aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.lgtm.yml3
-rw-r--r--README.md1
-rw-r--r--bruiser/README.md16
-rw-r--r--bruiser/bruiser.cpp30
-rw-r--r--bruiser/lua-scripts/libwasm32.lua265
m---------cgrep0
-rw-r--r--m0/mutator-lvl0.cpp8
-rw-r--r--obfuscator/obfuscator.cpp8
8 files changed, 326 insertions, 5 deletions
diff --git a/.lgtm.yml b/.lgtm.yml
index 6e3506a..4444873 100644
--- a/.lgtm.yml
+++ b/.lgtm.yml
@@ -10,9 +10,8 @@ extraction:
cpp:
prepare: # Customizable step used by all languages.
packages:
- - g++-8
- libcapstone-dev
- - libllvm6.0
+ - llvm-8-dev
after_prepare: # Customizable step used by all languages.
- mkdir -p $LGTM_WORKSPACE/latest-gcc-symlinks
- ln -s /usr/bin/g++-6 $LGTM_WORKSPACE/latest-gcc-symlinks/g++
diff --git a/README.md b/README.md
index 087f36a..0cf4fc6 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@
</a>
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/553/badge)](https://bestpractices.coreinfrastructure.org/projects/553)
[![Coverage Status](https://coveralls.io/repos/github/bloodstalker/mutator/badge.svg?branch=master)](https://coveralls.io/github/bloodstalker/mutator?branch=master)
+[![Gitter](https://badges.gitter.im/mutatortools/community.svg)](https://gitter.im/mutatortools/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
## Table of Contents
diff --git a/bruiser/README.md b/bruiser/README.md
index 6d1b8d9..f7bb993 100644
--- a/bruiser/README.md
+++ b/bruiser/README.md
@@ -7,6 +7,7 @@ Object file libraries: Object file manipulation libraries are implemented in C a
Xobj: Pull in funtions from ELF objects, call them and get the result back(basically ffi).<br/>
ASMrewriter: Currently returns a table containing all the jumps in the x86-64 machine code.<br/>
Ramdump: Get the memory of a running process.<br/>
+LibWASM: Get a wasm object(32) in lua.<br/>
For working demos you can skip to the end of the README.<br/>
@@ -17,7 +18,7 @@ For working demos you can skip to the end of the README.<br/>
* libcapstone<br/>
* libkeystone<br/>
* python 3.5(or higher) development packages<br/>
-* LLVM/Clang(5.0,6.0 or 8.0. 7.0 not supported)<br/>
+* LLVM/Clang(5.0,6.0 or 8.0,9.0 and 10.0. 7.0 not supported)<br/>
Other dependencies(lua, [faultreiber](https://github.com/bloodstalker/faultreiber), [luatablegen](https://github.com/bloodstalker/luatablegen), [linenoise](https://github.com/antirez/linenoise)) are self-contained.<br/>
## Make
@@ -68,6 +69,14 @@ If you happen to write a Lua script for bruiser that you think other people will
Run `run.sh` inside bruiser's directory. This will run all the demos buirser currently has, which at the time of writng include the xobj demo, the jump table demo, the disassembly demo and the wasm object demo.<br/>
### Examples
+
+You can run the below piece of code to get a quick dump of a wasm object:<br/>
+```lua
+libwasm=require(libwasm32)
+libwasm.dump_all(my_wasm_obj.wasm)
+```
+
+for a quick dump of a wasm object.<br/>
First you should clone the mutator repo and run `git submodule init` and `git submodule update` to get the third-party repos that enable mutator to run.<br/>
To build bruiser you can either run the makefile in bruiser's directory, then run `make` or just run the makefile at mutator's root directory and run `make bruiser`.<br/>
After building bruiser, you can run it like any other mutator tool. So for example if you want to run bruiser on its test file run:<br/>
@@ -78,7 +87,7 @@ After building bruiser, you can run it like any other mutator tool. So for examp
```
-or if you're lazy like me just run the shellscript `run.sh` in bruiser's directory.<br/>
+or if you're short on time just run the shellscript `run.sh` in bruiser's directory.<br/>
After that you can just run your commands.<br/>
To run you commands from a lua file, you can just use `dofile()` to call your script. Bruiser has an embedded lua interpreter with the bruiser functions registered in it, so you do have full access to all lua libraries and functionalities plus the added bruiser functionality.<br/>
