aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rwxr-xr-xbfd/codegen.py70
-rwxr-xr-xbfd/load.py39
-rw-r--r--bfd/test/test.c2
-rw-r--r--daemon/makefile2
-rw-r--r--mutator-lvl0.cpp2
6 files changed, 63 insertions, 54 deletions
diff --git a/README.md b/README.md
index 2581244..fbacebd 100644
--- a/README.md
+++ b/README.md
@@ -157,7 +157,7 @@ git submodule update
```
-To build the project, you need to have the LLVM libraries 5.0 or higher. mutator can not be built with LLVM 3.9 or lower. The latest tested is LLVM trunk:312884.<br/>
+To build the project, you need to have the LLVM libraries 5.0 or higher. mutator can not be built with LLVM 3.9 or lower. The latest tested is LLVM trunk:323883.<br/>
Here Are the build options:<br/>
* Running `make` will build the default target which is `all`. This will build all three executables, without support for coverage instrumentation.<br/>
diff --git a/bfd/codegen.py b/bfd/codegen.py
index fbac4a8..5019261 100755
--- a/bfd/codegen.py
+++ b/bfd/codegen.py
@@ -3,13 +3,13 @@
import argparse
import code
import readline
+import signal
+import sys
+import capstone
+from load import ELF
-default_header="#include <stdint.h>\n"
-main_sig="int main(int argc, char** argv)>"
-def_kw="#define "
-def_name = []
-separator="fff"
-def_value = []
+def SigHandler_SIGINT(signum, frame):
+ sys.exit(0)
class Argparser(object):
def __init__(self):
@@ -19,55 +19,27 @@ class Argparser(object):
self.args = parser.parse_args()
self.code = {}
-class CodeGen_Arg(object):
- def __init__(self, arglist):
- self.arglist = arglist
- self.def_name = []
- self.def_value = []
+class Call_Rewriter(object):
+ def __init__(self, obj_code, arch, mode):
+ self.obj_code = obj_code
+ #self.md = Cs(CS_ARCG_X86, CS_MODE_64)
+ self.md = Cs(arch, mode)
- def get_ret_type(self, type):
- pass
-
- def gen_cast(self):
- for argtype in self.arglist:
- if argtype == "int8": self.def_name.append("i8")
- elif argtype == "uint8":self.def_name.append("u8")
- elif argtype == "uchar":self.def_name.append("c")
- elif argtype == "char":self.def_name.append("c")
- elif argtype == "lightuserdata":self.def_name.append("p")
- elif argtype == "bool":self.def_name.append("b")
- elif argtype == "int16":self.def_name.append("i16")
- elif argtype == "uint16":self.def_name.append("u16")
- elif argtype == "int32":self.def_name.append("i32")
- elif argtype == "uint32":self.def_name.append("u32")
- elif argtype == "int64":self.def_name.append("i64")
- elif argtype == "uint64":self.def_name.append("u64")
- elif argtype == "int128":self.def_name.append("i128")
- elif argtype == "uint128":self.def_name.append("u128")
- elif argtype == "float":self.def_name.append("f")
- elif argtype == "double":self.def_name.append("d")
- elif argtype == "long double":self.def_name.append("ld")
- elif argtype == "string":self.def_name.append("s")
- elif argtype == "custom":self.def_name.append("x")
- else:
- raise Exception("codegen : unknown type")
-
- def debugdump(self):
- for argtype in self.arglist:
- print(argtype)
+ def run():
+ for i in md.disasm(self.obj_code, 0x0):
+ print("0x%x:\t%s\t%s", %(i.address, i.mnemonic, i.op_str))
- def genhex():
- pass
-
- def genint():
+class Global_Rewriter(object):
+ def __init__(self):
pass
-# write code here
+# Main is here
def premain():
+ signal.signal(signal.SIGINT, SigHandler_SIGINT)
argparser = Argparser()
- codegen = CodeGen_Arg(argparser.args.arglist)
- codegen.debugdump()
+ # write code here
+###############################################################################
def main():
try:
premain()
@@ -75,7 +47,7 @@ def main():
variables = globals().copy()
variables.update(locals())
shell = code.InteractiveConsole(variables)
- shell.interact(banner="DEBUG REPL")
+ shell.interact(banner="CALL REWRITER DEBUG REPL")
if __name__ == "__main__":
main()
diff --git a/bfd/load.py b/bfd/load.py
index ae984c8..22c304e 100755
--- a/bfd/load.py
+++ b/bfd/load.py
@@ -3,6 +3,12 @@ import argparse
import sys
import readline
import code
+import signal
+from capstone import *
+from capstone.x86 import *
