diff options
-rw-r--r-- | README.md | 2 | ||||
-rwxr-xr-x | bfd/codegen.py | 70 | ||||
-rwxr-xr-x | bfd/load.py | 39 | ||||
-rw-r--r-- | bfd/test/test.c | 2 | ||||
-rw-r--r-- | daemon/makefile | 2 | ||||
-rw-r--r-- | mutator-lvl0.cpp | 2 |
6 files changed, 63 insertions, 54 deletions
@@ -157,7 +157,7 @@ git submodule update ``` -To build the project, you need to have the LLVM libraries 5.0 or higher. mutator can not be built with LLVM 3.9 or lower. The latest tested is LLVM trunk:312884.<br/> +To build the project, you need to have the LLVM libraries 5.0 or higher. mutator can not be built with LLVM 3.9 or lower. The latest tested is LLVM trunk:323883.<br/> Here Are the build options:<br/> * Running `make` will build the default target which is `all`. This will build all three executables, without support for coverage instrumentation.<br/> diff --git a/bfd/codegen.py b/bfd/codegen.py index fbac4a8..5019261 100755 --- a/bfd/codegen.py +++ b/bfd/codegen.py @@ -3,13 +3,13 @@ import argparse import code import readline +import signal +import sys +import capstone +from load import ELF -default_header="#include <stdint.h>\n" -main_sig="int main(int argc, char** argv)>" -def_kw="#define " -def_name = [] -separator="fff" -def_value = [] +def SigHandler_SIGINT(signum, frame): + sys.exit(0) class Argparser(object): def __init__(self): @@ -19,55 +19,27 @@ class Argparser(object): self.args = parser.parse_args() self.code = {} -class CodeGen_Arg(object): - def __init__(self, arglist): - self.arglist = arglist - self.def_name = [] - self.def_value = [] +class Call_Rewriter(object): + def __init__(self, obj_code, arch, mode): + self.obj_code = obj_code + #self.md = Cs(CS_ARCG_X86, CS_MODE_64) + self.md = Cs(arch, mode) - def get_ret_type(self, type): - pass - - def gen_cast(self): - for argtype in self.arglist: - if argtype == "int8": self.def_name.append("i8") - elif argtype == "uint8":self.def_name.append("u8") - elif argtype == "uchar":self.def_name.append("c") - elif argtype == "char":self.def_name.append("c") - elif argtype == "lightuserdata":self.def_name.append("p") - elif argtype == "bool":self.def_name.append("b") - elif argtype == "int16":self.def_name.append("i16") - elif argtype == "uint16":self.def_name.append("u16") - elif argtype == "int32":self.def_name.append("i32") - elif argtype == "uint32":self.def_name.append("u32") - elif argtype == "int64":self.def_name.append("i64") - elif argtype == "uint64":self.def_name.append("u64") - elif argtype == "int128":self.def_name.append("i128") - elif argtype == "uint128":self.def_name.append("u128") - elif argtype == "float":self.def_name.append("f") - elif argtype == "double":self.def_name.append("d") - elif argtype == "long double":self.def_name.append("ld") - elif argtype == "string":self.def_name.append("s") - elif argtype == "custom":self.def_name.append("x") - else: - raise Exception("codegen : unknown type") - - def debugdump(self): - for argtype in self.arglist: - print(argtype) + def run(): + for i in md.disasm(self.obj_code, 0x0): + print("0x%x:\t%s\t%s", %(i.address, i.mnemonic, i.op_str)) - def genhex(): - pass - - def genint(): +class Global_Rewriter(object): + def __init__(self): pass -# write code here +# Main is here def premain(): + signal.signal(signal.SIGINT, SigHandler_SIGINT) argparser = Argparser() - codegen = CodeGen_Arg(argparser.args.arglist) - codegen.debugdump() + # write code here +############################################################################### def main(): try: premain() @@ -75,7 +47,7 @@ def main(): variables = globals().copy() variables.update(locals()) shell = code.InteractiveConsole(variables) - shell.interact(banner="DEBUG REPL") + shell.interact(banner="CALL REWRITER DEBUG REPL") if __name__ == "__main__": main() diff --git a/bfd/load.py b/bfd/load.py index ae984c8..22c304e 100755 --- a/bfd/load.py +++ b/bfd/load.py @@ -3,6 +3,12 @@ import argparse import sys import readline import code +import signal +from capstone import * +from capstone.x86 import * + +def