@@ -98,7 +107,7 @@ You can also run bruiser in non-cli mode:<br/>
```
The demo scripts, `demo1.lua` and `demo2.lua` require the file `bfd/test/test` and `bfd/test/test.so` to be built. Run make in `bfd/test/` to get `test` and `test.so`.<br/>
-Bruiser requires a compilation database to run. If you don't have a compilation database, take a look at [Bear](https://github.com/rizsotto/Bear). If you're using `cmake`, just tell it to generate a compilation database.<br/>
+Bruiser requires a compilation database to run. If you don't have a compilation database, take a look at [Bear](https://github.com/rizsotto/Bear) or [scan-build](https://github.com/rizsotto/scan-build). If you're using `cmake`, just tell it to generate a compilation database.<br/>
TLDR; now let's look at some useful example.<br/>
@@ -121,3 +130,4 @@ The ASMRewriter functionality allows you to look through the machine code and ma
For working examples which demonstrate how much the implementation has improved you can run `lua-scripts/demo2.lua` and `lua-scripts/df-demo.lua`. `demo2.lua` requires `ansicolor`. `df-demo.lua` uses the dwarf fortress executable as an example so you will have to first get that and then change the path in the lua file.<br/>
For more detailed information on the modules and the methods they provide, you can look at the wiki.<br/>
+
diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp
index 440e72c..dcf3e30 100644
--- a/bruiser/bruiser.cpp
+++ b/bruiser/bruiser.cpp
@@ -897,7 +897,11 @@ public:
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<BruiserASTConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<BruiserASTConsumer>(TheRewriter);
+#endif
}
private:
@@ -919,7 +923,11 @@ class LiveActionListVars : public ASTFrontendAction {
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<LiveListVarsConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<LiveListVarsConsumer>(TheRewriter);
+#endif
}
private:
@@ -940,7 +948,11 @@ class LiveActionListFuncs : public ASTFrontendAction {
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<LiveListFuncsConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<LiveListFuncsConsumer>(TheRewriter);
+#endif
}
private:
@@ -961,7 +973,11 @@ class LiveActionListStructs : public ASTFrontendAction {
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<LiveListStructConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<LiveListStructConsumer>(TheRewriter);
+#endif
}
private:
@@ -982,7 +998,11 @@ class LiveActionListClasses : public ASTFrontendAction {
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<LiveListClassConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<LiveListClassConsumer>(TheRewriter);
+#endif
}
private:
@@ -1003,7 +1023,11 @@ class LiveActionListUnions : public ASTFrontendAction {
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<LiveListUnionConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<LiveListUnionConsumer>(TheRewriter);
+#endif
}
private:
@@ -1024,7 +1048,11 @@ class LiveActionListArrays : public ASTFrontendAction {
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<LiveListArrayConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<LiveListArrayConsumer>(TheRewriter);
+#endif
}
private:
@@ -2290,6 +2318,7 @@ class RunLoop {
}
}
+ char* prv_command;
/*cli execution loop*/
while((command = linenoise(">>>")) != NULL) {
//FIXME-if the current command is the same as last command skip adding to history
@@ -2297,6 +2326,7 @@ class RunLoop {
linenoiseHistorySave(SHELL_HISTORY_FILE.c_str());
le.RunChunk(command);
linenoiseFree(command);
+ //prv_commnad = command;
}
return 0;
}
diff --git a/bruiser/lua-scripts/libwasm32.lua b/bruiser/lua-scripts/libwasm32.lua
new file mode 100644
index 0000000..0f7ad11
--- /dev/null
+++ b/bruiser/lua-scripts/libwasm32.lua
@@ -0,0 +1,265 @@
+
+colors = require("ansicolors")
+
+local libwasm = {}
+
+function libwasm.dump_type_section(a)
+ print(colors("%{green}".."\ntype section:"))
+ if a["type_section"] ~= nil then
+ io.write(tostring("id:"..a["type_section"]:id()).."\n")
+ io.write(tostring("payloadlength:"..a["type_section"]:payloadlength()).."\n")
