mirror of
https://github.com/yuzu-emu/unicorn.git
synced 2025-01-22 17:00:57 +00:00
75d90aff52
* make cleanup * Update .travis.yml Update eflags_nosync.c Update sigill2.c Update ro_mem_test.c Update ro_mem_test.c Update nr_mem_test.c Update mem_fuzz.c Update mem_double_unmap.c Update emu_stop_in_hook_overrun.c Update eflags_nosync.c remove unused Update Makefile Update Makefile Update Makefile Update Makefile Update Makefile Update Makefile Update Makefile Update mem_64_c.c Update mem_64_c.c Update Makefile Update Makefile Update Makefile Update Makefile Update Makefile Update Makefile Update .travis.yml try android ndk build Update unicorn.py Update unicorn.py Update Makefile Update unicorn.py Update unicorn.py remove an untrue comment if a dll/so/dylib gets loaded at runtime is dependent on many different factors, primarily the LD/DYLD paths. Those do not always include the current working directory Update Makefile Update .appveyor.yml Update .travis.yml Update Makefile Update .appveyor.yml Fix bad sample * Update Makefile * Update Makefile * Update install-cmocka-linux.sh * remove verbose option from tar * add upgrade to pacman for cmake * pacman double update, needed to get new packages * enable cmocka unit testing * rejigger commands to fail on any step should get fails in msys builds for cmocka * fix quote * make cmocka in cygwin only * add msys cache
119 lines
2.7 KiB
C
119 lines
2.7 KiB
C
#define __STDC_FORMAT_MACROS
|
|
#include <inttypes.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
|
|
#include <unicorn/unicorn.h>
|
|
|
|
|
|
uint64_t baseranges[] = {0,0,0,0};
|
|
int step =0;
|
|
|
|
uint64_t urnd(){
|
|
uint64_t rnd = rand();
|
|
rnd = rnd << 32;
|
|
rnd += rand();
|
|
return rnd;
|
|
}
|
|
uint64_t get_addr(){
|
|
uint64_t base = ((uint64_t)urnd())%4;
|
|
uint64_t addr= baseranges[base] + urnd()%(4096*10);
|
|
return addr;
|
|
}
|
|
|
|
uint64_t get_aligned_addr(){
|
|
uint64_t addr = get_addr();
|
|
return addr - (addr % 4096);
|
|
}
|
|
|
|
uint64_t get_len(){
|
|
uint64_t len = (urnd() % (4096*5))+1;
|
|
return len;
|
|
}
|
|
|
|
uint64_t get_aligned_len(){
|
|
uint64_t len = get_len();
|
|
len = len - (len %4096);
|
|
len = ((len == 0) ? 4096 : len);
|
|
return len;
|
|
}
|
|
|
|
void perform_map_step(uc_engine *uc){
|
|
uint64_t addr = get_aligned_addr();
|
|
uint64_t len = get_aligned_len();
|
|
printf("map(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step);
|
|
uc_mem_map(uc, addr, len, UC_PROT_READ | UC_PROT_WRITE);
|
|
}
|
|
|
|
void perform_unmap_step(uc_engine *uc){
|
|
uint64_t addr = get_aligned_addr();
|
|
uint64_t len = get_aligned_len();
|
|
printf("unmap(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step);
|
|
uc_mem_unmap(uc, addr, len);
|
|
}
|
|
|
|
void perform_write_step(uc_engine *uc){
|
|
char* buff[4096*4];
|
|
memset(buff, 0, 4096*4);
|
|
uint64_t addr = get_addr();
|
|
uint64_t len = get_len()%(4096*3);
|
|
printf("write(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step);
|
|
uc_mem_write(uc, addr, buff, len);
|
|
}
|
|
|
|
void perform_read_step(uc_engine *uc){
|
|
char* buff[4096*4];
|
|
uint64_t addr = get_addr();
|
|
uint64_t len = get_len()%(4096*3);
|
|
printf("read(uc,0x%"PRIx64",0x%"PRIx64"); //%d\n", addr, len, step);
|
|
uc_mem_read(uc, addr, buff, len);
|
|
}
|
|
|
|
void perform_fuzz_step(uc_engine *uc){
|
|
switch( ((uint32_t)rand())%4 ){
|
|
case 0: perform_map_step(uc); break;
|
|
case 1: perform_unmap_step(uc); break;
|
|
case 2: perform_read_step(uc); break;
|
|
case 3: perform_write_step(uc); break;
|
|
}
|
|
}
|
|
|
|
int main(int argc, char **argv, char **envp)
|
|
{
|
|
uc_engine *uc;
|
|
uc_err err;
|
|
if(argc<2){
|
|
printf("usage: mem_fuzz $seed\n");
|
|
return 1;
|
|
}
|
|
int seed = atoi(argv[1]);
|
|
int i = 0;
|
|
|
|
//don't really care about quality of randomness
|
|
srand(seed);
|
|
printf("running with seed %d\n",seed);
|
|
|
|
// Initialize emulator in X86-32bit mode
|
|
err = uc_open(UC_ARCH_X86, UC_MODE_64, &uc);
|
|
if (err) {
|
|
printf("Failed on uc_open() with error returned: %u\n", err);
|
|
return 1;
|
|
}
|
|
|
|
for(i = 0; i < 2048; i++){
|
|
step++;
|
|
perform_fuzz_step(uc);
|
|
}
|
|
// fill in sections that shouldn't get touched
|
|
|
|
if (uc_close(uc) != UC_ERR_OK) {
|
|
printf("Failed on uc_close\n");
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|