+
+def SigHandler_SIGINT(signum, frame):
+ sys.exit(0)
class ExceptionHandler(object):
def __init__(self, globals, locals):
@@ -23,6 +29,8 @@ class CLIArgParser(object):
parser.add_argument("--stentries", action='store_true', help="dump section table entries", default=False)
parser.add_argument("--objcode", action='store_true', help="dump objects", default=False)
parser.add_argument("--test", action='store_true', help="test switch", default=False)
+ parser.add_argument("--funcs", action='store_true', help="dump functions", default=False)
+ parser.add_argument("--objs", action='store_true', help="dump objects", default=False)
parser.add_argument("--dynsym", action='store_true', help="dump dynamic symbol table", default=False)
parser.add_argument("--dlpath", action='store_true', help="dump dynamic linker path", default=False)
parser.add_argument("--section", type=str, help="dump a section")
@@ -721,6 +729,26 @@ def elf_get_func_code():
elf.init(64)
return elf.dump_funcs(False)
+class Call_Rewriter(object):
+ #def __init__(self, obj_code, arch, mode):
+ def __init__(self, obj_code):
+ self.obj_code = bytes(obj_code)
+ self.md = Cs(CS_ARCH_X86, CS_MODE_64)
+ #self.md = Cs(arch, mode)
+
+ def dumpall(self):
+ for i in self.md.disasm(self.obj_code, 0x1):
+ print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
+
+ def run(self):
+ for i in self.md.disasm(self.obj_code, 0x1):
+ if i.mnemonic == "call":
+ print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
+
+class Global_Rewriter(object):
+ def __init__(self):
+ pass
+
def main():
try:
argparser = CLIArgParser()
@@ -736,12 +764,19 @@ def main():
elif argparser.args.symbolindex: elf.dump_symbol_idx()
elif argparser.args.stentries: elf.dump_st_entries()
elif argparser.args.objcode: elf.dump_funcs(True)
- elif argparser.args.test: elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, True)
- elif argparser.args.test: elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, True)
+ elif argparser.args.funcs: elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, True)
+ elif argparser.args.objs: elf.dump_symbol_string(ELF_ST_TYPE.STT_OBJECT, True)
elif argparser.args.dynsym: elf.dump_st_entries_dyn()
elif argparser.args.dlpath: elf.dump_section(".interp")
elif argparser.args.section: elf.dump_section(argparser.args.section)
+ elif argparser.args.test:
+ print(elf.dump_funcs(False)[10])
+ print(elf.dump_symbol_string(ELF_ST_TYPE.STT_FUNC, False)[10])
+ code = elf.dump_funcs(False)[10]
+ rewriter = Call_Rewriter(code)
+ rewriter.run()
except:
+ signal.signal(signal.SIGINT, SigHandler_SIGINT)
variables = globals().copy()
variables.update(locals())
shell = code.InteractiveConsole(variables)
diff --git a/bfd/test/test.c b/bfd/test/test.c
index 1a9461a..a62769a 100644
--- a/bfd/test/test.c
+++ b/bfd/test/test.c
@@ -11,6 +11,8 @@ int sub2(int a, int b) {return a - b;}
double adddouble(double a, double b) {return a+b;}
double subdouble(double a, double b) {return a-b;}
double triple(double a, double b, double c) {return a+b+c;}
+int quad(int a, int b, int c, int d) {return add2(a,b) + add2(c,d);}
+const char* passthrough(const char* a) {return a;}
int myvar1 = 1;
int myvar2 = 2;
diff --git a/daemon/makefile b/daemon/makefile
index ad231ab..351f8b7 100644
--- a/daemon/makefile
+++ b/daemon/makefile
@@ -9,7 +9,7 @@ TARGETC=mutatorclient
##################################RULES################################
.DEFAULT:all
-.PHONY:all clean help $(TARGETC) $(TARGETS) $(TARGETD)
+.PHONY:all clean help
all:$(TARGETC) $(TARGETS) $(TARGETD)
diff --git a/mutator-lvl0.cpp b/mutator-lvl0.cpp
index 7c0c802..b398a8b 100644
--- a/mutator-lvl0.cpp
+++ b/mutator-lvl0.cpp
@@ -55,7 +55,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*
#include "clang/Lex/Preprocessor.h"
#include "clang/Lex/PPCallbacks.h"
#include "clang/Tooling/CommonOptionsParser.h"
-#include "clang/Tooling/Core/QualTypeNames.h"
+//#include "clang/Tooling/Core/QualTypeNames.h"
#include "clang/Tooling/Tooling.h"
#include "clang/Rewrite/Core/Rewriter.h"
/*LLVM headers*/