Prepare fuzzer

src/CMakeLists.txt

@@ -3,3 +3,4 @@ add_subdirectory(emulator)
 add_subdirectory(unicorn_emulator)
 add_subdirectory(windows_emulator)
 add_subdirectory(sample)
+add_subdirectory(fuzzer)

src/fuzzer/CMakeLists.txt

@@ -0,0 +1,20 @@
+file(GLOB_RECURSE SRC_FILES CONFIGURE_DEPENDS
+  *.cpp
+  *.hpp
+  *.rc
+)
+
+list(SORT SRC_FILES)
+
+add_executable(fuzzer ${SRC_FILES})
+
+momo_assign_source_group(${SRC_FILES})
+
+target_precompile_headers(fuzzer PRIVATE std_include.hpp)
+
+target_link_libraries(fuzzer PRIVATE
+  common
+  windows_emulator
+)
+
+momo_strip_target(fuzzer)

src/fuzzer/main.cpp

@@ -0,0 +1,122 @@
+#include "std_include.hpp"
+
+#include <windows_emulator.hpp>
+#include <debugging/x64_gdb_stub_handler.hpp>
+
+bool use_gdb = false;
+
+namespace
+{
+	void run_emulation(windows_emulator& win_emu)
+	{
+		try
+		{
+			win_emu.emu().start_from_ip();
+		}
+		catch (...)
+		{
+			win_emu.logger.print(color::red, "Emulation failed at: 0x%llX\n", win_emu.emu().read_instruction_pointer());
+			throw;
+		}
+
+		win_emu.logger.print(color::red, "Emulation terminated!\n");
+	}
+
+	void run(const std::string_view application)
+	{
+		windows_emulator win_emu{
+			application, {}
+		};
+
+		//watch_system_objects(win_emu);
+		win_emu.buffer_stdout = true;
+		//win_emu.verbose_calls = true;
+
+		const auto& exe = *win_emu.process().executable;
+
+		const auto text_start = exe.image_base + 0x1000;
+		const auto text_end = exe.image_base + 0x52000;
+		constexpr auto scan_size = 0x100;
+
+		win_emu.emu().hook_memory_read(text_start, scan_size, [&](const uint64_t address, size_t, uint64_t)
+		{
+			const auto rip = win_emu.emu().read_instruction_pointer();
+			if (rip >= text_start && rip < text_end)
+			{
+				win_emu.logger.print(color::green, "Reading from executable .text: 0x%llX at 0x%llX\n", address, rip);
+			}
+		});
+
+		/*win_emu.add_syscall_hook([&]
+		{
+			const auto syscall_id = win_emu.emu().reg(x64_register::eax);
+			const auto syscall_name = win_emu.dispatcher().get_syscall_name(syscall_id);
+
+			if (syscall_name != "NtQueryInformationProcess")
+			{
+				return instruction_hook_continuation::run_instruction;
+			}
+
+			const auto info_class = win_emu.emu().reg(x64_register::rdx);
+			if (info_class != ProcessImageFileNameWin32)
+			{
+				return instruction_hook_continuation::run_instruction;
+			}
+
+			win_emu.logger.print(color::pink, "Patching NtQueryInformationProcess...\n");
+
+			const auto data = win_emu.emu().reg(x64_register::r8);
+
+			emulator_allocator data_allocator{win_emu.emu(), data, 0x100};
+			data_allocator.make_unicode_string(
+				L"C:\\Users\\mauri\\source\\repos\\lul\\x64\\Release\\lul.exe");
+			win_emu.emu().reg(x64_register::rax, STATUS_SUCCESS);
+			return instruction_hook_continuation::skip_instruction;
+		});*/
+
+		run_emulation(win_emu);
+	}
+}
+
+int main(const int argc, char** argv)
+{
+	if (argc <= 1)
+	{
+		puts("Application not specified!");
+		return 1;
+	}
+
+	//setvbuf(stdout, nullptr, _IOFBF, 0x10000);
+	if (argc > 2 && argv[1] == "-d"s)
+	{
+		use_gdb = true;
+	}
+
+	try
+	{
+		do
+		{
+			run(argv[use_gdb ? 2 : 1]);
+		}
+		while (use_gdb);
+
+		return 0;
+	}
+	catch (std::exception& e)
+	{
+		puts(e.what());
+
+#if defined(_WIN32) && 0
+		MessageBoxA(nullptr, e.what(), "ERROR", MB_ICONERROR);
+#endif
+	}
+
+	return 1;
+}
+
+#ifdef _WIN32
+int WINAPI WinMain(HINSTANCE, HINSTANCE, PSTR, int)
+{
+	return main(__argc, __argv);
+}
+#endif

