aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbloodstalker <thabogre@gmail.com>2018-04-30 20:11:29 +0000
committerbloodstalker <thabogre@gmail.com>2018-04-30 20:11:29 +0000
commitb6107d5bb6aeef6ab03909750f59196555c51081 (patch)
tree3240c1651c57d819c54a4441b1bb2c61fad6f842
parentramdump is here (diff)
downloadmutator-b6107d5bb6aeef6ab03909750f59196555c51081.tar.gz
mutator-b6107d5bb6aeef6ab03909750f59196555c51081.zip
fixes #30. run make deepclean on bruiser. lua needs to be rebuilt. added a new commandline option, --keepalive. drops to cli if you were running in non-cli after script finishes running.
-rw-r--r--README.md1
-rw-r--r--bruiser/asmrewriter.h2
-rw-r--r--bruiser/bruiser.cpp393
-rw-r--r--bruiser/ffs.c28
-rw-r--r--bruiser/ffs.h38
-rw-r--r--bruiser/lua-5.3.4/src/luaconf.h2
-rw-r--r--bruiser/lua-scripts/df-demo.lua28
-rw-r--r--bruiser/makefile4
-rwxr-xr-xbruiser/run.sh7
9 files changed, 303 insertions, 200 deletions
diff --git a/README.md b/README.md
index f696f02..d61d0bb 100644
--- a/README.md
+++ b/README.md
@@ -94,6 +94,7 @@ Before you run make, make sure you have all the dependencies:<br/>
* For `safercpp` you will need to have LLVM RTTI also.<br/>
* For `bruiser` you will need the python 3.5< dev package(source code and libpython), libcapstone, libkeystone and libffi.<br/>
* The other libraries used are either submodules or copied inside.<br/>
+* `load.py` needs capstone. You can get it through pip.<br/>
For More details you can look at the `Building` section.<br/>
Assuming you already have the dependencies:<br/>
diff --git a/bruiser/asmrewriter.h b/bruiser/asmrewriter.h
index 6f96df5..ba08365 100644
--- a/bruiser/asmrewriter.h
+++ b/bruiser/asmrewriter.h
@@ -32,6 +32,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*
extern "C" {
#endif
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
static JMP_S_T* convert_jmpt(lua_State* __ls, int index);
static JMP_S_T* check_jmpt(lua_State* __ls, int index);
JMP_S_T* push_jmpt(lua_State* __ls);
diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp
index d6cf165..340d29d 100644
--- a/bruiser/bruiser.cpp
+++ b/bruiser/bruiser.cpp
@@ -31,6 +31,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*
#include "bruisercapstone.h"
#include "asmrewriter.h"
#include "ramdump.h"
+#include "ffs.h"
/*standard headers*/
#include <exception>
#include <fstream>
@@ -44,6 +45,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*
#include <sys/wait.h>
#include <thread>
#include <unistd.h>
+#include <utility>
/*LLVM headers*/
#include "clang/AST/AST.h"
#include "clang/AST/ASTConsumer.h"
@@ -111,9 +113,8 @@ cl::opt<bool> MainFileOnly("MainOnly", cl::desc("bruiser will only report the re
cl::opt<std::string> M0XMLPath("xmlpath", cl::desc("tells bruiser where to find the XML file containing the Mutator-LVL0 report."), cl::init(bruiser::M0REP), cl::cat(BruiserCategory), cl::ZeroOrMore);
cl::opt<bool> LuaJIT("jit", cl::desc("should bruiser use luajit or not."), cl::init(true), cl::cat(BruiserCategory), cl::ZeroOrMore);
cl::opt<bool> Verbose("verbose", cl::desc("verbosity"), cl::init(false), cl::cat(BruiserCategory), cl::ZeroOrMore);
-cl::opt<bool> Nosrc("No Source file needed", cl::desc("verbosity"), cl::init(true), cl::cat(BruiserCategory), cl::ZeroOrMore);
-// @DEVI-FIXME-we need something like python's code module. lua's -i is not it.
