def debug_execution(config, execs, qemu_verbose=False, notifiers=True):
log_debug("Starting debug execution...(%d rounds)" % execs)
payload_file = config.argument_values["input"]
null_hash = ExecutionResult.get_null_hash(
config.config_values['BITMAP_SHM_SIZE'])
q = qemu(1337, config, debug_mode=True, notifiers=notifiers)
assert q.start(), "Failed to start Qemu?"
start = time.time()
for i in range(execs):
log_debug("Launching payload %d/%d.." % (i + 1, execs))
if i % 3 == 0:
q.set_payload(read_binary_file(payload_file))
# time.sleep(0.01 * rand.int(0, 9))
# a = str(q.send_payload())
# hexdump(a)
result = q.send_payload()
current_hash = result.hash()
if null_hash == current_hash:
log_debug("Feedback Hash: " + str(current_hash) +
common.color.WARNING + " (WARNING: Zero hash found!)" +
common.color.ENDC)
else:
log_debug("Feedback Hash: " + str(current_hash))
#log_debug("Full hexdump:\n" + hexdump(result.copy_to_array()))
if result.is_crash():
q.reload()
q.shutdown()
end = time.time()
print("Performance: " + str(execs / (end - start)) + "t/s")
return 0
def main():
global null_hash
KAFL_ROOT = os.path.dirname(os.path.realpath(__file__)) + "/"
KAFL_CONFIG = KAFL_ROOT + "kafl.ini"
print("<< " + common.color.BOLD + common.color.OKGREEN +
" kAFL Coverage Analyzer " + common.color.ENDC + ">>\n")
if not self_check(KAFL_ROOT):
return -1
config = DebugConfiguration(KAFL_CONFIG)
if not post_self_check(config):
return -1
verbose = config.argument_values['v']
if verbose:
enable_logging(config.argument_values["work_dir"])
data_dir = config.argument_values["input"]
null_hash = ExecutionResult.get_null_hash(
config.config_values['BITMAP_SHM_SIZE'])
print(" Scanning target data_dir »%s«..." % data_dir)
input_list = get_inputs_by_time(data_dir)
trace_dir = generate_traces(config, input_list)
if not trace_dir:
return -1
trace_parser = TraceParser(trace_dir)
trace_parser.parse_trace_list(input_list)
trace_parser.gen_reports()