def _setup_logging(self):
logdir = os.path.abspath(os.path.dirname(self.logfile))
mkdir_p(logdir)
root_logger = logging.getLogger()
root_logger.setLevel(self.log_level)
fmt = logging.Formatter('%(asctime)s %(levelname)s %(name)s - %(message)s')
handlers = []
handlers.append(logging.StreamHandler())
handlers.append(RotatingFileHandler(self.logfile,
mode='w',
maxBytes=1e7,
backupCount=5)
)
for handler in handlers:
add_log_handler(root_logger, self.log_level, handler, fmt)
def go(self):
dst_dir = self.target_dir
if len(dst_dir) > 130:
# Don't make a path too deep. Windows won't support it
dst_dir = dst_dir[:130] + '__'
# ensure target dir exists already (it might because of crash logging)
filetools.mkdir_p(dst_dir)
if (len(os.listdir(dst_dir)) > 0 and not self.keep_duplicates):
logger.debug('Output path %s already contains output. Skipping.' %
dst_dir)
return
src_dir = self.testcase.tempdir
if not os.path.exists(src_dir):
raise ReporterError('Testcase tempdir not found: %s', src_dir)
src_paths = [os.path.join(src_dir, f) for f in os.listdir(src_dir)]
for f in src_paths:
logger.debug('Copy %s -> %s', f, dst_dir)
shutil.copy2(f, dst_dir)
def go(self):
dst_dir = self.target_dir
if len(dst_dir) > 130:
# Don't make a path too deep. Windows won't support it
dst_dir = dst_dir[:130] + '__'
# ensure target dir exists already (it might because of crash logging)
filetools.mkdir_p(dst_dir)
if (len(os.listdir(dst_dir)) > 0 and not self.keep_duplicates):
logger.debug(
'Output path %s already contains output. Skipping.' % dst_dir)
return
src_dir = self.testcase.tempdir
if not os.path.exists(src_dir):
raise ReporterError('Testcase tempdir not found: %s', src_dir)
src_paths = [os.path.join(src_dir, f) for f in os.listdir(src_dir)]
for f in src_paths:
logger.debug('Copy %s -> %s', f, dst_dir)
shutil.copy2(f, dst_dir)
def main():
debuggers.verify_supported_platform()
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('', '--debug', dest='debug', action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('', '--verbose', dest='verbose', action='store_true',
help='Enable verbose messages')
parser.add_option('-c', '--config', default='conf.d/bff.cfg',
dest='config', help='path to the configuration file to use')
parser.add_option('-e', '--edb', dest='use_edb',
action='store_true',
help='Use edb instead of gdb')
parser.add_option('-p', '--debugger', dest='debugger',
help='Use specified debugger')
parser.add_option('-f', '--filepath', dest='filepath',
action='store_true', help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is %s', fuzzed_file)
else:
parser.error('fuzzedfile must be specified')
iterationpath = ''
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for gdbfile in all_files(resultdir, '*.gdb'):
print '** using gdb: %s' % gdbfile
iterationpath = getiterpath(gdbfile)
break
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
if iterationdir:
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fullpath_fuzzed_file = iterationpath
config = read_config_options(cfg_file)
cmd_as_args = config.get_command_list(fullpath_fuzzed_file)
program = cmd_as_args[0]
if not os.path.exists(program):
# edb wants a full path to the target app, so let's find it
for path in os.environ["PATH"].split(":"):
if os.path.exists(os.path.join(path, program)):
program = os.path.join(path, program)
# Recreate command args list with full path to target
cmd_as_args = []
cmd_as_args.append(program)
cmd_as_args.extend(config.get_command_args_list(fullpath_fuzzed_file))
args = []
if options.use_edb and options.debugger:
parser.error('Options --edb and --debugger are mutually exclusive.')
