1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
// MIT License, Copyright (c) 2021 Marvin Borner
#include "test.h"
#include <def.h>
#include <print.h>
#include <rand.h>
#include <sys.h>
// TODO: Make syscall fuzzer actually useful
#define FUZZ_COUNT 1000
static res syscall(enum sys num, int d1, int d2, int d3, int d4, int d5)
{
int a;
__asm__ volatile("int $0x80"
: "=a"(a)
: "0"(num), "b"((int)d1), "c"((int)d2), "d"((int)d3), "S"((int)d4),
"D"((int)d5));
return a;
}
static u8 sys_bad_call(enum sys num)
{
return num == SYS_EXIT || num == SYS_EXEC;
}
static enum sys sys_random_call(void)
{
u32 num;
do {
num = rand_range(SYS_MIN, SYS_MAX);
} while (sys_bad_call(num));
return num;
}
void fuzz(void)
{
u32 cnt = FUZZ_COUNT;
while (cnt) {
enum sys num = sys_random_call();
u32 d1 = rand();
u32 d2 = rand();
u32 d3 = rand();
u32 d4 = rand();
u32 d5 = rand();
log("%d: %d\n", num, syscall(num, d1, d2, d3, d4, d5));
cnt--;
}
log("Fuzzer: OK!\n");
}
|