-cl::opt<bool> LuaInteractive("interactive", cl::desc("run in interactive mode"), cl::init(false), cl::cat(BruiserCategory), cl::ZeroOrMore);
+cl::opt<bool> SRC("src", cl::desc("source file is needed"), cl::init(false), cl::cat(BruiserCategory), cl::ZeroOrMore);
+cl::opt<bool> KEEPALIVE("keepalive", cl::desc("drop to cli after running script in non-cli mode"), cl::init(false), cl::cat(BruiserCategory), cl::ZeroOrMore);
cl::opt<std::string> NonCLILuaScript("lua", cl::desc("specifies a lua script for bruiser to run in non-interactive mode"), cl::init(""), cl::cat(BruiserCategory), cl::Optional);
cl::opt<std::string> LuaDefault("luadefault", cl::desc("the path to the luadefault file. the default option is where the bruiser executable is."), cl::init(""), cl::cat(BruiserCategory), cl::ZeroOrMore);
/**********************************************************************************************************************/
@@ -543,12 +544,9 @@ class PyExec {
std::string obj_path;
PyObject* pName;
PyObject* pModule;
- PyObject* pDict;
PyObject* pFunc;
PyObject* pArgs;
PyObject* pValue;
- int argc;
- char** argv;
std::vector<std::string> hexobj_str;
std::vector<std::vector<uint8_t>> hexobj;
std::vector<uint8_t> text_section;
@@ -1298,7 +1296,7 @@ class LiveActionListArrays : public ASTFrontendAction
class LuaWrapper
{
public:
- LuaWrapper(ClangTool &__CT, Executioner& __EX, XGlobals __XG) : CT(__CT), executioner(__EX), xglobals(__XG) {}
+ LuaWrapper(Executioner& __EX, XGlobals __XG) : executioner(__EX), xglobals(__XG) {}
/*print out the history*/
int BruiserLuaHistory(lua_State* __ls)
@@ -1345,33 +1343,13 @@ class LuaWrapper
return argcount;
}
- /*hijakcs the main main*/
- int BruiserLuaHijackMain(lua_State* __ls)
- {
- int RunResult = this->GetClangTool().run(newFrontendActionFactory<BruiserFrontendAction>().get());
- printf(CYAN"hijacking main returned %d", RunResult);
- printf(NORMAL"\n");
-
- std::ifstream libtooling_tee("../test/bruisertest/libtooling-tee");
- std::string luaoutstr;
- std::string dummy;
-
- while(std::getline(libtooling_tee, dummy))
- {
- luaoutstr = luaoutstr + dummy + "\n";
- }
-
- lua_pushstring(__ls, luaoutstr.c_str());
-
- return 1;
- }
/*print out bruiser version*/
int BruiserLuaVersion(lua_State* __ls)
{
PRINT_WITH_COLOR_LB(GREEN, "bruiser experimental version something.");
PRINT_WITH_COLOR_LB(GREEN, "project mutator");
- PRINT_WITH_COLOR_LB(GREEN, "GPL v2.0");
+ PRINT_WITH_COLOR_LB(GREEN, "GPL v3.0");
PRINT_WITH_COLOR_LB(GREEN, "bloodstalker 2017");
return 1;
@@ -1804,14 +1782,12 @@ class LuaWrapper
pid_t pid = fork();
- if (pid < 0)
- {
+ if (pid < 0) {
PRINT_WITH_COLOR_LB(RED, "could not fork...");
lua_pushnumber(__ls, EXIT_FAILURE);
}
- if (pid == 0)
- {
+ if (pid == 0) {
std::cout << BLUE << "MAKEPATH: " << ShellGlobalInstance.MAKEPATH << NORMAL << "\n";
std::cout << BLUE << "Running: " << "make -C " << ShellGlobalInstance.MAKEPATH << " " << makearg << NORMAL << "\n";
int retval = execl("/usr/bin/make", "make", "-C", ShellGlobalInstance.MAKEPATH.c_str(), makearg.c_str(), NULL);
@@ -1819,8 +1795,7 @@ class LuaWrapper
exit(EXIT_SUCCESS);
}
- if (pid > 0)
- {
+ if (pid > 0) {
int status;
pid_t returned;
returned = waitpid(pid, &status, 0);
@@ -1830,12 +1805,10 @@ class LuaWrapper
return 1;
}
- int BruiserLuaChangeHistorySize(lua_State* __ls)
- {
+ int BruiserLuaChangeHistorySize(lua_State* __ls) {
unsigned int args = 0U;
- if ((args = lua_gettop(__ls)) != 1U)
- {
+ if ((args = lua_gettop(__ls)) != 1U) {
PRINT_WITH_COLOR_LB(RED, "function was not called by one argument. Run help().");
return 0;
}
@@ -1849,12 +1822,10 @@ class LuaWrapper
}
//@DEVI-FIXME-broken
- int BruiserLuaShowSourcecode(lua_State* __ls)
