alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,658 Commits 19 Branches 28 Tags
Commit Graph

147 Commits

Author SHA1 Message Date
s1341
b5153cc525
Frida various fixes (#436) 
* Make drcov post_exec dependent on whether drcov is enabled

* Fix find_smallest_fit algorithm

* Fix missing ?

* fix warnings

* fix

* todo for non-linux/android shadow, clippy

* typo

* removed unsupposted eq

* cleanup, docu

* libafl::Error

* fixed import

Co-authored-by: tokatoka <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-12-29 18:47:33 +01:00
s1341
eeac0f4f06
Fix strncmp hook to only check the length of the string (#434) 2021-12-28 10:00:44 +01:00
s1341
6384f1da95
Merge pull request #433 from AFLplusplus/frida_asan_max_total_allocation 
Implement max total allocation size for frida asan
 2021-12-27 11:49:40 +02:00
s1341
2e92a34494 Reset total allocations on reset 2021-12-26 11:17:27 +02:00
s1341
11ae49b7cd Implement max total allocation size for frida asan 2021-12-26 10:44:25 +02:00
tokatoka
97c169fe63 init ranges later 2021-12-24 16:34:53 +09:00
tokatoka
e6434d2ec2 fmt 2021-12-24 15:46:27 +09:00
tokatoka
9cd0d2228c drcov runtime 2021-12-24 15:45:08 +09:00
Dominik Maier
6b5181250c
Drcov remodelling (#415) 
* drcov remodelling

* fmt

* fix

Co-authored-by: tokatoka <tokazerkje@outlook.com>
 2021-12-23 17:13:18 +01:00
s1341
b0019ae4a9
Fix frida-mode for debug builds, ensure it will continue to work on release builds (#427) 
* Fix cfg directives so that we actually build on all combinations of release/debug x86_64/aarch64

* Include fuzzer for stalker purposes

* Get rid of cfg on use
 2021-12-21 14:30:47 +01:00
Dongjia Zhang
2aa0ca5ef1
Frida shadow fix (#425) 
* map_to_shadow

* fix map_to_shadow

* aarch64 change?

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* use

* revert

* s1341's change

* Fix shadow calculation in instrumented code

* Fix asan error output to be more accurate

Co-authored-by: s1341 <github@shmarya.net>
 2021-12-20 10:51:45 +01:00
Dongjia Zhang
6e59e5bdc7
Frida Refactor: Separate Frida other helper functions into each Runtime (#418) 
* separate asan

* fmt

* move asan out of helper.rs

* fmt

* move cmplog out of helper.rs

* fmt

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* fix

* final fix & fmt

* Fix unused imports

* Fmt

* rename files

* fix Makefile

* fmt

* clippy

Co-authored-by: s1341 <github@shmarya.net>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-12-16 14:16:01 +01:00
Dominik Maier
217a7dee1d
Use Structopt instead of yaml for example fuzzers, introduce Cores API (#420) 
* reworked generic_inmemory to structopt

* moved core parsing to a struct

* added Cores

* added structopt to libpng_ctx

* improved libafl, added structopt to libpng launcher

* fix deexit ub

* move more to structopt

* improve llvm-config detection

* move construct_automata to structopt

* clippy, fixes, ...

* no_std

* clippy

* frida core parsing

* fixed no-fork cores

* updated clap

* added missing import

* missing borrow

* reworked frida to structopt

* fixed build

* using Cores api for atheris

Co-authored-by: Dominik Maier <d.maier@avm.de>
 2021-12-15 03:58:35 +01:00
Dongjia Zhang
fc0881194d
Windows timeout fix with critical sections (#391) 
* add

* unix fix

* unsafe positions

* another unsafe!

