HANDLE __stdcall NEW(CreateFileW)(LPCWSTR lpFileName, DWORD dwDesiredAccess,
DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
{
HANDLE ret;
ret = ORIG(CreateFileW)(lpFileName, dwDesiredAccess, dwShareMode,
lpSecurityAttributes, dwCreationDisposition,
dwFlagsAndAttributes, hTemplateFile);
debug("CreateFileW(\"%S\", 0x%x, 0x%x, {...}, 0x%x, 0x%x, {...}) = %#08x",
lpFileName, dwDesiredAccess, dwShareMode, dwCreationDisposition,
dwFlagsAndAttributes, (int)ret);
if (!g_libzzuf_ready || _zz_islocked(-1))
return ret;
if (ret != INVALID_HANDLE_VALUE && dwCreationDisposition == OPEN_EXISTING
&& _zz_mustwatchw(lpFileName))
{
debug("handle %#08x is registered", ret);
_zz_register(ret);
}
return ret;
}
int NEW(socket)(int domain, int type, int protocol)
{
LOADSYM(socket);
int ret = ORIG(socket)(domain, type, protocol);
if (!g_libzzuf_ready || _zz_islocked(-1) || !g_network_fuzzing)
return ret;
if (ret >= 0)
{
debug("%s(%i, %i, %i) = %i", __func__, domain, type, protocol, ret);
_zz_register(ret);
}
return ret;
}
int NEW(dup)(int oldfd)
{
LOADSYM(dup);
int ret = ORIG(dup)(oldfd);
if (!g_libzzuf_ready || _zz_islocked(-1) || !_zz_iswatched(oldfd)
|| !_zz_isactive(oldfd))
return ret;
if (ret >= 0)
{
debug("%s(%i) = %i", __func__, oldfd, ret);
_zz_register(ret);
}
return ret;
}
int NEW(accept)(int sockfd, SOCKADDR_T *addr, SOCKLEN_T *addrlen)
{
LOADSYM(accept);
int ret = ORIG(accept)(sockfd, addr, addrlen);
if (!g_libzzuf_ready || _zz_islocked(-1) || !g_network_fuzzing
|| !_zz_iswatched(sockfd) || !_zz_isactive(sockfd))
return ret;
if (ret >= 0)
{
if (addrlen)
debug("%s(%i, %p, &%i) = %i", __func__,
sockfd, addr, (int)*addrlen, ret);
else
debug("%s(%i, %p, NULL) = %i", __func__, sockfd, addr, ret);
_zz_register(ret);
}
return ret;
}
int NEW(dup2)(int oldfd, int newfd)
{
LOADSYM(dup2);
int ret = ORIG(dup2)(oldfd, newfd);
if (!g_libzzuf_ready || _zz_islocked(-1) || !_zz_iswatched(oldfd)
|| !_zz_isactive(oldfd))
return ret;
if (ret >= 0)
{
/* We must close newfd if it was open, but only if oldfd != newfd
* and if dup2() suceeded. */
if (oldfd != newfd && _zz_iswatched(newfd) && _zz_isactive(newfd))
_zz_unregister(newfd);
debug("%s(%i, %i) = %i", __func__, oldfd, newfd, ret);
_zz_register(ret);
}
return ret;
}
HANDLE __stdcall NEW(CreateIoCompletionPort)(HANDLE FileHandle, HANDLE ExistingCompletionPort, ULONG_PTR CompletionKey, DWORD NumberOfConcurrentThreads)
{
HANDLE ret;
ret = ORIG(CreateIoCompletionPort)(FileHandle, ExistingCompletionPort,
CompletionKey, NumberOfConcurrentThreads);
debug("GetQueuedCompletionStatus(0x%08x, 0x%08x, 0x%08x, %d) = 0x%08x",
FileHandle, ExistingCompletionPort, CompletionKey,
NumberOfConcurrentThreads, ret);
if (!must_fuzz_fd(FileHandle) /*|| !_zz_hostwatched(FileHandle)*/)
return ret;
if (ret != NULL)
{
debug("handle %#08x is registered", ret);
_zz_register(ret);
}
return ret;
}
HANDLE __stdcall NEW(CreateFileMappingW)(HANDLE hFile, LPSECURITY_ATTRIBUTES lpAttributes,
DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow,
LPCWSTR lpName)
{
HANDLE ret;
ret = ORIG(CreateFileMappingW)(hFile, lpAttributes,
flProtect, dwMaximumSizeHigh, dwMaximumSizeLow,
lpName);
debug("CreateFileMappingW(%#08x, %#08x, %#08x, %#08x, %#08x, %S) = %#08x",
hFile, lpAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName, ret);
if (ret == NULL)
return ret;
if (!must_fuzz_fd(hFile) /*|| !_zz_hostwatched(hFile)*/ || _zz_islocked(-1))
return ret;
debug("handle %#08x is registered", ret);
_zz_register(ret);
return ret;
}
/**
* Library initialisation routine.
