Changeset 4829

Timestamp:

07/11/12 19:39:13 (11 months ago)

Author:

wisk

Message:

win32 port starts to fuzz executable (only few functions related to file handling are implemented)

Location:

zzuf/trunk/src

Files:

• libzzuf/lib-win32.c (modified) (5 diffs)
• zzuf.c (modified) (1 diff)

zzuf/trunk/src/libzzuf/lib-win32.c

@@ -77 +77 @@
                             lpSecurityAttributes, dwCreationDisposition,
                             dwFlagsAndAttributes, hTemplateFile);
-    debug("CreateFileA(\"%s\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %i",
+    debug("CreateFileA(\"%s\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %#08x",
           lpFileName, dwDesiredAccess, dwShareMode, dwCreationDisposition,
           dwFlagsAndAttributes, (int)ret);
+
+    if(!_zz_ready || _zz_islocked(-1)) return ret;
+    if (ret != INVALID_HANDLE_VALUE && dwCreationDisposition == OPEN_EXISTING && _zz_mustwatch(lpFileName))
+    {
+        _zz_register(ret);
+    }
+
     return ret;
 }
@@ -94 +101 @@
                             lpSecurityAttributes, dwCreationDisposition,
                             dwFlagsAndAttributes, hTemplateFile);
-    debug("CreateFileW(\"%S\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %i",
+    debug("CreateFileW(\"%S\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %#08x",
           lpFileName, dwDesiredAccess, dwShareMode, dwCreationDisposition,
           dwFlagsAndAttributes, (int)ret);
+
+    if(!_zz_ready || _zz_islocked(-1)) return ret;
+    if (ret != INVALID_HANDLE_VALUE && dwCreationDisposition == OPEN_EXISTING && _zz_mustwatch(lpFileName))
+    {
+        debug("handle %#08x is registered", ret);
+        _zz_register(ret);
+    }
+
+
     return ret;
 }
@@ -108 +124 @@
     ret = ORIG(ReOpenFile)(hOriginalFile, dwDesiredAccess,
                            dwShareMode, dwFlags);
-    debug("ReOpenFile(%i, 0x%x, 0x%x, 0x%x) = %i", (int)hOriginalFile,
+    debug("ReOpenFile(%#08x, 0x%x, 0x%x, 0x%x) = %#08x", (int)hOriginalFile,
           dwDesiredAccess, dwShareMode, dwFlags, (int)ret);
     return ret;
@@ -128 +144 @@
     debug("ReadFile(%#08x, %#08x, %#08x, %#08x, %#08x) = %s",
         hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped, (ret ? "TRUE" : "FALSE"));
+
+    if (!_zz_ready || !_zz_iswatched(hFile) /*|| !_zz_hostwatched(hFile)*/ || _zz_islocked(hFile) || !_zz_isactive(hFile))
+        return ret;
+
+    if (ret)
+    {
+        DWORD bytes_read = lpNumberOfBytesRead ? *lpNumberOfBytesRead : nNumberOfBytesToRead;
+        debug("fuzzing file %#08x\n", hFile);
+        _zz_fuzz(hFile, lpBuffer, bytes_read);
+        _zz_addpos(hFile, bytes_read);
+    }
     return ret;
 }
@@ -140 +167 @@
 {
     BOOL ret;
+
+    /* TODO: Check if fuzzed application tries to close our debug channel */
+
     ret = ORIG(CloseHandle)(hObject);
-    debug("CloseHandle(%i) = %s", (int)hObject, (ret ? "TRUE" : "FALSE"));
+    debug("CloseHandle(%#08x) = %s", (int)hObject, (ret ? "TRUE" : "FALSE"));
+    if (!_zz_ready || !_zz_iswatched(hObject) || _zz_islocked(hObject))
+        return ret;
+    _zz_unregister(hObject);
     return ret;
 }

zzuf/trunk/src/zzuf.c

@@ -907 +907 @@
                 switch (exit_code)
                 {
-                case EXCEPTION_ACCESS_VIOLATION: fprintf(stderr, "child(%d) unhandled exception: Access Violation", opts->child[i].pid); break;
-                default: break;
+                case EXCEPTION_ACCESS_VIOLATION: fprintf(stderr, "child(%d) unhandled exception: Access Violation\n", opts->child[i].pid); break;
+                default: fprintf(stderr, "child(%d) exited with code %#08x\n", opts->child[i].pid, exit_code); break;
                 }
             }