forked from IOActive/Melkor_ELF_Fuzzer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_fuzzed.sh
executable file
·95 lines (85 loc) · 2.57 KB
/
test_fuzzed.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/bin/sh
if [ $# -lt 1 ]; then
echo "Usage: $0 [options] <dir_with_malformed_ELFs_aka_orcs> [program_and_parameters] > OUT.txt (includes stdout and stderr)"
echo " [options]:"
echo " -B Fuzz \$LD_BIND_NOW (fuzzing rule env1)"
echo " -L Fuzz \$LD_LIBRARY_PATH (fuzzing rule env2)"
echo " -P Fuzz \$LD_PRELOAD (fuzzing rule env3)"
echo ""
echo " [program_and_parameters]:"
echo " If no program given, the malformed ELF will be executed ./orc (OS' ELF loader testing)"
echo ""
echo "Examples:"
echo "$0 orcs_foo/"
echo "$0 -BL orcs_foo/ > EXECUTION_FOO_WITH_FUZZED_LD.txt"
echo "$0 orcs_libfoo.so/ \"readelf -SW\""
echo "$0 -P orcs_foo/"
echo "$0 orcs_foo_standalone/ \"readelf -S\" > READELF_FUZZING_RESULTS.txt"
echo "$0 orcs_foo.o/ \"gcc -o foo\""
echo "$0 -L orcs_foo_static/ \"gdb -q\""
echo ""
exit 0
else
while getopts LPB option; do
case "${option}" in
B) LD_BIND_NOW_FUZZ=1;;
L) LD_LIBRARY_PATH_FUZZ=1;;
P) LD_PRELOAD_FUZZ=1;;
*) exit;;
esac
done
if [ $LD_BIND_NOW_FUZZ ] || [ $LD_LIBRARY_PATH_FUZZ ] || [ $LD_PRELOAD_FUZZ ]; then
shift $(( OPTIND - 1 ));
fi
echo ""
echo "==================================================="
echo ""
if [ $LD_BIND_NOW_FUZZ ]; then
echo -n "Exporting fuzzed \$LD_BIND_NOW ... "
export LD_BIND_NOW=`src/env1`
echo "DONE"
fi
if [ $LD_LIBRARY_PATH_FUZZ ]; then
echo -n "Exporting fuzzed \$LD_LIBRARY_PATH ... "
export LD_LIBRARY_PATH=`src/env2`
echo "DONE"
fi
if [ $LD_PRELOAD_FUZZ ]; then
echo -n "\$LD_PRELOAD will change on every test ... "
fi
echo ""
echo "==================================================="
echo ""
echo "LD_* vars in environment:"
echo ""
src/print_envp_vars 2>/dev/null # stderr sent to null to avoid the error in case LD_PRELOAD is fuzzed as well
echo "==================================================="
echo ""
echo "Press any key to start the testing... "
read x
if [ -d $1 ]; then
for file in $(ls $1 | egrep -v "Report"); do
echo "---------------------------------------------------"
if [ "$2" ]; then
echo "Testing program: $2 $1$file"
if [ $LD_PRELOAD_FUZZ ]; then
LD_PRELOAD=`src/env3` $2 $1$file 2>&1
#echo quit | LD_PRELOAD=`src/env3` $2 $1$file 2>&1 # Example: "echo quit | gdb -q orcs/x"
else
$2 $1$file 2>&1
#echo quit | $2 $1$file 2>&1 # Example: "echo quit | gdb -q orcs/x"
fi
else
echo "Testing binary: $1$file"
if [ $LD_PRELOAD_FUZZ ]; then
LD_PRELOAD=`src/env3` $1$file 2>&1
else
$1$file 2>&1
fi
fi
done
else
echo "$1 doesn't exist or is not a directory !"
exit 1;
fi
fi