Exemplo n.º 1
0
        /// <summary>
        /// Generate Zip
        /// </summary>
        /// <param name="stream">Stream</param>
        /// <param name="error">Exception</param>
        /// <returns>Zip File</returns>
        public byte[] GenerateZip(byte[] zip, string error)
        {
            var name = Guid.NewGuid().ToString();

            ZipHelper.AppendOrCreateZip(ref zip,
                                        new ZipHelper.FileEntry(name + ".error", error),
                                        new ZipHelper.FileEntry(name + ".input", OriginalData),
                                        new ZipHelper.FileEntry(name + ".data", Apply(OriginalData, Log)),
                                        new ZipHelper.FileEntry(name + ".fpatch", SerializationHelper.SerializeToJson(new PatchConfig("Patch", Log), true))
                                        );

            return(zip);
        }
Exemplo n.º 2
0
 /// <summary>
 /// Set exception
 /// </summary>
 /// <param name="e">Exception</param>
 public void SetException(Exception e)
 {
     if (Result == null && e != null)
     {
         // Error result
         byte[] zip = null;
         if (ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry[] { new ZipHelper.FileEntry("exception.txt", Encoding.UTF8.GetBytes(e.ToString())) }) > 0)
         {
             Result = new EndTaskMessage(EFuzzingReturn.Fail)
             {
                 ZipData           = zip,
                 ExplotationResult = EExploitableResult.ERROR_CHECKING
             }
         }
         ;
     }
 }
Exemplo n.º 3
0
        /// <summary>
        /// Create from current file
        /// </summary>
        /// <param name="file">File</param>
        /// <param name="exception">Exception</param>
        /// <param name="output">Output</param>
        /// <returns>Log</returns>
        public static FuzzerLog FromCurrentFile(string file, Exception exception, string output)
        {
            var zip = new byte[0];

            ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry()
            {
                FileName = Path.GetFileName(file),
                Data     = File.ReadAllBytes(file)
            });

            if (!string.IsNullOrEmpty(output))
            {
                ZipHelper.AppendOrCreateZip(ref zip, new ZipHelper.FileEntry()
                {
                    FileName = "output.log",
                    Data     = Encoding.UTF8.GetBytes(output)
                });
            }

            var inputId  = Guid.Empty;
            var configId = Guid.Empty;

            try
            {
                var split = Path.GetFileNameWithoutExtension(file).Split('.');
                inputId  = Guid.Parse(split[0]);
                configId = Guid.Parse(split[1]);
            }
            catch { }

            return(new FuzzerLog()
            {
                InputId = inputId,
                ConfigId = configId,
                Coverage = CoverageHelper.CurrentCoverage,
                Error = new FuzzerError()
                {
                    Error = FuzzerError.EFuzzingErrorType.Crash,
                    ExplotationResult = FuzzerError.EExplotationResult.Unknown,
                    ErrorId = new Guid(HashHelper.Md5(Encoding.UTF8.GetBytes(exception.ToString()))),
                    ReplicationData = zip
                }
            });
        }
Exemplo n.º 4
0
        public void AppendOrCreateTest()
        {
            var entryA = new ZipHelper.FileEntry("a", new byte[1] {
                (byte)'A'
            });
            var entryB = new ZipHelper.FileEntry("a", "A");
            var entryC = new ZipHelper.FileEntry("a", (byte[])null);

            var data = new byte[0];
            var ret  = ZipHelper.AppendOrCreateZip(ref data, entryA, entryB, entryC);

