rawCover输出为空的问题。
![image.png](https://cdn.nlark.com/yuque/0/2024/png/47295036/1723187651257-e0462a6c-0f44-4dc1-8bee-f7487ed5155c.png#averageHue=%2322252a&clientId=ub2872a4a-2da2-4&from=paste&height=118&id=ua29b1d83&originHeight=309&originWidth=1896&originalType=binary&ratio=2.625&rotation=0&showTitle=false&size=75468&status=done&style=none&taskId=u2b335625-7ae1-4b80-b15c-0302e6884cf&title=&width=722.2857142857143)
修改源码的pkg/mgrconfig/load.go文件
添加 RawCover:true,
![image.png](https://cdn.nlark.com/yuque/0/2024/png/47295036/1723372053140-23971a5c-8c94-43ff-a9df-f7f28ba78d11.png#averageHue=%23202125&clientId=u6368cf33-3506-4&from=paste&height=384&id=u5c1ecc29&originHeight=1152&originWidth=1050&originalType=binary&ratio=3&rotation=0&showTitle=false&size=120789&status=done&style=none&taskId=u2755d0fb-88d4-4a62-a847-3829d26a43d&title=&width=350)
编译后输出
> *******newInput*******%v
callName: shmctl$SHM_INFO
info.cover:map[18446744071579356530:{} 18446744071579356579:{} 18446744071579356628:{} 18446744071579850789:{} 18446744071579854854:{} 18446744071579854904:{} 18446744071579854938:{} 18446744071579854957:{} 18446744071579855038:{} 18446744071579856433:{} 18446744071579856494:{} 18446744071593296320:{} 18446744071619603899:{} 18446744071620790990:{}]
info.rawCover:[18446744071581553039 18446744071579356628 18446744071579356579 。。。 18446744071579863355 18446744071579850789]
添加新的条目
Raw cover:[18446744071581553039 18446744071579356628 18446744071579356579 18446744071579356530 18446744071590616553 18446744071590616813 。。。 18446744071584161785 18446744071583501361 18446744071583501254 18446744071579863355 18446744071579850789]
*******prog*******%v
安装syz-cover
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ./bin/syz-cover github.com/google/syzkaller/tools/syz-cover
获取正在运行的syzkaller覆盖到的数据信息rawcover
```
wget http://127.0.0.1:56745/rawcover
```
将原始覆盖数据输入 syz-cover 以生成覆盖报告:
./bin/syz-cover --config <location of your syzkaller config> rawcover
导出包含函数覆盖范围的 CSV 文件
./bin/syz-cover --config <location of your syzkaller config> --csv <filename where to export> rawcover
导出包含行覆盖率信息的 JSON 文件:
./bin/syz-cover --config <location of your syzkaller config> --json <filename where to export> rawcover
使用旧版syzkaller来解析rawcover文件
输出的是行号
![image.png](https://cdn.nlark.com/yuque/0/2024/png/47295036/1723377788571-60c23c76-bec7-465b-8dbc-56b79be8096e.png#averageHue=%231f1f1f&clientId=u6368cf33-3506-4&from=paste&height=416&id=u61373b17&originHeight=1247&originWidth=1578&originalType=binary&ratio=3&rotation=0&showTitle=false&size=92045&status=done&style=none&taskId=u30a37cc7-14bb-411f-8253-94f2aab2490&title=&width=526)
使用addr2line
```
addr2line -e ~/source/kernel/linux-5.4/vmlinux -f -p < rawcover
```
修改代码输出16进制的rawcover
pkg/fuzz/job.gofmt.Println("info.rawCover:")
for _, value := range info.rawCover {
fmt.Printf("%#x\n", value)
}
fmt.Println("info.rawCover end")
//修改结束
写go代码自动读取地址调用addr2line转换为内核源码行
go代码 addr2line.go
```
package main
import (
"bufio"
"fmt"
"os"
"os/exec"
"regexp"
)
func main() {
// 检查是否传递了正确数量的命令行参数
if len(os.Args) != 3 {
fmt.Println("Usage: program <file_path> <vmlinux_path>")
return
}
// 获取命令行参数
filePath := os.Args[1]
vmlinuxPath := os.Args[2]
// 打开文件
file, err := os.Open(filePath)
if err != nil {
fmt.Println("Error opening file:", err)
return
}
defer file.Close()
// 定义正则表达式来匹配16进制地址
hexPattern := regexp.MustCompile(`^0x[0-9a-fA-F]+$`)
// 创建文件扫描器逐行读取
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
// 判断是否是16进制地址
if hexPattern.MatchString(line) {
// 调用 addr2line 处理16进制地址
fmt.Printf("Processing hex: %s\n", line)
processHexAddress(line, vmlinuxPath)
} else {
// 直接打印非16进制数据
fmt.Println(line)
}
}
if err := scanner.Err(); err != nil {
fmt.Println("Error reading file:", err)
}
}
func processHexAddress(hexAddress, vmlinuxPath string) {
// 调用 addr2line 并将结果输出
cmd := exec.Command("addr2line", "-e", vmlinuxPath, "-f", "-p", hexAddress)
output, err := cmd.Output()
if err != nil {
fmt.Printf("Error running addr2line: %v\n", err)
return
}
fmt.Println(string(output))
}
```
go build addr2line.go
> root@b21bd46e7d4a:/work# ./addr2line 5-11.log source/kernel/linux-5.11/vmlinux > 5-11efp.log
> ./addr2line 5-11.log source/kernel/linux-5.11/vmlinux > 5-11efp.log