Release the first prototype

Author: jchoi2022

.gitignore

@@ -0,0 +1,22 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# Build results
+build/
+bin/
+obj/
+
+# Visual Studio 2015 cache/options directory
+.vs/
+# Visual Studio Code directory
+.vscode/
+
+#etc
+Instrumentor/sparsehash/sparsehash-2.0.3
+Instrumentor/sparsehash/sparsehash-2.0.3.tar.gz
+Instrumentor/sparsehash/.compiled
+Instrumentor/qemu/qemu-2.3.0*
+Instrumentor/qemu/.compiled
+*.swp
+*.bin
+box

Eclipser.sln

@@ -0,0 +1,34 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26124.0
+MinimumVisualStudioVersion = 15.0.26124.0
+Project("{F2A71F9B-5D33-465A-A702-920D77279786}") = "Eclipser", "src\Eclipser.fsproj", "{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Debug|x64.ActiveCfg = Debug|x64
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Debug|x64.Build.0 = Debug|x64
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Debug|x86.ActiveCfg = Debug|x86
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Debug|x86.Build.0 = Debug|x86
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Release|x64.ActiveCfg = Release|x64
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Release|x64.Build.0 = Release|x64
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Release|x86.ActiveCfg = Release|x86
+		{D4004E4F-AB8A-4177-8B83-FA6F0B2AA8C1}.Release|x86.Build.0 = Release|x86
+	EndGlobalSection
+EndGlobal

