-
Notifications
You must be signed in to change notification settings - Fork 116
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BDDISASM v2.1.0 release - please consult the CHANGELOG for details ab…
…out the modifications.
- Loading branch information
Showing
132 changed files
with
303,153 additions
and
112,057 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| # Changelog | ||
|
|
||
| All notable (user-facing) changes to this project will be documented in this file. | ||
|
|
||
| The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). | ||
|
|
||
|
|
||
|
|
||
| ## [2.1.0] - 2024-02-20 | ||
|
|
||
| ### Added | ||
| - Support in bddisasm for Intel REX2 prefix. | ||
| - Support in bddisasm for Intel APX extensions. | ||
| - Support in bddisasm for Intel USERMSR extensions. | ||
| - Support in bddisasm for prefix activation fields inside `INSTRUX` - these fields can be consulted to determine whether a particular prefix is present, accepted & active. | ||
| - New feature in bdshemu: `SHEMU_OPT_DIRECT_MAPPED_SHELL` - allows emulation with a smaller `IntBuff` at the cost of not having `WRITE_SELF` detections. The shellcode can be provided directly from its original location, without the need to allocate it in a dedicated memory region. | ||
| - New feature in bdshemu: `SHEMU_OPT_TRACK_LOOPS` - loops can now be tracked by bdshemu. `SHEMU_OPT_TRACE_LOOPS` can be used to log loop information. | ||
| - Support in bdshemu for APX instructions (both REX2 and EVEX encoded instructions) - the new `SHEMU_OPT_SUPPORT_APX` must be set in order to enable APX emulation. | ||
|
|
||
| ### Changed | ||
| - Reduced the size of the `INSTRUX` structure from 856 bytes to 488 bytes (almost -43%!). | ||
| - Increased decoding performance from average 300 clocks/instruction to average 235 clocks/instruction (almost +20%!). | ||
| - New decode options - do not decode implicit operands - this further increases performance from average 235 clocks/instruction to 200 clocks/instruction (almost +15%!). | ||
| - Re-worked the Python scripts - both `disasmlib.py` and `generate_tables.py` have been significantly reworked, improving readability, and making them more efficient. | ||
| - `disasmtool` builds on Linux. | ||
|
|
||
| ### Removed | ||
| - Support for Cyrix & VIA instructions - only current Intel & AMD instructions remain supported. | ||
| - disasmtool_lix has been removed. `disasmtool` is available on Linux as well. | ||
|
|
||
| ### Breaking changes | ||
|
|
||
| #### Inside INSTRUX | ||
| - Removed `Iclass` field - it was aliased over `Instruction` field, which must be used from now on. | ||
| - Removed `OperandsEncodingMap` field - one can consult the `Encoding` field in each operand to determine the encoding. | ||
| - Removed `ExceptionClass` field - only `ExceptionType` remains, which contains an enum with all the exception types. | ||
| - Removed `Predicate` field - only `Condition` remains, which was aliased over `Predicate`. | ||
