-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathtest_3_so
223 lines (219 loc) · 9.74 KB
/
test_3_so
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
Test Case 3 (time used: 0m8.539s, machine Intel Xeon E3-1275 with 64GB memory):
Select your benchmark:
1)use-after-free
2)double-free
3)stack overflow
4)heap overflow
5)stack memory leak
6)heap memory leak
7)null pointer dereference
8)ineffectual condition
3
[EMULATION] attempted sequence: ('ecall_process', 'ecall_process')
[SO-REPORT] auto generated warning for __stack_chk_fail from 0xd07
Recent 200 emulated instructions:
0x16594: push rsi
0x16595: mov rdx, rdi
0x16598: mov rcx, rdx
0x1659b: and rdx, 0xfffffffffffffff0
0x1659f: pxor xmm0, xmm0
0x165a3: pcmpeqb xmm0, xmmword ptr [rdx]
0x165a7: pmovmskb eax, xmm0
0x165ab: and ecx, 0xf
0x165ae: shr eax, cl
0x165b0: bsf eax, eax
0x165b3: jne 0x165c1
0x165b5: mov rax, rdx
0x165b8: add rdx, rcx
0x165bb: call qword ptr [rip + 0x1c9e7]
0x16bd0:
0x16bd4: pxor xmm0, xmm0
0x16bd8: add rax, 0x10
0x16bdc: movdqu xmm1, xmmword ptr [rax]
0x16be0: pcmpeqb xmm1, xmm0
0x16be4: pmovmskb ecx, xmm1
0x16be8: test ecx, ecx
0x16bea: je 0x16bd8
0x16bec: bsf ecx, ecx
0x16bef: sub rcx, rdx
0x16bf2: add rax, rcx
0x16bf5: ret
0x165c1: pop rcx
0x165c2: ret
0xaaca: leave
0xaacb: ret
0xcc8: mov rcx, qword ptr [rbp - 0x30]
0xccc: cmp rcx, rax
0xccf: jae 0xcef
0xcd1: mov rax, qword ptr [rbp - 0x20]
0xcd5: movsxd rcx, dword ptr [rbp - 0x28]
0xcd9: mov dl, byte ptr [rax + rcx]
0xcdc: movsxd rax, dword ptr [rbp - 0x28]
0xce0: mov byte ptr [rbp + rax - 0x12], dl
0xce4: mov eax, dword ptr [rbp - 0x28]
0xce7: add eax, 1
0xcea: mov dword ptr [rbp - 0x28], eax
0xced: jmp 0xcb7
0xcb7: movsxd rax, dword ptr [rbp - 0x28]
0xcbb: mov rdi, qword ptr [rbp - 0x20]
0xcbf: mov qword ptr [rbp - 0x30], rax
0xcc3: call 0xaab2
0xaab2: push rbp
0xaab3: mov rbp, rsp
0xaab6: sub rsp, 0x10
0xaaba: mov qword ptr [rbp - 8], rdi
0xaabe: mov rax, qword ptr [rbp - 8]
0xaac2: mov rdi, rax
0xaac5: call 0x16590
0x16590:
0x16594: push rsi
0x16595: mov rdx, rdi
0x16598: mov rcx, rdx
0x1659b: and rdx, 0xfffffffffffffff0
0x1659f: pxor xmm0, xmm0
0x165a3: pcmpeqb xmm0, xmmword ptr [rdx]
0x165a7: pmovmskb eax, xmm0
0x165ab: and ecx, 0xf
0x165ae: shr eax, cl
0x165b0: bsf eax, eax
0x165b3: jne 0x165c1
0x165b5: mov rax, rdx
0x165b8: add rdx, rcx
0x165bb: call qword ptr [rip + 0x1c9e7]
0x16bd0:
0x16bd4: pxor xmm0, xmm0
0x16bd8: add rax, 0x10
0x16bdc: movdqu xmm1, xmmword ptr [rax]
0x16be0: pcmpeqb xmm1, xmm0
