From 588ced7c320d61f28e57b10051b181d43c90e246 Mon Sep 17 00:00:00 2001
From: Ren Kimura <rkx1209dev@gmail.com>
Date: Thu, 14 Feb 2019 17:40:00 -0500
Subject: [PATCH 1/3] update README

---
 README.md | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 2c87338..05c0efe 100644
--- a/README.md
+++ b/README.md
@@ -11,21 +11,21 @@ Originally (in turn), this Project depends heavily on a  modified version of Dat
 Please see wikiHOWTO.md for a step-by-step procedure to run the VUzzer. This file also contains explanation for most of the options. Also read "datatemp/REDME-dataSet.md" for more information about the datasets and configurations that we used in original VUzzer paper. We have provided seed inputs for several applications in "datatemp" folder.
 
 
-#Requirements
+# Requirements
 -------------
 The requirements for running VUzzer64 are:
 
 *  A C++11 compiler and unix build utilities (e.g. GNU Make). 
-*  Version 2.13 of Intel Pin (yes, we still have this legacy dependency!!). 
-*  EWAGBoolArray: https://github.com/lemire/EWAHBoolArray/ - To install it in your system just copy headers file(https://github.com/lemire/EWAHBoolArray/tree/master/headers)
+*  Version 3.7 of Intel Pin. 
+*  EWAGBoolArray 0.4.0: https://github.com/lemire/EWAHBoolArray/releases/tag/0.4.0 - To install it in your system just copy headers file(/path/to/EWAHBoolArray-0.4.0/headers)
    in /usr/include folder.
 *  BitMagic: http://bmagic.sourceforge.net/ - To install it in your system do ```sudo apt-get install bmagic```
 *  BitVector module for python.
 *  IDA disassembler to run static analysis part of VUzzer. Ashley (a MS student from Grenoble) visited VUSec as intern and developed a 'angr' (http://angr.io/) based static analysis module. The code can be found at https://github.com/ash09/angr-static-analysis-for-vuzzer64 (yet to be populated!). However, it should be noted that we have not tested this script much and one can expect some glitches specially on large complex applications! If you have questions on this script, please direct them to Ashley.
 
-We have tested VUzzer by running it on Ubuntu 14.04 LTS, Linux 3.19.0.80 image. It should be noted that with kernel 4.x.y, Pin (2.13) gets panic. We recommend setting up the same environment to use VUzzer. We repeat kernel 4.x.y does not work. 
+We have tested VUzzer by running it on Ubuntu 18.04 LTS, Linux 4.15.0 image.   
 
-#Installation
+# Installation
 Follow the steps to install VUzzer64:
 ```sh
 0. cd vuzzer64
@@ -33,10 +33,9 @@ Follow the steps to install VUzzer64:
 2. export PIN_ROOT=path_to_pin_directory
 3. export DFT_HOME=$(pwd)/libdft64
 4. cd fuzzer-code
-5. make -f mymakefile
+5. make
 6. cd ../libdft64
 7. make
-8. make tools
 9. cd ..
 ```
 

From b68e51b7286c6b593d3413374051dd1e6e71155b Mon Sep 17 00:00:00 2001
From: Ren Kimura <rkx1209dev@gmail.com>
Date: Thu, 14 Feb 2019 17:41:02 -0500
Subject: [PATCH 2/3] Add library parameter to bbcount script

---
 fuzzer-code/config.py    |  3 ++-
 fuzzer-code/run_bb.sh    | 10 +++++++---
 fuzzer-code/runfuzzer.py |  7 ++++---
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/fuzzer-code/config.py b/fuzzer-code/config.py
index 825df8e..418f45a 100644
--- a/fuzzer-code/config.py
+++ b/fuzzer-code/config.py
@@ -26,6 +26,7 @@
 # and for taintflow pintoo
 PINTNT=mydir+"/obj-intel64/dtracker.so"
 
+LIBS=" "
 # set file path to read executed BBs and their respective frequencies
 BBOUT=mydir + "/outd/bbc.out"
 
@@ -86,7 +87,7 @@
 
 # this is the main command that is passed to run() function in runfuzzer.py
 
-BBCMD=["BBOUT=%s ./run_bb.sh" % BBOUT]
+BBCMD=["BBOUT=%s" % BBOUT, "LIBS=", "./run_bb.sh"]
 