- {
+ int BruiserLuaShowSourcecode(lua_State* __ls) {
unsigned int args = 0U;
- if ((args = lua_gettop(__ls)) != 3U)
- {
+ if ((args = lua_gettop(__ls)) != 3U) {
PRINT_WITH_COLOR_LB(RED, "function called with the wrong number of arguments. Run help().");
return 0;
}
@@ -1864,17 +1835,14 @@ class LuaWrapper
std::string filename = lua_tostring(__ls, 3);
std::fstream targetfile;
- for(auto &iter : ShellGlobalInstance.SOURCE_FILES)
- {
- if (iter.rfind(filename) == iter.size() - filename.size())
- {
+ for(auto &iter : ShellGlobalInstance.SOURCE_FILES) {
+ if (iter.rfind(filename) == iter.size() - filename.size()) {
ShellCacheInstance.LastFileUsed = iter;
ShellCacheInstance.LastFileUsedShort = filename;
targetfile.open(iter);
- if(targetfile.rdstate() != std::ios_base::goodbit)
- {
+ if(targetfile.rdstate() != std::ios_base::goodbit) {
PRINT_WITH_COLOR_LB(RED, "could not open the file.");
}
}
@@ -1882,8 +1850,7 @@ class LuaWrapper
std::string line;
std::string dummy;
- while(getline(targetfile, line))
- {
+ while(getline(targetfile, line)) {
dummy += line;
//lua_pushstring(__ls, line.c_str());
}
@@ -1894,36 +1861,29 @@ class LuaWrapper
return 1;
}
- int BruiserLuaMutagenExtraction(lua_State* __ls)
- {
+ int BruiserLuaMutagenExtraction(lua_State* __ls) {
int numargs = lua_gettop(__ls);
std::string extractiontarget;
- if (numargs == 1)
- {
+ if (numargs == 1) {
extractiontarget = lua_tostring(__ls, 1);
}
pid_t pid = fork();
- if (pid < 0)
- {
+ if (pid < 0) {
/*bruiser could not spawn a child*/
PRINT_WITH_COLOR_LB(RED, "could not fork a child process(m0).");
lua_pushnumber(__ls, EXIT_FAILURE);
}
/*only the child process runs this*/
- if (pid == 0)
- {
- for(auto &iter : ShellGlobalInstance.SOURCE_FILES)
- {
- if (iter.rfind(extractiontarget) == iter.size() - extractiontarget.size())
- {
+ if (pid == 0) {
+ for(auto &iter : ShellGlobalInstance.SOURCE_FILES) {
+ if (iter.rfind(extractiontarget) == iter.size() - extractiontarget.size()) {
ShellCacheInstance.LastFileUsedShort = extractiontarget;
ShellCacheInstance.LastFileUsed = iter;
std::cout << BLUE << "running: " << CYAN << "../mutator-lvl0 " << iter.c_str() << NORMAL << "\n";
- //int retval = execl("../", "mutator-lvl0", iter.c_str(), NULL);
int retval = execl("../mutator-lvl0", "mutator-lvl0", iter.c_str(), NULL);
std::cout << BLUE << "child process retuned " << retval << NORMAL << "\n";
lua_pushnumber(__ls, retval);
@@ -1933,8 +1893,7 @@ class LuaWrapper
}
/*only the parent process runs this*/
- if (pid > 0)
- {
+ if (pid > 0) {
/*the parent-bruiser- will need to wait on the child. the child will run m0.*/
int status;
pid_t returned;
@@ -1954,41 +1913,33 @@ class LuaWrapper
ShellGlobalInstance.droptocli = true;
}
- int BruiserLuaStrainRecognition(lua_State* __ls)
- {
+ int BruiserLuaStrainRecognition(lua_State* __ls) {
unsigned int numthreads = std::thread::hardware_concurrency();
lua_pushnumber(__ls, numthreads);
return 1;
}
- int BruiserLuaSetMakePath(lua_State* __ls)
- {
+ int BruiserLuaSetMakePath(lua_State* __ls) {
int numargs = lua_gettop(__ls);
- if (numargs != 1)
- {
+ if (numargs != 1) {
PRINT_WITH_COLOR_LB(RED, "wrong number of args. run help.");
return 0;
}
-
ShellGlobalInstance.MAKEPATH = lua_tostring(__ls, 1);
-
return 0;
}
- int BruiserLuaRun(lua_State* __ls)
- {
+ int BruiserLuaRun(lua_State* __ls) {
int numargs = lua_gettop(__ls);
- if (numargs != 1)
- {
+ if (numargs != 1) {
PRINT_WITH_COLOR_LB(RED, "wrong number of args. run help().");
lua_pushnumber(__ls, 1);
return 1;
}
- if (ShellGlobalInstance.BINPATH == "")
- {
+ if (ShellGlobalInstance.BINPATH == "") {
PRINT_WITH_COLOR_LB(RED, "BINPATH is not set. use setbinpath() to set it.");
