diff options
Diffstat (limited to 'bruiser')
| -rw-r--r-- | bruiser/README.md | 4 | ||||
| -rw-r--r-- | bruiser/bruiser-extra.h | 1 | ||||
| -rw-r--r-- | bruiser/bruiser.cpp | 18 | ||||
| -rw-r--r-- | bruiser/bruiser.h | 3 | ||||
| -rw-r--r-- | bruiser/executioner.h | 38 | ||||
| -rw-r--r-- | bruiser/lua-scripts/demo1.lua | 86 |
6 files changed, 137 insertions, 13 deletions
diff --git a/bruiser/README.md b/bruiser/README.md index 642b10b..da86ce5 100644 --- a/bruiser/README.md +++ b/bruiser/README.md @@ -34,6 +34,10 @@ Imagine we have a classical mutation operator that mutates all `+` operators to ### How? I'm going to write about it as soon as I get my thoughts organized. In the meantime you can look at the source code for some hints.<br/> +### Useful Lua Scripts +The dir named `lua-scripts` houses demos, examples and useful lua scripts for bruiser.<br/> +If you happen to write a Lua script for bruiser that you think other people will find useful, then please add it to `lua-scripts` on your fork and make a PR.<br/> + ### Exampless First you should clone the mutator repo and run `git submodule init` and `git submodule update` to get the third-party repos that enable mutator to run.<br/> To build bruiser you can either run the makefile in bruiser's directory, then run `make` or just run the makefile at mutator's root directory and run `make bruiser`.<br/> diff --git a/bruiser/bruiser-extra.h b/bruiser/bruiser-extra.h index 24c2a6b..d6232a9 100644 --- a/bruiser/bruiser-extra.h +++ b/bruiser/bruiser-extra.h @@ -123,6 +123,7 @@ std::vector<std::string> LUA_FUNCS = "pwd()", "objload()", "listObjects", + "xobjregister", "xobjwrapper", "_G", "_VERSION", diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp index 90a05da..5e55d3b 100644 --- a/bruiser/bruiser.cpp +++ b/bruiser/bruiser.cpp @@ -253,7 +253,7 @@ class PyExec { if (PyList_Check(pValue)) { std::cout << GREEN << "got a python list\n" << NORMAL; int list_length = PyList_Size(pValue); - std::cout << BLUE << "length of list: " << list_length << "\n" << NORMAL; + std::cout << BLUE << "length of list: " << list_length << NORMAL <<"\n"; for (int i = 0; i < list_length; ++i) { PyObject* pybytes = PyList_GetItem(pValue, i); PyObject* pyrepr = PyObject_Repr(pybytes); @@ -271,7 +271,7 @@ class PyExec { std::vector<uint8_t> tempvec; if(PyList_Check(pValue)) { int list_length = PyList_Size(pValue); - std::cout << BLUE << "length of list: " << list_length << "\n" << NORMAL; + std::cout << BLUE << "length of list: " << list_length << NORMAL << "\n"; for(int i = 0; i < list_length; ++i) { PyObject* pybytes = PyList_GetItem(pValue, i); if(PyList_Check(pybytes)) { @@ -1203,6 +1203,7 @@ class LuaWrapper int tableindex2 = 1; // the return type to lua is a table of tables lua_newtable(__ls); + // @devi-FIXME-probably reserving way too much stack space if (!lua_checkstack(__ls, py.exportObjs().size() * 2)) { PRINT_WITH_COLOR_LB(RED, "cant grow lua stack. current size is too small."); } @@ -1225,6 +1226,7 @@ class LuaWrapper int tableindex = 1 ; // the return type to lua is a table lua_newtable(__ls); + // @devi-FIXME-probably reserving way too much stack space if (!lua_checkstack(__ls, py.exportStrings().size() * 2)) { PRINT_WITH_COLOR_LB(RED, "cant grow lua stack. current size is too small."); } @@ -1236,6 +1238,17 @@ class LuaWrapper } } + PRINT_WITH_COLOR_LB(GREEN, "done."); + return 1; + } + + int BruiserLuaxobjRegister(lua_State* __ls) { + int numargs = lua_gettop(__ls); + if (numargs != 2) { + PRINT_WITH_COLOR_LB(RED, "arg number should be 2."); + } + + Executioner executioner; return 1; } @@ -1847,6 +1860,7 @@ int main(int argc, const char **argv) { lua_register(LE.GetLuaState(), "pwd", &LuaDispatch<&LuaWrapper::BruiserLuaPWD>); lua_register(LE.GetLuaState(), "objload", &LuaDispatch<&LuaWrapper::BruiserPyLoader>); lua_register(LE.GetLuaState(), "listObjects", &LuaDispatch<&LuaWrapper::BruiserLuaListObjects>); + lua_register(LE.GetLuaState(), "xobjregister", &LuaDispatch<&LuaWrapper::BruiserLuaxobjRegister>); /*its just regisering the List function from LuaWrapper with X-macros.