if options.debugger:
debugger_app = options.debugger
elif options.use_edb:
debugger_app = 'edb'
else:
debugger_app = 'gdb'
args.append(debugger_app)
if options.use_edb:
args.append('--run')
else:
# Using gdb
args.append('--args')
args.extend(cmd_as_args)
logger.info('args %s' % args)
p = Popen(args, universal_newlines=True)
p.wait()
def main():
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('',
'--debug',
dest='debug',
action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('',
'--verbose',
dest='verbose',
action='store_true',
help='Enable verbose messages')
parser.add_option('-c',
'--config',
default='configs/bff.yaml',
dest='config',
help='path to the configuration file to use')
parser.add_option('-e',
'--edb',
dest='use_edb',
action='store_true',
help='Use edb instead of gdb')
parser.add_option('-p',
'--debugger',
dest='debugger',
help='Use specified debugger')
parser.add_option('-f',
'--filepath',
dest='filepath',
action='store_true',
help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is: %s', fuzzed_file.path)
else:
parser.error('fuzzedfile must be specified')
iterationpath = ''
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for gdbfile in all_files(resultdir, '*.gdb'):
print '** using gdb: %s' % gdbfile
iterationpath = getiterpath(gdbfile)
break
if iterationpath:
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
if iterationdir:
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fullpath_fuzzed_file = iterationpath
config = load_and_fix_config(cfg_file)
cmd_as_args = get_command_args_list(config['target']['cmdline_template'],
fullpath_fuzzed_file)[1]
args = []
if options.use_edb and options.debugger:
parser.error('Options --edb and --debugger are mutually exclusive.')
if options.debugger:
debugger_app = options.debugger
elif options.use_edb:
debugger_app = 'edb'
elif platform.system() == 'Darwin':
debugger_app = 'lldb'
else:
debugger_app = 'gdb'
args.append(debugger_app)
if options.use_edb:
args.append('--run')
elif debugger_app == 'gdb':
# Using gdb
args.append('--args')
args.extend(cmd_as_args)
logger.info('args %s' % args)
p = Popen(args, universal_newlines=True)
p.wait()
def main():
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('', '--debug', dest='debug', action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('', '--verbose', dest='verbose', action='store_true',
help='Enable verbose messages')
parser.add_option('-c', '--config', default='configs/bff.yaml',
dest='config', help='path to the configuration file to use')
parser.add_option('-e', '--edb', dest='use_edb',
action='store_true',
help='Use edb instead of gdb')
parser.add_option('-p', '--debugger', dest='debugger',
help='Use specified debugger')
parser.add_option('-f', '--filepath', dest='filepath',
action='store_true', help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is: %s', fuzzed_file.path)
else:
parser.error('fuzzedfile must be specified')
iterationpath = ''
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for gdbfile in all_files(resultdir, '*.gdb'):
print '** using gdb: %s' % gdbfile
iterationpath = getiterpath(gdbfile)
break
if iterationpath:
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
if iterationdir:
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fullpath_fuzzed_file = iterationpath
config = load_and_fix_config(cfg_file)
cmd_as_args = get_command_args_list(
config['target']['cmdline_template'], fullpath_fuzzed_file)[1]
args = []
if options.use_edb and options.debugger:
parser.error('Options --edb and --debugger are mutually exclusive.')
if options.debugger:
debugger_app = options.debugger
elif options.use_edb:
debugger_app = 'edb'
elif platform.system() == 'Darwin':
debugger_app = 'lldb'
else:
debugger_app = 'gdb'
args.append(debugger_app)
if options.use_edb:
args.append('--run')
elif debugger_app == 'gdb':
# Using gdb
args.append('--args')
args.extend(cmd_as_args)
logger.info('args %s' % args)
p = Popen(args, universal_newlines=True)
p.wait()
def main():
debuggers.verify_supported_platform()
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('',
'--debug',
dest='debug',
action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('',
'--verbose',
dest='verbose',
action='store_true',
help='Enable verbose messages')
parser.add_option('-c',
'--config',
default='conf.d/bff.cfg',
dest='config',
help='path to the configuration file to use')
parser.add_option('-e',
'--edb',
dest='use_edb',
action='store_true',
help='Use edb instead of gdb')
parser.add_option('-p',
'--debugger',
dest='debugger',
help='Use specified debugger')
parser.add_option('-f',
'--filepath',
dest='filepath',
action='store_true',
help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is %s', fuzzed_file)
else:
parser.error('fuzzedfile must be specified')
iterationpath = ''
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for gdbfile in all_files(resultdir, '*.gdb'):
print '** using gdb: %s' % gdbfile
iterationpath = getiterpath(gdbfile)
break
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
if iterationdir:
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fullpath_fuzzed_file = iterationpath
config = read_config_options(cfg_file)
cmd_as_args = config.get_command_list(fullpath_fuzzed_file)
program = cmd_as_args[0]
if not os.path.exists(program):
# edb wants a full path to the target app, so let's find it
for path in os.environ["PATH"].split(":"):
if os.path.exists(os.path.join(path, program)):
program = os.path.join(path, program)
# Recreate command args list with full path to target
cmd_as_args = []
cmd_as_args.append(program)
cmd_as_args.extend(config.get_command_args_list(fullpath_fuzzed_file))
args = []
if options.use_edb and options.debugger:
parser.error('Options --edb and --debugger are mutually exclusive.')
