class WinAppDbgTarget(ServerTarget): def __init__(self, name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None): ''' :param name: name of the object :param process_path: path to the target executable :param process_args: arguments to pass to the process :param attach: try to attach if process path :param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite) :param logger: logger for this object (default: None) ''' super(WinAppDbgTarget, self).__init__(name, logger) assert (process_path) assert (os.path.exists(process_path)) self._process_path = process_path self._process_name = os.path.basename(process_path) self._process_args = process_args self._process = None self._sql_crash_db = sql_crash_db self._crash_event_complete = threading.Event() self._server_is_up = threading.Event() self._crash_event_complete.set() self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True) def _debug_server(self): ''' debugger thread ''' try: self._process = None # Start a new process for debugging. argv = [self._process_path] + self._process_args self.logger.debug('debugger starting server: %s' % argv) try: self._process = self._debug.execv(argv, bFollow=True) except WindowsError: self.logger.error('debug_server received exception', traceback.fmt_exc()) self._pid = self._process.get_pid() self.logger.info('process started. pid=%d' % self._pid) # Wait for the debugee to finish. self._server_is_up.set() self._debug.loop() except: self.logger.error('Got an exception in _debug_server') self.logger.error(traceback.format_exc()) # Stop the debugger. finally: self._debug.stop() self._process = None self._pid = -1 self._crash_event_complete.set() def _start_server_thread(self): ''' start the server thread ''' self._server_is_up.clear() self.server_thread = FuncThread(self._debug_server) self.server_thread.start() self.logger.info('waiting for server to be up') self._server_is_up.wait() self.logger.info('server should be up') def _kill_all_processes(self): ''' kill all processes with the same name :return: True if all matching processes were killed properly, False otherwise ''' res = True # Lookup the currently running processes. self._debug.system.scan_processes() # For all processes that match the requested filename... for (process, name) in self._debug.system.find_processes_by_filename( self._process_name): process_pid = process.get_pid() self.logger.info('found process %s (%d) - trying to kill it' % (name, process_pid)) try: process.kill() self.logger.info('successfully killed %s (%d)' % (name, process_pid)) except: self.logger.error('failed to kill %s (%d) [%s]' % (name, process_pid, traceback.format_exc())) res = False return res def teardown(self): self._stop_process() self._process = None super(WinAppDbgTarget, self).teardown() def pre_test(self, test_number): # we need kill all process before fuzzing super(WinAppDbgTarget, self).pre_test(test_number) self._stop_process() def post_test(self, test_num): self.logger.debug('in') time.sleep(1) self.logger.debug('after sleep') res = self._crash_event_complete.wait() self.logger.debug('after wait') if not res: self.report.failed('incomplete crash detected') super(WinAppDbgTarget, self).post_test(test_num) self.logger.debug('out') def _send_to_target(self, data): ''' this is the key off windbgtarget :param data: data is the file path ''' self.logger.info('send called') ''' starting ''' self._process_args = [data] # this may need implement self._start_server_thread() def _stop_process(self): ''' Stop the process (if running) ''' return self._kill_all_processes() def _stop_process_old(self): ''' :return: True if process was killed, False otherwise ''' if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): raise Exception('Failed to kill client process') self._debug.stop() return True else: self._debug.stop() return False def _restart(self): ''' restart the process ''' self._stop_process() self.server_thread.join(1) time.sleep(3) self._server_is_up.clear() self._start_server_thread() def _is_victim_alive(self): ''' check if process running ''' if self._process: self.logger.debug('process pid: %d' % self._pid) is_alive = self._process.is_alive() is_debugee_started = self._debug.is_debugee_started(self._pid) self.logger.debug('is_alive = %s' % is_alive) self.logger.debug('is_debugee_started = %s' % is_debugee_started) return (is_alive and is_debugee_started) else: self.logger.debug('_process is None') return False
