Skip to content
- So the plan is to modify a Linux driver to see results more easily (once the fuzzing part works). So I tried to get a working environment where I can boot my modified Linux kernel in. My problem being, that I don’t necessarily want to create initrds and somehow want the modules to be inside the guest machine. And I do want modules because I don’t want to boot after I’ve changed a tiny bit of the code. So I debootstrapped onto the filesystem on the host and tried to run Qemu with that directory as virtual FAT drive:
sudo /opt/muelli/qemu/bin/qemu -monitor stdio -m 1G -kernel /opt/ubuntu/boot/vmlinuz-2.6.32-21-generic -initrd /opt/ubuntu/boot/initrd.img-2.6.32-21-generic -hda fat:ro:/opt/ubuntu/ -runas muelli
But it fails because the directory is too big.
I then debootstrapped into a fixed size container and for now I’m going with
/opt/muelli/qemu/bin/qemu-system-x86_64 -m 1G -smp 1 -hda /opt/ubuntu.img -snapshot -kernel ~/git/linux-2.6/arch/x86_64/boot/bzImage -append ‘root=/dev/sda’
But that doesn’t seem to work well, because the virtual machine just stops working. Attaching a debugger tells me that the qemu process basically stopped. Weird.
I basically followed these instructions but in order to make Eclipse index my Linux Kernel, I had to start it with -vmargs -Xmx1024M
.
But debugging the kernel is a bit hard because something with the protocol is weird. The suggested fix doesn’t help.
- QEmu wouldn’t install windows 7 x86_64, because of a “wrong CPU” type of error. Fortunately, the STOP codes are well documented. Trying to install it on x86 is not possible. I booted the ISO for two days without any success.
- Found a good overview of USB classes per Windows Version. The USB classes themselves are not very well documented though. But in fairness, I haven’t read the 600+ pages spec yet.
- Spent ages trying to make
sscanf
split a string on a colon. Jeez, it’s horrible. I even thought about doing a system("python -c 'mystring.split(':')'")
or so… Ended up using strtok
:
if (((speedstr = strtok(copy, ":")) == NULL) || ((filterfilename = strtok(NULL, "\0")) == NULL)) {
error_report();
else {}
- gdb attached to a process crashed from eclipse. GDB also likes to crash if the remote server went down.
And listening to music with Rhythmbox is hard, too >.<
QEmu crashes if given a wrong kernel image.
- Found Patents related to fuzzing, but Zotero won’t import those to my library.
- I had funny results with the filter: I replaced every “A” transmitted by a “B”. On the host, I created a file on a mass storage with 4KB “A”s. When “cat”ting the file from the guest, I saw “A”s. But copying the file in the guest resulted in the new file having all “B”s. I expected the “cat” showing all “B”s, too. And as far as I can see, the “A”s are actually replaced for the “cat”.