* ignore

* ignore

* make changes back

* fix

* fix

* fmt

* bug fix

* fmt

* compiler fence

* import

* typo

* add another critical section

* fix

* fix

* exclude windows book test

* typo

* fence

* why

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2021-12-09 13:55:20 +01:00
Toka
6cd2d69bfc
fix (#388) 2021-11-23 17:01:08 +01:00
OB
751330e8ee
Cmplog instrumentation (#382) 
* add support for cbz/tbz

* remove unecessary print

* implemented support for tbz

* add support for tbnz

* fix an error in the emitted code for both tbz/tbnz

* add support for cbnz

* fix error in logic

* add special handling to "subs"

* add restoration for X5 for tbz/tbnz

* add "adds" support

* add special handling for different opcodes

* add support for cbz/tbz

* remove unecessary print

* implemented support for tbz

* add support for tbnz

* fix an error in the emitted code for both tbz/tbnz

* add support for cbnz

* fix error in logic

* add special handling to "subs"

* add restoration for X5 for tbz/tbnz

* add "adds" support

* add special handling for different opcodes

* add adcs to cmplog commands

* get rid of irrelevant allocations

* add flag restoration to cmplog instrumentation emitted code

* add restoration for x24

* save and restore all registers
 2021-11-17 18:22:37 +01:00
Toka
fd869ba1cd
Frida Refactor: Frida executor (#374) 
* frida executor

* add files

* fmt & clippy

* fmt

* fix

* fmt

* fix & fmt
 2021-11-17 12:51:39 +01:00
Dominik Maier
ba969108e3
Push stage trait (#380) 
* rpush mutational trait

* tiny changes

* started PushStageAdapter

* fmt

* refactoring

* fix docs

* no_std

* formatted more
 2021-11-17 12:51:14 +01:00
Toka
c7512fceec
Frida Refactor: Split FridaHelper into each Runtime (#368) 
* dynasm maybe_log

* create coverage_rt, trim helper

* add

* amd64 working

* aarch64 instrumentation, untested

* asan dir

* Revert "asan dir"

This reverts commit c7afc784819072d9fa7b8ce23adb7c9f07a21b10.

* non x86_64 fix

* clippy

* change

* change

* fix

* Fix aarch64-linux-android build

* Fix aarch64 execution

* Fix fmt

Co-authored-by: s1341 <github@shmarya.net>
 2021-11-16 12:30:34 +01:00
Dominik Maier
62afed61e2
Renamed Stats to Monitors (#373) 
* renamed stats to monitors

* added depreciation notices

* resorted generics alphaabetically

* added monitors

* fmt fuzzers

* added depreciation note for usermonitor

* fmt all fuzzers script

* more fmt

* renamed some monitor things back to stats

* fixed rename
 2021-11-12 11:01:08 +01:00
s1341
a42a3a9ccf
Support suppression of hooked functions (#369) 2021-11-08 07:51:58 +01:00
s1341
eecfdbbbe0
Support different names for the libc++ shared object when hooking (#370) 2021-11-08 07:50:20 +01:00
s1341
a80126681e
Fix cfg directives for frida-asan (#365) 
* Fix cfg directives for frida-asan

* drop unneeded line

* clippy

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-11-07 18:17:47 +01:00
OB
3ffcfde9a3
Frida Cmplog improvements for aarch64 (#363) 
* add support for cbz/tbz

* remove unecessary print

* implemented support for tbz

* add support for tbnz

* fix an error in the emitted code for both tbz/tbnz

* add support for cbnz

* fix error in logic

* add special handling to "subs"

* add restoration for X5 for tbz/tbnz

* add "adds" support

* add special handling for different opcodes

* add support for cbz/tbz

* remove unecessary print

* implemented support for tbz

* add support for tbnz

* fix an error in the emitted code for both tbz/tbnz

* add support for cbnz

* fix error in logic

* add special handling to "subs"

* add restoration for X5 for tbz/tbnz

* add "adds" support

* add special handling for different opcodes

* add adcs to cmplog commands

* get rid of irrelevant allocations
 2021-11-07 15:39:34 +01:00
Andrea Fioraldi
b4e15fe9f3
Bridge grammartec from Nautilus to libafl (#342) 
* nautilus dep

* nautilus generation

* fix mutator

* start new mutator for nautilus

* other mutators

* baby

* ci

* NautilusFeedback

* fix unparse

* ci

* ci

* ci

* ci

* nigghtly clippy

* ci

* fix

* ci

* ci

* update construct automatata

* fix

* ci

* clippy

* clippy

* nightly clippy

* more clippy

* minor clippy

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-11-06 02:21:53 +01:00
Dominik Maier
ea820a1694
Fork feature flag to disable fork in Launcher (#351) 
* Fork feature flag to disable fork in launcher

* FnOnce instead of FnMut

* cleanup

* fix no_std

* doc/warning fix

* useless clippy fix
 2021-11-05 17:26:49 +01:00
Toka
380196cf41
Fix cfgs for frida asan (#353) 
* fix

* fmt
 2021-11-05 17:15:59 +01:00
Toka
bf67b6ca76
Frida Address Sanitizer for x86_64 (#331) 
* remove libafl_tests

* fmt

* fix

* fix

* fix

* first

* width

* start working on runtime side

* experimental c code for generate_shadow_check_function

* generate shadow_check_blob

* add

* debuggin

* fix

* passes assert tests

* cargo fmt

* generate_shadow_check_blob, untested

* save flags

* add

* make registers numbers a const

* register frames?

