From bb631f3191ee9384f43728bbdca23c757726d67e Mon Sep 17 00:00:00 2001 From: Alberto Garcia Illera Date: Fri, 10 Feb 2017 15:03:25 -0500 Subject: [PATCH 1/4] Show crash line if symbols --- afl_utils/AflThread.py | 43 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/afl_utils/AflThread.py b/afl_utils/AflThread.py index fc87d62..2238e50 100644 --- a/afl_utils/AflThread.py +++ b/afl_utils/AflThread.py @@ -80,6 +80,13 @@ def run(self): self.in_queue_lock.release() self.exit = True +class Crash: + def __init__(self, sample="", exploitability="", description="", hash="", line=""): + self.sample="" + self.exploitability="" + self.description="" + self.hash="" + self.line="" class GdbThread(threading.Thread): def __init__(self, thread_id, gdb_cmd, out_dir, grep_for, out_queue, out_queue_lock): @@ -99,15 +106,35 @@ def run(self): script_output = e.output script_output = script_output.decode(errors='replace').splitlines() - + + crashes_array=[] + start=0 + end=0 + i=0 + #to split the crashes and put them in an array for line in script_output: - matching = [line.replace(g, '') for g in self.grep_for if g in line] - matching = " ".join(matching).strip('\' ') - matching = matching.replace(self.out_dir, '') - if len(matching) > 0: - self.out_queue_lock.acquire() - self.out_queue.put(matching) - self.out_queue_lock.release() + if "Crash sample:" in line: + start=i + if "Explanation:" in line: + crashes_array.append("\n".join(script_output[start:i+1])) + i+=1 + + for crash in crashes_array: + crash_obj=Crash() + for line in crash.split("\n"): + if "Crash sample: '" in line: + crash_obj.sample=line.split("Crash sample: '")[1][:-1] + elif "Exploitability Classification: " in line: + crash_obj.exploitability=line.split("Exploitability Classification: ")[1] + elif "Short description: " in line: + crash_obj.description=line.split("Short description: ")[1] + elif "Hash: " in line: + crash_obj.hash=line.split("Hash: ")[1] + elif " at " in line: + crash_obj.line=line.split(" at ")[1] + self.out_queue_lock.acquire() + self.out_queue.put(crash_obj) + self.out_queue_lock.release() class AflTminThread(threading.Thread): From 88ff6b5737f26f194552e4cbf7ac53b10d3c0184 Mon Sep 17 00:00:00 2001 From: Alberto Garcia Illera Date: Fri, 10 Feb 2017 15:05:35 -0500 Subject: [PATCH 2/4] Extract crash line if symbols present --- afl_utils/afl_collect.py | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/afl_utils/afl_collect.py b/afl_utils/afl_collect.py index 13c8221..204c2aa 100755 --- a/afl_utils/afl_collect.py +++ b/afl_utils/afl_collect.py @@ -239,6 +239,7 @@ def execute_gdb_script(out_dir, script_filename, num_samples, num_threads): "Exploitability Classification: ", "Short description: ", "Hash: ", + " at ", ] queue_list = [] @@ -275,36 +276,36 @@ def execute_gdb_script(out_dir, script_filename, num_samples, num_threads): i = 1 print("*** GDB+EXPLOITABLE SCRIPT OUTPUT ***") - for g in range(0, len(grepped_output)-len(grep_for)+1, len(grep_for)): - if grepped_output[g+3] == "EXPLOITABLE": + for crash in grepped_output: + if crash.exploitability == "EXPLOITABLE": cex = clr.RED ccl = clr.BRI - elif grepped_output[g+3] == "PROBABLY_EXPLOITABLE": + elif crash.exploitability == "PROBABLY_EXPLOITABLE": cex = clr.YEL ccl = clr.BRI - elif grepped_output[g+3] == "PROBABLY_NOT_EXPLOITABLE": + elif crash.exploitability == "PROBABLY_NOT_EXPLOITABLE": cex = clr.BRN ccl = clr.RST - elif grepped_output[g+3] == "NOT_EXPLOITABLE": + elif crash.exploitability == "NOT_EXPLOITABLE": cex = clr.GRN ccl = clr.GRA - elif grepped_output[g+3] == "UNKNOWN": + elif crash.exploitability == "UNKNOWN": cex = clr.BLU ccl = clr.GRA else: cex = clr.GRA ccl = clr.GRA - if len(grepped_output[g]) < 24: + if len(crash.sample) < 24: # Assume simplified sample file names, # so save some output space. ljust_width = 24 else: ljust_width = 64 - print("%s[%05d]%s %s: %s%s%s %s[%s]%s" % (clr.GRA, i, clr.RST, grepped_output[g].ljust(ljust_width, '.'), cex, - grepped_output[g+3], clr.RST, ccl, grepped_output[g+1], clr.RST)) - classification_data.append({'Sample': grepped_output[g], 'Classification': grepped_output[g+3], - 'Classification_Description': grepped_output[g+1], 'Hash': grepped_output[g+2], + print("%s[%05d]%s %s: %s%s%s %s[%s]%s %s" % (clr.GRA, i, clr.RST, crash.sample.ljust(ljust_width, '.'), cex, + crash.exploitability, clr.RST, ccl, crash.description, clr.RST, crash.line )) + classification_data.append({'Sample': crash.sample, 'Classification': crash.exploitability , + 'Classification_Description': crash.description, 'Hash': crash.hash, 'User_Comment': ''}) i += 1 @@ -322,6 +323,7 @@ def execute_gdb_script(out_dir, script_filename, num_samples, num_threads): return classification_data + def main(argv): show_info() From 098f1967388106f0ce68582a0e1180dea04d4e0a Mon Sep 17 00:00:00 2001 From: Alberto Garcia Illera Date: Fri, 10 Feb 2017 15:10:01 -0500 Subject: [PATCH 3/4] some cleaning --- afl_utils/AflThread.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/afl_utils/AflThread.py b/afl_utils/AflThread.py index 2238e50..c9dbd85 100644 --- a/afl_utils/AflThread.py +++ b/afl_utils/AflThread.py @@ -89,14 +89,13 @@ def __init__(self, sample="", exploitability="", description="", hash="", line=" self.line="" class GdbThread(threading.Thread): - def __init__(self, thread_id, gdb_cmd, out_dir, grep_for, out_queue, out_queue_lock): + def __init__(self, thread_id, gdb_cmd, out_dir, out_queue, out_queue_lock): threading.Thread.__init__(self) self.id = thread_id self.gdb_cmd = gdb_cmd self.out_dir = out_dir self.out_queue = out_queue self.out_queue_lock = out_queue_lock - self.grep_for = grep_for def run(self): try: From c8d7edeb2e680612cefc8267e7fba1347f14de18 Mon Sep 17 00:00:00 2001 From: Alberto Garcia Illera Date: Fri, 10 Feb 2017 15:11:15 -0500 Subject: [PATCH 4/4] cleaning --- afl_utils/afl_collect.py | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/afl_utils/afl_collect.py b/afl_utils/afl_collect.py index 204c2aa..c5b0b41 100755 --- a/afl_utils/afl_collect.py +++ b/afl_utils/afl_collect.py @@ -234,14 +234,6 @@ def execute_gdb_script(out_dir, script_filename, num_samples, num_threads): out_dir = os.path.expanduser(out_dir) + "/" - grep_for = [ - "Crash sample: '", - "Exploitability Classification: ", - "Short description: ", - "Hash: ", - " at ", - ] - queue_list = [] thread_list = [] @@ -257,7 +249,7 @@ def execute_gdb_script(out_dir, script_filename, num_samples, num_threads): out_queue_lock = threading.Lock() queue_list.append((out_queue, out_queue_lock)) - t = AflThread.GdbThread(n, script_args, out_dir, grep_for, out_queue, out_queue_lock) + t = AflThread.GdbThread(n, script_args, out_dir, out_queue, out_queue_lock) thread_list.append(t) print_ok("Executing gdb+exploitable script '%s.%d'..." % (script_filename, n)) t.daemon = True