lua_pushnumber(__ls, 1);
return 1;
@@ -1998,43 +1949,36 @@ class LuaWrapper
pid_t pid = fork();
- if (pid < 0)
- {
+ if (pid < 0) {
PRINT_WITH_COLOR_LB(RED, "could not fork...");
lua_pushnumber(__ls, 1);
return 1;
}
- if (pid == 0)
- {
+ if (pid == 0) {
int retval = execl((ShellGlobalInstance.BINPATH + "/" + binname).c_str(), binname.c_str(), NULL);
std::cout << BLUE << "child returned " << retval << NORMAL << "\n";
lua_pushnumber(__ls, retval);
exit(EXIT_SUCCESS);
}
- if (pid > 0)
- {
+ if (pid > 0) {
unsigned int current_time [[maybe_unused]] = 0U;
- while (current_time < GLOBAL_TIME_OUT)
- {
+ while (current_time < GLOBAL_TIME_OUT) {
int status;
int returned;
returned = waitpid(-1, &status, WNOHANG);
- if (returned < 0)
- {
+ if (returned < 0) {
lua_pushnumber(__ls, 1);
break;
}
- if (WIFEXITED(status) || WIFSIGNALED(status))
- {
+ if (WIFEXITED(status) || WIFSIGNALED(status)) {
lua_pushnumber(__ls, 0);
break;
}
-
current_time++;
}
}
@@ -2042,12 +1986,10 @@ class LuaWrapper
return 1;
}
- int BruiserLuaSetBinPath(lua_State* __ls)
- {
+ int BruiserLuaSetBinPath(lua_State* __ls) {
int numargs = lua_gettop(__ls);
- if (numargs != 1)
- {
+ if (numargs != 1) {
PRINT_WITH_COLOR_LB(RED, "wrong number of args. should be one string. see help().");
}
@@ -2056,26 +1998,23 @@ class LuaWrapper
return 0;
}
- int BruiserLuaGetBinPath(lua_State* __ls)
- {
+ int BruiserLuaGetBinPath(lua_State* __ls) {
lua_pushstring(__ls, ShellGlobalInstance.BINPATH.c_str());
std::cout << BLUE << ShellGlobalInstance.BINPATH << NORMAL << "\n";
return 1;
}
- int BruiserLuaGetMakePath(lua_State* __ls)
- {
+ int BruiserLuaGetMakePath(lua_State* __ls) {
lua_pushstring(__ls, ShellGlobalInstance.MAKEPATH.c_str());
std::cout << BLUE << ShellGlobalInstance.MAKEPATH << NORMAL << "\n";
return 1;
}
- int BruiserLuaGetPath(lua_State* __ls)
- {
+ int BruiserLuaGetPath(lua_State* __ls) {
unsigned int returncount = 0;
- for (auto &iter : ShellGlobalInstance.PATH)
- { lua_pushstring(__ls, iter.c_str());
+ for (auto &iter : ShellGlobalInstance.PATH){
+ lua_pushstring(__ls, iter.c_str());
std::cout << BLUE << iter.c_str() << NORMAL << "\n";
returncount++;
}
@@ -2083,12 +2022,10 @@ class LuaWrapper
return returncount;
}
- int BruiserLuaGetSourceFiles(lua_State* __ls)
- {
+ int BruiserLuaGetSourceFiles(lua_State* __ls) {
unsigned int returncount = 0;
- for (auto &iter : ShellGlobalInstance.SOURCE_FILES)
- {
+ for (auto &iter : ShellGlobalInstance.SOURCE_FILES) {
lua_pushstring(__ls, iter.c_str());
std::cout << BLUE << iter.c_str() << NORMAL << "\n";
returncount++;
@@ -2112,12 +2049,10 @@ class LuaWrapper
return 0;
}
- int BruiserLuaChangeDirectory(lua_State* __ls)
- {
+ int BruiserLuaChangeDirectory(lua_State* __ls) {
int numargs = lua_gettop(__ls);
- if (numargs != 1)
- {
+ if (numargs != 1) {
PRINT_WITH_COLOR_LB(RED, "wrond number of arguments. needed one. see help().");
lua_pushnumber(__ls, 1U);
return 1;
@@ -2127,32 +2062,27 @@ class LuaWrapper
pid_t pid = fork();
- if (pid < 0)
- {
+ if (pid < 0) {
PRINT_WITH_COLOR_LB(RED, "could not fork...");
lua_pushnumber(__ls, EXIT_FAILURE);
return 1;
}
- if (pid == 0)
- {
+ if (pid == 0) {
int retval = execl("/usr/bin/cd", "cd", destinationpath.c_str(), NULL);
std::cout << BLUE << "child returned " << retval << NORMAL << "\n";
}
- if (pid > 0)
- {
+ if (pid > 0) {
int status;
pid_t returned;
returned = waitpid(pid, &status, 0);
lua_pushnumber(__ls, returned);
}
-
return 1;
}
- int BruiserLuaYolo(lua_State* __ls)
- {
+ int BruiserLuaYolo(lua_State* __ls) {
return 0;
}
@@ -2165,30 +2095,56 @@ class LuaWrapper
{
pid_t pid = fork();
- if (pid < 0)
- {
+ if (pid < 0) {
PRINT_WITH_COLOR_LB(RED, "could not fork...");
