fuzzamos

## apatching_for_AFL_Persistent_fuzzing.diff
Index: server/main.c
===================================================================
--- server/main.c	(revision 1794475)
+++ server/main.c	(working copy)
@@ -434,11 +434,157 @@
     ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
                  "  -X                 : debug mode (only one worker, do not detach)");

-    destroy_and_exit_process(process, 1);
+    destroy_and_exit_process(process, 0);

## apatching_apache_for_AFL_fuzzing.diff
Index: server/main.c
===================================================================
--- server/main.c	(revision 1794194)
+++ server/main.c	(working copy)
@@ -371,7 +371,11 @@
     ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
                  "  -c \"directive\"     : process directive after reading "
                  "config files");
+    ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
+                 "  -F                   : hackish file to read as request  "

## compile_httpd_with_flags.sh
#!/bin/bash

PREFIX="${PREFIX:-/usr/local/apache_clean}"

echo -e " \e[32mAPR"
echo
echo "Running apr with: c-compiler:$CC $CFLAGS c++-compiler:$CXX $CXXFLAGS"
sleep 2
cd apr-1* && ./configure --prefix="$PREFIX" && apr=$(pwd) && make clean && make -j4 && sudo make install && cd ..

## README.md

      
              4 files
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fuzzamos
                / README.md
            
            
              Created
              February 28, 2018 20:02
                — forked from jthuraisamy/README.md
            
          
    PyExZ3 Example with HackSysExtremeVulnerableDriver

TL;DR: Using symbolic execution to recover driver IOCTL codes that are computed at runtime.
The goal here is to find valid IOCTL codes for the HackSysExtremeVulnerableDriver by analyzing the binary. The control flow varies between the binary and source due to compiler optimizations. This results in a situation where only a few IOCTL codes in the assembly are represented as a constant with the remaining being computed at runtime.
The code in hevd_ioctl.py is a approximation of the control flow of the compiled IrpDeviceIoCtlHandler function. The effects of the compiler optimization are more pronounced when comparing this code to the original C function. To comply with requirements of the PyExZ3 module, the target function is named after the script's filename, and the `ex

  
## afl-pause.sh
#!/bin/sh
#
# american fuzzy lop - pause a set of fuzzers
# --------------------------------------
#
# By @rantyben, based on afl-whatsup, which is:
# Written and maintained by Michal Zalewski <lcamtuf@google.com>
#
# Copyright 2015 Google Inc. All rights reserved.
#

## LaunchWinAFL.java
// Launch WinAFL with current function as hook location
//@author richinseattle
//@category _NEW_
//@keybinding
//@menupath
//@toolbar

// Usage:
// Install DynamoRIO and WinAFL
// Add LaunchWinAFL to Ghidra scripts

## Time Travel Debugging Notes.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fuzzamos
                / Time Travel Debugging Notes.md
            
            
              Created
              May 25, 2019 11:55
                — forked from richinseattle/Time Travel Debugging Notes.md
            
          
    History

http://jakob.engbloms.se/archives/1554
“Debugging Operating Systems with Time-Traveling Virtual Machines“ 2005. Samuel King, George Dunlap, and Peter Chen,
- paper - https://www.usenix.org/legacy/events/usenix05/tech/general/king.html
- nice list of example bugs for which reverse debugging work much better than cyclic debugging.
“Framework for Instruction-level Tracing and Analysis of Program Executions“, Virtual Execution Environments (VEE), 2006. Sanjay Bhansali, Wen-Ke Chen, Stuart de Jong, Andrew Edwards, Ron Murray, Milenko Drinic, Darek Mihocka, and Joe Chau,

iDNA paper - https://www.usenix.org/legacy/events/vee06/full_papers/p154-bhansali.pdf


“Don’t Panic: Reverse Debugging of Kernel Drivers“. 2015. Pavel Dovgalyuk, Denis Dmitriev, and Vladimir Makarov,

An approach using record-replay of hardware interactions from an OS running inside a Qemu virtual amachine,


Paper - https://dl.acm.org/citation.cfm?doid=2786805.2803179


## ghidra_processor_docs_downloader.py
#!/usr/bin/env python
# vim: tabstop=4:softtabstop=4:shiftwidth=4:expandtab:

import os
import requests
import sys

docs = {
    '68000': {
        'M68000PRM.pdf': 'https://www.nxp.com/files-static/archives/doc/ref_manual/M68000PRM.pdf',

## Ghidra Notes.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fuzzamos
                / Ghidra Notes.md
            
            
              Created
              May 25, 2019 11:55
                — forked from richinseattle/Ghidra Notes.md
            
          
    Choco Install
Install Choco
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

Install Ghidra 9.0.2
choco install ghidra


## vlc_harness.c
/*
VLC harness

sudo apt-get install libvlc-dev
gcc fuzz-harness-vlc.c -l vlc -o fuzz-harness-vlc

*/

#include <stdio.h>
#include <vlc/vlc.h>
	Index: server/main.c
	===================================================================
	--- server/main.c (revision 1794475)
	+++ server/main.c (working copy)
	@@ -434,11 +434,157 @@
	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
	" -X : debug mode (only one worker, do not detach)");

	- destroy_and_exit_process(process, 1);
	+ destroy_and_exit_process(process, 0);
	Index: server/main.c
	===================================================================
	--- server/main.c (revision 1794194)
	+++ server/main.c (working copy)
	@@ -371,7 +371,11 @@
	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
	" -c \"directive\" : process directive after reading "
	"config files");
	+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
	+ " -F : hackish file to read as request "
	#!/bin/bash

	PREFIX="${PREFIX:-/usr/local/apache_clean}"

	echo -e " \e[32mAPR"
	echo
	echo "Running apr with: c-compiler:$CC $CFLAGS c++-compiler:$CXX $CXXFLAGS"
	sleep 2
	cd apr-1* && ./configure --prefix="$PREFIX" && apr=$(pwd) && make clean && make -j4 && sudo make install && cd ..
	#!/bin/sh
	#
	# american fuzzy lop - pause a set of fuzzers
	# --------------------------------------
	#
	# By @rantyben, based on afl-whatsup, which is:
	# Written and maintained by Michal Zalewski <lcamtuf@google.com>
	#
	# Copyright 2015 Google Inc. All rights reserved.
	#
	// Launch WinAFL with current function as hook location
	//@author richinseattle
	//@category _NEW_
	//@keybinding
	//@menupath
	//@toolbar

	// Usage:
	// Install DynamoRIO and WinAFL
	// Add LaunchWinAFL to Ghidra scripts
	#!/usr/bin/env python
	# vim: tabstop=4:softtabstop=4:shiftwidth=4:expandtab:

	import os
	import requests
	import sys

	docs = {
	'68000': {
	'M68000PRM.pdf': 'https://www.nxp.com/files-static/archives/doc/ref_manual/M68000PRM.pdf',
	/*
	VLC harness

	sudo apt-get install libvlc-dev
	gcc fuzz-harness-vlc.c -l vlc -o fuzz-harness-vlc

	*/

	#include <stdio.h>
	#include <vlc/vlc.h>