static Variant Update(DataElement elem, Action action, uint?offset, bool once, bool increment)
{
if (!(elem is Dom.Number) && !(elem is Dom.String && elem.Hints.ContainsKey("NumericalString")))
{
throw new PeachException("SequenceIncrementFixup has non numeric parent '" + elem.fullName + "'.");
}
ulong max = elem is Dom.Number ? ((Dom.Number)elem).MaxValue : ulong.MaxValue;
ulong value = 0;
object obj = null;
string key = "SequenceIncrementFixup." + elem.fullName;
Dom.Dom dom = action.parent.parent.parent as Dom.Dom;
if (dom.context.stateStore.TryGetValue(key, out obj))
{
value = (ulong)obj;
}
if (dom.context.iterationStateStore.ContainsKey(key))
{
increment &= !once;
}
else if (offset.HasValue)
{
value = (ulong)offset.Value * (dom.context.test.strategy.Iteration - 1);
}
// For 2 bit number, offset is 2, 2 actions per iter:
// Iter: 1a,1b,2a,2b,3a,3b,4a,4b,5a,5b,6a,6b
// It-1: 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5
// Pre: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,11
// Want: 0, 1, 2, 0, 1, 2, 0, 1, 2, 0, 1, 2
// Final: 1, 2, 3, 1, 2, 3, 1, 2, 3, 1, 2, 3
if (value > max)
{
value = value % max;
}
if (increment)
{
if (++value > max)
{
value -= max;
}
dom.context.stateStore[key] = value;
dom.context.iterationStateStore[key] = value;
}
return(new Variant(value));
}
void Action_Starting(Action action)
{
var root = parent.getRoot() as DataModel;
foreach (var item in action.outputData)
{
if (item.dataModel == root)
{
parent.Invalidate();
Update(parent, action, Offset, Once, true);
}
}
}
void Action_Starting(Action action)
{
var root = parent.getRoot() as DataModel;
if (root.action != action)
{
return;
}
if (action.dataModel == root || action.parameters.Any(a => a.dataModel == root))
{
if (action.type != ActionType.Output)
{
return;
}
parent.Invalidate();
Update(parent, action, Offset, Once, true);
}
}
protected string GetDataModelName(Dom.Action action)
{
if (action.dataModel == null)
{
logger.Error("Error, in GetDataModelName, action.dataModel is null for action \"" + action.name + "\".");
throw new ArgumentException();
}
StringBuilder sb = new StringBuilder();
sb.Append("Run ");
sb.Append(action.parent.runCount);
sb.Append('.');
sb.Append(action.parent.name);
sb.Append('.');
sb.Append(action.name);
sb.Append('.');
sb.Append(action.dataModel.name);
return(sb.ToString());
}
protected string GetDataModelName(Dom.Action action, ActionParameter param)
{
if (param.dataModel == null)
{
throw new ArgumentException();
}
StringBuilder sb = new StringBuilder();
sb.Append("Run ");
sb.Append(action.parent.runCount);
sb.Append('.');
sb.Append(action.parent.name);
sb.Append('.');
sb.Append(action.name);
sb.Append('.');
sb.Append(action.parameters.IndexOf(param));
sb.Append('.');
sb.Append(param.dataModel.name);
return(sb.ToString());
}
protected string[] GetAllDataModelNames(Dom.Action action)
{
if (action.dataModel != null)
{
return new string[] { GetDataModelName(action) }
}
;
if (action.parameters.Count == 0)
{
throw new ArgumentException();
}
var names = new List <string>();
foreach (var parameter in action.parameters)
{
names.Add(GetDataModelName(action, parameter));
}
return(names.ToArray());
}
private void buttonStartFuzzing_Click(object sender, EventArgs e)
{
try
{
tabControl.SelectedTab = tabPageOutput;
buttonStartFuzzing.Enabled = false;
buttonSaveConfiguration.Enabled = false;
buttonStopFuzzing.Enabled = true;
IterationCount = 1;
