zoukankan      html  css  js  c++  java

  • LLVM + libFuzzer 使用方法

    这个,其实挺坑的。使用方法很诡异。

    首先

    https://www.cnblogs.com/suanguade/p/13833360.html

    用以上帖子的方法,重新完整编译LLVM的项目,

    其实也不用太完整,主要是需要集成

    ”Compiler-RT“相关的库,

    因为 libFuzzer 相关的功能都在这个库里。

    以上都做完了之后,需要使用的模块大致有三个

    1:生成出来的 clang.exe 

    2:RTfuzzer_main.x86_64.lib 库

    3:RTfuzzer.x86_64.lib 库

    三个模块分别有不同的用途。

    模块1:是编译器,编译fuzzer程序,需要使用模块1

    模块2:是main函数库,最大的用途是,帮助我。。。让我少写个main函数,其实也没啥用

    模块3:是主要的 Fuzz 库,相关功能都在里面

    都有了之后,写代码。

     1 #include <stdio.h>
 2 
 3 typedef unsigned char uint8_t;
 4 typedef unsigned __int64 size_t;
 5 
 6 extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
 7     char z = 'z';
 8     char* sz = (char *)z;
 9     *sz = (char )*data;
10     printf("123
");
11     return 0;
12 }

    就这点代码,就够了。

    稳定必崩。

    然后使用clang 编译,命令如下:

    clang++.exe -LL:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibfuzzerRTfuzzer_main.x86_64.dirRelWithDebInfoRTfuzzer_main.x86_64.lib -LL:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibfuzzerRTfuzzer.x86_64.dirRelWithDebInfoRTfuzzer.x86_64.lib -fsanitize=fuzzer -fsanitize=address main.cpp

    看起来挺长的,其实主要部分就三块。

    导入两个lib,(其实不导入也没关系,我习惯这么写是因为开发必须知道自己都干了啥)

    传入一个cpp文件来编译,

    然后就是编译参数,

    编译完之后,程序就出来了,程序很大。。。

    执行程序,代码必崩

    如果要复现这个崩溃,只需要执行的时候加个参数就好了,比如

    我代码写的问题,所有参数都崩,所以我随便怎么加参数都崩,所以就这样了,

    如果需要看帮助,可以这样

    好了,就是这么玩的,

    其他代码细节就太简单了,看下代码就会了。

    结束了,玩完了,没准可以用它玩玩别的代码呢。

    再补一句

    如果要用VS来编译的话,需要导入这一大堆库,能编,但是可能不全

     1 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibasanRTAsan.x86_64.dirRelWithDebInfoRTAsan.x86_64.lib
 2 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibasanRTAsan_dynamic_version_script_dummy.x86_64.dirRelWithDebInfoRTAsan_dynamic_version_script_dummy.x86_64.lib
 3 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibasanRTAsan_preinit.x86_64.dirRelWithDebInfoRTAsan_preinit.x86_64.lib
 4 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibfuzzerRTfuzzer.x86_64.dirRelWithDebInfoRTfuzzer.x86_64.lib
 5 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibfuzzerRTfuzzer_main.x86_64.dirRelWithDebInfoRTfuzzer_main.x86_64.lib
 6 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibinterceptionRTInterception.x86_64.dirRelWithDebInfoRTInterception.x86_64.lib
 7 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtliblsanRTLSanCommon.x86_64.dirRelWithDebInfoRTLSanCommon.x86_64.lib
 8 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonCoverage.x86_64.dirRelWithDebInfoRTSanitizerCommonCoverage.x86_64.lib
 9 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonLibc.x86_64.dirRelWithDebInfoRTSanitizerCommonLibc.x86_64.lib
10 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonLibcNoHooks.x86_64.dirRelWithDebInfoRTSanitizerCommonLibcNoHooks.x86_64.lib
11 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonNoHooks.x86_64.dirRelWithDebInfoRTSanitizerCommonNoHooks.x86_64.lib
12 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonNoLibc.x86_64.dirRelWithDebInfoRTSanitizerCommonNoLibc.x86_64.lib
13 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonNoTermination.x86_64.dirRelWithDebInfoRTSanitizerCommonNoTermination.x86_64.lib
14 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonSymbolizer.x86_64.dirRelWithDebInfoRTSanitizerCommonSymbolizer.x86_64.lib
15 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonRTSanitizerCommonSymbolizerNoHooks.x86_64.dirRelWithDebInfoRTSanitizerCommonSymbolizerNoHooks.x86_64.lib
16 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibubsanRTUbsan.x86_64.dirRelWithDebInfoRTUbsan.x86_64.lib
17 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibubsanRTUbsan_cxx.x86_64.dirRelWithDebInfoRTUbsan_cxx.x86_64.lib
18 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibubsanRTUbsan_standalone.x86_64.dirRelWithDebInfoRTUbsan_standalone.x86_64.lib
19 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonSancovDynamicRuntimeThunk.x86_64.dirRelWithDebInfoSancovDynamicRuntimeThunk.x86_64.lib
20 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonSancovWeakInterception.x86_64.dirRelWithDebInfoSancovWeakInterception.x86_64.lib
21 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonSanitizerCommonDynamicRuntimeThunk.x86_64.dirRelWithDebInfoSanitizerCommonDynamicRuntimeThunk.x86_64.lib
22 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibsanitizer_commonSanitizerCommonWeakInterception.x86_64.dirRelWithDebInfoSanitizerCommonWeakInterception.x86_64.lib
23 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibubsanUbsanDynamicRuntimeThunk.x86_64.dirRelWithDebInfoUbsanDynamicRuntimeThunk.x86_64.lib
24 L:LLVMllvm-11.0.0.srcprojectprojectscompiler-rtlibubsanUbsanWeakInterception.x86_64.dirRelWithDebInfoUbsanWeakInterception.x86_64.lib
  • 相关阅读:
    python使用ORM之如何调用多对多关系
    ORM
    初学者用pycharm创建一个django项目和一个app时需要注意的事项
    CSRF verification failed. Request aborted.
    函数三生成器
    函数二函数进阶二
    函数二函数进阶
    函数一函数初识
    文件操作初识
    类型与运算五
  • 原文地址:https://www.cnblogs.com/suanguade/p/13838125.html
Copyright © 2011-2022 走看看