lua_pushnumber(__ls, EXIT_FAILURE);
return 1;
}
- if (pid == 0)
- {
+ if (pid == 0) {
int retval = execl("/usr/bin/pwd", "pwd", NULL);
std::cout << BLUE << "child returned " << retval << NORMAL << "\n";
}
- if (pid > 0)
- {
+ if (pid > 0) {
int status;
pid_t returned;
returned = waitpid(pid, &status, 0);
lua_pushnumber(__ls, returned);
}
-
return 1;
}
+ private:
+ Executioner executioner;
+ XGlobals xglobals;
+};
+/**********************************************************************************************************************/
+class BruiserCFE {
+ public:
+ BruiserCFE(std::unique_ptr<ClangTool> _CT) : CT(std::move(_CT)) {}
+
+ //~BruiserCFE() {}
+
+ /*hijakcs the main main*/
+ int BruiserLuaHijackMain(lua_State* __ls) {
+ int RunResult = this->GetClangTool()->run(newFrontendActionFactory<BruiserFrontendAction>().get());
+ printf(CYAN"hijacking main returned %d", RunResult);
+ printf(NORMAL"\n");
+
+ std::ifstream libtooling_tee("../test/bruisertest/libtooling-tee");
+ std::string luaoutstr;
+ std::string dummy;
+
+ while(std::getline(libtooling_tee, dummy)) {
+ luaoutstr = luaoutstr + dummy + "\n";
+ }
+
+ lua_pushstring(__ls, luaoutstr.c_str());
+
+ return 1;
+ }
+
#define LIST_GENERATOR(__x1) \
int List##__x1(lua_State* __ls)\
{\
@@ -2196,7 +2152,8 @@ class LuaWrapper
unsigned int InArgCnt = 0U;\
InArgCnt = lua_gettop(__ls);\
unsigned int returncount=0U;\
- this->GetClangTool().run(newFrontendActionFactory<LiveActionList##__x1>().get());\
+ std::cout << "i was called\n";\
+ this->GetClangTool()->run(newFrontendActionFactory<LiveActionList##__x1>().get());\
for(auto &iter : PushToLua)\
{lua_pushstring(__ls, iter.c_str());returncount++;}\
PushToLua.clear();\
@@ -2218,29 +2175,113 @@ class LuaWrapper
#undef X
#undef LIST_GENERATOR
- ClangTool GetClangTool(void)
- {
- return this->CT;
+ ClangTool* GetClangTool(void) {
+ return this->CT.get();
}
private:
- ClangTool CT;
- Executioner executioner;
- XGlobals xglobals;
+ std::unique_ptr<ClangTool> CT;
};
/**********************************************************************************************************************/
+class RunLoop
+{
+ public:
+ RunLoop(lua_State* __ls, LuaEngine __le) : ls(__ls), le(__le) {}
+
+ void setCFE(std::unique_ptr<BruiserCFE> _cfe) {
+ cfe = std::move(_cfe);
+ }
+
+ void setLW(std::unique_ptr<LuaWrapper> _lw) {
+ lw = std::move(_lw);
+ }
+
+ void setCOP(std::unique_ptr<CommonOptionsParser> _cop) {
+ cop = std::move(_cop);
+ }
+
+ int run(char* command) {
+ if (NonCLILuaScript != "") {
+ luaL_dofile(ls, NonCLILuaScript.c_str());
+ if (KEEPALIVE) {}
+ else {
+ dostring(ls, "os.exit()", "test");
+ return 0;
+ }
+ }
+
+ /*cli execution loop*/
+ while((command = linenoise(">>>")) != NULL) {
+ linenoiseHistoryAdd(command);
+ linenoiseHistorySave(SHELL_HISTORY_FILE);
+ le.RunChunk(command);
+ linenoiseFree(command);
+ }
+ }
+
+ private:
+ lua_State* ls;
+ std::unique_ptr<BruiserCFE> cfe;
+ std::unique_ptr<LuaWrapper> lw;
+ std::unique_ptr<CommonOptionsParser> cop;
+ LuaEngine le;
+};
/**********************************************************************************************************************/
typedef int (LuaWrapper::*mem_func)(lua_State* L);
template<mem_func func>
-int LuaDispatch(lua_State* __ls)
-{
+int LuaDispatch(lua_State* __ls) {
LuaWrapper* LWPtr = *static_cast<LuaWrapper**>(lua_getextraspace(__ls));
return ((*LWPtr).*func)(__ls);
}
+
+typedef int (BruiserCFE::*mem_func2)(lua_State* L);
+template<mem_func2 func2>
+int LuaDispatch2(lua_State* __ls) {
+ BruiserCFE* LWPtr = *static_cast<BruiserCFE**>(lua_getextraspace(__ls));
+ return ((*LWPtr).*func2)(__ls);
+}
