source: zzuf/trunk/src/libzzuf/lib-win32.c @ 4829

Last change on this file since 4829 was 4829, checked in by wisk, 8 years ago

win32 port starts to fuzz executable (only few functions related to file handling are implemented)

File size: 5.9 KB
Line 
1/*
2 *  zzuf - general purpose fuzzer
3 *  Copyright (c) 2006-2010 Sam Hocevar <sam@hocevar.net>
4 *                All Rights Reserved
5 *
6 *  This program is free software. It comes without any warranty, to
7 *  the extent permitted by applicable law. You can redistribute it
8 *  and/or modify it under the terms of the Do What The Fuck You Want
9 *  To Public License, Version 2, as published by Sam Hocevar. See
10 *  http://sam.zoy.org/wtfpl/COPYING for more details.
11 */
12
13/*
14 *  load-win32.c: loaded Win32 functions
15 */
16
17#include "config.h"
18
19#if defined HAVE_STDINT_H
20#   include <stdint.h>
21#elif defined HAVE_INTTYPES_H
22#   include <inttypes.h>
23#endif
24
25#include <stdio.h>
26
27#if defined HAVE_WINDOWS_H
28#   include <windows.h>
29#endif
30#if defined HAVE_IO_H
31#   include <io.h>
32#endif
33
34#include "common.h"
35#include "libzzuf.h"
36#include "lib-load.h"
37#include "debug.h"
38#include "fuzz.h"
39#include "fd.h"
40
41/* Kernel functions that we divert */
42#if defined HAVE_CREATEFILEA
43static HANDLE (__stdcall *ORIG(CreateFileA))(LPCSTR, DWORD, DWORD,
44                                             LPSECURITY_ATTRIBUTES,
45                                             DWORD, DWORD, HANDLE);
46#endif
47#if defined HAVE_CREATEFILEW
48static HANDLE (__stdcall *ORIG(CreateFileW))(LPCWSTR, DWORD, DWORD,
49                                             LPSECURITY_ATTRIBUTES,
50                                             DWORD, DWORD, HANDLE);
51#endif
52#if defined HAVE_REOPENFILE
53static HANDLE (__stdcall *ORIG(ReOpenFile))(HANDLE, DWORD,
54                                            DWORD, DWORD);
55#endif
56#if defined HAVE_READFILE
57static BOOL (__stdcall *ORIG(ReadFile))(HANDLE, LPVOID, DWORD, LPDWORD,
58                                        LPOVERLAPPED);
59#endif
60#if defined HAVE_CLOSEHANDLE
61static BOOL (__stdcall *ORIG(CloseHandle))(HANDLE);
62#endif
63
64/*
65 * CreateFileA, CreateFileW
66 */
67
68#if defined HAVE_CREATEFILEA
69HANDLE __stdcall NEW(CreateFileA)(LPCSTR lpFileName, DWORD dwDesiredAccess,
70           DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
71           DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
72           HANDLE hTemplateFile)
73{
74    HANDLE ret;
75
76    ret = ORIG(CreateFileA)(lpFileName, dwDesiredAccess, dwShareMode,
77                            lpSecurityAttributes, dwCreationDisposition,
78                            dwFlagsAndAttributes, hTemplateFile);
79    debug("CreateFileA(\"%s\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %#08x",
80          lpFileName, dwDesiredAccess, dwShareMode, dwCreationDisposition,
81          dwFlagsAndAttributes, (int)ret);
82
83    if(!_zz_ready || _zz_islocked(-1)) return ret;
84    if (ret != INVALID_HANDLE_VALUE && dwCreationDisposition == OPEN_EXISTING && _zz_mustwatch(lpFileName))
85    {
86        _zz_register(ret);
87    }
88
89    return ret;
90}
91#endif
92
93#if defined HAVE_CREATEFILEW
94HANDLE __stdcall NEW(CreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess,
95           DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