+ io.write(tostring("count:"..a["type_section"]:count()).."\n")
+ io.write("entries"..tostring(a["type_section"]:entries()).."\n")
+ for k, v in pairs(a["type_section"]:entries()) do
+ io.write(v:form().."\t")
+ io.write(v:param_count().."\t")
+ io.write(v:param_types().."\t")
+ io.write(v:return_count().."\t")
+ io.write(v:return_types().."\n")
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_import_section(a)
+ print(colors("%{green}".."\nimport section:"))
+ if a["import_section"] ~= nil then
+ io.write("id:"..tostring(a["import_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["import_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["import_section"]:count()).."\n")
+ io.write("entries"..tostring(a["import_section"]:entries()).."\n")
+ for k, v in pairs(a["import_section"]:entries()) do
+ io.write("module length:"..v:module_length().."\t")
+ io.write("module str:"..v:module_str().."\t")
+ io.write("field len:"..v:field_len().."\t")
+ io.write("field str:"..v:field_str().."\t")
+ io.write("kind:"..v:kind().."\t")
+ io.write("kind:"..tostring(v:type()).."\t")
+ if v:kind() == 0 then
+ print()
+ io.write("kind:"..tostring(v:type()).."\n")
+ elseif v:kind() == 1 then
+ io.write("element_type:"..v:type():element_type().."\n")
+ --io.write("rsz:"..v:type():resizable_limit().."\t")
+ --io.write("flags:"..v:type():resizable_limit():flags().."\t")
+ --io.write("init:"..v:type():resizable_limit():init().."\t")
+ --io.write("max:"..v:type():resizable_limit():maximum().."\n")
+ elseif v:kind() == 2 then
+ --io.write("rsz:"..v:type():resizable_limit().."\t")
+ --io.write("flags:"..v:type():resizable_limit():flags().."\t")
+ --io.write("init:"..v:type():resizable_limit():init().."\t")
+ --io.write("max:"..v:type():resizable_limit():maximum().."\n")
+ print()
+ elseif v:kind() == 3 then
+ io.write("value_type:"..v:type():value_type().."\t")
+ io.write("mutability:"..v:type():mutability().."\n")
+ end
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_function_section(a)
+ print(colors("%{green}".."\nfunction section:"))
+ if a["function_section"] ~= nil then
+ io.write("id:"..tostring(a["function_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["function_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["function_section"]:count()).."\n")
+ io.write("types:"..tostring(a["function_section"]:types()).."\n")
+ for k,v in pairs(a["function_section"]:types()) do
+ print(v)
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_table_section(a)
+ print(colors("%{green}".."\ntable section:"))
+ if a["table_section"] ~= nil then
+ io.write("id:"..tostring(a["table_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["table_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["table_section"]:count()).."\n")
+ io.write("entries:"..tostring(a["table_section"]:entries()).."\n")
+ for k, v in pairs(a["table_section"]:entries()) do
+ io.write(v:element_type().."\t")
+ io.write(tostring(v:resizable_limit()).."\t")
+ io.write(v:resizable_limit():flags().."\t")
+ io.write(v:resizable_limit():initial().."\t")
+ io.write(v:resizable_limit():maximum().."\n")
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+
+function libwasm.dump_memory_section(a)
+ print(colors("%{green}".."\nmemory section:"))
+ if a["memory_section"] ~= nil then
+ io.write("id:"..tostring(a["memory_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["memory_section"]:payloadlength()).."\n")
+ --for wasm v.1.0. memory section count is 1
+ --io.write("count:"..tostring(a["memory_section"]:count()).."\n")
+ io.write("entries:"..tostring(a["memory_section"]:entries()).."\n")
+ io.write(a["memory_section"]:entries():resizable_limit():flags().."\t")
+ io.write(a["memory_section"]:entries():resizable_limit():initial().."\t")
+ io.write(a["memory_section"]:entries():resizable_limit():maximum().."\n")
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_global_section(a)
+ print(colors("%{green}".."\nglobal section:"))
+ if (a["global_section"] ~= nil) then