*
* This function reads all configuration variables put by zzuf in the
* called process's environment and initialises diversions for the three
* main function families: memory functions (initialised very early because
* other functions we need such as dlsym() require them), file descriptor
* functions and stream functions.
*/
void _zz_init(void)
{
static int initializing = 0;
char *tmp, *tmp2;
/* Make sure we don't get initialised more than once */
if (initializing++)
return;
tmp = getenv("ZZUF_DEBUG");
if(tmp)
_zz_debuglevel = atoi(tmp);
tmp = getenv("ZZUF_DEBUGFD");
if(tmp)
_zz_debugfd = atoi(tmp);
/* We need this as soon as possible */
_zz_mem_init();
tmp = getenv("ZZUF_SEED");
if(tmp && *tmp)
_zz_setseed(atol(tmp));
tmp = getenv("ZZUF_MINRATIO");
tmp2 = getenv("ZZUF_MAXRATIO");
if(tmp && *tmp && tmp2 && *tmp2)
_zz_setratio(atof(tmp), atof(tmp2));
tmp = getenv("ZZUF_AUTOINC");
if(tmp && *tmp == '1')
_zz_setautoinc();
tmp = getenv("ZZUF_BYTES");
if(tmp && *tmp)
_zz_bytes(tmp);
tmp = getenv("ZZUF_LIST");
if(tmp && *tmp)
_zz_list(tmp);
tmp = getenv("ZZUF_PORTS");
if(tmp && *tmp)
_zz_ports(tmp);
tmp = getenv("ZZUF_ALLOW");
if(tmp && *tmp)
_zz_allow(tmp);
tmp = getenv("ZZUF_DENY");
if(tmp && *tmp)
_zz_deny(tmp);
tmp = getenv("ZZUF_PROTECT");
if(tmp && *tmp)
_zz_protect(tmp);
tmp = getenv("ZZUF_REFUSE");
if(tmp && *tmp)
_zz_refuse(tmp);
tmp = getenv("ZZUF_INCLUDE");
if(tmp && *tmp)
_zz_include(tmp);
tmp = getenv("ZZUF_EXCLUDE");
if(tmp && *tmp)
_zz_exclude(tmp);
tmp = getenv("ZZUF_SIGNAL");
if(tmp && *tmp == '1')
_zz_signal = 1;
tmp = getenv("ZZUF_MEMORY");
if(tmp)
_zz_memory = atoi(tmp);
tmp = getenv("ZZUF_NETWORK");
if(tmp && *tmp == '1')
_zz_network = 1;
_zz_fd_init();
_zz_network_init();
_zz_sys_init();
tmp = getenv("ZZUF_STDIN");
if(tmp && *tmp == '1')
_zz_register(0);
_zz_ready = 1;
debug("libzzuf initialised for PID %li", (long int)getpid());
}