Instrumentor/qemu/build_qemu_support.sh

@@ -0,0 +1,262 @@
+#!/bin/sh
+#
+# QEMU build script for Eclipser's instrumentation
+#
+# Modified codes from AFL's QEMU mode (original license below).
+# --------------------------------------
+#
+# Written by Andrew Griffiths <agriffiths@google.com> and
+#            Michal Zalewski <lcamtuf@google.com>
+#
+# Copyright 2015, 2016 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+
+build_qemu () {
+    if [ $2 = "x86" ]; then
+        CPU_TARGET="i386"
+    elif [ $2 = "x64" ]; then
+        CPU_TARGET="x86_64"
+    else
+        echo "Invalid CPU architecture provided"
+        exit 0
+    fi
+
+    echo "[*] Configuring QEMU for $CPU_TARGET..."
+
+    cd qemu-2.3.0-$1-$2 || exit 1
+
+    CFLAGS="-O3" ./configure --disable-system --enable-linux-user \
+      --enable-guest-base --disable-gtk --disable-sdl --disable-vnc \
+      --target-list="${CPU_TARGET}-linux-user" || exit 1
+
+    echo "[+] Configuration complete."
+
+    echo "[*] Attempting to build QEMU (fingers crossed!)..."
+
+    make || exit 1
+
+    echo "[+] Build process successful!"
+
+    echo "[*] Copying binary..."
+    cp -f "${CPU_TARGET}-linux-user/qemu-${CPU_TARGET}" "../qemu-trace" || exit 1
+    cd ..
+}
+
+QEMU_URL="https://download.qemu.org/qemu-2.3.0.tar.bz2"
+QEMU_SHA384="7a0f0c900f7e2048463cc32ff3e904965ab466c8428847400a0f2dcfe458108a68012c4fddb2a7e7c822b4fd1a49639b"
+
+echo "========================================="
+echo "Chatkey instrumentation QEMU build script"
+echo "========================================="
+echo
+
+echo "[*] Performing basic sanity checks..."
+
+if [ ! "`uname -s`" = "Linux" ]; then
+
+  echo "[-] Error: QEMU instrumentation is supported only on Linux."
+  exit 1
+
+fi
+
+if [ ! -f "patches-pathcov/chatkey.cc" -o ! -f "patches-syscall/chatkey.c" -o ! -f "patches-feedback/chatkey.c" ]; then
+
+  echo "[-] Error: key files not found - wrong working directory?"
+  exit 1
+
+fi
+
+for i in libtool wget python automake autoconf sha384sum bison iconv; do
+
+  T=`which "$i" 2>/dev/null`
+
+  if [ "$T" = "" ]; then
+
+    echo "[-] Error: '$i' not found, please install first."
+    exit 1
+
+  fi
+
+done
+
+if [ ! -d "/usr/include/glib-2.0/" -a ! -d "/usr/local/include/glib-2.0/" ]; then
+
+  echo "[-] Error: devel version of 'glib2' not found, please install first."
+  exit 1
+
+fi
+
+echo "[+] All checks passed!"
+
+ARCHIVE="`basename -- "$QEMU_URL"`"
+
+CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1`
+
+if [ ! "$CKSUM" = "$QEMU_SHA384" ]; then
+
+  echo "[*] Downloading QEMU 2.3.0 from the web..."
+  rm -f "$ARCHIVE"
+  wget -O "$ARCHIVE" -- "$QEMU_URL" || exit 1
+
+  CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1`
+
+fi
+
+if [ "$CKSUM" = "$QEMU_SHA384" ]; then
+
+  echo "[+] Cryptographic signature on $ARCHIVE checks out."
+
+else
+
+  echo "[-] Error: signature mismatch on $ARCHIVE (perhaps download error?)."
+  exit 1
+
+fi
+
+echo "[*] Uncompressing archive (this will take a while)..."
+
+rm -rf "qemu-2.3.0" || exit 1
+rm -rf "qemu-2.3.0-pathcov" || exit 1
+rm -rf "qemu-2.3.0-syscall" || exit 1
+rm -rf "qemu-2.3.0-feedback" || exit 1
+rm -rf "qemu-2.3.0-bbcount" || exit 1
+rm -rf "qemu-2.3.0-pathcov-x86" || exit 1
+rm -rf "qemu-2.3.0-pathcov-x64" || exit 1
+rm -rf "qemu-2.3.0-syscall-x86" || exit 1
+rm -rf "qemu-2.3.0-syscall-x64" || exit 1
+rm -rf "qemu-2.3.0-feedback-x86" || exit 1
+rm -rf "qemu-2.3.0-feedback-x64" || exit 1
+rm -rf "qemu-2.3.0-bbcount-x86" || exit 1
+rm -rf "qemu-2.3.0-bbcount-x64" || exit 1
+tar xf "$ARCHIVE" || exit 1
+
+echo "[+] Unpacking successful."
+
+echo "[*] Backup target files of patches-common/ (for later use)"
+cp qemu-2.3.0/linux-user/elfload.c qemu-2.3.0/linux-user/elfload.c.orig
+cp qemu-2.3.0/linux-user/linuxload.c qemu-2.3.0/linux-user/linuxload.c.orig
+cp qemu-2.3.0/linux-user/signal.c qemu-2.3.0/linux-user/signal.c.orig
+cp qemu-2.3.0/translate-all.c qemu-2.3.0/translate-all.c.orig
+cp qemu-2.3.0/scripts/texi2pod.pl qemu-2.3.0/scripts/texi2pod.pl.orig
+cp qemu-2.3.0/user-exec.c qemu-2.3.0/user-exec.c.orig
+
+echo "[*] Applying common patches..."
+patch -p0 <patches-common/elfload.diff || exit 1
+patch -p0 <patches-common/linuxload.diff || exit 1
+patch -p0 <patches-common/signal.diff || exit 1
+patch -p0 <patches-common/translate-all.diff || exit 1
+patch -p0 <patches-common/texi2pod.diff || exit 1
+patch -p0 <patches-common/user-exec.diff || exit 1
+
+cp -r "qemu-2.3.0" "qemu-2.3.0-pathcov"
+cp -r "qemu-2.3.0" "qemu-2.3.0-syscall"
+cp -r "qemu-2.3.0" "qemu-2.3.0-feedback"
+cp -r "qemu-2.3.0" "qemu-2.3.0-bbcount"
+
+### Patch for pathcov tracer
+
+echo "[*] Applying patches for pathcov..."
+
+patch -p0 <patches-pathcov/syscall.diff || exit 1
+patch -p0 <patches-pathcov/cpu-exec.diff || exit 1
+patch -p0 <patches-pathcov/exec-all.diff || exit 1
+patch -p0 <patches-pathcov/translate.diff || exit 1
+patch -p0 <patches-pathcov/makefile-target.diff || exit 1
+cp patches-pathcov/chatkey.cc qemu-2.3.0-pathcov/
+cp patches-pathcov/afl-qemu-cpu-inl.h qemu-2.3.0-pathcov/
+cp patches-pathcov/chatkey-utils.h qemu-2.3.0-pathcov/
+
+echo "[+] Patching done."
+
+### Patch for syscall tracer
+
+echo "[*] Applying patches for syscall..."
+
+patch -p0 <patches-syscall/cpu-exec.diff || exit 1
+patch -p0 <patches-syscall/syscall.diff || exit 1
+patch -p0 <patches-syscall/makefile-objs.diff || exit 1
+cp patches-syscall/chatkey.c qemu-2.3.0-syscall/linux-user/
+
+echo "[+] Patching done."
+
+### Patch for feedback tracer
+
+echo "[*] Applying patches for feedback..."
+
+patch -p0 <patches-feedback/cpu-exec.diff || exit 1
+patch -p0 <patches-feedback/syscall.diff || exit 1
+patch -p0 <patches-feedback/makefile-target.diff || exit 1
+patch -p0 <patches-feedback/translate.diff || exit 1
+patch -p0 <patches-feedback/tcg-target.diff || exit 1
+patch -p0 <patches-feedback/tcg-op.diff || exit 1
+patch -p0 <patches-feedback/tcg-opc.diff || exit 1
+patch -p0 <patches-feedback/tcg.diff || exit 1
+patch -p0 <patches-feedback/optimize.diff || exit 1
+cp patches-feedback/chatkey.c qemu-2.3.0-feedback/tcg/
+cp patches-feedback/afl-qemu-cpu-inl.h qemu-2.3.0-feedback/
+
+echo "[+] Patching done."
+
+### Patch for basic block count tracer
+
+echo "[*] Applying patches for bbcount..."
+
+patch -p0 <patches-bbcount/syscall.diff || exit 1
+patch -p0 <patches-bbcount/cpu-exec.diff || exit 1
+patch -p0 <patches-bbcount/makefile-target.diff || exit 1
+patch -p0 <patches-bbcount/makefile-objs.diff || exit 1
+patch -p0 <patches-bbcount/main.diff || exit 1
+cp patches-bbcount/chatkey.cc qemu-2.3.0-bbcount/linux-user/
+echo "[+] Patching done."
+
+### Copy directories, one for x86 and the other for x64
+
+cp -r "qemu-2.3.0-pathcov" "qemu-2.3.0-pathcov-x86"
+mv "qemu-2.3.0-pathcov" "qemu-2.3.0-pathcov-x64"
+cp -r "qemu-2.3.0-syscall" "qemu-2.3.0-syscall-x86"
+mv "qemu-2.3.0-syscall" "qemu-2.3.0-syscall-x64"
+cp -r "qemu-2.3.0-feedback" "qemu-2.3.0-feedback-x86"
+mv "qemu-2.3.0-feedback" "qemu-2.3.0-feedback-x64"
+cp -r "qemu-2.3.0-bbcount" "qemu-2.3.0-bbcount-x86"
+mv "qemu-2.3.0-bbcount" "qemu-2.3.0-bbcount-x64"
+
+### Build QEMU tracers
+
+build_qemu pathcov x86
+mv "./qemu-trace" "../../build/qemu-trace-pathcov-x86" || exit 1
+echo "[+] Successfully created 'qemu-trace-pathcov-x86'."
+
+build_qemu pathcov x64
+mv "./qemu-trace" "../../build/qemu-trace-pathcov-x64" || exit 1
+echo "[+] Successfully created 'qemu-trace-pathcov-x64'."
+
+build_qemu syscall x86
+mv "./qemu-trace" "../../build/qemu-trace-syscall-x86" || exit 1
+echo "[+] Successfully created 'qemu-trace-syscall-x86'."
+
+build_qemu syscall x64
+mv "./qemu-trace" "../../build/qemu-trace-syscall-x64" || exit 1
+echo "[+] Successfully created 'qemu-trace-syscall-x64'."
+
+build_qemu feedback x86
+mv "./qemu-trace" "../../build/qemu-trace-feedback-x86" || exit 1
+echo "[+] Successfully created 'qemu-trace-feedback-x86'."
+
+build_qemu feedback x64
+mv "./qemu-trace" "../../build/qemu-trace-feedback-x64" || exit 1
+echo "[+] Successfully created 'qemu-trace-feedback-x64'."
+
+build_qemu bbcount x86
+mv "./qemu-trace" "../../build/qemu-trace-bbcount-x86" || exit 1
+echo "[+] Successfully created 'qemu-trace-bbcount-x86'."
+
+build_qemu bbcount x64
+mv "./qemu-trace" "../../build/qemu-trace-bbcount-x64" || exit 1
+echo "[+] Successfully created 'qemu-trace-bbcount-x64'."
+
+exit 0