SigHandler_SIGINT(signum, frame): + sys.exit(0) class ExceptionHandler(object): def __init__(self, globals, locals): @@ -23,6 +29,8 @@ class CLIArgParser(object): parser.add_argument("--stentries", action='store_true', help="dump section table entries", default=False) parser.add_argument("--objcode", action='store_true', help="dump objects", default=False) parser.add_argument("--test", action='store_true', help="test switch", default=False) + parser.add_argument("--funcs", action='store_true', help="dump functions", default=False) + parser.add_argument("--objs", action='store_true', help="dump objects", default=False) parser.add_argument("--dynsym", action='store_true', help="dump dynamic symbol table", default=False) parser.add_argument("--dlpath", action='store_true', help="dump dynamic linker path", default=False) parser.add_argument("--section", type=str, help="dump a section") @@ -721,6 +729,26 @@ def elf_get_func_code(): elf.init(64) return elf.dump_funcs(False) +class Call_Rewriter(object): + #def __init__(self, obj_code, arch, mode): + def __init__(self, obj_code): + self.obj_code = bytes(obj_code) + self.md = Cs(CS_ARCH_X86, CS_MODE_64) + #self.md = Cs(arch, mode) + + def dumpall(self): + for i in self.md.disasm(self.obj_code, 0x1): + print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str)) + + def run(self): + for i in self.md.disasm(self.obj_code, 0x1): + if i.mnemonic == "call": + print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str)) + +class Global_Rewriter(object): + def __init__(self): + pass + def main(): try: argparser = CLIArgParser() @@ -736,12 +764,19 @@ def main(): elif argparser.args.symbolindex: elf.dump_symbol_idx() elif argparser.args.stentries: elf.dump_st_entries() elif argparser.args.objcode: elf.dump_funcs(True) - elif argparser.args.test: elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, True) - elif argparser.args.test: elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, True) + elif argparser.args.funcs: elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, True) + elif argparser.args.objs: elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, True) elif argparser.args.dynsym: elf.dump_st_entries_dyn() elif argparser.args.dlpath: elf.dump_section(".interp") elif argparser.args.section: elf.dump_section(argparser.args.section) + elif argparser.args.test: + print(elf.dump_funcs(False)[10]) + print(elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False)[10]) + code = elf.dump_funcs(False)[10] + rewriter = Call_Rewriter(code) + rewriter.run() except: + signal.signal(signal.SIGINT, SigHandler_SIGINT) variables = globals().copy() variables.update(locals()) shell = code.InteractiveConsole(variables) diff --git a/bfd/test/test.c b/bfd/test/test.c index 1a9461a..a62769a 100644 --- a/bfd/test/test.c +++ b/bfd/test/test.c @@ -11,6 +11,8 @@ int sub2(int a, int b) {return a - b;} double adddouble(double a, double b) {return a+b;} double subdouble(double a, double b) {return a-b;} double triple(double a, double b, double c) {return a+b+c;} +int quad(int a, int b, int c, int d) {return add2(a,b) + add2(c,d);} +const char* passthrough(const char* a) {return a;} int myvar1 = 1; int myvar2 = 2; diff --git a/daemon/makefile b/daemon/makefile index ad231ab..351f8b7 100644 --- a/daemon/makefile +++ b/daemon/makefile @@ -9,7 +9,7 @@ TARGETC=mutatorclient ##################################RULES################################ .DEFAULT:all -.PHONY:all clean help $(TARGETC) $(TARGETS) $(TARGETD) +.PHONY:all clean help all:$(TARGETC) $(TARGETS) $(TARGETD) diff --git a/mutator-lvl0.cpp b/mutator-lvl0.cpp index 7c0c802..b398a8b 100644 --- a/mutator-lvl0.cpp +++ b/mutator-lvl0.cpp @@ -55,7 +55,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* #include "clang/Lex/Preprocessor.h" #include "clang/Lex/PPCallbacks.h" #include "clang/Tooling/CommonOptionsParser.h" -#include "clang/Tooling/Core/QualTypeNames.h" +//#include "clang/Tooling/Core/QualTypeNames.h" #include "clang/Tooling/Tooling.h" #include "clang/Rewrite/Core/Rewriter.h" /*LLVM headers*/ |