96           DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
97           HANDLE hTemplateFile)
98{
99    HANDLE ret;
100    ret = ORIG(CreateFileW)(lpFileName, dwDesiredAccess, dwShareMode,
101                            lpSecurityAttributes, dwCreationDisposition,
102                            dwFlagsAndAttributes, hTemplateFile);
103    debug("CreateFileW(\"%S\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %#08x",
104          lpFileName, dwDesiredAccess, dwShareMode, dwCreationDisposition,
105          dwFlagsAndAttributes, (int)ret);
106
107    if(!_zz_ready || _zz_islocked(-1)) return ret;
108    if (ret != INVALID_HANDLE_VALUE && dwCreationDisposition == OPEN_EXISTING && _zz_mustwatch(lpFileName))
109    {
110        debug("handle %#08x is registered", ret);
111        _zz_register(ret);
112    }
113
114
115    return ret;
116}
117#endif
118
119#if defined HAVE_REOPENFILE
120HANDLE __stdcall NEW(ReOpenFile)(HANDLE hOriginalFile, DWORD dwDesiredAccess,
121                                 DWORD dwShareMode, DWORD dwFlags)
122{
123    HANDLE ret;
124    ret = ORIG(ReOpenFile)(hOriginalFile, dwDesiredAccess,
125                           dwShareMode, dwFlags);
126    debug("ReOpenFile(%#08x, 0x%x, 0x%x, 0x%x) = %#08x", (int)hOriginalFile,
127          dwDesiredAccess, dwShareMode, dwFlags, (int)ret);
128    return ret;
129}
130#endif
131
132/*
133 * ReadFile
134 */
135
136#if defined HAVE_READFILE
137BOOL __stdcall NEW(ReadFile)(HANDLE hFile, LPVOID lpBuffer,
138           DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead,
139           LPOVERLAPPED lpOverlapped)
140{
141    BOOL ret;
142    ret = ORIG(ReadFile)(hFile, lpBuffer, nNumberOfBytesToRead,
143                          lpNumberOfBytesRead, lpOverlapped);
144    debug("ReadFile(%#08x, %#08x, %#08x, %#08x, %#08x) = %s",
145        hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped, (ret ? "TRUE" : "FALSE"));
146
147    if (!_zz_ready || !_zz_iswatched(hFile) /*|| !_zz_hostwatched(hFile)*/ || _zz_islocked(hFile) || !_zz_isactive(hFile))
148        return ret;
149
150    if (ret)
151    {
152        DWORD bytes_read = lpNumberOfBytesRead ? *lpNumberOfBytesRead : nNumberOfBytesToRead;
153        debug("fuzzing file %#08x\n", hFile);
154        _zz_fuzz(hFile, lpBuffer, bytes_read);
155        _zz_addpos(hFile, bytes_read);
156    }
157    return ret;
158}
159#endif
160
161/*
162 * CloseHandle
163 */
164
165#if defined HAVE_CLOSEHANDLE
166BOOL __stdcall NEW(CloseHandle)(HANDLE hObject)
167{
168    BOOL ret;
169
170    /* TODO: Check if fuzzed application tries to close our debug channel */
171
172    ret = ORIG(CloseHandle)(hObject);
173    debug("CloseHandle(%#08x) = %s", (int)hObject, (ret ? "TRUE" : "FALSE"));
174    if (!_zz_ready || !_zz_iswatched(hObject) || _zz_islocked(hObject))
175        return ret;
176    _zz_unregister(hObject);
177    return ret;
178}
179#endif
180
181/* Win32 function table */
182#if defined HAVE_WINDOWS_H
183#   define DIVERT(x) { "kernel32.dll", #x, \
184                      (void **)&x##_orig, (void *)x##_new }
185#   define DIVERT_END { NULL, NULL, NULL, NULL }
186
187zzuf_table_t table_win32[] =
188{
189    DIVERT(CloseHandle),
190    DIVERT(CreateFileA),
191    DIVERT(CreateFileW),
192    DIVERT(ReadFile),
193    DIVERT_END
194};
195#endif
196
Note: See TracBrowser for help on using the repository browser.