def _get_input_filename(self): """ Gets a filename from the Mutation Queue Moves the Queue elements around (from mutation to processed one) """ if mutationQueue.empty(): # Mutation Queue is empty. Restore the elements # (from the processed Queue) while not processedQueue.empty(): mutationQueue.put(processedQueue.get()) e = mutationQueue.get() processedQueue.put(e) return e.filename
def fuzzing_loop(): """ Fuzzing Loop. This loops (maybe indefinitely) creating several fuzzing processes """ m_id = 0 # Instantiate without params to deactivate debugging filegen = myFileGenerator(debug = DEBUG) # Initialize the Queue with the sample files ml.info("[*] Initializing queue...") for s in fileops.get_all_filenames(filegen.mutations_dir): mutationQueue.put(FileToMutate(0, s, m_id, None)) m_id += 1 ml.info("[*] Queue initialized with %d files" % m_id) ml.info("[*] Starting fuzzing process...") while True: # subprocess.call() is blocking, exactly what I need :) # Execution continues when this subprocess returns, either: # * instrumented process exits # * instrumented process crashes # * timeout expires (implemented in PinTool) m_id += 1 # This generates the mutations and # it writes the current test file mutation_filename = filegen.write_test_case() if mutation_filename: mutation_bitmap = run_under_pin(mutation_filename) else: continue # Get the bitmap of the original file (mutation parent) interesting = is_interesting_input(mutation_bitmap) if not interesting: # Uninteresting. Throwing away this mutation. filegen.delete_current_test_case() elif interesting == 1: # ml.info("*** id: %d: Interesting file. Caused a whole new path. ***" % m_id) mutationQueue.put(FileToMutate(1, mutation_filename, m_id, mutation_bitmap)) elif interesting == 2: # ml.info("*** id: %d: The hit count moved to another bin. ***" % m_id) mutationQueue.put(FileToMutate(2, mutation_filename, m_id, mutation_bitmap)) elif interesting == 3: ml.info('**** CRASH ****' * 4) ml.info(mutation_filename) cmd = [myConfig.cfg.get('target_info', 'filename'), mutation_filename] # Analyzes the crash (and saves it, if determined interesting) analyze_crash(cmd)
def fuzzing_loop(): """ Fuzzing Loop. This loops (maybe indefinitely) creating several fuzzing processes """ m_id = 0 # Instantiate without params to deactivate debugging filegen = myFileGenerator(debug = DEBUG) # Initialize the Queue with the sample files ml.info("[*] Initializing queue...") for s in fileops.get_all_filenames(filegen.mutations_dir): mutationQueue.put(FileToMutate(0, s, m_id, None)) m_id += 1 ml.info("[*] Queue initialized with %d files" % m_id) ml.info("[*] Starting fuzzing process...") while True: # subprocess.call() is blocking, exactly what I need :) # Execution continues when this subprocess returns, either: # * instrumented process exits # * instrumented process crashes # * timeout expires (implemented in PinTool) m_id += 1 # This generates the mutations and # it writes the current test file mutation_filename = filegen.write_test_case() if mutation_filename: mutation_bitmap = run_under_pin(mutation_filename) else: continue # Get the bitmap of the original file (mutation parent) interesting = is_interesting_input(mutation_bitmap) if not interesting: # Uninteresting. Throwing away this mutation. filegen.delete_current_test_case() elif interesting == 1: # ml.info("*** id: %d: Interesting file. Caused a whole new path. ***" % m_id) mutationQueue.put(FileToMutate(1, mutation_filename, m_id, mutation_bitmap)) elif interesting == 2: # ml.info("*** id: %d: The hit count moved to another bin. ***" % m_id) mutationQueue.put(FileToMutate(2, mutation_filename, m_id, mutation_bitmap)) elif interesting == 3: ml.info('**** CRASH ****' * 4) ml.info(mutation_filename) cmd = [cfg.get('target_info', 'filename'), mutation_filename] # Analyzes the crash (and saves it, if determined interesting) analyze_crash(cmd)