0x16be4: pmovmskb ecx, xmm1
0x16be8: test ecx, ecx
0x16bea: je 0x16bd8
0x16bec: bsf ecx, ecx
0x16bef: sub rcx, rdx
0x16bf2: add rax, rcx
0x16bf5: ret
0x165c1: pop rcx
0x165c2: ret
0xaaca: leave
0xaacb: ret
0xcc8: mov rcx, qword ptr [rbp - 0x30]
0xccc: cmp rcx, rax
0xccf: jae 0xcef
0xcd1: mov rax, qword ptr [rbp - 0x20]
0xcd5: movsxd rcx, dword ptr [rbp - 0x28]
0xcd9: mov dl, byte ptr [rax + rcx]
0xcdc: movsxd rax, dword ptr [rbp - 0x28]
0xce0: mov byte ptr [rbp + rax - 0x12], dl
0xce4: mov eax, dword ptr [rbp - 0x28]
0xce7: add eax, 1
0xcea: mov dword ptr [rbp - 0x28], eax
0xced: jmp 0xcb7
0xcb7: movsxd rax, dword ptr [rbp - 0x28]
0xcbb: mov rdi, qword ptr [rbp - 0x20]
0xcbf: mov qword ptr [rbp - 0x30], rax
0xcc3: call 0xaab2
0xaab2: push rbp
0xaab3: mov rbp, rsp
0xaab6: sub rsp, 0x10
0xaaba: mov qword ptr [rbp - 8], rdi
0xaabe: mov rax, qword ptr [rbp - 8]
0xaac2: mov rdi, rax
0xaac5: call 0x16590
0x16590:
0x16594: push rsi
0x16595: mov rdx, rdi
0x16598: mov rcx, rdx
0x1659b: and rdx, 0xfffffffffffffff0
0x1659f: pxor xmm0, xmm0
0x165a3: pcmpeqb xmm0, xmmword ptr [rdx]
0x165a7: pmovmskb eax, xmm0
0x165ab: and ecx, 0xf
0x165ae: shr eax, cl
0x165b0: bsf eax, eax
0x165b3: jne 0x165c1
0x165b5: mov rax, rdx
0x165b8: add rdx, rcx
0x165bb: call qword ptr [rip + 0x1c9e7]
0x16bd0:
0x16bd4: pxor xmm0, xmm0
0x16bd8: add rax, 0x10
0x16bdc: movdqu xmm1, xmmword ptr [rax]
0x16be0: pcmpeqb xmm1, xmm0
0x16be4: pmovmskb ecx, xmm1
0x16be8: test ecx, ecx
0x16bea: je 0x16bd8
0x16bec: bsf ecx, ecx
0x16bef: sub rcx, rdx
0x16bf2: add rax, rcx
0x16bf5: ret
0x165c1: pop rcx
0x165c2: ret
0xaaca: leave
0xaacb: ret
0xcc8: mov rcx, qword ptr [rbp - 0x30]
0xccc: cmp rcx, rax
0xccf: jae 0xcef
0xcd1: mov rax, qword ptr [rbp - 0x20]
0xcd5: movsxd rcx, dword ptr [rbp - 0x28]
0xcd9: mov dl, byte ptr [rax + rcx]
0xcdc: movsxd rax, dword ptr [rbp - 0x28]
0xce0: mov byte ptr [rbp + rax - 0x12], dl
0xce4: mov eax, dword ptr [rbp - 0x28]
0xce7: add eax, 1
0xcea: mov dword ptr [rbp - 0x28], eax
0xced: jmp 0xcb7
0xcb7: movsxd rax, dword ptr [rbp - 0x28]
0xcbb: mov rdi, qword ptr [rbp - 0x20]
0xcbf: mov qword ptr [rbp - 0x30], rax
0xcc3: call 0xaab2
0xaab2: push rbp
0xaab3: mov rbp, rsp
0xaab6: sub rsp, 0x10
0xaaba: mov qword ptr [rbp - 8], rdi
0xaabe: mov rax, qword ptr [rbp - 8]
0xaac2: mov rdi, rax
0xaac5: call 0x16590
0x16590:
0x16594: push rsi
0x16595: mov rdx, rdi
0x16598: mov rcx, rdx
0x1659b: and rdx, 0xfffffffffffffff0
0x1659f: pxor xmm0, xmm0
