Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libdft64 terminates early? #9

Open
deekshadangwal opened this issue Mar 20, 2019 · 5 comments
Open

libdft64 terminates early? #9

deekshadangwal opened this issue Mar 20, 2019 · 5 comments

Comments

@deekshadangwal
Copy link

I'm trying to use libdft-dta tool for taint tracking. But, I'm having issues with running it with flags. This is the command I'm using:

$PIN_HOME/pin -follow_execv -t $DFT_HOME/tools/libdft-dta.so -s 1 -- ./hw.o

Here is hw.c:

#include <stdio.h>

int main () {
   char str1[20], str2[30];

   printf("Enter name: ");
   scanf("%s", str1);

   printf("Enter your website name: ");
   scanf("%s", str2);

   printf("Entered Name: %s\n", str1);
   printf("Entered Website:%s", str2);
   
   return(0);
}

compiled with:
gcc hw.c -o hw.o

However, cmp.out and lea.out are empty. pintool.log says "died":

Pin: pin-3.7-97619-0d0c92f4f
Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
 died

It does not even prompt me for stdin as per hw.c.

However, when not using the -s 1 flag, it prompt me for stdin as expected and the pintool.log looks like it ran (?):

Pin: pin-3.7-97619-0d0c92f4f
Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
 In open
 in_dtracker_whitelist /etc/ld.so.cache
 Info ignoring fd 3
 In mmap 3 0
 close 3
 In open
 in_dtracker_whitelist /lib/x86_64-linux-gnu/libc-2.27.so
 Info ignoring fd 3
 In mmap -1 0
 In mmap 3 0
 In mmap 3 1994752
 In mmap -1 0
 close 3

But, pin.log reports "missing application":

Pin: pin-3.7-97619-0d0c92f4f
Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
E:  Missing application name

Also, cmp.out and lea.out are empty.

Any ideas? Thanks in advance!
@marekzmyslowski
Copy link

The libdft-dta.so from the vuzzer64 directory doesn't support the -s option - that is why it always dies. The pin.log is created when the PIN generates error. Before you run the application please delete the file.
I'm also facing the same problem. Both files are empty and I don't know why.

@tosanjay
Copy link
Collaborator

have a look at run_2.sh to understand how to call it separately.

@deekshadangwal
Copy link
Author

@tosanjay Thanks for your response! Is there a description of the -x flag somewhere? Is there some example usage for run_2.sh? I'm not sure what the inputs are here.

Also, if -s 1 is not supported, is there some other way to mark "tainted data" in this version of libdft64?

@tosanjay
Copy link
Collaborator

$PIN_ROOT/pin -t libdft-dta.so -filename $2 -x $3 -- $1

If you look at the function execute2 in runfuzzer.py, you can derive that

$2= name of the file which is input to the program (taint source)
$1= commandline to invoke your program
$3= 0 (default but you can set some other value)

@deekshadangwal
Copy link
Author

Thanks @tosanjay, this works! I am trying to also print out the instruction trace with a tainted/not tainted tag alongside it. Is there a function I could use/expand to do that? If not, did you have some idea as to what part of the api I should start looking at first?

Thanks again!

@Ricardo-609 Ricardo-609 mentioned this issue Dec 25, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marekzmyslowski @tosanjay @deekshadangwal