if options.debugger:
debugger_app = options.debugger
elif options.use_edb:
debugger_app = 'edb'
else:
debugger_app = 'gdb'
args.append(debugger_app)
if options.use_edb:
args.append('--run')
else:
# Using gdb
args.append('--args')
args.extend(cmd_as_args)
logger.info('args %s' % args)
p = Popen(args, universal_newlines=True)
p.wait()
def __enter__(self):
mkdir_p(self.workdir_base)
self.update_crash_details()
return self
def __enter__(self):
mkdir_p(self.workdir_base)
self.update_crash_details()
return self
def main():
debuggers.verify_supported_platform()
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('',
'--debug',
dest='debug',
action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('',
'--verbose',
dest='verbose',
action='store_true',
help='Enable verbose messages')
parser.add_option('-c',
'--config',
default='configs/foe.yaml',
dest='config',
help='path to the configuration file to use')
parser.add_option('-w',
'--windbg',
dest='use_windbg',
action='store_true',
help='Use windbg instead of cdb')
parser.add_option('-b',
'--break',
dest='break_on_start',
action='store_true',
help='Break on start of debugger session')
parser.add_option('-d',
'--debugheap',
dest='debugheap',
action='store_true',
help='Use debug heap')
parser.add_option('-p',
'--debugger',
dest='debugger',
help='Use specified debugger')
parser.add_option('-f',
'--filepath',
dest='filepath',
action='store_true',
help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is %s', fuzzed_file)
else:
parser.error('fuzzedfile must be specified')
config = Config(cfg_file).config
iterationpath = ''
template = string.Template(config['target']['cmdline_template'])
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for msecfile in all_files(resultdir, '*.msec'):
print '** using msecfile: %s' % msecfile
iterationpath = getiterpath(msecfile)
break
if iterationpath:
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fuzzed_file.path = iterationpath
cmd_as_args = get_command_args_list(template, fuzzed_file.path)[1]
targetdir = os.path.dirname(cmd_as_args[0])
args = []
if options.use_windbg and options.debugger:
parser.error('Options --windbg and --debugger are mutually exclusive.')
if options.debugger:
debugger_app = options.debugger
elif options.use_windbg:
debugger_app = 'windbg'
else:
debugger_app = 'cdb'
args.append(debugger_app)
if not options.debugger:
# Using cdb or windbg
args.append('-amsec.dll')
if options.debugheap:
# do not use hd, xd options if debugheap is set
pass
else:
args.extend(('-hd', '-xd', 'gp'))
if not options.break_on_start:
args.extend(('-xd', 'bpe', '-G'))
args.extend((
'-xd',
'wob',
'-o',
))
args.extend(cmd_as_args)
logger.info('args %s' % cmd_as_args)
p = Popen(args, cwd=targetdir, universal_newlines=True)
p.wait()
def _verify_crash_base_dir(self):
if not self.crash_base_dir:
raise TestCaseError('crash_base_dir not set')
filetools.mkdir_p(self.crash_base_dir)
def main():
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('', '--debug', dest='debug', action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('', '--verbose', dest='verbose', action='store_true',
help='Enable verbose messages')
parser.add_option('-c', '--config', default='configs/bff.yaml',
dest='config', help='path to the configuration file to use')
parser.add_option('-a', '--args', dest='print_args',
action='store_true',
help='Print function arguments')
parser.add_option('-o', '--out', dest='outfile',
help='PIN output file')
parser.add_option('-f', '--filepath', dest='filepath',
action='store_true', help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
if options.outfile:
outfile = options.outfile
else:
outfile = 'calltrace.log'
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is: %s', fuzzed_file.path)
else:
parser.error('fuzzedfile must be specified')
iterationpath = ''
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for gdbfile in all_files(resultdir, '*.gdb'):
