Open zjuchenyuan opened 4 years ago
It seems not that easy to adapt to use stdin, as libdft require fd to be seekable
I have tried to add code for using stdin=open(tfl, 'rb')
for subprocess.Popen call, and it can make execute
work, but not execute2
.
After try to force adding fd 0 to pin code libdft64/tools/libdft-dta.cpp
: extern std::set<int> fdset; fdset.insert(0);
It turns to an infinite loop cosuming more and more memory, pintool.log:
Pin: pin-3.7-97619-0d0c92f4f
Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
In open
in_dtracker_whitelist /etc/ld.so.cache
Info ignoring fd 3
In mmap 3 0
close 3
In open
in_dtracker_whitelist /lib/x86_64-linux-gnu/libc-2.23.so
Info ignoring fd 3
In mmap -1 0
In mmap 3 0
In mmap 3 1835008
In mmap -1 0
close 3
In mmap -1 0
In mmap -1 0
Setting taint 0 6bytes
Error on lseeking 0
My current modification, https://github.com/zjuchenyuan/vuzzer64/commit/68a2ebba6899c21c824349e69265dfc03c78896a (Not working, do not use this code!!!)
Hope someone find out how to solve it.
If source code is available, I added additional command line parameters and calling of freopen()
, and successfully got the tainted information. But considering vuzzer is a binary-oriented fuzz tool, I’m not sure if it can help you
when command does not contain
%s
, vuzzer cannot runWe need write code to introduce
is_stdin
, and use subprocess pipe to send to the program.Ideally, it would be better when in
is_stdin
mode, not each file need to be written to disk, reducing IO overhead.