Update README and fix trivial bugs

README.md

@@ -11,32 +11,31 @@ Originally (in turn), this Project depends heavily on a  modified version of Dat
 Please see wikiHOWTO.md for a step-by-step procedure to run the VUzzer. This file also contains explanation for most of the options. Also read "datatemp/REDME-dataSet.md" for more information about the datasets and configurations that we used in original VUzzer paper. We have provided seed inputs for several applications in "datatemp" folder.
 
 
-#Requirements
+# Requirements
 -------------
 The requirements for running VUzzer64 are:
 
 *  A C++11 compiler and unix build utilities (e.g. GNU Make). 
-*  Version 2.13 of Intel Pin (yes, we still have this legacy dependency!!). 
-*  EWAGBoolArray: https://github.com/lemire/EWAHBoolArray/ - To install it in your system just copy headers file(https://github.com/lemire/EWAHBoolArray/tree/master/headers)
+*  Version 3.7 of Intel Pin. 
+*  EWAGBoolArray 0.4.0: https://github.com/lemire/EWAHBoolArray/releases/tag/0.4.0 - To install it in your system just copy headers file(/path/to/EWAHBoolArray-0.4.0/headers)
    in /usr/include folder.
 *  BitMagic: http://bmagic.sourceforge.net/ - To install it in your system do ```sudo apt-get install bmagic```
 *  BitVector module for python.
 *  IDA disassembler to run static analysis part of VUzzer. Ashley (a MS student from Grenoble) visited VUSec as intern and developed a 'angr' (http://angr.io/) based static analysis module. The code can be found at https://github.com/ash09/angr-static-analysis-for-vuzzer64 (yet to be populated!). However, it should be noted that we have not tested this script much and one can expect some glitches specially on large complex applications! If you have questions on this script, please direct them to Ashley.
 
-We have tested VUzzer by running it on Ubuntu 14.04 LTS, Linux 3.19.0.80 image. It should be noted that with kernel 4.x.y, Pin (2.13) gets panic. We recommend setting up the same environment to use VUzzer. We repeat kernel 4.x.y does not work. 
+We have tested VUzzer by running it on Ubuntu 18.04 LTS, Linux 4.15.0 image.   
 
-#Installation
+# Installation
 Follow the steps to install VUzzer64:
 ```sh
 0. cd vuzzer64
 1. export PIN_HOME=path_to_pin_directory
 2. export PIN_ROOT=path_to_pin_directory
 3. export DFT_HOME=$(pwd)/libdft64
 4. cd fuzzer-code
-5. make -f mymakefile
+5. make
 6. cd ../libdft64
 7. make
-8. make tools
 9. cd ..
 ```
 

fuzzer-code/config.py

@@ -26,6 +26,7 @@
 # and for taintflow pintoo
 PINTNT=mydir+"/obj-intel64/dtracker.so"
 
+LIBS=" "
 # set file path to read executed BBs and their respective frequencies
 BBOUT=mydir + "/outd/bbc.out"
 
@@ -86,7 +87,7 @@
 
 # this is the main command that is passed to run() function in runfuzzer.py
 
-BBCMD=["BBOUT=%s ./run_bb.sh" % BBOUT]
+BBCMD=["BBOUT=%s" % BBOUT, "LIBS=", "./run_bb.sh"]
 
 #PINTNTCMD=[PINHOME,"-follow_execv","-t", PINTNT,"-filename", "inputf","-stdout","0","--"]
 PINTNTCMD=["./run_2.sh"]

fuzzer-code/run_bb.sh

@@ -1,6 +1,10 @@
 #!/bin/bash
 if [ -z "$BBOUT" ]; then
-echo "You need to specify \$BBOUT"
-else
-$PIN_ROOT/pin -t ./obj-intel64/bbcounts2.so -o $BBOUT -- $@
+  echo "You need to specify \$BBOUT"
+  exit 1
 fi
+if [ "$LIBS" = "#" ]; then
+  $PIN_ROOT/pin -t ./obj-intel64/bbcounts2.so -o $BBOUT -libc 0 -- $@
+else
+  $PIN_ROOT/pin -t ./obj-intel64/bbcounts2.so -l $LIBS -o $BBOUT -libc 0 -- $@
+fi

fuzzer-code/runfuzzer.py

@@ -657,7 +657,7 @@ def main():
     parser.add_argument('-n','--name', help='Path of the pickle file(s) containing strings from CMP inst (separated by comma if there are two).',required=True)
     parser.add_argument('-l','--libnum', help='Nunber of binaries to monitor (only application or used libraries)',required=False, default=1)
     parser.add_argument('-o','--offsets',help='base-address of application and library (if used), separated by comma', required=False, default='0x00000000')
-    parser.add_argument('-b','--libname',help='library name to monitor',required=False, default='')
+    parser.add_argument('-b','--libname',help='library name to monitor',required=False, default='#')
     args = parser.parse_args()
     config.SUT=args.sut
     config.INITIALD=os.path.join(config.INITIALD, args.inputd)
@@ -666,8 +666,9 @@ def main():
     config.LIBPICKLE=[w for w in args.weight.split(',')]
     config.NAMESPICKLE=[n for n in args.name.split(',')]
     config.LIBOFFSETS=[o for o in args.offsets.split(',')]
-    #ih=config.BBCMD.index("#") # this is just to find the index of the placeholder in BBCMD list to replace it with the libname
-    #config.BBCMD[ih]=args.libname
+    config.LIBS=args.libname
+    ih=config.BBCMD.index("LIBS=") # this is just to find the index of the placeholder in BBCMD list to replace it with the libname
+    config.BBCMD[ih]="LIBS=%s" % args.libname
 
     ###################################
 

libdft64/syscall_desc.cpp

@@ -900,7 +900,7 @@ post_read_hook(THREADID tid, syscall_ctx_t *ctx)
 	nbytes = (uint32_t)ctx->ret;
 
 	int fd = ctx->arg[SYSCALL_ARG0];
-	LOG("Setting taint " + decstr(fd) + " " + decstr(nbytes) + "\n");
+
 	/*std::set<int>::iterator it;
 	for(it=fdset.begin();it!=fdset.end();it++){
 		LOG(decstr(*it) + "\n");
@@ -915,6 +915,7 @@ post_read_hook(THREADID tid, syscall_ctx_t *ctx)
 		}else{
 			read_
 		}*/
+	  LOG("Setting taint " + decstr(fd) + " " + decstr(nbytes) + "bytes\n");
 		read_offset_start = lseek(fd, 0, SEEK_CUR);
 		if(unlikely(read_offset_start < 0)){
 			LOG("Error on lseeking " + decstr(fd) + "\n");