-
Notifications
You must be signed in to change notification settings - Fork 3
/
HACKING
68 lines (52 loc) · 2.27 KB
/
HACKING
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
modifying / patching sfuzz
code flow:
main(argc,argv)
initialize option block
process_opts(argc, argv, option block)
starting at the end of argv[] for each value
if it starts with a - pass it to process_opt_str
process_opt_str sets option_block variables based on the different
characters it reads from the option string
otherwise, update glabal variable lastarg
read_config
read a line (CR or LF define the end of a line here)
if the line is endcfg, return
if the line is include, save the current file info state
recurse to read_config
restore old state
otherwise, continue reading options and updating the option block
execute fuzz
for each array
for each array element
execute single case
execute single case
read a line (ignoring CR)
if the line is not -- or c- then add it to the buffer
after getting a -- or c-, check to see if there's a FUZZ keword
if not call fuzz()
for each array, replace ARRAYNAME with ARRAYCURRENTVAL
for each literal, replace FUZZ and call fuzz()
for each sequence, replace FUZZ with a step'd amount of sequence, and call
fuzz()
fuzz() - replaces static symbols and then calls the appropriate output
function
end
sfuzz.c
contains main, process_opts, process_opt_str, sanity, print_version, print_help,
dump_options,
file-utils.c
contains readLine, read_config, add_symbol, add_sequence, add_literal,
file_error, processFileLine
os-abs.c
contains get_time_as_log, atoip, process_error, mssleep, os_send_tcp,
os_send_udp, isws, strrepl, smemrepl, all of the windows support
functions
snoop.c
contains a lightweight sniffer for linux
plugin hacking:
Read plugin.txt for a primer/cookbook on plugin writing for sfuzz. A good
thing to understand is that running a plugin from an untrusted source is
the same as running an untrusted binary - don't do it! Especially as root.
Most of the hooks can be found by searching for all the dereferences of
g_plugin (which is a "plugin_provisor" object). The definitions can be found
in file-utils.c and sfuzz-plugin.h