From 4b95669af1d3d7750ec027dd313a1dc7aeb05f65 Mon Sep 17 00:00:00 2001 From: mio Date: Mon, 17 Jan 2022 23:02:14 +0100 Subject: [PATCH 1/2] Migrate from unicornafl1 to unicornafl2 --- examples/fuzzing/linux_x8664/fuzz_x8664_linux.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py b/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py index 673868f24..f424666e9 100755 --- a/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py +++ b/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py @@ -17,11 +17,8 @@ $ rm -fr afl_outputs/default/ """ -# This is new. Instead of unicorn, we import unicornafl. It's the same Uc with some new `afl_` functions -import unicornafl as UcAfl - -# Make sure Qiling uses our patched unicorn instead of it's own, second so without instrumentation! -UcAfl.monkeypatch() +from unicornafl import * +from unicorn import * import os import sys @@ -43,7 +40,7 @@ def main(input_file: str): stdout=None, stderr=None) - def place_input_callback(uc: UcAfl.Uc, input: bytes, persistent_round: int, data: Any) -> Optional[bool]: + def place_input_callback(uc: Uc, input: bytes, persistent_round: int, data: Any) -> Optional[bool]: """Called with every newly generated input. """ @@ -56,16 +53,16 @@ def start_afl(_ql: Qiling): # We start our AFL forkserver or run once if AFL is not available. # This will only return after the fuzzing stopped. try: - if not _ql.uc.afl_fuzz(input_file=input_file, place_input_callback=place_input_callback, exits=[ql.os.exit_point]): + if not uc_afl_fuzz(_ql.uc, input_file=input_file, place_input_callback=place_input_callback, exits=[ql.os.exit_point]): _ql.log.warning("Ran once without AFL attached") os._exit(0) - except UcAfl.UcAflError as ex: + except UcAflError as ex: # This hook triggers more than once in this example. # If this is the exception cause, we don't care. # TODO: choose a better hook position :) - if ex.errno != UcAfl.UC_AFL_RET_CALLED_TWICE: + if ex.errno != UC_AFL_RET_CALLED_TWICE: raise # get image base address From 1e7f3d81a46a8dd5b6003654ac8f3909353b9188 Mon Sep 17 00:00:00 2001 From: mio Date: Mon, 17 Jan 2022 23:05:17 +0100 Subject: [PATCH 2/2] Add comments --- examples/fuzzing/linux_x8664/fuzz_x8664_linux.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py b/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py index f424666e9..334e01337 100755 --- a/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py +++ b/examples/fuzzing/linux_x8664/fuzz_x8664_linux.py @@ -17,6 +17,7 @@ $ rm -fr afl_outputs/default/ """ +# This uses the new unicornafl, which no longer provides any Unicorn stuff so we have to import by our own. from unicornafl import * from unicorn import * @@ -53,6 +54,7 @@ def start_afl(_ql: Qiling): # We start our AFL forkserver or run once if AFL is not available. # This will only return after the fuzzing stopped. try: + # _ql.uc.afl_fuzz shall also work, but just for compatibility with old unicornafl if not uc_afl_fuzz(_ql.uc, input_file=input_file, place_input_callback=place_input_callback, exits=[ql.os.exit_point]): _ql.log.warning("Ran once without AFL attached") os._exit(0)