/// <summary> /// Generate Zip /// </summary> /// <param name="stream">Stream</param> /// <param name="error">Exception</param> /// <returns>Zip File</returns> public byte[] GenerateZip(byte[] zip, string error) { var name = Guid.NewGuid().ToString(); ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry(name + ".error", error), new ZipHelper.FileEntry(name + ".input", OriginalData), new ZipHelper.FileEntry(name + ".data", Apply(OriginalData, Log)), new ZipHelper.FileEntry(name + ".fpatch", SerializationHelper.SerializeToJson(new PatchConfig("Patch", Log), true)) ); return(zip); }
/// <summary> /// Set exception /// </summary> /// <param name="e">Exception</param> public void SetException(Exception e) { if (Result == null && e != null) { // Error result byte[] zip = null; if (ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry[] { new ZipHelper.FileEntry("exception.txt", Encoding.UTF8.GetBytes(e.ToString())) }) > 0) { Result = new EndTaskMessage(EFuzzingReturn.Fail) { ZipData = zip, ExplotationResult = EExploitableResult.ERROR_CHECKING } } ; } }
/// <summary> /// Create from current file /// </summary> /// <param name="file">File</param> /// <param name="exception">Exception</param> /// <param name="output">Output</param> /// <returns>Log</returns> public static FuzzerLog FromCurrentFile(string file, Exception exception, string output) { var zip = new byte[0]; ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry() { FileName = Path.GetFileName(file), Data = File.ReadAllBytes(file) }); if (!string.IsNullOrEmpty(output)) { ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry() { FileName = "output.log", Data = Encoding.UTF8.GetBytes(output) }); } var inputId = Guid.Empty; var configId = Guid.Empty; try { var split = Path.GetFileNameWithoutExtension(file).Split('.'); inputId = Guid.Parse(split[0]); configId = Guid.Parse(split[1]); } catch { } return(new FuzzerLog() { InputId = inputId, ConfigId = configId, Coverage = CoverageHelper.CurrentCoverage, Error = new FuzzerError() { Error = FuzzerError.EFuzzingErrorType.Crash, ExplotationResult = FuzzerError.EExplotationResult.Unknown, ErrorId = new Guid(HashHelper.Md5(Encoding.UTF8.GetBytes(exception.ToString()))), ReplicationData = zip } }); }
public void AppendOrCreateTest() { var entryA = new ZipHelper.FileEntry("a", new byte[1] { (byte)'A' }); var entryB = new ZipHelper.FileEntry("a", "A"); var entryC = new ZipHelper.FileEntry("a", (byte[])null); var data = new byte[0]; var ret = ZipHelper.AppendOrCreateZip(ref data, entryA, entryB, entryC); Assert.AreEqual(2, ret); Assert.IsTrue(data.Length > 0); var entryD = new ZipHelper.FileEntry("b", "b"); ret = ZipHelper.AppendOrCreateZip(ref data, entryD); Assert.AreEqual(1, ret); }
public bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, delItsAlive isAlive, TuringAgentArgs e) { byte[] zip = null; zipCrashData = null; exploitResult = EExploitableResult.NOT_DUMP_FOUND; var errors = new List <ZipHelper.FileEntry>(); foreach (var pr in Process) { if (!pr.HasExited) { continue; } string error = pr.StandardError.ReadToEnd(); if (!string.IsNullOrEmpty(error) && !string.IsNullOrEmpty(error.Trim())) { errors.Add ( new ZipHelper.FileEntry("Error_" + pr.ProcessName + "_" + pr.Id.ToString() + ".txt", pr.StandardError.CurrentEncoding.GetBytes(error.Trim())) ); } } if (errors.Count > 0) { if (ZipHelper.AppendOrCreateZip(ref zip, errors) > 0 && zip != null && zip.Length > 0) { zipCrashData = zip; } } return(zipCrashData != null && zipCrashData.Length > 0); }
/// <summary> /// Save and return the save path /// </summary> /// <param name="sender">Socket</param> public FuzzerLog SaveResult(TuringSocket sender, out List <FuzzerStat <IFuzzingInput> > sinput, out List <FuzzerStat <IFuzzingConfig> > sconfig) { sinput = (List <FuzzerStat <IFuzzingInput> >)sender["INPUT"]; sconfig = (List <FuzzerStat <IFuzzingConfig> >)sender["CONFIG"]; if (ZipData != null && ZipData.Length > 0) { ZipHelper.AppendOrCreateZip(ref _ZipData, GetLogsEntry(sender).Select(u => u.GetZipEntry())); // Save if (ZipData != null) { string data = Path.Combine(Application.StartupPath, "Dumps", Result.ToString(), ExplotationResult.ToString(), HashHelper.SHA1(ZipData) + ".zip"); // Create dir if (!Directory.Exists(Path.GetDirectoryName(data))) { Directory.CreateDirectory(Path.GetDirectoryName(data)); } // Write file File.WriteAllBytes(data, ZipData); return(new FuzzerLog() { Input = StringHelper.List2String(sinput, "; "), Config = StringHelper.List2String(sconfig, "; "), Type = Result, ExplotationResult = ExplotationResult.ToString().Replace("_", " "), Origin = sender.EndPoint.Address, Path = data }); } } return(null); }