| - Removed `HasImm3`, `Immediate3`, `Imm3Length` and `Imm3Offset` fields, as they were not used/needed. | ||
| - Removed `Bhint`, `SseCondition`, `SignDisp` fields, as they were not used. | ||
| - Moved `FlagsAccess.RegAccess` outside and renamed it to `RflAccess`, to save more space. | ||
| - Switched from `char Mnemonic[32]` to `const char *Mnemonic` - this decreases INSTRUX size by almost 32 bytes, and increases perf. | ||
|
|
||
| #### Inside ND_OPERAND | ||
| - Removed `RawSize` - in most cases, `Size` and `RawSize` are identical; the only case where they might differ is for `Immediate` and `RelativeOffset` operands - in that case, one can consult the `RawSize` field in `Immediate` or `RelativeOffset`. | ||
|
|
||
| #### Inside ND_OPERAND_DECORATOR | ||
| - Removed `Broadcast` field, moved it inside `ND_OPDESC_MEMORY`. | ||
| - Removed `HasSae`, `HasEr` - they are per instruction, not per operand, and can be consulted directly inside `INSTRUX`. | ||
| - Moved `Msk` one level up, inside the `ND_OPERAND_DECORATOR` structure. | ||
|
|
||
| #### Defines & constants | ||
| - Removed `ND_PRED_*` defines - search & replace them with `ND_COND_*`. | ||
| - Removed `ND_HAS_PREDICATE` - use `ND_HAS_CONDITION` instead. | ||
| - Removed `ND_VEND_GEODE` and `ND_VEND_CYRIX`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,118 @@ | ||
| FROM ubuntu:22.04 as build | ||
|
|
||
| WORKDIR /bddfuzz | ||
|
|
||
| # Install everything we need to build AFL++ and honggfuzz and bdshemu | ||
| # We install both clang-13 and clang-15 because honggfuzz does not support newer versions of clang, but AFL++ wants | ||
| # the latest version so it is what it is | ||
| RUN apt-get update && apt-get install -y \ | ||
| cmake make git \ | ||
| binutils-dev \ | ||
| libunwind-dev \ | ||
| libblocksruntime-dev \ | ||
| clang-13 \ | ||
| clang-15 \ | ||
| llvm-15 llvm-15-dev llvm-15-linker-tools llvm-15-runtime llvm-15-tools lld-15 | ||
|
|
||
| # Cleanup | ||
| RUN apt-get clean && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| RUN mkdir /bddfuzz/fuzzers | ||
|
|
||
| # Build and install AFL++ | ||
| RUN cd /bddfuzz/fuzzers && git clone https://github.com/AFLplusplus/AFLplusplus.git | ||
| RUN cd /bddfuzz/fuzzers/AFLplusplus && \ | ||
| CC=clang-15 CXX=clang++-15 make source-only install LLVM_CONFIG=llvm-config-15 NO_NYX=1 | ||
|
|
||
| # Build and install honggfuzz | ||
| RUN cd /bddfuzz/fuzzers && git clone --depth 1 --branch 2.5 https://github.com/google/honggfuzz.git | ||
| RUN cd /bddfuzz/fuzzers/honggfuzz && make install | ||
|
|
||
| # Remove the fuzzer source files as we no longer need them | ||
| RUN cd /bddfuzz/fuzzers/AFLplusplus && git clean -dxf && git clean -dXf && rm -rf /bddfuzz/fuzzers/AFLplusplus | ||
| RUN rm -rf /bddfuzz/fuzzers/honggfuzz | ||
| RUN rm -rf /bddfuzz/fuzzers/ | ||
|
|
||
| ENV SRC /bddfuzz/src/ | ||
|
|
||
| # Copy the relevant bddisasm sources | ||
| RUN mkdir "${SRC}" | ||
|
|
||
| COPY CMakeLists.txt "${SRC}"/CMakeLists.txt | ||
| COPY bddisasm.pc.in "${SRC}"/bddisasm.pc.in | ||
