/src/zydis/tools/ZydisFuzzReEncoding.c

Source
/***************************************************************************************************

  Zyan Disassembler Library (Zydis)

  Original Author : Mappa

 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.

***************************************************************************************************/

/**
 * @file
 *
 * This file implements fuzz target for re-encoding. Fuzzer input is passed to decoder first and if
 * it decodes as a valid instruction `ZydisEncoderDecodedInstructionToEncoderRequest` is used to
 * create encoder request which gets passed to the encoder.
 */

#include "ZydisFuzzShared.h"

/* ============================================================================================== */
/* Enums and types                                                                                */
/* ============================================================================================== */

/**
 * Structure for fuzzing decoder inputs.
 */
typedef struct ZydisFuzzControlBlock_
{
    ZydisMachineMode machine_mode;
    ZydisStackWidth stack_width;
} ZydisFuzzControlBlock;

/* ============================================================================================== */
/* Fuzz target                                                                                    */
/* ============================================================================================== */

ZYAN_NO_SANITIZE("enum")
int ZydisFuzzTarget(ZydisStreamRead read_fn, void *stream_ctx)
{
    ZydisFuzzControlBlock control_block;
    if (read_fn(
        stream_ctx, (ZyanU8 *)&control_block, sizeof(control_block)) != sizeof(control_block))
    {
        ZYDIS_MAYBE_FPUTS("Not enough bytes to fuzz\n", ZYAN_STDERR);
        return EXIT_SUCCESS;
    }

    ZydisDecoder decoder;
    if (!ZYAN_SUCCESS(ZydisDecoderInit(&decoder, control_block.machine_mode,
        control_block.stack_width)))
    {
        ZYDIS_MAYBE_FPUTS("Failed to initialize decoder\n", ZYAN_STDERR);
        return EXIT_FAILURE;
    }

    ZyanU8 buffer[32];
    ZyanUSize input_len = read_fn(stream_ctx, buffer, sizeof(buffer));

    ZydisDecodedInstruction insn1;
    ZydisDecodedOperand operands1[ZYDIS_MAX_OPERAND_COUNT];
    ZyanStatus status = ZydisDecoderDecodeFull(&decoder, buffer, input_len, &insn1, operands1);
    if (!ZYAN_SUCCESS(status))
    {
        return EXIT_FAILURE;
    }

    ZydisReEncodeInstruction(&decoder, &insn1, operands1, insn1.operand_count_visible, buffer);

    return EXIT_SUCCESS;
}

/* ============================================================================================== */

Line	Count	Source
1		/***************************************************************************************************
2
3		Zyan Disassembler Library (Zydis)
4
5		Original Author : Mappa
6
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in all
15		* copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE.
24
25		***************************************************************************************************/
26
27		/**
28		* @file
29		*
30		* This file implements fuzz target for re-encoding. Fuzzer input is passed to decoder first and if
31		* it decodes as a valid instruction `ZydisEncoderDecodedInstructionToEncoderRequest` is used to
32		* create encoder request which gets passed to the encoder.
33		*/
34
35		#include "ZydisFuzzShared.h"
36
37		/* ============================================================================================== */
38		/* Enums and types */
39		/* ============================================================================================== */
40
41		/**
42		* Structure for fuzzing decoder inputs.
43		*/
44		typedef struct ZydisFuzzControlBlock_
45		{
46		ZydisMachineMode machine_mode;
47		ZydisStackWidth stack_width;
48		} ZydisFuzzControlBlock;
49
50		/* ============================================================================================== */
51		/* Fuzz target */
52		/* ============================================================================================== */
53
54		ZYAN_NO_SANITIZE("enum")
55		int ZydisFuzzTarget(ZydisStreamRead read_fn, void *stream_ctx)
56	2.76k	{
57	2.76k	ZydisFuzzControlBlock control_block;
58	2.76k	if (read_fn(
59	2.76k	stream_ctx, (ZyanU8 *)&control_block, sizeof(control_block)) != sizeof(control_block))
60	4	{
61	4	ZYDIS_MAYBE_FPUTS("Not enough bytes to fuzz\n", ZYAN_STDERR);
62	4	return EXIT_SUCCESS;
63	4	}
64
65	2.76k	ZydisDecoder decoder;
66	2.76k	if (!ZYAN_SUCCESS(ZydisDecoderInit(&decoder, control_block.machine_mode,
67	2.76k	control_block.stack_width)))
68	86	{
69	86	ZYDIS_MAYBE_FPUTS("Failed to initialize decoder\n", ZYAN_STDERR);
70	86	return EXIT_FAILURE;
71	86	}
72
73	2.67k	ZyanU8 buffer[32];
74	2.67k	ZyanUSize input_len = read_fn(stream_ctx, buffer, sizeof(buffer));
75
76	2.67k	ZydisDecodedInstruction insn1;
77	2.67k	ZydisDecodedOperand operands1[ZYDIS_MAX_OPERAND_COUNT];
78	2.67k	ZyanStatus status = ZydisDecoderDecodeFull(&decoder, buffer, input_len, &insn1, operands1);
79	2.67k	if (!ZYAN_SUCCESS(status))
80	353	{
81	353	return EXIT_FAILURE;
82	353	}
83
84	2.32k	ZydisReEncodeInstruction(&decoder, &insn1, operands1, insn1.operand_count_visible, buffer);
85
86	2.32k	return EXIT_SUCCESS;
87	2.67k	}
88
89		/* ============================================================================================== */

Coverage Report

Created: 2025-07-12 06:32