 #PINTNTCMD=[PINHOME,"-follow_execv","-t", PINTNT,"-filename", "inputf","-stdout","0","--"]
 PINTNTCMD=["./run_2.sh"]
diff --git a/fuzzer-code/run_bb.sh b/fuzzer-code/run_bb.sh
index a15cc0a..e891b12 100755
--- a/fuzzer-code/run_bb.sh
+++ b/fuzzer-code/run_bb.sh
@@ -1,6 +1,10 @@
 #!/bin/bash
 if [ -z "$BBOUT" ]; then
-echo "You need to specify \$BBOUT"
-else
-$PIN_ROOT/pin -t ./obj-intel64/bbcounts2.so -o $BBOUT -- $@
+  echo "You need to specify \$BBOUT"
+  exit 1
 fi
+if [ "$LIBS" = "#" ]; then
+  $PIN_ROOT/pin -t ./obj-intel64/bbcounts2.so -o $BBOUT -libc 0 -- $@
+else
+  $PIN_ROOT/pin -t ./obj-intel64/bbcounts2.so -l $LIBS -o $BBOUT -libc 0 -- $@
+fi
\ No newline at end of file
diff --git a/fuzzer-code/runfuzzer.py b/fuzzer-code/runfuzzer.py
index 6cf1fb2..e86f5f4 100644
--- a/fuzzer-code/runfuzzer.py
+++ b/fuzzer-code/runfuzzer.py
@@ -657,7 +657,7 @@ def main():
     parser.add_argument('-n','--name', help='Path of the pickle file(s) containing strings from CMP inst (separated by comma if there are two).',required=True)
     parser.add_argument('-l','--libnum', help='Nunber of binaries to monitor (only application or used libraries)',required=False, default=1)
     parser.add_argument('-o','--offsets',help='base-address of application and library (if used), separated by comma', required=False, default='0x00000000')
-    parser.add_argument('-b','--libname',help='library name to monitor',required=False, default='')
+    parser.add_argument('-b','--libname',help='library name to monitor',required=False, default='#')
     args = parser.parse_args()
     config.SUT=args.sut
     config.INITIALD=os.path.join(config.INITIALD, args.inputd)
@@ -666,8 +666,9 @@ def main():
     config.LIBPICKLE=[w for w in args.weight.split(',')]
     config.NAMESPICKLE=[n for n in args.name.split(',')]
     config.LIBOFFSETS=[o for o in args.offsets.split(',')]
-    #ih=config.BBCMD.index("#") # this is just to find the index of the placeholder in BBCMD list to replace it with the libname
-    #config.BBCMD[ih]=args.libname
+    config.LIBS=args.libname
+    ih=config.BBCMD.index("LIBS=") # this is just to find the index of the placeholder in BBCMD list to replace it with the libname
+    config.BBCMD[ih]="LIBS=%s" % args.libname
 
     ###################################
 

From 9a912fbba512f6b2f2ac759a61d78735488c1cc1 Mon Sep 17 00:00:00 2001
From: Ren Kimura <rkx1209dev@gmail.com>
Date: Thu, 14 Feb 2019 17:56:51 -0500
Subject: [PATCH 3/3] Print correct log entry

---
 libdft64/syscall_desc.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libdft64/syscall_desc.cpp b/libdft64/syscall_desc.cpp
index 22bcc7f..e35253c 100644
--- a/libdft64/syscall_desc.cpp
+++ b/libdft64/syscall_desc.cpp
@@ -900,7 +900,7 @@ post_read_hook(THREADID tid, syscall_ctx_t *ctx)
 	nbytes = (uint32_t)ctx->ret;
 
 	int fd = ctx->arg[SYSCALL_ARG0];
-	LOG("Setting taint " + decstr(fd) + " " + decstr(nbytes) + "\n");
+
 	/*std::set<int>::iterator it;
 	for(it=fdset.begin();it!=fdset.end();it++){
 		LOG(decstr(*it) + "\n");
@@ -915,6 +915,7 @@ post_read_hook(THREADID tid, syscall_ctx_t *ctx)
 		}else{
 			read_
 		}*/
+	  LOG("Setting taint " + decstr(fd) + " " + decstr(nbytes) + "bytes\n");
 		read_offset_start = lseek(fd, 0, SEEK_CUR);
 		if(unlikely(read_offset_start < 0)){
 			LOG("Error on lseeking " + decstr(fd) + "\n");