| COPY bddisasmConfig.cmake "${SRC}"/bddisasmConfig.cmake | ||
| COPY bddisasm "${SRC}"/bddisasm | ||
| COPY bdshemu "${SRC}"/bdshemu | ||
| COPY bdshemu_fuzz "${SRC}"/bdshemu_fuzz | ||
| COPY inc "${SRC}"/inc | ||
|
|
||
| # Now build all the variants | ||
| RUN mkdir build | ||
|
|
||
| # Build for AFL++ with afl-clang-lto | ||
| RUN mkdir /bddfuzz/build/afllto && cd /bddfuzz/build/afllto && \ | ||
| cmake "${SRC}" -DCMAKE_C_COMPILER=afl-clang-lto -DCMAKE_CXX_COMPILER=afl-clang-lto++ \ | ||
| -DCMAKE_BUILD_TYPE=Releaase \ | ||
| -DBDD_INCLUDE_TOOL=OFF -DBDD_INCLUDE_ISAGENERATOR_X86=OFF \ | ||
| -DBDD_INCLUDE_FUZZERS=ON && \ | ||
| make shfuzz | ||
|
|
||
| # Build for honggfuzz | ||
| RUN mkdir /bddfuzz/build/hfuzz && cd /bddfuzz/build/hfuzz && \ | ||
| cmake "${SRC}" -DCMAKE_C_COMPILER=hfuzz-clang -DCMAKE_CXX_COMPILER=hfuzz-clang++ \ | ||
| -DCMAKE_BUILD_TYPE=Releaase \ | ||
| -DBDD_INCLUDE_TOOL=OFF -DBDD_INCLUDE_ISAGENERATOR_X86=OFF \ | ||
| -DBDD_INCLUDE_FUZZERS=ON && \ | ||
| make shfuzz | ||
|
|
||
| # Build for libfuzzer with ASAN and UBSAN | ||
| RUN mkdir /bddfuzz/build/san && cd /bddfuzz/build/san && \ | ||
| cmake "${SRC}" -DCMAKE_C_COMPILER=clang-15 -DCMAKE_CXX_COMPILER=clang-15++ \ | ||
| -DCMAKE_BUILD_TYPE=Releaase \ | ||
| -DBDD_INCLUDE_TOOL=OFF -DBDD_INCLUDE_ISAGENERATOR_X86=OFF \ | ||
| -DBDD_INCLUDE_FUZZERS=ON -DBDD_FUZZ_WITH_LOGS=ON \ | ||
| -DBDD_ASAN=ON -DBDD_UBSAN=ON && \ | ||
| make shfuzz | ||
|
|
||
| RUN rm -rf "${SRC}" | ||
|
|
||
| # Save the fuzzers | ||
| RUN mkdir /bddfuzz/shf && cd /bddfuzz/shf && \ | ||
| for d in /bddfuzz/build/*; do \ | ||
| mkdir ./`basename "${d}"` && \ | ||
| cp -v "${d}"/bdshemu_fuzz/shfuzz* ./`basename "${d}"`; \ | ||
| done | ||
|
|
||
| # Remove the build directory | ||
| RUN rm -rf build | ||
|
|
||
| FROM ubuntu:22.04 as run | ||
|
|
||
| WORKDIR /bddfuzz | ||
|
|
||
| # Copy the fuzzers from the build stage | ||
| COPY --from=build /bddfuzz/shf /bddfuzz/shf | ||
|
|
||
| # Copy AFL++ and honggfuzz binaries | ||
| COPY --from=build /usr/local/bin/afl-* /usr/local/bin/ | ||
| COPY --from=build /usr/local/bin/hfuzz-* /usr/local/bin/ | ||
| COPY --from=build /usr/local/bin/honggfuzz /usr/local/bin/ | ||
|
|
||
| RUN mkdir /bddfuzz/inputs | ||
| COPY bdshemu_fuzz/in-32 /bddfuzz/inputs/in-32 | ||
| COPY bdshemu_fuzz/in-64 /bddfuzz/inputs/in-64 | ||
|
|
||
| # Runtime dependencies for honggfuzz | ||
| RUN apt-get update && apt-get install -y binutils-dev libunwind-dev libblocksruntime-dev | ||
|
|
||
| # Cleanup | ||
| RUN apt-get clean && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # So we can share files between the host and the container (we don't want to loose the results when we stop the | ||
| # container). | ||
| ENV SHARE_DIR share | ||
|
|
||
| COPY bdshemu_fuzz/fuzzing_image_entrypoint.sh /bddfuzz/fuzzing_image_entrypoint.sh | ||
| RUN chmod +x /bddfuzz/fuzzing_image_entrypoint.sh | ||
|
|
||
| ENTRYPOINT ["/bddfuzz/fuzzing_image_entrypoint.sh"] |
Oops, something went wrong.