+ io.write("id:"..tostring(a["global_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["global_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["global_section"]:count()).."\n")
+ io.write("globals:"..tostring(a["global_section"]:globals()).."\n")
+ for k, v in pairs(a["global_section"]:globals()) do
+ io.write(v:global_type().."\t")
+ io.write(v:init().."\n")
+ io.write(v:init():code().."\n")
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_export_section(a)
+ print(colors("%{green}".."\nexport section:"))
+ if (a["export_section"] ~= nil) then
+ io.write("id:"..tostring(a["export_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["export_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["export_section"]:count()).."\n")
+ io.write("entries:"..tostring(a["export_section"]:entries()).."\n")
+ for k, v in pairs(a["export_section"]:entries()) do
+ io.write(v:field_len().."\t")
+ io.write(v:field_str().."\t")
+ io.write(v:kind().."\t")
+ io.write(v:index().."\n")
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_start_section(a)
+ print(colors("%{green}".."\nstart section:"))
+ if (a["start_section"] ~= nil) then
+ io.write("id:"..tostring(a["start_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["start_section"]:payloadlength()).."\n")
+ io.write("index:"..tostring(a["start_section"]:index()).."\n")
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_element_section(a)
+ print(colors("%{green}".."\nelement section:"))
+ if (a["element_section"] ~= nil) then
+ io.write("id:"..tostring(a["element_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["element_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["element_section"]:count()).."\n")
+ io.write(colors("%{cyan}".."entries:"..tostring(a["element_section"]:entries()).."\n"))
+ for k, v in pairs(a["element_section"]:entries()) do
+ io.write("index:"..v:index().."\t")
+ io.write("init:")
+ for i = 1, #v:init():code() do
+ local c = v:init():code():sub(i,i)
+ io.write(colors("%{red}"..string.byte(c)).." ")
+ end
+ io.write("\n")
+ io.write("number of elements:"..v:num_length().."\t")
+ io.write("elems:")
+ for i, j in pairs(v:elems()) do
+ io.write(colors("%{red}"..j.." "))
+ end
+ io.write("\n")
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_code_section(a)
+ print(colors("%{green}".."\ncode section:"))
+ if (a["code_section"] ~= nil) then
+ io.write("id:"..tostring(a["code_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["code_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["code_section"]:count()).."\n")
+ io.write("bodies:"..tostring(a["code_section"]:bodies()).."\n")
+ for k,v in pairs(a["code_section"]:bodies()) do
+ io.write(colors("\n%{cyan}".."entry:\n"))
+ io.write("body_size:"..v:body_size().."\t")
+ io.write("local_count:"..v:local_count().."\t")
+ io.write(tostring(v:locals()).."\n")
+ for i, j in pairs(v:locals()) do
+ io.write("locals count:"..j:count().."\t")
+ io.write("locals type:"..j:type().."\n")
+ end
+ io.write("function body:\n")
+ for i,j in pairs(v:code()) do
+ io.write(colors("%{red}"..j.." "))
+ end
+ io.write("\n")
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_data_section(a)
+ print(colors("%{green}".."\ndata section:"))
+ if (a["data_section"] ~= nil) then
+ io.write("id:"..tostring(a["data_section"]:id()).."\n")
+ io.write("payloadlength:"..tostring(a["data_section"]:payloadlength()).."\n")
+ io.write("count:"..tostring(a["data_section"]:count()).."\n")
+ io.write("entries:"..tostring(a["data_section"]:entries()).."\n")
+ if type(a["data_section"]:entries()) == "table" then
+ io.write(colors("%{cyan}".."entries:").."\n")
+ for k,v in pairs(a["data_section"]:entries()) do
+ io.write("index:"..v:index().."\n")
+ io.write("offset: ")
+ for i = 1, #v:offset():code() do
+ local c = v:offset():code():sub(i,i)
+ io.write(colors("%{red}"..string.byte(c)).." ")
+ end
+ io.write("\n")
+ io.write("size:"..v:size().."\n")
+ for i, j in pairs(v:data()) do
+ io.write(colors("%{blue}"..string.char(j)))
+ end
+ io.write("\n")
+ end
+ end
+ else
+ print(colors("%{red}".."section doesnt exist."))