Instrumentor/qemu/gen_bbcount_patch.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+cp -r qemu-2.3.0-bbcount-x64 qemu-2.3.0-bbcount
+
+cp qemu-2.3.0-bbcount/chatkey.cc ./patches-bbcount/chatkey.cc
+
+cp qemu-2.3.0/linux-user/syscall.c qemu-2.3.0-bbcount/linux-user/syscall.c.orig
+diff -Naur qemu-2.3.0-bbcount/linux-user/syscall.c.orig qemu-2.3.0-bbcount/linux-user/syscall.c > patches-bbcount/syscall.diff
+
+cp qemu-2.3.0/cpu-exec.c qemu-2.3.0-bbcount/cpu-exec.c.orig
+diff -Naur qemu-2.3.0-bbcount/cpu-exec.c.orig qemu-2.3.0-bbcount/cpu-exec.c > patches-bbcount/cpu-exec.diff
+
+cp qemu-2.3.0/Makefile.target qemu-2.3.0-bbcount/Makefile.target.orig
+diff -Naur qemu-2.3.0-bbcount/Makefile.target.orig qemu-2.3.0-bbcount/Makefile.target > patches-bbcount/makefile-target.diff
+
+cp qemu-2.3.0/linux-user/Makefile.objs qemu-2.3.0-bbcount/linux-user/Makefile.objs.orig
+diff -Naur qemu-2.3.0-bbcount/linux-user/Makefile.objs.orig qemu-2.3.0-bbcount/linux-user/Makefile.objs > patches-bbcount/makefile-objs.diff
+
+cp qemu-2.3.0/linux-user/main.c qemu-2.3.0-bbcount/linux-user/main.c.orig
+diff -Naur qemu-2.3.0-bbcount/linux-user/main.c.orig qemu-2.3.0-bbcount/linux-user/main.c > patches-bbcount/main.diff
+
+rm -rf qemu-2.3.0 qemu-2.3.0-bbcount

