CS_OPT_DETAIL
@ CS_OPT_DETAIL
Break down instruction structure into details.
Definition: capstone.h:171
csh
size_t csh
Definition: capstone.h:71
CS_OPT_ON
@ CS_OPT_ON
Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA).
Definition: capstone.h:183
NULL
#define NULL
Definition: cris-opc.c:27
cs_disasm
CAPSTONE_EXPORT size_t CAPSTONE_API cs_disasm(csh ud, const uint8_t *buffer, size_t size, uint64_t offset, size_t count, cs_insn **insn)
Definition: cs.c:798
cs_group_name
CAPSTONE_EXPORT const char *CAPSTONE_API cs_group_name(csh ud, unsigned int group)
Definition: cs.c:1178
cs_open
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh *handle)
Definition: cs.c:453
cs_insn_name
CAPSTONE_EXPORT const char *CAPSTONE_API cs_insn_name(csh ud, unsigned int insn)
Definition: cs.c:1166
cs_free
CAPSTONE_EXPORT void CAPSTONE_API cs_free(cs_insn *insn, size_t count)
Definition: cs.c:1017
cs_reg_name
CAPSTONE_EXPORT const char *CAPSTONE_API cs_reg_name(csh ud, unsigned int reg)
Definition: cs.c:1154
cs_close
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_close(csh *handle)
Definition: cs.c:501
cs_option
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_option(csh ud, cs_opt_type type, size_t value)
Definition: cs.c:646
count
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void count
Definition: sflib.h:98
outfile
static FILE * outfile
Definition: fuzz_disasm.c:23
size
voidpf void uLong size
Definition: ioapi.h:138
mode
const char int mode
Definition: ioapi.h:137
n
int n
Definition: mipsasm.c:19
test_evm.detail
detail
Definition: test_evm.py:9
int
static int
Definition: sfsocketcall.h:114
uint64_t
unsigned long uint64_t
Definition: sftypes.h:28
PRIx64
#define PRIx64
Definition: sysdefs.h:94

References arch, count, cs_close(), cs_disasm(), cs_free(), cs_group_name(), cs_insn_name(), cs_open(), CS_OPT_DETAIL, CS_OPT_ON, cs_option(), cs_reg_name(), test_evm::detail, err, handle, i, int, n, NULL, outfile, platforms, and PRIx64.

Referenced by main().

◆ main()

int main ( int  argc,
char **  argv 
)

Definition at line 10 of file driverbin.c.

11 {
12  FILE * fp;
13  uint8_t Data[0x1000];
14  size_t Size;
15  DIR *d;
16  struct dirent *dir;
17  int r = 0;
18  int i;
19 
20  if (argc != 2) {
21  return 1;
22  }
23 
24  d = opendir(argv[1]);
25  if (d == NULL) {
26  printf("Invalid directory\n");
27  return 2;
28  }
29  if (chdir(argv[1]) != 0) {
30  closedir(d);
31  printf("Invalid directory\n");
32  return 2;
33  }
34 
35  while((dir = readdir(d)) != NULL) {
36  //opens the file, get its size, and reads it into a buffer
37  if (dir->d_type != DT_REG) {
38  continue;
39  }
40 
41  printf("Running %s\n", dir->d_name);
42  fflush(stdout);
43 
44  fp = fopen(dir->d_name, "rb");
45  if (fp == NULL) {
46  r = 3;
47  break;
48  }
49  if (fseek(fp, 0L, SEEK_END) != 0) {
50  fclose(fp);
51  r = 4;
52  break;
53  }
54  Size = ftell(fp);
55  if (Size == (size_t) -1) {
56  fclose(fp);
57  r = 5;
58  break;
59  } else if (Size > 0x1000) {
60  fclose(fp);
61  continue;
62  }
63  if (fseek(fp, 0L, SEEK_SET) != 0) {
64  fclose(fp);
65  r = 7;
66  break;
67  }
68  if (fread(Data, Size, 1, fp) != 1) {
69  fclose(fp);
70  r = 8;
71  break;
72  }
73  if (Size > 0) {
74  printf("command cstool %s\n", cs_fuzz_arch(Data[0]));
75  }
76  for (i=0; i<Size; i++) {
77  printf("%02x", Data[i]);
78  }
79  printf("\n");
80 
81  //lauch fuzzer
82  LLVMFuzzerTestOneInput(Data, Size);
83  fclose(fp);
84  }
85  closedir(d);
86  printf("Ok : whole directory finished\n");
87  return r;
88 }
r
#define r
Definition: crypto_rc6.c:12
printf
_Use_decl_annotations_ int __cdecl printf(const char *const _Format,...)
Definition: cs_driver.c:93
chdir
static static fork const void static count static fd const char const char static newpath chdir
Definition: sflib.h:33
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
Definition: fuzz_disasm.c:221
cs_fuzz_arch
const char * cs_fuzz_arch(uint8_t arch)
Definition: fuzz_disasm.c:217
argv
static static fork const void static count static fd const char const char static newpath char char argv
Definition: sflib.h:40
readdir
static static fork const void static count static fd const char static mode const char static pathname const char static path const char static dev const char static group static getpid static getuid void void static data static pause const char static mode static sync const char const char static newpath const char static pathname unsigned long static filedes void static end_data_segment static handler static getegid char static len static pgid const char static path static newfd static getpgrp static euid const sigset_t static mask const char static len const gid_t static list const char const char static newpath const char static library readdir
Definition: sflib.h:120
benchmark.FILE
string FILE
Definition: benchmark.py:21
uint8_t
unsigned char uint8_t
Definition: sftypes.h:31
d
#define d(i)
Definition: sha256.c:44
dirent
Definition: sftypes.h:48
dirent::d_name
char d_name[256]
Definition: sftypes.h:52
SEEK_SET
#define SEEK_SET
Definition: zip.c:88
SEEK_END
#define SEEK_END
Definition: zip.c:84
L
#define L
Definition: zip_err_str.c:7

References argv, chdir, cs_fuzz_arch(), d, dirent::d_name, benchmark::FILE, i, L, LLVMFuzzerTestOneInput(), NULL, printf(), r, readdir, SEEK_END, and SEEK_SET.