print '** using gdb: %s' % gdbfile
iterationpath = getiterpath(gdbfile)
break
if iterationpath:
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
if iterationdir:
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fullpath_fuzzed_file = iterationpath
config = load_and_fix_config(cfg_file)
cmd_as_args = get_command_args_list(
config['target']['cmdline_template'], fullpath_fuzzed_file)[1]
args = []
pin = os.path.expanduser('~/pin/pin')
pintool = os.path.expanduser('~/pintool/calltrace.so')
args = [pin, '-injection', 'child', '-t',
pintool, '-o', outfile]
if options.print_args:
args.append('-a')
args.append('--')
args.extend(cmd_as_args)
logger.info('args %s' % args)
p = Popen(args, universal_newlines=True)
p.wait()
def main():
debuggers.verify_supported_platform()
from optparse import OptionParser
hdlr = logging.StreamHandler()
logger.addHandler(hdlr)
usage = "usage: %prog [options] fuzzedfile"
parser = OptionParser(usage)
parser.add_option('', '--debug', dest='debug', action='store_true',
help='Enable debug messages (overrides --verbose)')
parser.add_option('', '--verbose', dest='verbose', action='store_true',
help='Enable verbose messages')
parser.add_option('-c', '--config', default='configs/foe.yaml',
dest='config',
help='path to the configuration file to use')
parser.add_option('-w', '--windbg', dest='use_windbg',
action='store_true',
help='Use windbg instead of cdb')
parser.add_option('-b', '--break', dest='break_on_start',
action='store_true',
help='Break on start of debugger session')
parser.add_option('-d', '--debugheap', dest='debugheap',
action='store_true',
help='Use debug heap')
parser.add_option('-p', '--debugger', dest='debugger',
help='Use specified debugger')
parser.add_option('-f', '--filepath', dest='filepath',
action='store_true', help='Recreate original file path')
(options, args) = parser.parse_args()
if options.debug:
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.INFO)
cfg_file = options.config
logger.debug('Config file: %s', cfg_file)
if len(args) and os.path.exists(args[0]):
fullpath_fuzzed_file = os.path.abspath(args[0])
fuzzed_file = BasicFile(fullpath_fuzzed_file)
logger.info('Fuzzed file is %s', fuzzed_file)
else:
parser.error('fuzzedfile must be specified')
config = Config(cfg_file).config
iterationpath = ''
template = string.Template(config['target']['cmdline_template'])
if options.filepath:
# Recreate same file path as fuzz iteration
resultdir = os.path.dirname(fuzzed_file.path)
for msecfile in all_files(resultdir, '*.msec'):
print '** using msecfile: %s' % msecfile
iterationpath = getiterpath(msecfile)
break
if iterationpath:
iterationdir = os.path.dirname(iterationpath)
iterationfile = os.path.basename(iterationpath)
mkdir_p(iterationdir)
copy_file(fuzzed_file.path,
os.path.join(iterationdir, iterationfile))
fuzzed_file.path = iterationpath
cmd_as_args = get_command_args_list(template, fuzzed_file.path)[1]
targetdir = os.path.dirname(cmd_as_args[0])
args = []
if options.use_windbg and options.debugger:
parser.error('Options --windbg and --debugger are mutually exclusive.')
if options.debugger:
debugger_app = options.debugger
elif options.use_windbg:
debugger_app = 'windbg'
else:
debugger_app = 'cdb'
args.append(debugger_app)
if not options.debugger:
# Using cdb or windbg
args.append('-amsec.dll')
if options.debugheap:
# do not use hd, xd options if debugheap is set
pass
else:
args.extend(('-hd', '-xd', 'gp'))
if not options.break_on_start:
args.extend(('-xd', 'bpe', '-G'))
args.extend(('-xd', 'wob', '-o',))
args.extend(cmd_as_args)
logger.info('args %s' % cmd_as_args)
p = Popen(args, cwd=targetdir, universal_newlines=True)
p.wait()
def _verify_crash_base_dir(self):
if not self.crash_base_dir:
raise TestCaseError('crash_base_dir not set')
filetools.mkdir_p(self.crash_base_dir)
def __enter__(self):
self._setup_analysis_pipeline()
filetools.mkdir_p(self.tc_dir)
return self