*/ #define X(__x1, __x2) lua_register(LE.GetLuaState(), #__x1, &LuaDispatch<&LuaWrapper::List##__x1>); diff --git a/bruiser/bruiser.h b/bruiser/bruiser.h index 3b4513c..f8d6095 100644 --- a/bruiser/bruiser.h +++ b/bruiser/bruiser.h @@ -149,7 +149,8 @@ help CMDHelp[] = { {"pwd()", "pwd()", "pwd", "", ""}, {"objload()", "objload(\"main\", \"../bfd/test/test.so\")", "load the compiled functions into bruiser", "string", "success or failure"}, {"listObjects()", "listObjects(\"function\")", "lists the loaded objects of the given type", "string", "success or failure"}, - {"xobjwrapper()", "xobjwrapper(\"function\")", "call an xobject", "", "success or failure"} + {"xobjwrapper()", "xobjwrapper(\"function\")", "call an xobject", "", "success or failure"}, + {"xobjregister", "xobjregister(code_table, registration_name)", "registers an xobject as a callable function from lua", "", "pointer to the function"} }; /**********************************************************************************************************************/ /** diff --git a/bruiser/executioner.h b/bruiser/executioner.h index 4b8b651..0113d6c 100644 --- a/bruiser/executioner.h +++ b/bruiser/executioner.h @@ -56,6 +56,34 @@ namespace { // start of anonymous namespace return 0; } + inline void argInjector(lua_State* __ls) { + int numargs = lua_gettop(__ls); + for (int i = 2; i <= numargs; ++i) { + if (lua_type(__ls, i) == LUA_TBOOLEAN) { + } + else if (lua_type(__ls, i) == LUA_TLIGHTUSERDATA) { + } + else if (lua_type(__ls, i) == LUA_TNUMBER) { + } + else if (lua_type(__ls, i) == LUA_TSTRING) { +#ifdef __x86_64__ + asm volatile("movl %%eax, %0"); +#endif + } + else if (lua_type(__ls, i) == LUA_TTABLE) { + } + else if (lua_type(__ls, i) == LUA_TFUNCTION) { + } + else if (lua_type(__ls, i) == LUA_TUSERDATA) { + } + else if (lua_type(__ls, i) == LUA_TTHREAD) { + } + else { // type is nil + PRINT_WITH_COLOR_LB(RED, "you passed a Nil argument..."); + } + } + } + std::vector<uint8_t> arg_emitter(std::vector<uint8_t> _args) {} int LuaXobjWrapper(lua_State* __ls) { @@ -147,6 +175,16 @@ class Executioner { return std::make_pair(program_memory, code_size); } + std::vector<uint64_t> getAllArgs(lua_State* __ls) { + int numargs = lua_gettop(__ls); + std::vector<uint64_t> args; + + for (int i = 0; i < numargs; ++i) { + } + + return args; + } + void loadAll(void) { for (auto &iter : objs) { this->loadObjsInXMem(iter); diff --git a/bruiser/lua-scripts/demo1.lua b/bruiser/lua-scripts/demo1.lua index cb912b8..de83431 100644 --- a/bruiser/lua-scripts/demo1.lua +++ b/bruiser/lua-scripts/demo1.lua @@ -1,17 +1,17 @@ -- --- get the .so object names +-- get the .so object names in a table -- objload("elf_get_obj_names", "../bfd/test/test.so", "symbol_list") -- --- get the .so object sizes +-- get the .so object sizes in a table -- objload("elf_get_obj_sizes", "../bfd/test/test.so", "symbol_list") -- --- get the .so function names +-- get the .so function names in a table -- objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list") -- --- get the .so function code +-- get the .so function code in a table of tables -- objload("elf_get_func_code", "../bfd/test/test.so", "code_list") -- - +-------------------------------------------------------------------------------------------------------------- function printObjNames() local c = objload("elf_get_obj_names", "../bfd/test/test.so", "symbol_list") for k,v in ipairs(c) do @@ -39,13 +39,79 @@ function printFuncCode() print(k,v) if #v ~= 0 then for k1,v1 in ipairs(v) do - print(k1, v1) + io.write(string.format('%02x', v1), " ") + end + io.write("\n") + end + end +end + +function findMain() + local c = objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list") + for k,v in ipairs(c) do + if v == "'main'" then + io.write("main index is".." "..k.."\n") + return k + end + end +end + +function codeTables() + local return_table = {} + local func_name_table = objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list") + local code_table = objload("elf_get_func_code", "../bfd/test/test.so", "code_list") + for i=1,#func_name_table,1 do + return_table[func_name_table[i]] = code_table[i] + end + return return_table +end + +function codeTableByName(name) + local return_table = {} + local func_name_table = objload("elf_get_func_names", "../bfd/test/test.so", "symbol_list") + local code_table = objload("elf_get_func_code", "../bfd/test/test.so", "code_list") + for k,v in ipairs(func_name_table) do + if v == name then + for k1, v1 in ipairs(code_table[k]) do + table.insert(return_table, string.format('%02x', v1)) end + return return_table end end + return nil +end + +-- start of @placeholder +function XobjRegister(code_table, registration_name) + -- lightuserdata + local Xobjpointer + return Xobjpointer +end +-- should be varargs +-- registration_name() +-- end of @placeholder + +function main() + printObjNames() + printObjSizes() + printFuncNames() + printFuncCode() + findMain() + + local code_table = codeTables() + print(code_table["'main'"]) + for k,v in ipairs(code_table["'main'"]) do + io.write(string.format('%02x', v), " ") + end + io.write("\n") + + local C_main_code = codeTableByName("'main'") + for k, v in ipairs(C_main_code) do + io.write(v, " ") + end + io.write("\n") end -printObjNames() -printObjSizes() -printFuncNames() -printFuncCode() +main() +-------------------------------------------------------------------------------------------------------------- + |