/src/zydis/tools/ZydisFuzzReEncoding.c

Source
/***************************************************************************************************

  Zyan Disassembler Library (Zydis)

  Original Author : Mappa

 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.

***************************************************************************************************/

/**
 * @file
 *
 * This file implements fuzz target for re-encoding. Fuzzer input is passed to decoder first and if
 * it decodes as a valid instruction `ZydisEncoderDecodedInstructionToEncoderRequest` is used to
 * create encoder request which gets passed to the encoder.
 */

#include "ZydisFuzzShared.h"

/* ============================================================================================== */
/* Enums and types                                                                                */
/* ============================================================================================== */

/**
 * Structure for fuzzing decoder inputs.
 */
typedef struct ZydisFuzzControlBlock_
{
    ZydisMachineMode machine_mode;
    ZydisStackWidth stack_width;
    ZydisDecoderMode decoder_mode;
} ZydisFuzzControlBlock;

/* ============================================================================================== */
/* Fuzz target                                                                                    */
/* ============================================================================================== */

ZYAN_NO_SANITIZE("enum")
int ZydisFuzzTarget(ZydisStreamRead read_fn, void *stream_ctx)
{
    ZydisFuzzControlBlock control_block;
    if (read_fn(
        stream_ctx, (ZyanU8 *)&control_block, sizeof(control_block)) != sizeof(control_block))
    {
        ZYDIS_MAYBE_FPUTS("Not enough bytes to fuzz\n", ZYAN_STDERR);
        return EXIT_SUCCESS;
    }

    ZydisDecoder decoder;
    if (!ZYAN_SUCCESS(ZydisDecoderInit(&decoder, control_block.machine_mode,
        control_block.stack_width)))
    {
        ZYDIS_MAYBE_FPUTS("Failed to initialize decoder\n", ZYAN_STDERR);
        return EXIT_FAILURE;
    }
    if (control_block.decoder_mode & ZYDIS_DECODER_MODE_KNC)
    {
        if (!ZYAN_SUCCESS(ZydisDecoderEnableMode(&decoder, ZYDIS_DECODER_MODE_KNC, ZYAN_TRUE)))
        {
            ZYDIS_MAYBE_FPUTS("Failed to enable KNC mode\n", ZYAN_STDERR);
            return EXIT_FAILURE;
        }
    }

    ZyanU8 buffer[32];
    ZyanUSize input_len = read_fn(stream_ctx, buffer, sizeof(buffer));

    ZydisDecodedInstruction insn1;
    ZydisDecodedOperand operands1[ZYDIS_MAX_OPERAND_COUNT];
    ZyanStatus status = ZydisDecoderDecodeFull(&decoder, buffer, input_len, &insn1, operands1);
    if (!ZYAN_SUCCESS(status))
    {
        return EXIT_FAILURE;
    }

    ZydisReEncodeInstruction(&decoder, &insn1, operands1, insn1.operand_count_visible, buffer);

    return EXIT_SUCCESS;
}

/* ============================================================================================== */

Line	Count	Source
1		/***************************************************************************************************
2
3		Zyan Disassembler Library (Zydis)
4
5		Original Author : Mappa
6
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in all
15		* copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE.
24
25		***************************************************************************************************/
26
27		/**
28		* @file
29		*
30		* This file implements fuzz target for re-encoding. Fuzzer input is passed to decoder first and if
31		* it decodes as a valid instruction `ZydisEncoderDecodedInstructionToEncoderRequest` is used to
32		* create encoder request which gets passed to the encoder.
33		*/
34
35		#include "ZydisFuzzShared.h"
36
37		/* ============================================================================================== */
38		/* Enums and types */
39		/* ============================================================================================== */
40
41		/**
42		* Structure for fuzzing decoder inputs.
43		*/
44		typedef struct ZydisFuzzControlBlock_
45		{
46		ZydisMachineMode machine_mode;
47		ZydisStackWidth stack_width;
48		ZydisDecoderMode decoder_mode;
49		} ZydisFuzzControlBlock;
50
51		/* ============================================================================================== */
52		/* Fuzz target */
53		/* ============================================================================================== */
54
55		ZYAN_NO_SANITIZE("enum")
56		int ZydisFuzzTarget(ZydisStreamRead read_fn, void *stream_ctx)
57	3.34k	{
58	3.34k	ZydisFuzzControlBlock control_block;
59	3.34k	if (read_fn(
60	3.34k	stream_ctx, (ZyanU8 *)&control_block, sizeof(control_block)) != sizeof(control_block))
61	7	{
62	7	ZYDIS_MAYBE_FPUTS("Not enough bytes to fuzz\n", ZYAN_STDERR);
63	7	return EXIT_SUCCESS;
64	7	}
65
66	3.33k	ZydisDecoder decoder;
67	3.33k	if (!ZYAN_SUCCESS(ZydisDecoderInit(&decoder, control_block.machine_mode,
68	3.33k	control_block.stack_width)))
69	106	{
70	106	ZYDIS_MAYBE_FPUTS("Failed to initialize decoder\n", ZYAN_STDERR);
71	106	return EXIT_FAILURE;
72	106	}
73	3.22k	if (control_block.decoder_mode & ZYDIS_DECODER_MODE_KNC)
74	1.10k	{
75	1.10k	if (!ZYAN_SUCCESS(ZydisDecoderEnableMode(&decoder, ZYDIS_DECODER_MODE_KNC, ZYAN_TRUE)))
76	0	{
77	0	ZYDIS_MAYBE_FPUTS("Failed to enable KNC mode\n", ZYAN_STDERR);
78	0	return EXIT_FAILURE;
79	0	}
80	1.10k	}
81
82	3.22k	ZyanU8 buffer[32];
83	3.22k	ZyanUSize input_len = read_fn(stream_ctx, buffer, sizeof(buffer));
84
85	3.22k	ZydisDecodedInstruction insn1;
86	3.22k	ZydisDecodedOperand operands1[ZYDIS_MAX_OPERAND_COUNT];
87	3.22k	ZyanStatus status = ZydisDecoderDecodeFull(&decoder, buffer, input_len, &insn1, operands1);
88	3.22k	if (!ZYAN_SUCCESS(status))
89	383	{
90	383	return EXIT_FAILURE;
91	383	}
92
93	2.84k	ZydisReEncodeInstruction(&decoder, &insn1, operands1, insn1.operand_count_visible, buffer);
94
95		return EXIT_SUCCESS;
96	3.22k	}
97
98		/* ============================================================================================== */

Coverage Report

Created: 2026-01-10 06:09