1  /***************************************************************************************************
 2  
 3    Zyan Disassembler Library (Zydis)
 4  
 5    Original Author : Mappa
 6  
 7   * Permission is hereby granted, free of charge, to any person obtaining a copy
 8   * of this software and associated documentation files (the "Software"), to deal
 9   * in the Software without restriction, including without limitation the rights
10   * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11   * copies of the Software, and to permit persons to whom the Software is
12   * furnished to do so, subject to the following conditions:
13   *
14   * The above copyright notice and this permission notice shall be included in all
15   * copies or substantial portions of the Software.
16   *
17   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23   * SOFTWARE.
24  
25  ***************************************************************************************************/
26  
27  /**
28   * @file
29   *
30   * This file implements fuzz target for re-encoding. Fuzzer input is passed to decoder first and if
31   * it decodes as a valid instruction `ZydisEncoderDecodedInstructionToEncoderRequest` is used to
32   * create encoder request which gets passed to the encoder.
33   */
34  
35  #include "ZydisFuzzShared.h"
36  
37  /* ============================================================================================== */
38  /* Enums and types                                                                                */
39  /* ============================================================================================== */
40  
41  /**
42   * Structure for fuzzing decoder inputs.
43   */
44  typedef struct ZydisFuzzControlBlock_
45  {
46      ZydisMachineMode machine_mode;
47      ZydisStackWidth stack_width;
48  } ZydisFuzzControlBlock;
49  
50  /* ============================================================================================== */
51  /* Fuzz target                                                                                    */
52  /* ============================================================================================== */
53  
54  ZYAN_NO_SANITIZE("enum")
55  int ZydisFuzzTarget(ZydisStreamRead read_fn, void *stream_ctx)
56  {
57      ZydisFuzzControlBlock control_block;
58      if (read_fn(
59          stream_ctx, (ZyanU8 *)&control_block, sizeof(control_block)) != sizeof(control_block))
60      {
61          ZYDIS_MAYBE_FPUTS("Not enough bytes to fuzz\n", ZYAN_STDERR);
62          return EXIT_SUCCESS;
63      }
64  
65      ZydisDecoder decoder;
66      if (!ZYAN_SUCCESS(ZydisDecoderInit(&decoder, control_block.machine_mode,
67          control_block.stack_width)))
68      {
69          ZYDIS_MAYBE_FPUTS("Failed to initialize decoder\n", ZYAN_STDERR);
70          return EXIT_FAILURE;
71      }
72  
73      ZyanU8 buffer[32];
74      ZyanUSize input_len = read_fn(stream_ctx, buffer, sizeof(buffer));
75  
76      ZydisDecodedInstruction insn1;
77      ZydisDecodedOperand operands1[ZYDIS_MAX_OPERAND_COUNT];
78      ZyanStatus status = ZydisDecoderDecodeFull(&decoder, buffer, input_len, &insn1, operands1);
79      if (!ZYAN_SUCCESS(status))
80      {
81          return EXIT_FAILURE;
82      }
83  
84      ZydisReEncodeInstruction(&decoder, &insn1, operands1, insn1.operand_count_visible, buffer);
85  
86      return EXIT_SUCCESS;
87  }
88  
89  /* ============================================================================================== */