Instrumentor/qemu/gen_feedback_patch.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+cp qemu-2.3.0-feedback/tcg/chatkey.c ./patches-feedback/chatkey.c
+
+cp qemu-2.3.0-feedback/afl-qemu-cpu-inl.h ./patches-feedback/afl-qemu-cpu-inl.h
+
+cp qemu-2.3.0/target-i386/translate.c qemu-2.3.0-feedback/target-i386/translate.c.orig
+diff -Naur qemu-2.3.0-feedback/target-i386/translate.c.orig qemu-2.3.0-feedback/target-i386/translate.c > patches-feedback/translate.diff
+
+cp qemu-2.3.0/cpu-exec.c qemu-2.3.0-feedback/cpu-exec.c.orig
+diff -Naur qemu-2.3.0-feedback/cpu-exec.c.orig qemu-2.3.0-feedback/cpu-exec.c > patches-feedback/cpu-exec.diff
+
+cp qemu-2.3.0/linux-user/syscall.c qemu-2.3.0-feedback/linux-user/syscall.c.orig
+diff -Naur qemu-2.3.0-feedback/linux-user/syscall.c.orig qemu-2.3.0-feedback/linux-user/syscall.c > patches-feedback/syscall.diff
+
+cp qemu-2.3.0/Makefile.target qemu-2.3.0-feedback/Makefile.target.orig
+diff -Naur qemu-2.3.0-feedback/Makefile.target.orig qemu-2.3.0-feedback/Makefile.target > patches-feedback/makefile-target.diff
+
+cp qemu-2.3.0/tcg/tcg-opc.h qemu-2.3.0-feedback/tcg/tcg-opc.h.orig
+diff -Naur qemu-2.3.0-feedback/tcg/tcg-opc.h.orig qemu-2.3.0-feedback/tcg/tcg-opc.h > patches-feedback/tcg-opc.diff
+
+cp qemu-2.3.0/tcg/tcg-op.h qemu-2.3.0-feedback/tcg/tcg-op.h.orig
+diff -Naur qemu-2.3.0-feedback/tcg/tcg-op.h.orig qemu-2.3.0-feedback/tcg/tcg-op.h > patches-feedback/tcg-op.diff
+
+cp qemu-2.3.0/tcg/i386/tcg-target.c qemu-2.3.0-feedback/tcg/i386/tcg-target.c.orig
+diff -Naur qemu-2.3.0-feedback/tcg/i386/tcg-target.c.orig qemu-2.3.0-feedback/tcg/i386/tcg-target.c > patches-feedback/tcg-target.diff
+
+cp qemu-2.3.0/tcg/tcg.h qemu-2.3.0-feedback/tcg/tcg.h.orig
+diff -Naur qemu-2.3.0-feedback/tcg/tcg.h.orig qemu-2.3.0-feedback/tcg/tcg.h > patches-feedback/tcg.diff
+
+cp qemu-2.3.0/tcg/optimize.c qemu-2.3.0-feedback/tcg/optimize.c.orig
+diff -Naur qemu-2.3.0-feedback/tcg/optimize.c.orig qemu-2.3.0-feedback/tcg/optimize.c > patches-feedback/optimize.diff