src/fuzzer/resource.rc

@@ -0,0 +1,101 @@
+// Microsoft Visual C++ generated resource script.
+//
+#pragma code_page(65001)
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "windows.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (United States) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE 
+BEGIN
+    "#include ""windows.h""\r\n"
+    "\0"
+END
+
+2 TEXTINCLUDE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,0
+ PRODUCTVERSION 1,0,0,0
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "momo5502"
+            VALUE "FileDescription", "Windows Emulator"
+            VALUE "FileVersion", "1.0.0.0"
+            VALUE "InternalName", "emulator"
+            VALUE "LegalCopyright", "All rights reserved."
+            VALUE "OriginalFilename", "emulator.exe"
+            VALUE "ProductName", "emulator"
+            VALUE "ProductVersion", "1.0.0.0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Binary Data
+//
+
+GLFW_ICON       ICON   "resources/icon.ico"
+
+
+#endif    // English (United States) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+

src/fuzzer/std_include.hpp

@@ -0,0 +1,79 @@
+#pragma once
+
+#ifdef _WIN32
+#pragma warning(push)
+#pragma warning(disable: 4005)
+#pragma warning(disable: 4127)
+#pragma warning(disable: 4201)
+#pragma warning(disable: 4244)
+#pragma warning(disable: 4245)
+#pragma warning(disable: 4324)
+#pragma warning(disable: 4458)
+#pragma warning(disable: 4471)
+#pragma warning(disable: 4505)
+#pragma warning(disable: 4702)
+#pragma warning(disable: 4996)
+#pragma warning(disable: 5054)
+#pragma warning(disable: 6011)
+#pragma warning(disable: 6297)
+#pragma warning(disable: 6385)
+#pragma warning(disable: 6386)
+#pragma warning(disable: 6387)
+#pragma warning(disable: 26110)
+#pragma warning(disable: 26451)
+#pragma warning(disable: 26444)
+#pragma warning(disable: 26451)
+#pragma warning(disable: 26489)
+#pragma warning(disable: 26495)
+#pragma warning(disable: 26498)
+#pragma warning(disable: 26812)
+#pragma warning(disable: 28020)
+
+#define WIN32_LEAN_AND_MEAN
+#define NOMINMAX
+
+#include <map>
+#include <set>
+#include <list>
+#include <array>
+#include <deque>
+#include <queue>
+#include <thread>
+#include <ranges>
+#include <atomic>
+#include <vector>
+#include <mutex>
+#include <string>
+#include <chrono>
+#include <memory>
+#include <fstream>
+#include <functional>
+#include <filesystem>
+#include <optional>
+#include <stdexcept>
+#include <string_view>
+#include <unordered_set>
+#include <condition_variable>
+
+#include <cassert>
+
+#define NTDDI_WIN11_GE 0
+#define PHNT_VERSION PHNT_WIN11
+#include <phnt_windows.h>
+#include <phnt.h>
+#include <ntgdi.h>
+
+#ifdef _WIN32
+#pragma warning(pop)
+#endif
+
+#ifdef max
+#undef max
+#endif
+
+#ifdef min
+#undef min
+#endif
+#endif
+
+using namespace std::literals;