* comment

* debugging memcpy

* fix a bug, more to come

* finally error removed

* finally working function hooking & clean up

* fix for arm & update stub

* fix

* blob

* blob_check_mem works? (at least no errors) & fmt

* add an link to show how the asm code are generated

* put probe code for aarch64 back & clippy

* fmt

* still blob emitting errors

* fmt

* now that blob works?

* stack alignment

* testing speed with hook_function only

* comment some printlns out

* small fix: ignore rep, jmp to current_report_impl iff blob_check_mems are emitted

* make rip accessible by pc()

* Program counter accessors for both arch

* fmt

* fix

* fix offset

* retrieve accessed memory addr, r/w rip

* inspect the fault triggering instruction

* AsanError Classification

* clippy fixes

* pass basereg/indexreg/disp to AsanErros

* update asanerrors for amd64

* clippy

* fmt

* use frida/frida-rust

* just use 44

* fix debug build

* fix

* fix

* crate.io

* change

* fmt
 2021-11-05 06:37:28 +01:00
Toka
43a32f9e2b
fix (#345) 2021-11-03 18:57:54 +01:00
Toka
1ecef5598e
fix warnings on windows (#344) 2021-11-03 18:15:24 +01:00
Dominik Maier
3f1130a8a4
fixes for frida mode for win and checks in rust 1.56 (#334) 
* fixes for frida mode for win

* missing bracket

* fix docs

* fix docs, add windows ci

* disable breaking ci
 2021-10-25 11:49:34 +02:00
Toka
f63b862160
Frida for Windows (#287) 
* harness.cc for win

* no backtrace for frida_gum

* build.rs message

* cfg guards

* at least libafl_frida builds with cfg guards

* fuzzer.rs builds on win

* clean up

* build instructions

* ps

* fix

* clang

* fix

* article

* static option to make it run on powershell

* vscode build instructions

* dllexport!

* fix

* build.rs

* fix & fmt

* message

* msys not necessary anymore

* Update README.md

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-09-29 22:10:15 +02:00
Andrea Fioraldi
2f2634db02
Python basic bindings for sugar and qemu (#302) 
* InMemoryBytesCoverageSugar python binding

* InMemoryBytesCoverageSugar python binding

* python mod for qemu in libafl_sugar

* libafl_qemu python

* fix

* clippy fixes

* clippy

* added pyo3-build-config for MacOS builds

* gitignor

* python is not default

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-09-27 09:39:21 +02:00
Dominik Maier
3fe8c2c044
cbz, tbz, tbnz support for aarch64 cmplog (#298) 
* add support for cbz/tbz

* remove unecessary print

* implemented support for tbz

* add support for tbnz

* fix an error in the emitted code for both tbz/tbnz

Co-authored-by: Omree <Omree10@gmail.com>
 2021-09-17 03:03:27 +02:00
Dominik Maier
5caeb46b67
renamed target_os macos to target_vendor apple (#273) 
* renamed target_os macos to target_vendor apple

* fix yaml
 2021-08-23 09:45:25 +02:00
Fabian Freyer
15c6e6b73b
libafl_frida: remove non-gnu hooks on macos (#262) 
The following functions are GNU extensions and therefore
not available on superior systems:
- explicit_bzero
- malloc_usable_size
- memalign
- mempcpy
- memrchr
 2021-08-15 08:51:47 +02:00
Dominik Maier
16c3a07be7
ShMem Server for MacOS (#238) 
* generalized ashmem server

* fixed macos testcases

* added StdShMemService

* no_st

* fmt

* added testcase, fixed some bugs (not all)

