From 437b028167c1da250f3959b43c2f09935b4dba80 Mon Sep 17 00:00:00 2001 From: bloodstalker Date: Mon, 23 Apr 2018 16:10:30 +0430 Subject: updated the readme, added a wiki entry, fixed the default.lua script which i broke in the last commit --- bruiser/README.md | 17 +++++++++++++---- bruiser/bruiser.cpp | 12 +++++------- bruiser/defaults.lua | 9 +++++++++ bruiser/run.sh | 1 + 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/bruiser/README.md b/bruiser/README.md index 870f468..2e7889c 100644 --- a/bruiser/README.md +++ b/bruiser/README.md @@ -57,32 +57,41 @@ For example you can run one of the example scripts that come with bruiser like t ```lua -dofile("./lua-scripts/testfile1.lua") +dofile("./lua-scripts/demo1.lua") ``` You can also run bruiser in non-cli mode:
```bash -./bruiser ../test/bruisertest/test.cpp -lua="./lua-scripts/mutation-example.lua" +./bruiser ../test/bruisertest/test.cpp -lua="./lua-scripts/demo2.lua" ``` +The demo scripts, `demo1.lua` and `demo2.lua` require the file `bfd/test/test` and `bfd/test/test.so` to be built. Run make in `bfd/test/` to get `test` and `test.so`.
Bruiser requires a compilation database to run. If you don't have a compilation database, take a look at [Bear](https://github.com/rizsotto/Bear). If you're using `cmake`, just tell it to generate a compilation database.
TLDR; now let's look at some useful example.
-#### ELF info + +#### ELF info, Xobjs, ASMRewriter mutator has it's own pyelf script which resides at `/bfd`, named `load.py`. `load.py` reads an ELF file and then returns the results to lua in the form of tables. For more detailed info please look at the wiki entry.
Running the following command will return a table containing the names of the objects found in the specified ELF file. To build `../bfd/test/test.so` go to the test dir for bfd and run the makefile.
```lua objload("elf_get_obj_names", "../bfd/test/test.so", "symbol_list") ``` For a more detailed example look at the wiki here on github.
+ +The Xobj module along with `load.py` allows you to load a function from an ELF shared object library into executable memory and call it.
The xobj functionality is provided as a lua module. You can use it by:
```lua xobj = require("lua-scripts.xobj") ``` -you can see a working example if you run `lua-scripts/demo2.lua`. The example requires `ansicolors`. You can get that by `luarocks install ansicolors`.
+For a working example on xobjs, you can run `lua-scripts/demo1.lua`. The example requires `ansicolors`. You can get that by `luarocks install ansicolors`.
+ +The ASMRewriter functionality allows you to look through the machine code and make changes to the executable.
+For working examples which demonstrate how much the implementation has improved you can run `lua-scripts/demo2.lua` and `lua-scripts/df-demo.lua`. `demo2.lua` requires `ansicolor`. `df-demo.lua` uses the dwarf fortress executable as an example so you will have to first get that and then change the path in the lua file.
+ +For more detailed information on the modules and the methods they provide, you can look at the wiki.
#### Lua Defaults Upon start-up, bruiser will look to find a file called `defaults.lua` in the same directory as the bruiser executable to run before running any user provided lua code, both in interactive and non-interactive modes. The path to the lua default file could be changed from the default value by the `LuaDefault` option passed to bruiser on startup.
diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp index 1cebe3f..2477759 100644 --- a/bruiser/bruiser.cpp +++ b/bruiser/bruiser.cpp @@ -31,6 +31,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* #include "bruisercapstone.h" #include "asmrewriter.h" /*standard headers*/ +#include #include #include #include @@ -108,6 +109,7 @@ cl::opt MainFileOnly("MainOnly", cl::desc("bruiser will only report the re cl::opt M0XMLPath("xmlpath", cl::desc("tells bruiser where to find the XML file containing the Mutator-LVL0 report."), cl::init(bruiser::M0REP), cl::cat(BruiserCategory), cl::ZeroOrMore); cl::opt LuaJIT("jit", cl::desc("should bruiser use luajit or not."), cl::init(true), cl::cat(BruiserCategory), cl::ZeroOrMore); cl::opt Verbose("verbose", cl::desc("verbosity"), cl::init(false), cl::cat(BruiserCategory), cl::ZeroOrMore); +cl::opt Nosrc("No Source file needed", cl::desc("verbosity"), cl::init(true), cl::cat(BruiserCategory), cl::ZeroOrMore); // @DEVI-FIXME-we need something like python's code module. lua's -i is not it. cl::opt LuaInteractive("interactive", cl::desc("run in interactive mode"), cl::init(false), cl::cat(BruiserCategory), cl::ZeroOrMore); cl::opt NonCLILuaScript("lua", cl::desc("specifies a lua script for bruiser to run in non-interactive mode"), cl::init(""), cl::cat(BruiserCategory), cl::Optional); @@ -2193,19 +2195,15 @@ int main(int argc, const char **argv) { /*gets the compilation database and options for the clang instances that we would later run*/ CommonOptionsParser op(argc, argv, BruiserCategory); - ClangTool Tool(op.getCompilations(), op.getSourcePathList()); - std::vector> ASTs; - //auto buildASTRes = Tool.buildASTs(ASTs); - CompilationDatabase &CDB = op.getCompilations(); std::vector CCV = CDB.getAllCompileCommands(); - /*populating the shellglobalinstance*/ CompilationDatabaseProcessor CDBP(CDB); + ClangTool Tool(op.getCompilations(), op.getSourcePathList()); - /*checking whether the compilation database is found and not empty*/ + /*checking whether the compilation database is found and not empty if Nosrc is set*/ if (CDBP.CompilationDatabseIsEmpty()) { - PRINT_WITH_COLOR_LB(RED, "bruiser could not find the compilation database."); + PRINT_WITH_COLOR_LB(RED, "Nosrc is set and bruiser can't find the compilation database. quitting..."); return 1; } else { CDBP.CalcMakePath(); diff --git a/bruiser/defaults.lua b/bruiser/defaults.lua index d3344f0..9f9f33b 100644 --- a/bruiser/defaults.lua +++ b/bruiser/defaults.lua @@ -6,6 +6,8 @@ local luarocks_handle = io.popen("luarocks path --bin") for line in luarocks_handle:lines() do local path = string.match(line, "LUA_PATH%s*=%s*('.+')") local cpath = string.match(line, "LUA_CPATH%s*=%s*('.+')") + local path_b = false + local cpath_b = false if path ~= nil then package.path = package.path..path end @@ -13,3 +15,10 @@ for line in luarocks_handle:lines() do package.cpath = package.cpath..cpath end end + +if path_b then + io.write("failed to get path from luarocks.\n") +end +if cpath_b then + io.write("failed to get cpath from luarocks.\n") +end diff --git a/bruiser/run.sh b/bruiser/run.sh index 8271e35..7e9e695 100755 --- a/bruiser/run.sh +++ b/bruiser/run.sh @@ -3,3 +3,4 @@ cd $(dirname $0) #"./bruiser" ../test/bruisertest/test.cpp --verbose "./bruiser" ../test/bruisertest/test.cpp +#"./bruiser" -Nosrc -- cgit v1.2.3