-
Notifications
You must be signed in to change notification settings - Fork 36
Client Core
CarlOS edited this page Sep 9, 2016
·
2 revisions
I tried to keep the client core system to a minimum.
Basically it does the following:
- Initialize logging, etc.
- Initialize shared memory (to communicate with PIN)
- Connect to the server (to the MQ)
- Request a MutationObject
- contains the Base64 encoded mutation file
- of course, write this to disk
- Run the victim under PIN with the mutation as input
- Fills the MutationObject with the information from the execution
- Sends this information to the server (to the MQ, actually)
- Most important is the bitmap
- Crash information in case of a crash
- Repeat :)
The shared memory object is named "Local\NaFlSharedMemory"
The core sets up all helpers, that is, instantiate classes passing self as a parameter. This self parameter is used as parent by the different helpers. This way objects like cfg (configuration), logging, etc. are centralized and can be accessed via this parent parameter by them.
If the PinTool marked the bitmap as seen below, a crash is registered. Before sending this information, an attempt of reproducing the crash is made. This time without PIN but being monitored by Winappdbg instead.
#!python
if curr_bitmap[0] == 0x41414141 \
and curr_bitmap[1] == 0x42424242:
# Restore these first bytes to more appropriate values
curr_bitmap[0] = 0
curr_bitmap[1] = 0
[...]
self.mo.priority == CAUSED_CRASH
# Analyzes the crash (and saves it, if determined interesting)
# This sets the MutationObject crash_data attribute
cmd = [self.cfg.get('target_info', 'filename'), input_filename]
self.crash_analysis.analyze_crash(cmd)