class WinAppDbgTarget(ServerTarget): def __init__(self, name, process_path, process_args=[], sql_crash_db="sqlite:///crashes.sqlite", logger=None): """ :param name: name of the object :param process_path: path to the target executable :param process_args: arguments to pass to the process :param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite) :param logger: logger for this object (default: None) """ super(WinAppDbgTarget, self).__init__(name, logger) assert process_path assert (os.path.exists(process_path)) self._process_path = process_path self._process_name = os.path.basename(process_path) self._process_args = process_args self._process = None self._sql_crash_db = sql_crash_db self._crash_event_complete = threading.Event() self._server_is_up = threading.Event() self._crash_event_complete.set() self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True) def _debug_server(self): """ debugger thread """ try: self._process = None # Start a new process for debugging. argv = [self._process_path] + self._process_args self.logger.debug("debugger starting server: %s" % argv) try: self._process = self._debug.execv(argv, bFollow=True) except WindowsError: self.logger.error("debug_server received exception", traceback.fmt_exc()) self._pid = self._process.get_pid() self.logger.info("process started. pid=%d" % self._pid) # Wait for the debugee to finish. self._server_is_up.set() self._debug.loop() except: self.logger.error("Got an exception in _debug_server") self.logger.error(traceback.format_exc()) # Stop the debugger. finally: self._debug.stop() self._process = None self._pid = -1 self._crash_event_complete.set() def _start_server_thread(self): """ start the server thread """ self._server_is_up.clear() self.server_thread = FuncThread(self._debug_server) self.server_thread.start() self.logger.info("waiting for server to be up") self._server_is_up.wait() self.logger.info("server should be up") def _kill_all_processes(self): """ kill all processes with the same name :return: True if all matching processes were killed properly, False otherwise """ res = True # Lookup the currently running processes. self._debug.system.scan_processes() # For all processes that match the requested filename... for (process, name) in self._debug.system.find_processes_by_filename( self._process_name): process_pid = process.get_pid() self.logger.info("found process %s (%d) - trying to kill it" % (name, process_pid)) try: process.kill() self.logger.info("successfully killed %s (%d)" % (name, process_pid)) except: self.logger.error("failed to kill %s (%d) [%s]" % (name, process_pid, traceback.format_exc())) res = False return res def teardown(self): self._stop_process() self._process = None super(WinAppDbgTarget, self).teardown() def pre_test(self, test_number): super(WinAppDbgTarget, self).pre_test(test_number) if not self._is_victim_alive(): self.logger.error("victim is dead, restarting...") # self.report.failed("server is down during pre_test - failure it probably from previous test (%d)" % (test_number-1)) self._restart() self._crash_event_complete.set() else: self.logger.debug("victim is alive (pid=%d)" % self._pid) def post_test(self, test_num): self.logger.debug("in") time.sleep(1) self.logger.debug("after sleep") res = self._crash_event_complete.wait() self.logger.debug("after wait") if not res: self.report.failed("incomplete crash detected") super(WinAppDbgTarget, self).post_test(test_num) self.logger.debug("out") def _send_to_target(self, data): """ this is the key off windbgtarget :param data: data is the file path """ self.logger.info("send called") """ starting """ self._process_args = [] # this may need implement self._start_server_thread() def _stop_process(self): """ Stop the process (if running) """ return self._kill_all_processes() def _stop_process_old(self): """ :return: True if process was killed, False otherwise """ if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): raise Exception("Failed to kill client process") self._debug.stop() return True else: self._debug.stop() return False def _restart(self): """ restart the process """ self._stop_process() # self.server_thread.join(1) time.sleep(3) self._server_is_up.clear() self._start_server_thread() def _is_victim_alive(self): """ check if process running """ if self._process: self.logger.debug("process pid: %d" % self._pid) is_alive = self._process.is_alive() is_debugee_started = self._debug.is_debugee_started(self._pid) self.logger.debug("is_alive = %s" % is_alive) self.logger.debug("is_debugee_started = %s" % is_debugee_started) return is_alive and is_debugee_started else: self.logger.debug("_process is None") return False
