├── Dockerfile ├── LICENSE ├── README.md ├── requirements.txt ├── syzscope ├── __init__.py ├── __main__.py ├── interface │ ├── __init__.py │ ├── s2e │ │ └── __init__.py │ ├── static_analysis │ │ ├── __init__.py │ │ ├── error.py │ │ └── staticAnalysis.py │ ├── sym_exec │ │ ├── __init__.py │ │ ├── error.py │ │ ├── mem_instrument.py │ │ ├── stateManager.py │ │ ├── symExec.py │ │ └── symTracing.py │ ├── utilities.py │ └── vm │ │ ├── __init__.py │ │ ├── error.py │ │ ├── gdb.py │ │ ├── instance.py │ │ ├── kernel.py │ │ ├── monitor.py │ │ └── state.py ├── modules │ ├── __init__.py │ ├── crash.py │ ├── deploy │ │ ├── __init__.py │ │ ├── case.py │ │ ├── deploy.py │ │ └── worker.py │ └── syzbotCrawler.py ├── patches │ ├── 760f8.patch │ ├── kasan.patch │ ├── pwndbg.patch │ └── syzkaller-9b1f3e6.patch ├── resources │ └── kasan_related_funcs ├── scripts │ ├── check_kvm.sh │ ├── deploy-bc.sh │ ├── deploy.sh │ ├── deploy_linux.sh │ ├── init-replay.sh │ ├── linux-clone.sh │ ├── patch_applying_check.sh │ ├── requirements.sh │ ├── run-script.sh │ ├── run-vm.sh │ ├── syz-compile.sh │ └── upload-exp.sh └── test │ ├── deploy_test.py │ └── interface │ ├── s2e_test.py │ ├── staticAnalysis_test.py │ ├── vm_test.py │ └── worker_test.py └── tutorial ├── Getting_started.md ├── common_issues.md ├── examples └── WARNING_held_lock_freed.md ├── fuzzing.md ├── inspect_results.md ├── poc_repro.md ├── resource ├── SyzScope-final.pdf └── workflow.png ├── static_taint_analysis.md ├── sym_exec.md └── workzone_structure.md /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/README.md -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/requirements.txt -------------------------------------------------------------------------------- /syzscope/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /syzscope/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/__main__.py -------------------------------------------------------------------------------- /syzscope/interface/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/__init__.py -------------------------------------------------------------------------------- /syzscope/interface/s2e/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/s2e/__init__.py -------------------------------------------------------------------------------- /syzscope/interface/static_analysis/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/static_analysis/__init__.py -------------------------------------------------------------------------------- /syzscope/interface/static_analysis/error.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/static_analysis/error.py -------------------------------------------------------------------------------- /syzscope/interface/static_analysis/staticAnalysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/static_analysis/staticAnalysis.py -------------------------------------------------------------------------------- /syzscope/interface/sym_exec/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/sym_exec/__init__.py -------------------------------------------------------------------------------- /syzscope/interface/sym_exec/error.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/sym_exec/error.py -------------------------------------------------------------------------------- /syzscope/interface/sym_exec/mem_instrument.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/sym_exec/mem_instrument.py -------------------------------------------------------------------------------- /syzscope/interface/sym_exec/stateManager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/sym_exec/stateManager.py -------------------------------------------------------------------------------- /syzscope/interface/sym_exec/symExec.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/sym_exec/symExec.py -------------------------------------------------------------------------------- /syzscope/interface/sym_exec/symTracing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/sym_exec/symTracing.py -------------------------------------------------------------------------------- /syzscope/interface/utilities.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/utilities.py -------------------------------------------------------------------------------- /syzscope/interface/vm/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/__init__.py -------------------------------------------------------------------------------- /syzscope/interface/vm/error.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/error.py -------------------------------------------------------------------------------- /syzscope/interface/vm/gdb.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/gdb.py -------------------------------------------------------------------------------- /syzscope/interface/vm/instance.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/instance.py -------------------------------------------------------------------------------- /syzscope/interface/vm/kernel.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/kernel.py -------------------------------------------------------------------------------- /syzscope/interface/vm/monitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/monitor.py -------------------------------------------------------------------------------- /syzscope/interface/vm/state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/interface/vm/state.py -------------------------------------------------------------------------------- /syzscope/modules/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/__init__.py -------------------------------------------------------------------------------- /syzscope/modules/crash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/crash.py -------------------------------------------------------------------------------- /syzscope/modules/deploy/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/deploy/__init__.py -------------------------------------------------------------------------------- /syzscope/modules/deploy/case.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/deploy/case.py -------------------------------------------------------------------------------- /syzscope/modules/deploy/deploy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/deploy/deploy.py -------------------------------------------------------------------------------- /syzscope/modules/deploy/worker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/deploy/worker.py -------------------------------------------------------------------------------- /syzscope/modules/syzbotCrawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/modules/syzbotCrawler.py -------------------------------------------------------------------------------- /syzscope/patches/760f8.