FaultCount = 0;
textBoxIterationCount.Text = IterationCount.ToString();
textBoxFaultCount.Text = FaultCount.ToString();
textBoxOutput.Text = "";
Dom dom = new Dom();
DataModel dataModel = null;
// Data Set
Data fileData = new Data();
if (Directory.Exists(textBoxTemplateFiles.Text))
{
List <string> files = new List <string>();
foreach (string fileName in Directory.GetFiles(textBoxTemplateFiles.Text))
{
files.Add(fileName);
}
fileData.DataType = DataType.Files;
fileData.Files = files;
}
else if (File.Exists(textBoxTemplateFiles.Text))
{
fileData.DataType = DataType.File;
fileData.FileName = textBoxTemplateFiles.Text;
}
else
{
MessageBox.Show("Error, Unable to locate file/folder called \"" + textBoxTemplateFiles.Text + "\".");
return;
}
// DataModel
if (userSelectedDataModel != null)
{
dataModel = userSelectedDataModel.Clone("TheDataModel") as DataModel;
dataModel.dom = dom;
dom.dataModels.Add(dataModel.name, dataModel);
}
else
{
dataModel = new DataModel("TheDataModel");
dataModel.Add(new Blob());
dom.dataModels.Add(dataModel.name, dataModel);
}
// Publisher
Dictionary <string, Variant> args = new Dictionary <string, Variant>();
args["FileName"] = new Variant(textBoxFuzzedFile.Text);
Peach.Core.Publishers.FilePublisher file = new Peach.Core.Publishers.FilePublisher(args);
// StateModel
StateModel stateModel = new StateModel();
stateModel.name = "TheStateModel";
State state = new State();
state.name = "TheState";
state.parent = stateModel;
Peach.Core.Dom.Action actionOutput = new Peach.Core.Dom.Action();
actionOutput.type = ActionType.Output;
actionOutput.dataModel = dataModel;
actionOutput.dataSet = new Peach.Core.Dom.DataSet();
actionOutput.dataSet.Datas.Add(fileData);
actionOutput.parent = state;
Peach.Core.Dom.Action actionClose = new Peach.Core.Dom.Action();
actionClose.type = ActionType.Close;
actionClose.parent = state;
Peach.Core.Dom.Action actionCall = new Peach.Core.Dom.Action();
actionCall.type = ActionType.Call;
actionCall.publisher = "Peach.Agent";
actionCall.method = "ScoobySnacks";
actionCall.parent = state;
state.actions.Add(actionOutput);
state.actions.Add(actionClose);
state.actions.Add(actionCall);
stateModel.states.Add(state.name, state);
stateModel.initialState = state;
dom.stateModels.Add(stateModel.name, stateModel);
// Agent
Peach.Core.Dom.Agent agent = new Peach.Core.Dom.Agent();
agent.name = "TheAgent";
agent.url = "local://";
Peach.Core.Dom.Monitor monitor = new Peach.Core.Dom.Monitor();
switch (Platform.GetOS())
{
case Platform.OS.OSX:
if (radioButtonOSXCrashReporter.Checked)
{
monitor.cls = "CrashReporter";
agent.monitors.Add(monitor);
monitor = new Peach.Core.Dom.Monitor();
monitor.cls = "Process";
monitor.parameters["StartOnCall"] = new Variant("ScoobySnacks");
if (this.checkBoxOSXCpuKill.Checked)
{
monitor.parameters["NoCpuKill"] = new Variant("false");
}
else
{
monitor.parameters["NoCpuKill"] = new Variant("true");
}
monitor.parameters["Executable"] = new Variant(this.textBoxOSXExecutable.Text);
monitor.parameters["Arguments"] = new Variant(this.textBoxOSXArguments.Text);
}
else // Crash Wrangler
{
monitor.cls = "CrashWrangler";
monitor.parameters["StartOnCall"] = new Variant("ScoobySnacks");
if (this.checkBoxOSXCpuKill.Checked)
{
monitor.parameters["NoCpuKill"] = new Variant("false");
}
else
{
monitor.parameters["NoCpuKill"] = new Variant("true");
}
monitor.parameters["Command"] = new Variant(this.textBoxOSXExecutable.Text);