            Assert.AreEqual(2, ret);
            Assert.IsTrue(data.Length > 0);

            var entryD = new ZipHelper.FileEntry("b", "b");

            ret = ZipHelper.AppendOrCreateZip(ref data, entryD);
            Assert.AreEqual(1, ret);
        }
        public bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, delItsAlive isAlive, TuringAgentArgs e)
        {
            byte[] zip = null;
            zipCrashData  = null;
            exploitResult = EExploitableResult.NOT_DUMP_FOUND;

            var errors = new List <ZipHelper.FileEntry>();

            foreach (var pr in Process)
            {
                if (!pr.HasExited)
                {
                    continue;
                }

                string error = pr.StandardError.ReadToEnd();

                if (!string.IsNullOrEmpty(error) && !string.IsNullOrEmpty(error.Trim()))
                {
                    errors.Add
                    (
                        new ZipHelper.FileEntry("Error_" + pr.ProcessName + "_" + pr.Id.ToString() + ".txt",
                                                pr.StandardError.CurrentEncoding.GetBytes(error.Trim()))
                    );
                }
            }

            if (errors.Count > 0)
            {
                if (ZipHelper.AppendOrCreateZip(ref zip, errors) > 0 && zip != null && zip.Length > 0)
                {
                    zipCrashData = zip;
                }
            }

            return(zipCrashData != null && zipCrashData.Length > 0);
        }
Exemplo n.º 6
0
        /// <summary>
        /// Save and return the save path
        /// </summary>
        /// <param name="sender">Socket</param>
        public FuzzerLog SaveResult(TuringSocket sender, out List <FuzzerStat <IFuzzingInput> > sinput, out List <FuzzerStat <IFuzzingConfig> > sconfig)
        {
            sinput  = (List <FuzzerStat <IFuzzingInput> >)sender["INPUT"];
            sconfig = (List <FuzzerStat <IFuzzingConfig> >)sender["CONFIG"];

            if (ZipData != null && ZipData.Length > 0)
            {
                ZipHelper.AppendOrCreateZip(ref _ZipData, GetLogsEntry(sender).Select(u => u.GetZipEntry()));

                // Save
                if (ZipData != null)
                {
                    string data = Path.Combine(Application.StartupPath, "Dumps", Result.ToString(), ExplotationResult.ToString(), HashHelper.SHA1(ZipData) + ".zip");

                    // Create dir
                    if (!Directory.Exists(Path.GetDirectoryName(data)))
                    {
                        Directory.CreateDirectory(Path.GetDirectoryName(data));
                    }

                    // Write file
                    File.WriteAllBytes(data, ZipData);

                    return(new FuzzerLog()
                    {
                        Input = StringHelper.List2String(sinput, "; "),
                        Config = StringHelper.List2String(sconfig, "; "),
                        Type = Result,
                        ExplotationResult = ExplotationResult.ToString().Replace("_", " "),
                        Origin = sender.EndPoint.Address,
                        Path = data
                    });
                }
            }

            return(null);
        }
Exemplo n.º 7
0
        /// <summary>
        /// Return if are WER file
        /// </summary>
        /// <param name="zipCrashData">Crash data</param>
        /// <param name="exploitResult">Exploitation result</param>
        /// <param name="isAlive">IsAlive</param>
        /// <param name="errorId">Error Id</param>
        public bool IsCrashed(out byte[] zipCrashData, out FuzzerError.EExplotationResult exploitResult, Func <bool> isAlive, out Guid errorId)
        {
            zipCrashData  = null;
            errorId       = Guid.Empty;
            exploitResult = FuzzerError.EExplotationResult.Unknown;

            if (CreatedProcess == null || CreatedProcess.Length == 0)
            {
                return(false);
            }

            // Wait for exit

            var isBreak = false;

            foreach (var p in CreatedProcess)
            {
                try
                {
                    p.WaitForExit(p.ExitTimeOut);
                }
                catch { }

                // Check store location for changes

                if (!isBreak && ItsChangedStoreLocation())
                {
                    isBreak = true;
                }
            }

            // Courtesy wait

            Thread.Sleep(250);

            // Search logs

            var fileAppend = new List <ZipEntryEx>();

            if (_FileNames != null)
            {
                foreach (var f in _FileNames)
                {
                    if (ZipHelper.TryReadFile(f, TimeSpan.FromSeconds(isBreak ? 5 : 2), out var entry))
                    {
                        fileAppend.Add(new ZipEntryEx()
                        {
                            Entry        = entry,
                            OriginalPath = f
                        });
                    }
                }
            }

            // If its alive kill them

            foreach (var p in CreatedProcess)
            {
                try { p.KillProcess(); } catch { }
            }