class WinAppDbgController(BaseController): ''' WinAppDbgController controls a server process by starting it on setup making sure it stays up. It uses winappdbg to attach to the target processes. ''' def __init__(self, name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None): ''' :param name: name of the object :param process_path: path to the target executable :param process_args: arguments to pass to the process :param attach: try to attach if process path :param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite) :param logger: logger for this object (default: None) ''' super(WinAppDbgController, self).__init__(name, logger) assert(process_path) assert(os.path.exists(process_path)) self._process_path = process_path self._process_name = os.path.basename(process_path) self._process_args = process_args self._process = None self._sql_crash_db = sql_crash_db self._crash_event_complete = threading.Event() self._server_is_up = threading.Event() self._crash_event_complete.set() self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True) def _debug_server(self): ''' debugger thread ''' try: self._process = None # Start a new process for debugging. argv = [self._process_path] + self._process_args self.logger.debug('debugger starting server: %s' % argv) try: self._process = self._debug.execv(argv, bFollow=True) except WindowsError: self.logger.error('debug_server received exception', traceback.fmt_exc()) self._pid = self._process.get_pid() self.logger.info('process started. pid=%d' % self._pid) # Wait for the debugee to finish. self._server_is_up.set() self._debug.loop() except: self.logger.error('Got an exception in _debug_server') self.logger.error(traceback.format_exc()) # Stop the debugger. finally: self._debug.stop() self._process = None self._pid = -1 self._crash_event_complete.set() def _start_server_thread(self): ''' start the server thread ''' self._server_is_up.clear() self.server_thread = FuncThread(self._debug_server) self.server_thread.start() self.logger.info('waiting for server to be up') self._server_is_up.wait() self.logger.info('server should be up') def _kill_all_processes(self): ''' kill all processes with the same name :return: True if all matching processes were killed properly, False otherwise ''' res = True # Lookup the currently running processes. self._debug.system.scan_processes() # For all processes that match the requested filename... for (process, name) in self._debug.system.find_processes_by_filename(self._process_name): process_pid = process.get_pid() self.logger.info('found process %s (%d) - trying to kill it' % (name, process_pid)) try: process.kill() self.logger.info('successfully killed %s (%d)' % (name, process_pid)) except: self.logger.error('failed to kill %s (%d) [%s]' % (name, process_pid, traceback.format_exc())) res = False return res def setup(self): ''' Called at the beginning of a fuzzing session. Will start the server up. ''' self._stop_process() self._start_server_thread() def teardown(self): self._stop_process() self._process = None super(WinAppDbgController, self).teardown() def pre_test(self, test_number): super(WinAppDbgController, self).pre_test(test_number) if not self._is_victim_alive(): self.logger.error('victim is dead, restarting...') # self.report.failed('server is down during pre_test - failure it probably from previous test (%d)' % (test_number-1)) self._restart() self._crash_event_complete.set() else: self.logger.debug('victim is alive (pid=%d)' % self._pid) def post_test(self): self.logger.debug('in') time.sleep(1) self.logger.debug('after sleep') res = self._crash_event_complete.wait() self.logger.debug('after wait') if not res: self.report.failed('incomplete crash detected') super(WinAppDbgController, self).post_test() self.logger.debug('out') def _stop_process(self): ''' Stop the process (if running) ''' return self._kill_all_processes() def _stop_process_old(self): ''' :return: True if process was killed, False otherwise ''' if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): raise Exception('Failed to kill client process') self._debug.stop() return True else: self._debug.stop() return False def _restart(self): ''' restart the process ''' self._stop_process() self.server_thread.join(1) time.sleep(3) self._server_is_up.clear() self._start_server_thread() def _is_victim_alive(self): ''' check if process running ''' if self._process: self.logger.debug('process pid: %d' % self._pid) is_alive = self._process.is_alive() is_debugee_started = self._debug.is_debugee_started(self._pid) self.logger.debug('is_alive = %s' % is_alive) self.logger.debug('is_debugee_started = %s' % is_debugee_started) return (is_alive and is_debugee_started) else: self.logger.debug('_process is None') return False