monitor.parameters["Arguments"] = new Variant(this.textBoxOSXArguments.Text);
monitor.parameters["CrashWrangler"] = new Variant(this.textBoxOSXCrashWrangler.Text);
}
break;
case Platform.OS.Linux: // Linux
monitor.cls = "Process";
monitor.parameters["StartOnCall"] = new Variant("ScoobySnacks");
monitor.parameters["Executable"] = new Variant(textBoxLinuxExecutable.Text);
monitor.parameters["Arguments"] = new Variant(textBoxLinuxArguments.Text);
monitor.parameters["NoCpuKill"] = new Variant("false");
break;
case Platform.OS.Windows:
monitor.cls = "WindowsDebugger";
monitor.parameters["StartOnCall"] = new Variant("ScoobySnacks");
monitor.parameters["WinDbgPath"] = new Variant(textBoxDebuggerPath.Text);
if (!checkBoxCpuKill.Checked)
{
monitor.parameters["NoCpuKill"] = new Variant("true");
}
if (radioButtonDebuggerStartProcess.Checked)
{
monitor.parameters["CommandLine"] = new Variant(textBoxDebuggerCommandLine.Text);
}
else if (radioButtonDebuggerAttachToProcess.Checked)
{
if (radioButtonAttachToProcessPID.Checked)
{
monitor.parameters["ProcessName"] = new Variant(textBoxAttachToProcessPID.Text);
}
else if (radioButtonAttachToProcessProcessName.Checked)
{
monitor.parameters["ProcessName"] = new Variant(textBoxAttachToProcessProcessName.Text);
}
}
else if (radioButtonDebuggerAttachToService.Checked)
{
monitor.parameters["Service"] = new Variant(comboBoxAttachToServiceServices.Text);
}
else if (radioButtonDebuggerKernelDebugger.Checked)
{
monitor.parameters["KernelConnectionString"] = new Variant(textBoxKernelConnectionString.Text);
}
break;
}
agent.monitors.Add(monitor);
dom.agents.Add(agent.name, agent);
// Send WM_CLOSE messages?
if (checkBoxEnableWmClose.Checked)
{
string windowNames = "";
if (!string.IsNullOrWhiteSpace(textBoxWindowTitle1.Text))
{
if (windowNames.Length > 0)
{
windowNames += ";";
}
windowNames += textBoxWindowTitle1.Text;
}
if (!string.IsNullOrWhiteSpace(textBoxWindowTitle2.Text))
{
if (windowNames.Length > 0)
{
windowNames += ";";
}
windowNames += textBoxWindowTitle2.Text;
}
if (!string.IsNullOrWhiteSpace(textBoxWindowTitle3.Text))
{
if (windowNames.Length > 0)
{
windowNames += ";";
}
windowNames += textBoxWindowTitle3.Text;
}
if (!string.IsNullOrWhiteSpace(textBoxWindowTitle4.Text))
{
if (windowNames.Length > 0)
{
windowNames += ";";
}
windowNames += textBoxWindowTitle4.Text;
}
monitor = new Peach.Core.Dom.Monitor();
monitor.cls = "PopupWatcher";
monitor.parameters["WindowNames"] = new Variant(windowNames);
agent.monitors.Add(monitor);
}
// Mutation Strategy
MutationStrategy strat = new RandomStrategy(new Dictionary <string, Variant>());
if (comboBoxFuzzingStrategy.Text.ToLower().IndexOf("Squencial") > -1)
{
strat = new Sequential(new Dictionary <string, Variant>());
}
// Test
Test test = new Test();
test.name = "Default";
test.stateModel = stateModel;
test.agents.Add(agent.name, agent);
test.publishers.Add("FileWriter", file);
test.strategy = strat;
stateModel.parent = test;
dom.tests.Add(test.name, test);
if (logger == null)
{
Dictionary <string, Variant> loggerArgs = new Dictionary <string, Variant>();
loggerArgs["Path"] = new Variant(textBoxLogPath.Text);
logger = new Peach.Core.Loggers.FileLogger(loggerArgs);
}
test.loggers.Add(logger);
// START FUZZING!!!!!
thread = new Thread(new ParameterizedThreadStart(Run));
thread.Start(dom);
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
throw;
}
}