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/patches/760f8.patch -------------------------------------------------------------------------------- /syzscope/patches/kasan.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/patches/kasan.patch -------------------------------------------------------------------------------- /syzscope/patches/pwndbg.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/patches/pwndbg.patch -------------------------------------------------------------------------------- /syzscope/patches/syzkaller-9b1f3e6.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/patches/syzkaller-9b1f3e6.patch -------------------------------------------------------------------------------- /syzscope/resources/kasan_related_funcs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/resources/kasan_related_funcs -------------------------------------------------------------------------------- /syzscope/scripts/check_kvm.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/check_kvm.sh -------------------------------------------------------------------------------- /syzscope/scripts/deploy-bc.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/deploy-bc.sh -------------------------------------------------------------------------------- /syzscope/scripts/deploy.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/deploy.sh -------------------------------------------------------------------------------- /syzscope/scripts/deploy_linux.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/deploy_linux.sh -------------------------------------------------------------------------------- /syzscope/scripts/init-replay.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/init-replay.sh -------------------------------------------------------------------------------- /syzscope/scripts/linux-clone.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/linux-clone.sh -------------------------------------------------------------------------------- /syzscope/scripts/patch_applying_check.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/patch_applying_check.sh -------------------------------------------------------------------------------- /syzscope/scripts/requirements.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/requirements.sh -------------------------------------------------------------------------------- /syzscope/scripts/run-script.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/run-script.sh -------------------------------------------------------------------------------- /syzscope/scripts/run-vm.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/run-vm.sh -------------------------------------------------------------------------------- /syzscope/scripts/syz-compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/syz-compile.sh -------------------------------------------------------------------------------- /syzscope/scripts/upload-exp.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/scripts/upload-exp.sh -------------------------------------------------------------------------------- /syzscope/test/deploy_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/test/deploy_test.py -------------------------------------------------------------------------------- /syzscope/test/interface/s2e_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/test/interface/s2e_test.py -------------------------------------------------------------------------------- /syzscope/test/interface/staticAnalysis_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/test/interface/staticAnalysis_test.py -------------------------------------------------------------------------------- /syzscope/test/interface/vm_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/test/interface/vm_test.py -------------------------------------------------------------------------------- /syzscope/test/interface/worker_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/syzscope/test/interface/worker_test.py -------------------------------------------------------------------------------- /tutorial/Getting_started.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/Getting_started.md -------------------------------------------------------------------------------- /tutorial/common_issues.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/common_issues.md -------------------------------------------------------------------------------- /tutorial/examples/WARNING_held_lock_freed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/examples/WARNING_held_lock_freed.md -------------------------------------------------------------------------------- /tutorial/fuzzing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/fuzzing.md -------------------------------------------------------------------------------- /tutorial/inspect_results.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/inspect_results.md -------------------------------------------------------------------------------- /tutorial/poc_repro.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/poc_repro.md -------------------------------------------------------------------------------- /tutorial/resource/SyzScope-final.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/resource/SyzScope-final.pdf -------------------------------------------------------------------------------- /tutorial/resource/workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/resource/workflow.png -------------------------------------------------------------------------------- /tutorial/static_taint_analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/static_taint_analysis.md -------------------------------------------------------------------------------- /tutorial/sym_exec.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/sym_exec.md -------------------------------------------------------------------------------- /tutorial/workzone_structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/plummm/SyzScope/HEAD/tutorial/workzone_structure.md --------------------------------------------------------------------------------