Instrumentor/qemu/gen_pathcov_patch.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+cp qemu-2.3.0-pathcov/chatkey.cc ./patches-pathcov/chatkey.cc
+
+cp qemu-2.3.0-pathcov/afl-qemu-cpu-inl.h ./patches-pathcov/afl-qemu-cpu-inl.h
+
+cp qemu-2.3.0-pathcov/chatkey-utils.h ./patches-pathcov/chatkey-utils.h
+
+cp qemu-2.3.0/linux-user/syscall.c qemu-2.3.0-pathcov/linux-user/syscall.c.orig
+diff -Naur qemu-2.3.0-pathcov/linux-user/syscall.c.orig qemu-2.3.0-pathcov/linux-user/syscall.c > patches-pathcov/syscall.diff
+
+cp qemu-2.3.0/target-i386/translate.c qemu-2.3.0-pathcov/target-i386/translate.c.orig
+diff -Naur qemu-2.3.0-pathcov/target-i386/translate.c.orig qemu-2.3.0-pathcov/target-i386/translate.c > patches-pathcov/translate.diff
+
+cp qemu-2.3.0/cpu-exec.c qemu-2.3.0-pathcov/cpu-exec.c.orig
+diff -Naur qemu-2.3.0-pathcov/cpu-exec.c.orig qemu-2.3.0-pathcov/cpu-exec.c > patches-pathcov/cpu-exec.diff
+
+cp qemu-2.3.0/Makefile.target qemu-2.3.0-pathcov/Makefile.target.orig
+diff -Naur qemu-2.3.0-pathcov/Makefile.target.orig qemu-2.3.0-pathcov/Makefile.target > patches-pathcov/makefile-target.diff
+
+cp qemu-2.3.0/include/exec/exec-all.h ./qemu-2.3.0-pathcov/include/exec/exec-all.h.orig
+diff -Naur qemu-2.3.0-pathcov/include/exec/exec-all.h.orig qemu-2.3.0-pathcov/include/exec/exec-all.h > patches-pathcov/exec-all.diff