/**********************************************************************************************************************/
+const char* convert(const std::string &s) {return s.c_str();}
+/**********************************************************************************************************************/
+std::pair<ClangTool*, CompilationDatabaseProcessor*> clang_cli_args(int argc, const char** argv) {
+ CommonOptionsParser op(argc, argv, BruiserCategory);
+ CompilationDatabase &CDB = op.getCompilations();
+ std::vector<CompileCommand> CCV = CDB.getAllCompileCommands();
+
+ /*populating the shellglobalinstance*/
+ CompilationDatabaseProcessor* CDBP = new CompilationDatabaseProcessor(CDB);
+ ClangTool* Tool = new ClangTool(op.getCompilations(), op.getSourcePathList());
+ //CompilationDatabaseProcessor CDBP(CDB);
+ //ClangTool Tool(op.getCompilations(), op.getSourcePathList());
+
+ if (CDBP->CompilationDatabseIsEmpty()) {
+ PRINT_WITH_COLOR_LB(RED, "src is set and bruiser can't find the compilation database. quitting...");
+ } else {
+ CDBP->CalcMakePath();
+ CDBP->PopulateGPATH();
+ CDBP->PopulateGSOURCEFILES();
+ }
+ std::cout << GREEN << "i returned" << NORMAL << "\n";
+ return std::make_pair(Tool, CDBP);
+}
/**********************************************************************************************************************/
/*Main*/
int main(int argc, const char **argv) {
+ int argc_n = 0;
+ std::vector<std::string> argv_n;
+ std::vector<const char*> vc;
+ // for --nosrc to work we need to bypass llvm's command line parser
+ for (int i = 0; i < argc; ++i) {
+ if (strcmp(argv[i], "--src") == 0) {SRC = true; continue;}
+ if (strcmp(argv[i], "--verbose") == 0) {Verbose = true; continue;}
+ if (strcmp(argv[i], "--keepalive") == 0) {KEEPALIVE = true; continue;}
+ if (strcmp(argv[i], "--lua") == 0) {NonCLILuaScript = argv[i+1]; argc_n--; continue;}
+ if (strcmp(argv[i], "--luadefault") == 0) {LuaDefault = argv[i+1]; argc_n; continue;}
+ argv_n.push_back(argv[i]);
+ argc_n++;
+ }
+ std::transform(argv_n.begin(), argv_n.end(), std::back_inserter(vc), convert);
+
/*initializing the log*/
bruiser::BruiserReport BruiserLog;
@@ -2249,26 +2290,7 @@ int main(int argc, const char **argv) {
Arguary arguary;
XGlobals xglobals;
- /*gets the compilation database and options for the clang instances that we would later run*/
- CommonOptionsParser op(argc, argv, BruiserCategory);
- CompilationDatabase &CDB = op.getCompilations();
- std::vector<CompileCommand> CCV = CDB.getAllCompileCommands();
- /*populating the shellglobalinstance*/
- CompilationDatabaseProcessor CDBP(CDB);
- ClangTool Tool(op.getCompilations(), op.getSourcePathList());
-
- /*checking whether the compilation database is found and not empty if Nosrc is set*/
- if (CDBP.CompilationDatabseIsEmpty()) {
- PRINT_WITH_COLOR_LB(RED, "Nosrc is set and bruiser can't find the compilation database. quitting...");
- return 1;
- } else {
- CDBP.CalcMakePath();
- CDBP.PopulateGPATH();
- CDBP.PopulateGSOURCEFILES();
- }
-
/*initialize the LuaWrapper class so we can register and run them from lua.*/
- LuaWrapper LW(Tool, executioner, xglobals);
/*linenoise init*/
linenoiseSetCompletionCallback(bruiser::ShellCompletion);
@@ -2278,7 +2300,7 @@ int main(int argc, const char **argv) {
linenoiseHistoryLoad(SHELL_HISTORY_FILE);
linenoiseSetMultiLine(1);
- /*start running the cli*/
+ /*start running bruiser*/
{
char* command;
@@ -2286,12 +2308,42 @@ int main(int argc, const char **argv) {
LE.LoadEverylib();
LE.RunLuaDefaults();
LE.registerJMPTable();
- *static_cast<LuaWrapper**>(lua_getextraspace(LE.GetLuaState())) = &LW;
+ void* lua_e_p = lua_getextraspace_wrapper(LE.GetLuaState(), 0);