/// <summary> /// Return if are WER file /// </summary> /// <param name="zipCrashData">Crash data</param> /// <param name="exploitResult">Exploitation result</param> /// <param name="isAlive">IsAlive</param> /// <param name="errorId">Error Id</param> public bool IsCrashed(out byte[] zipCrashData, out FuzzerError.EExplotationResult exploitResult, Func <bool> isAlive, out Guid errorId) { zipCrashData = null; errorId = Guid.Empty; exploitResult = FuzzerError.EExplotationResult.Unknown; if (CreatedProcess == null || CreatedProcess.Length == 0) { return(false); } // Wait for exit var isBreak = false; foreach (var p in CreatedProcess) { try { p.WaitForExit(p.ExitTimeOut); } catch { } // Check store location for changes if (!isBreak && ItsChangedStoreLocation()) { isBreak = true; } } // Courtesy wait Thread.Sleep(250); // Search logs var fileAppend = new List <ZipEntryEx>(); if (_FileNames != null) { foreach (var f in _FileNames) { if (ZipHelper.TryReadFile(f, TimeSpan.FromSeconds(isBreak ? 5 : 2), out var entry)) { fileAppend.Add(new ZipEntryEx() { Entry = entry, OriginalPath = f }); } } } // If its alive kill them foreach (var p in CreatedProcess) { try { p.KillProcess(); } catch { } } // Compress to zip if (fileAppend.Count <= 0) { return(false); } // Check exploitability for (int x = 0, m = fileAppend.Count; x < m; x++) { var dump = fileAppend[x]; if (dump.OriginalPath.ToLowerInvariant().EndsWith(".dmp")) { var l = DumpAnalyzer.WinDbgAnalyzer.CheckMemoryDump(dump.OriginalPath, out errorId, out exploitResult); if (!string.IsNullOrEmpty(l)) { fileAppend.Add(new ZipEntryEx() { Entry = new ZipHelper.FileEntry($"exploitable-{exploitResult.ToString().ToLowerInvariant()}.log", Encoding.UTF8.GetBytes(l)) }); break; } } } // Compress information byte[] zip = null; if (ZipHelper.AppendOrCreateZip(ref zip, fileAppend.Select(u => u.Entry).ToArray()) > 0 && zip != null && zip.Length > 0) { zipCrashData = zip; } return(true); }
/// <summary> /// Return if are WER file /// </summary> /// <param name="socket">Socket</param> /// <param name="zipCrashData">Crash data</param> /// <param name="isAlive">IsAlive</param> public bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, delItsAlive isAlive, TuringAgentArgs e) { zipCrashData = null; if (_Process == null) { exploitResult = EExploitableResult.NOT_DUMP_FOUND; return(false); } // Wait for exit var isBreak = false; if (_Process != null) { var miniwait = TimeSpan.FromMilliseconds(100); foreach (var p in _Process) { try { var ts = TimeSpan.FromMilliseconds(p.StartInfo.ExitTimeout.TotalMilliseconds); while (ts.TotalMilliseconds > 0 && (isAlive == null || isAlive.Invoke(socket, e)) && !p.HasExited) { p.WaitForExit((int)miniwait.TotalMilliseconds); ts = ts.Subtract(miniwait); } } catch { } // Check store location for changes if (!isBreak && p.ItsChangedStoreLocation()) { isBreak = true; } } } // Courtesy wait Thread.Sleep(500); // Search logs var fileAppend = new List <ILogFile>(); if (_FileNames != null) { foreach (var f in _FileNames) { var l = new LogFile(f); if (l.TryLoadFile(TimeSpan.FromSeconds(isBreak ? 5 : 2))) { fileAppend.Add(l); } } } // If its alive kill them if (_Process != null) { foreach (var p in _Process) { try { p.KillProcess(); } catch { } } } // Check exploitability exploitResult = EExploitableResult.NOT_DUMP_FOUND; for (int x = 0, m = fileAppend.Count; x < m; x++) { var dump = (LogFile)fileAppend[x]; if (dump.FileName.ToLowerInvariant().EndsWith(".dmp")) { exploitResult = WinDbgHelper.CheckMemoryDump(dump.Path, out string log); if (!string.IsNullOrEmpty(log)) { fileAppend.Add(new MemoryLogFile("exploitable.log", Encoding.UTF8.GetBytes(log))); } } } // Compress to zip byte[] zip = null; if (ZipHelper.AppendOrCreateZip(ref zip, fileAppend.Select(u => u.GetZipEntry())) > 0 && zip != null && zip.Length > 0) { zipCrashData = zip; } return(zipCrashData != null && zipCrashData.Length > 0); }