* solidified unix shmem

* initial impl for MmapShMem

* Added shmem service start to more testcases

* clippy

* fixed tetcases

* added frida_libpng makefile for easy use

* trying to fix build on ubuntu

* fixed ubuntu build for libpng

* no_std

* fixed testcase
 2021-08-05 17:08:01 +02:00
s1341
3fac056b58
strdup is an allocating function, treat it as such (#241) 
* strdup is an allocating function, treat it as such; poison target bytes after run

* Add cfg guards
 2021-08-04 15:03:49 +02:00
julihoh
7750707fee
fix ci for latest clippy version (#239) 
* clippy

* fix ubuntu as well
 2021-08-03 12:29:30 +02:00
Andrea Fioraldi
44f6e4c389
Improve introspection (#200) 
* remove NUM_FEEDBACKS

* working introspection

* adust introspection stats

* bugfixes, clippy

* removed outdated define

* more clippy;

* no_std

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-07-02 10:58:36 +02:00
Andrea Fioraldi
5b54f0f068
Llvm passes (#185) 
* enable llvm passes in libafl_cc

* cmplog rtn pass in fuzzbench fuzzer

* improve libafl_cc

* silence fuzzbench compiler wrapper

* instrumentation and runtime for rtn cmplog

* fix test

* fix test

* fuck clippy

* remove anon union in CmpLogMap

* windows.h

* remove libafl_targets_cmplog_wrapper

* no inline linking

* adapt fuzzers/
 2021-06-23 09:38:15 +02:00
Andrea Fioraldi
bdb5efbf5b
Configurations (#162) 
* print sender id

* storing sender id to env

* executor in llmp handle_in_client

* compile the lib

* compiling generic_inmemory

* fix forkserver

* adapt from fuzzers

* instrospection fix

* exitkind in NewTestcase

* fix libafl_frida

* fix firda_libpng

* send conf with Newtestcase event

* bump to 0.4.0

* no_std fix

* fmt

* fix libfuzzer_libmozjpeg

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-06-22 15:04:14 +02:00
Andrea Fioraldi
8f5e2515dd Fix CI 2021-06-18 09:12:15 +02:00
s1341
ca4bdd3e3b
frida: small fixes (#169) 
* Too large allocs should return 0; Don't forcibly free unfreed allocations in reset

* Make max ASAN allocation configurable
 2021-06-13 12:27:27 +02:00
Dominik Maier
022dc33251 clippy 2021-06-10 22:07:18 +02:00
Omree
48af1661b4 change error message 2021-06-09 17:20:26 +03:00
Omree
f1c646dd1c Merge branch 'main' into cmplog_instrumentation 2021-06-09 17:05:37 +03:00
Omree
1181728a4f changed command line parameter from cmplog_cores to cmplog-cores 2021-06-09 16:55:42 +03:00
Omree
ed26319a21 add cmplog_cores command line argument support 2021-06-09 16:27:22 +03:00
OB
7abd7c8162
Cmplog instrumentation for Frida (#99) 
* libafl_targets: refactor sancov trace-pc

* cmp observer

* libaf_targets: new structure to isolate sancov

* fix C warning

* combined executor

* cmp observer and feedback

* I2SRandReplace mutator

* impl CmpMap for CmpLogMap in libafl_targets

* cmplog observer

* clippy

* TracingStage

* working random cmplog mutations

* enable cmplog for libfuzzer_stb_image

* re-enable new testcase stats print

* fix update stats display

* bump 0.3.1

* clippy

* clippy

* no clippy for fuzzers/

* fix

* add cmplog runtime instrumentation

* test cmplog against value profile feature

* fix compile error

* add target arch aarch64 for is_interesting_cmplog_instruction

* add cfg target aarch64 on cmplog related code within stalker loop

* revert changes in cargo.toml

* align code with 'main' branch

* revert accidently changed Cargo.toml file

* update cmplog runtime code to work with the cmplog backend implementation

* change magic to 8 bytes

* cmplog runs with observer- no crashes

* clippy fixes

* add cmplog_runtime as feature

* set cmplog command-line argument to false by default

* setup cmplog observer and mutator correctly

* decrease emitted code opcode count

* add cmplog testing to the harness

* get rid of irrelevant changes and unused code, add comments, change
feature name to "cmplog"

* get rid of some unessecery whitespaces and new lines

* fix clippy errors

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Omree <you@example.com>
 2021-06-09 14:11:43 +02:00