+ void* lua_e_p2 = lua_getextraspace_wrapper(LE.GetLuaState(), 1);
+ RunLoop runloop(LE.GetLuaState(), LE);
+
+ if (SRC) {
+ std::unique_ptr<CommonOptionsParser> op(new CommonOptionsParser(argc_n, &vc[0], BruiserCategory));
+ CompilationDatabase &CDB = op.get()->getCompilations();
+ CompilationDatabaseProcessor CDBP(CDB);
+ std::unique_ptr<ClangTool> Tool(new ClangTool(op.get()->getCompilations(), op.get()->getSourcePathList()));
+
+ if (CDBP.CompilationDatabseIsEmpty()) {
+ PRINT_WITH_COLOR_LB(RED, "src is set and bruiser can't find the compilation database. quitting...");
+ } else {
+ CDBP.CalcMakePath();
+ CDBP.PopulateGPATH();
+ CDBP.PopulateGSOURCEFILES();
+ }
+
+ std::unique_ptr<BruiserCFE> LW2(new BruiserCFE(std::move(Tool)));
+
+ *static_cast<BruiserCFE**>(lua_e_p) = LW2.get();
+ lua_register(LE.GetLuaState(), "hijackmain", &LuaDispatch2<&BruiserCFE::BruiserLuaHijackMain>);
+#define X(__x1, __x2) lua_register(LE.GetLuaState(), #__x1, &LuaDispatch2<&BruiserCFE::List##__x1>);
+ LIST_LIST_GENERATORS
+#undef X
+#undef LIST_LIST_GENERATORS
+ runloop.setCFE(std::move(LW2));
+ runloop.setCOP(std::move(op));
+ }
+
+ std::unique_ptr<LuaWrapper> LW(new LuaWrapper(executioner, xglobals));
+ *static_cast<LuaWrapper**>(lua_e_p2) = LW.get();
/*@DEVI-this part is just registering our LuaWrapper member functions with lua so we can call them from lua.*/
lua_register(LE.GetLuaState(), "history", &LuaDispatch<&LuaWrapper::BruiserLuaHistory>);
lua_register(LE.GetLuaState(), "help", &LuaDispatch<&LuaWrapper::BruiserLuaHelp>);
- lua_register(LE.GetLuaState(), "hijackmain", &LuaDispatch<&LuaWrapper::BruiserLuaHijackMain>);
lua_register(LE.GetLuaState(), "version", &LuaDispatch<&LuaWrapper::BruiserLuaVersion>);
lua_register(LE.GetLuaState(), "clear", &LuaDispatch<&LuaWrapper::BruiserLuaClear>);
lua_register(LE.GetLuaState(), "m0", &LuaDispatch<&LuaWrapper::BruiserLuaM0>);
@@ -2324,28 +2376,9 @@ int main(int argc, const char **argv) {
lua_register(LE.GetLuaState(), "freejmptable", &LuaDispatch<&LuaWrapper::BruiserFreeJumpTable>);
lua_register(LE.GetLuaState(), "dumpjmptable", &LuaDispatch<&LuaWrapper::BruiserDumpJumpTable>);
lua_register(LE.GetLuaState(), "ramdump", &LuaDispatch<&LuaWrapper::BruiserRamDump>);
- /*its just regisering the List function from LuaWrapper with X-macros.*/
-#define X(__x1, __x2) lua_register(LE.GetLuaState(), #__x1, &LuaDispatch<&LuaWrapper::List##__x1>);
- LIST_LIST_GENERATORS
-
-#undef X
-#undef LIST_LIST_GENERATORS
-
- /*The non-cli execution loop*/
- if (NonCLILuaScript != "") {
- luaL_dofile(LE.GetLuaState(), NonCLILuaScript.c_str());
- dostring(LE.GetLuaState(), "os.exit()", "test");
- return 0;
- }
-
- /*cli execution loop*/
- while((command = linenoise(">>>")) != NULL) {
- linenoiseHistoryAdd(command);
- linenoiseHistorySave(SHELL_HISTORY_FILE);
- LE.RunChunk(command);
- linenoiseFree(command);
- }
+ runloop.setLW(std::move(LW));
+ runloop.run(command);
LE.Cleanup();
diff --git a/bruiser/ffs.c b/bruiser/ffs.c
new file mode 100644
index 0000000..47d6d11
--- /dev/null
+++ b/bruiser/ffs.c
@@ -0,0 +1,28 @@
+
+/***************************************************Project Mutator****************************************************/
+/*first line intentionally left blank.*/
+/*when c++ is too annoying to deal with...*/
+/*Copyright (C) 2018 Farzad Sadeghi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 3
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/
+/**********************************************************************************************************************/
+#include "ffs.h"
+// @DEVI-the acceptable indexes right now are 0 and 1 since we are only reserving 2 void* slots in luaconf.h.
