public void Run(FuzzController ctrl)
{
//It is assumed that currently the program is stopped at the snapshot
ctrl.Snapshot.Destroy ();
if (_currentAllocatedMemory != null)
{
ctrl.Connector.FreeMemory (_currentAllocatedMemory);
_currentAllocatedMemory = null;
}
_currentFuzzData = _fuzzLocation.DataGenerator.GenerateData ();
_currentAllocatedMemory = ctrl.Connector.AllocateMemory ((UInt64)_currentFuzzData.Length);
ctrl.Connector.WriteMemory (_currentFuzzData, _currentAllocatedMemory.Address, (UInt64)_currentFuzzData.Length);
//TODO: Big-Little endian handling
byte[] addressBytes = BitConverter.GetBytes (_currentAllocatedMemory.Address);
byte[] realAddressBytes;
if (addressBytes.Length != _fuzzLocation.FuzzTarget.Size)
{
realAddressBytes = new byte[_fuzzLocation.FuzzTarget.Size];
Array.Copy (addressBytes, realAddressBytes, Math.Min (addressBytes.Length, realAddressBytes.Length));
}
else
realAddressBytes = addressBytes;
ctrl.Connector.WriteMemory (realAddressBytes, _fuzzLocation.FuzzTarget.Address.Value, (UInt64)realAddressBytes.Length);
ctrl.Snapshot = ctrl.Connector.CreateSnapshot ();
}
/// <summary>
/// Deallocates a region of memory previously allocated within the virtual address space of the remote process.
/// </summary>
/// <param name="allocation">The allocated memory to release.</param>
public void Deallocate(IAllocatedMemory allocation)
{
// Dispose the element
if (!allocation.IsDisposed)
{
allocation.Dispose();
}
// Remove the element from the allocated memory list
if (InternalRemoteAllocations.Contains(allocation))
{
InternalRemoteAllocations.Remove(allocation);
}
}
private IntPtr OpenImageFromData(byte[] assembly)
{
IntPtr addr = target.ModuleFactory["mono.dll"]["mono_image_open_from_data"].BaseAddress;
if (addr != IntPtr.Zero)
{
IAllocatedMemory alloc = target.MemoryFactory.Allocate("assembly", assembly.Length);
alloc.Write(0, assembly);
IntPtr image = factory.Execute <IntPtr>(addr, CallingConventions.Cdecl, alloc.BaseAddress, assembly.Length, 1, IntPtr.Zero);
target.MemoryFactory.Deallocate(alloc);
return(image);
}
OnError("Could not find mono_image_open_from_data");
return(IntPtr.Zero);
}
/// <inheritdoc />
public void Write(IAllocatedMemory memory)
{
/*
* type StrRec = record
* CodePage: Word;
* ElemSize: Word;
* refCount: Integer;
* Len: Integer;
* case Integer of
* 1: array[0..0] of AnsiChar;
* 2: array[0..0] of WideChar;
* end;
*/
// Base of allocated chunk (?)
memory.Write(0,
memory.BaseAddress.ToInt32());
// Code page (Unicode)
memory.Write(4,
(short)Encoding.Unicode.CodePage); //0x04B0);
// Bytes per character
memory.Write(6,
(short)2);
// Reference count. Set counter to prevent garbage cleaning.
memory.Write(8,
1);
// Text length
memory.Write(12,
Text.Length);
// Write text
memory.Write(TextOffset,
Text,
Encoding.Unicode);
}
/// <summary>
/// <see cref="AllocateMemory"/>
/// </summary>
/// <param name="memory">
/// A <see cref="IAllocatedMemory"/>
/// </param>
public void FreeMemory(IAllocatedMemory memory)
{
if(memory != null)
QueueCommand (new PrintCmd (PrintCmd.Format.Hex, string.Format ("free({0})", memory.Address), delegate(object value) { }, this));
}