            // Compress to zip

            if (fileAppend.Count <= 0)
            {
                return(false);
            }

            // Check exploitability

            for (int x = 0, m = fileAppend.Count; x < m; x++)
            {
                var dump = fileAppend[x];

                if (dump.OriginalPath.ToLowerInvariant().EndsWith(".dmp"))
                {
                    var l = DumpAnalyzer.WinDbgAnalyzer.CheckMemoryDump(dump.OriginalPath, out errorId, out exploitResult);

                    if (!string.IsNullOrEmpty(l))
                    {
                        fileAppend.Add(new ZipEntryEx()
                        {
                            Entry = new ZipHelper.FileEntry($"exploitable-{exploitResult.ToString().ToLowerInvariant()}.log", Encoding.UTF8.GetBytes(l))
                        });

                        break;
                    }
                }
            }

            // Compress information

            byte[] zip = null;
            if (ZipHelper.AppendOrCreateZip(ref zip, fileAppend.Select(u => u.Entry).ToArray()) > 0 && zip != null && zip.Length > 0)
            {
                zipCrashData = zip;
            }

            return(true);
        }
Exemplo n.º 8
0
        /// <summary>
        /// Return if are WER file
        /// </summary>
        /// <param name="socket">Socket</param>
        /// <param name="zipCrashData">Crash data</param>
        /// <param name="isAlive">IsAlive</param>
        public bool IsCrashed(TuringSocket socket, out byte[] zipCrashData, out EExploitableResult exploitResult, delItsAlive isAlive, TuringAgentArgs e)
        {
            zipCrashData = null;

            if (_Process == null)
            {
                exploitResult = EExploitableResult.NOT_DUMP_FOUND;
                return(false);
            }

            // Wait for exit
            var isBreak = false;

            if (_Process != null)
            {
                var miniwait = TimeSpan.FromMilliseconds(100);
                foreach (var p in _Process)
                {
                    try
                    {
                        var ts = TimeSpan.FromMilliseconds(p.StartInfo.ExitTimeout.TotalMilliseconds);
                        while (ts.TotalMilliseconds > 0 &&
                               (isAlive == null || isAlive.Invoke(socket, e)) && !p.HasExited)
                        {
                            p.WaitForExit((int)miniwait.TotalMilliseconds);
                            ts = ts.Subtract(miniwait);
                        }
                    }
                    catch { }

                    // Check store location for changes
                    if (!isBreak && p.ItsChangedStoreLocation())
                    {
                        isBreak = true;
                    }
                }
            }

            // Courtesy wait
            Thread.Sleep(500);

            // Search logs
            var fileAppend = new List <ILogFile>();

            if (_FileNames != null)
            {
                foreach (var f in _FileNames)
                {
                    var l = new LogFile(f);

                    if (l.TryLoadFile(TimeSpan.FromSeconds(isBreak ? 5 : 2)))
                    {
                        fileAppend.Add(l);
                    }
                }
            }

            // If its alive kill them
            if (_Process != null)
            {
                foreach (var p in _Process)
                {
                    try { p.KillProcess(); } catch { }
                }
            }

            // Check exploitability
            exploitResult = EExploitableResult.NOT_DUMP_FOUND;
            for (int x = 0, m = fileAppend.Count; x < m; x++)
            {
                var dump = (LogFile)fileAppend[x];

                if (dump.FileName.ToLowerInvariant().EndsWith(".dmp"))
                {
                    exploitResult = WinDbgHelper.CheckMemoryDump(dump.Path, out string log);
                    if (!string.IsNullOrEmpty(log))
                    {
                        fileAppend.Add(new MemoryLogFile("exploitable.log", Encoding.UTF8.GetBytes(log)));
                    }
                }
            }

            // Compress to zip
            byte[] zip = null;
            if (ZipHelper.AppendOrCreateZip(ref zip, fileAppend.Select(u => u.GetZipEntry())) > 0 && zip != null && zip.Length > 0)
            {
                zipCrashData = zip;
            }

            return(zipCrashData != null && zipCrashData.Length > 0);
        }