+void* lua_getextraspace_wrapper(lua_State* __ls, int index) {
+ return lua_getextraspace(__ls) + sizeof(void*)*index;
+}
+/**********************************************************************************************************************/
+/*last line intentionally left blank.*/
+
diff --git a/bruiser/ffs.h b/bruiser/ffs.h
new file mode 100644
index 0000000..9a9676b
--- /dev/null
+++ b/bruiser/ffs.h
@@ -0,0 +1,38 @@
+
+/***************************************************Project Mutator****************************************************/
+/*first line intentionally left blank.*/
+/*header file for ffs.c*/
+/*Copyright (C) 2018 Farzad Sadeghi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 3
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/
+/**********************************************************************************************************************/
+#include "./lua-5.3.4/src/lua.h"
+#include "./lua-5.3.4/src/lauxlib.h"
+#include "./lua-5.3.4/src/lualib.h"
+/**********************************************************************************************************************/
+#ifndef FFS_H
+#define FFS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+void* lua_getextraspace_wrapper(lua_State* __ls, int index);
+#ifdef __cplusplus
+}
+#endif
+#endif
+/**********************************************************************************************************************/
+/*last line intentionally left blank.*/
+
diff --git a/bruiser/lua-5.3.4/src/luaconf.h b/bruiser/lua-5.3.4/src/luaconf.h
index f37bea0..759ddeb 100644
--- a/bruiser/lua-5.3.4/src/luaconf.h
+++ b/bruiser/lua-5.3.4/src/luaconf.h
@@ -730,7 +730,7 @@
** a Lua state with very fast access.
** CHANGE it if you need a different size.
*/
-#define LUA_EXTRASPACE (sizeof(void *))
+#define LUA_EXTRASPACE 2*(sizeof(void *))
/*
diff --git a/bruiser/lua-scripts/df-demo.lua b/bruiser/lua-scripts/df-demo.lua
index 916db00..ac54c94 100644
--- a/bruiser/lua-scripts/df-demo.lua
+++ b/bruiser/lua-scripts/df-demo.lua
@@ -3,20 +3,20 @@ xobj = require("xobj")
asmrw = require("asmrw")
colors = require("ansicolors")
-df_exe = "/home/bloodstalker/df/df_44_09_linux/df_linux/libs/Dwarf_Fortress"
-
-function jmp_table_test()
- io.write(colors("%{cyan}".."lua:getting text section...\n"))
- local text_section = xobj.getTextSection(df_exe)
- local rodata = xobj.getRODataSection(df_exe)
- for k,v in pairs(rodata) do
- if v > 33 and v < 127 then
- io.write(string.format("%c",v))
- else
- io.write(" ")
- end
+function df_demo()
+ df_exe = "/home/bloodstalker/df/df_44_09_linux/df_linux/libs/Dwarf_Fortress"
+ --asmrw.strings(df_exe)
+ pgrep_handle = io.popen("pgrep Dwarf_Fortress")
+ for pid in pgrep_handle:lines() do
+ df_pid = tonumber(pid)
end
- io.write("\0\n")
+ print("df pid is "..tostring(df_pid))
+ ramdump(df_pid, "/tmp/ramdump")
+ -- @DEVI-broken
+ --ramdump(11419, "/tmp/ramdump")
+ ram = io.open("/tmp/ramdump", "r")
+ io.input(ram)
+ print(io.read())
end
-asmrw.strings(df_exe)
+df_demo()
diff --git a/bruiser/makefile b/bruiser/makefile
index c97a45e..b16dca3 100644
--- a/bruiser/makefile
+++ b/bruiser/makefile
@@ -4,7 +4,7 @@ include ../macros.mk
#######################################VARS####################################
CC=clang
CC?=clang
-CXX_FLAGS+=-I/usr/include
+CXX_FLAGS+=-I/usr/include -g
CXX_FLAGS+=$(shell $(PY_CONF) --includes)
BRUISER=bruiser
LUA?=JIT
@@ -52,7 +52,7 @@ $(LIB_LUA_JIT):
$(MAKE) -C LuaJIT
@echo "building with jit"
-$(BRUISER): $(BRUISER).o ../mutator_aux.o ../tinyxml2/tinyxml2.o linenoise.o CompletionHints.o mutagen.o ORCmutation.o bruiserffi.o asmrewriter.o bruisercapstone.o ramdump.o $(LIB_LUA)
+$(BRUISER): $(BRUISER).o ../mutator_aux.o ../tinyxml2/tinyxml2.o linenoise.o CompletionHints.o mutagen.o ORCmutation.o bruiserffi.o asmrewriter.o bruisercapstone.o ramdump.o ffs.o $(LIB_LUA)
$(CXX) $^ $(LD_FLAGS) -o $@
clean:
diff --git a/bruiser/run.sh b/bruiser/run.sh
index 7e9e695..3b6e7ba 100755
--- a/bruiser/run.sh
+++ b/bruiser/run.sh
@@ -1,6 +1,7 @@
#!/bin/bash
cd $(dirname $0)
-#"./bruiser" ../test/bruisertest/test.cpp --verbose
-"./bruiser" ../test/bruisertest/test.cpp
-#"./bruiser" -Nosrc
+"make"
+#"./bruiser"
+"./bruiser" ../test/bruisertest/test.cpp --src
+#gdb "./bruiser ../test/bruisertest/test.cpp --src"