0x165a3: pcmpeqb xmm0, xmmword ptr [rdx]
0x165a7: pmovmskb eax, xmm0
0x165ab: and ecx, 0xf
0x165ae: shr eax, cl
0x165b0: bsf eax, eax
0x165b3: jne 0x165c1
0x165b5: mov rax, rdx
0x165b8: add rdx, rcx
0x165bb: call qword ptr [rip + 0x1c9e7]
0x16bd0:
0x16bd4: pxor xmm0, xmm0
0x16bd8: add rax, 0x10
0x16bdc: movdqu xmm1, xmmword ptr [rax]
0x16be0: pcmpeqb xmm1, xmm0
0x16be4: pmovmskb ecx, xmm1
0x16be8: test ecx, ecx
0x16bea: je 0x16bd8
0x16bec: bsf ecx, ecx
0x16bef: sub rcx, rdx
0x16bf2: add rax, rcx
0x16bf5: ret
0x165c1: pop rcx
0x165c2: ret
0xaaca: leave
0xaacb: ret
0xcc8: mov rcx, qword ptr [rbp - 0x30]
0xccc: cmp rcx, rax
0xccf: jae 0xcef
0xcef: mov rax, qword ptr fs:[0x28]
0xcf8: mov rcx, qword ptr [rbp - 8]
0xcfc: cmp rax, rcx
0xcff: jne 0xd07
0xd07: call 0x46bc
Seed information:
0x30000000 [ 0x0 ] 0x30000001 [ 0x0 ] 0x30000002 [ 0x0 ] 0x30000003 [ 0x0 ] 0x30000004 [ 0xff ] 0x30000005 [ 0xff ] 0x30000006 [ 0xff ] 0x30000007 [ 0xff ] 0x30000008 [ 0xff ] 0x30000009 [ 0xff ] 0x3000000a [ 0xff ] 0x3000000b [ 0xff ] 0x3000000c [ 0xff ] 0x3000000d [ 0xff ] 0x3000000e [ 0xff ] 0x3000000f [ 0xff ] 0x30000010 [ 0x0 ] 0x30000011 [ 0x0 ] 0x30000012 [ 0x0 ] 0x30000013 [ 0x0 ] 0x30000014 [ 0x0 ] 0x30000015 [ 0x0 ] 0x30000016 [ 0x0 ] 0x30000017 [ 0x0 ] 0x30000018 [ 0x0 ] 0x30000019 [ 0x0 ] 0x3000001a [ 0x0 ] 0x3000001b [ 0x0 ] 0x3000001c [ 0x0 ] 0x3000001d [ 0x0 ] 0x3000001e [ 0x0 ] 0x3000001f [ 0x0 ] 0x30000020 [ 0x0 ] 0x30000021 [ 0x0 ] 0x30000022 [ 0x0 ] 0x30000023 [ 0x0 ] 0x30000024 [ 0x0 ] 0x30000025 [ 0x0 ] 0x30000026 [ 0x0 ] 0x30000027 [ 0x0 ] 0x30000028 [ 0x0 ] 0x30000029 [ 0x0 ] 0x3000002a [ 0x0 ] 0x3000002b [ 0x0 ] 0x3000002c [ 0x0 ] 0x3000002d [ 0x0 ] 0x3000002e [ 0x0 ] 0x3000002f [ 0x0 ] 0x30000030 [ 0x0 ] 0x30000031 [ 0x0 ] 0x30000032 [ 0x0 ] 0x30000033 [ 0x0 ] 0x30000034 [ 0x0 ] 0x30000035 [ 0x0 ] 0x30000036 [ 0x0 ] 0x30000037 [ 0x0 ] 0x30000038 [ 0x0 ] 0x30000039 [ 0x0 ] 0x3000003a [ 0x0 ] 0x3000003b [ 0x0 ] 0x3000003c [ 0x0 ] 0x3000003d [ 0x0 ] 0x3000003e [ 0x0 ] 0x3000003f [ 0x0 ] 0x30000040 [ 0x0 ] 0x30000041 [ 0x0 ] 0x30000042 [ 0x0 ] 0x30000043 [ 0x0 ] 0x30000044 [ 0x0 ] 0x30000045 [ 0x0 ] 0x30000046 [ 0x0 ] 0x30000047 [ 0x0 ] 0x30000048 [ 0x0 ] 0x30000049 [ 0x0 ] 0x3000004a [ 0x0 ] 0x3000004b [ 0x0 ] 0x3000004c [ 0x0 ] 0x3000004d [ 0x0 ] 0x3000004e [ 0x0 ] 0x3000004f [ 0x0 ] 0x30000050 [ 0x0 ] 0x30000051 [ 0x0 ] 0x30000052 [ 0x0 ] 0x30000053 [ 0x0 ] 0x30000054 [ 0x0 ] 0x30000055 [ 0x0 ] 0x30000056 [ 0x0 ] 0x30000057 [ 0x0 ] 0x30000058 [ 0x0 ] 0x30000059 [ 0x0 ] 0x3000005a [ 0x0 ] 0x3000005b [ 0x0 ] 0x3000005c [ 0x0 ] 0x3000005d [ 0x0 ] 0x3000005e [ 0x0 ] 0x3000005f [ 0x0 ] 0x30000060 [ 0x0 ] 0x30000061 [ 0x0 ] 0x30000062 [ 0x0 ] 0x30000063 [ 0x0 ] 0x30000064 [ 0x0 ] 0x30000065 [ 0x0 ] 0x30000066 [ 0x0 ] 0x30000067 [ 0x0 ] 0x30000068 [ 0x0 ] 0x30000069 [ 0x0 ] 0x3000006a [ 0x0 ] 0x3000006b [ 0x0 ] 0x3000006c [ 0x0 ] 0x3000006d [ 0x0 ] 0x3000006e [ 0x0 ] 0x3000006f [ 0x0 ] 0x30000070 [ 0x0 ] 0x30000071 [ 0x0 ] 0x30000072 [ 0x0 ] 0x30000073 [ 0x0 ] 0x30000074 [ 0x0 ] 0x30000075 [ 0x0 ] 0x30000076 [ 0x0 ] 0x30000077 [ 0x0 ] 0x30000078 [ 0x0 ] 0x30000079 [ 0x0 ] 0x3000007a [ 0x0 ] 0x3000007b [ 0x0 ] 0x3000007c [ 0x0 ] 0x3000007d [ 0x0 ] 0x3000007e [ 0x0 ] 0x3000007f [ 0x0 ] 0x30000080 [ 0x0 ] 0x30000081 [ 0x0 ] 0x30000082 [ 0x0 ] 0x30000083 [ 0x0 ] 0x30000084 [ 0x0 ] 0x30000085 [ 0x0 ] 0x30000086 [ 0x0 ] 0x30000087 [ 0x0 ] 0x30000088 [ 0x0 ] 0x30000089 [ 0x0 ] 0x3000008a [ 0x0 ] 0x3000008b [ 0x0 ] 0x3000008c [ 0x0 ] 0x3000008d [ 0x0 ] 0x3000008e [ 0x0 ] 0x3000008f [ 0x0 ] 0x30000090 [ 0x0 ] 0x30000091 [ 0x0 ] 0x30000092 [ 0x0 ] 0x30000093 [ 0x0 ] 0x30000094 [ 0x0 ] 0x30000095 [ 0x0 ] 0x30000096 [ 0x0 ] 0x30000097 [ 0x0 ] 0x30000098 [ 0x0 ] 0x30000099 [ 0x0 ] 0x3000009a [ 0x0 ] 0x3000009b [ 0x0 ] 0x3000009c [ 0x0 ] 0x3000009d [ 0x0 ] 0x3000009e [ 0x0 ] 0x3000009f [ 0x0 ] 0x300000a0 [ 0x0 ] 0x300000a1 [ 0x0 ] 0x300000a2 [ 0x0 ] 0x300000a3 [ 0x0 ] 0x300000a4 [ 0x0 ] 0x300000a5 [ 0x0 ] 0x300000a6 [ 0x0 ] 0x300000a7 [ 0x0 ] 0x300000a8 [ 0x0 ] 0x300000a9 [ 0x0 ] 0x300000aa [ 0x0 ] 0x300000ab [ 0x0 ] 0x300000ac [ 0x0 ] 0x300000ad [ 0x0 ] 0x300000ae [ 0x0 ] 0x300000af [ 0x0 ] 0x300000b0 [ 0x0 ] 0x300000b1 [ 0x0 ] 0x300000b2 [ 0x0 ] 0x300000b3 [ 0x0 ] 0x300000b4 [ 0x0 ] 0x300000b5 [ 0x0 ] 0x300000b6 [ 0x0 ] 0x300000b7 [ 0x0 ] 0x300000b8 [ 0x0 ] 0x300000b9 [ 0x0 ] 0x300000ba [ 0x0 ] 0x300000bb [ 0x0 ] 0x300000bc [ 0x0 ] 0x300000bd [ 0x0 ] 0x300000be [ 0x0 ] 0x300000bf [ 0x0 ] 0x300000c0 [ 0x0 ] 0x300000c1 [ 0x0 ] 0x300000c2 [ 0x0 ] 0x300000c3 [ 0x0 ] 0x300000c4 [ 0x0 ] 0x300000c5 [ 0x0 ] 0x300000c6 [ 0x0 ] 0x300000c7 [ 0x0 ] 0x300000c8 [ 0x0 ] 0x300000c9 [ 0x0 ] 0x300000ca [ 0x0 ] 0x300000cb [ 0x0 ] 0x300000cc [ 0x0 ] 0x300000cd [ 0x0 ] 0x300000ce [ 0x0 ] 0x300000cf [ 0x0 ] ./run.sh: line 62: 4867 Aborted (core dumped) python "$SYMEMU/coverage.py" "$PROJECT_DIR/enclave.so" unsafe_input_complete.tmp unsafe_ecall_stat.tmp 1000 1000000
real 0m8.539s
user 0m8.431s
sys 0m0.020s