+ end
+end
+
+function libwasm.dump_all(wasm_path)
+ local a = getwasmobj(wasm_path)
+ libwasm.dump_type_section(a)
+ libwasm.dump_import_section(a)
+ libwasm.dump_function_section(a)
+ libwasm.dump_table_section(a)
+ libwasm.dump_memory_section(a)
+ libwasm.dump_global_section(a)
+ libwasm.dump_export_section(a)
+ libwasm.dump_start_section(a)
+ libwasm.dump_element_section(a)
+ libwasm.dump_code_section(a)
+ libwasm.dump_data_section(a)
+end
+
+function libwasm.dev(wasm_path)
+ local a = getwasmobj(wasm_path)
+ libwasm.dump_import_section(a)
+end
+
+return libwasm
+
diff --git a/cgrep b/cgrep
-Subproject 788954aab9bb8f4cdd1c87f5f3c6735a947581e
+Subproject cce8d6a9d7a05dd13a5b7295492316a91ee62a3
diff --git a/m0/mutator-lvl0.cpp b/m0/mutator-lvl0.cpp
index cdd625f..abbcb52 100644
--- a/m0/mutator-lvl0.cpp
+++ b/m0/mutator-lvl0.cpp
@@ -7638,12 +7638,20 @@ public:
void EndSourceFileAction() override {}
std::unique_ptr<ASTConsumer> CreateASTConsumer(CompilerInstance &CI, StringRef file) override {
+#if __clang_major__ <= 9
CI.getPreprocessor().addPPCallbacks(llvm::make_unique<PPInclusion>(&CI.getSourceManager()));
+#elif __clang_major__ >= 10
+ CI.getPreprocessor().addPPCallbacks(std::make_unique<PPInclusion>(&CI.getSourceManager()));
+#endif
DiagnosticsEngine &DiagEngine = CI.getPreprocessor().getDiagnostics();
Mutator0DiagnosticConsumer* M0DiagConsumer = new Mutator0DiagnosticConsumer;
DiagEngine.setClient(M0DiagConsumer, true);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<MyASTConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<MyASTConsumer>(TheRewriter);
+#endif
}
private:
diff --git a/obfuscator/obfuscator.cpp b/obfuscator/obfuscator.cpp
index 4ea03e1..a28df21 100644
--- a/obfuscator/obfuscator.cpp
+++ b/obfuscator/obfuscator.cpp
@@ -519,11 +519,19 @@ public:
}
std::unique_ptr<ASTConsumer> CreateASTConsumer(CompilerInstance &CI, StringRef file) override {
+#if __clang_major__ <= 9
CI.getPreprocessor().addPPCallbacks(llvm::make_unique<PPInclusion>(&CI.getSourceManager(), &TheRewriter));
+#elif __clang_major__ >= 10
+ CI.getPreprocessor().addPPCallbacks(std::make_unique<PPInclusion>(&CI.getSourceManager(), &TheRewriter));
+#endif
DiagnosticsEngine &DE = CI.getPreprocessor().getDiagnostics();
DE.setClient(BDCProto, false);
TheRewriter.setSourceMgr(CI.getSourceManager(), CI.getLangOpts());
+#if __clang_major__ <= 9
return llvm::make_unique<MyASTConsumer>(TheRewriter);
+#elif __clang_major__ >= 10
+ return std::make_unique<MyASTConsumer>(TheRewriter);
+#endif
}
private: