* emu::current_cpu() is now kept after vm stop and it is the CPU that hitted the breakpoint
* clippy
* uninit
* clippy
* clippy
* clippy
* clippy
* nightly override in CI
* nightly override in CI
* components
* components
* targets
* targets
* clippy
* clippy
* clippy
* clippy
* clippy (again)
* MaybeUninit
Co-authored-by: Dominik Maier <dmnk@google.com>
* starting to fix macos linker bugs
* mdetailed error prints
* start shmem service manually
* not a doc comment
* Some fixes
* only send exit msg to shmemservice when start was successful
* incorporated shmem service into provider
* removed unused imports
* trying to fix fuzzers
* fixed build
* check if join_handle is_some
* more debug prints
* fixed shmem service autolaunch
* fixed macos linker
* ignoring broken libpng testcase on macos for now (see #252)
* fmt
* try to fix missing llvm_config (see #253)
* empty issue template added
* Mmanually look for llvm-config on MacOS
* fixing CI
* fixed docs
* ignoring libmozjpg for CI, see #254
* add compression
* modify event/llmp.rs
* rename to LLMP_TAG_COMPRESS
* remove compression code from bolts/llmp.rs
* add compress.rs
* handle compress & decompress in GzipCompress struct, compress if the size is large enough
* add code for benchmark
* remove LLMP_TAG_COMPRESS, use a flag instead
* cargo fmt
* rm test.sh
* passes the test
* comment benchmarks code out
* add recv_buf_with_flag()
* add the llmp_compress feature
* add send_buf, do not compile compression code if it's not used
* fix warning
* merged dev
* add error handling code
* doc for compress.rs
* remove tag from decompress
* rename every flag to flags
* fix some clippy.sh errors
* simplify recv_buf
* delete benchmark printf code
* cargo fmt
* fix doc
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* frida_asan: Implemented initial asan runtime library
* frida_asan: Switch to hashbrown
* Implemented GOT-based hooking to isolate the hooking of the memory functions. Implemented initial ASAN instrumentation
* WIP: Shadowing all used memory. Currently tracking pages using a BTreeSet. Slow AF!
* Add SigTrap to unix_signals and inprocess
* Working frida-asan, almost no speed degradation.
Currently the shadow check is reversed, so it checks only that the shadow is not 0.
We need to implement sub-8-byte checking.
* Format
* Cleanup and formatting
* Sub-qword and 16-byte checks implemented; Fixed unaligned access to QWORD
* Pass the ucontext_t to signal handlers. Initial regdump on crash
* Fix typo
* Make the context argument a mut ref
* Add missing files; Implement initial reporting
* Refactor out gothook; Move safety checkers to dynasm
* Get rid of const assembly blobs no longer needed
* Move to a handler function instead of using SIGTRAP.
This bloats the transformed code, but doesn't seem to have a major impact on performance.
Also, implemented pretty backtraces and assembly output.
* Formatting
* Get rid of all the pinning crap I wasted my day on, We don't need it
* windows fixes
* ashmem
* ashmem_service: server side ready
* ashmem_service: client side ready. Ready for integration
* ashmem_service: changes to UnixShMem to make it 'threadable'
* ashmem_service: format
* ashmem_service: Undo changes to UnixShMem, make the thread own the AshmemService instead; Fix protocol bug
* ashmem_service: working ashmem service. Fix merge issues
* use the newly released capston e 0.8.0; Fix a nasty bug where the afl_area an pc_pointer were reversed. Changed Vectors to Boxed [u8]
* Implement type detection for reporting; Implement double-free/unallocated free checking
* fmt
* Cleanup code a little
* frida-asan: This is an omnibus commit. Should probably have been a bunch of small commits, but I don't have the time/patience.
- Implemented DrCov support in order to debug a failing harness. This is actually
generic and should be moved out of libafl_frida.
- Implemented LIBAFL_FRIDA_OPTIONS env var to pass options to the frida helper,
to dynamically enable/disable asan and drcov.
- Implemented memory reuse - after each test case the used pages are recycled and
can be reused in the next test case.
- Implemented and tested vectorized instruction instrumentation.
- Implemented not instrumenting atomic load/store instructions. The cost of
trying to emulate their behaviour is too high at the moment.
- Implemented probing of shadow bit to determine the best match for the current
system.
- Implemented shadow memory pre-mapping where it is available. We probe for this
too.
- Implemented ability to specify a list of modules to instrument on the command
line. This allows fine-grained control of which modules are instrumented for
coverage/asan/drcov.
- Implemented unpoisoning of the Input target_bytes in a pre_exec hook.
- Added support for zero-sized allocations. We return 0x10 bytes at the moment.
- Added all known operator new/delete functions to hooks.
- Added workaround for frida_gum_allocate_near bug.
- Cleaned up reporting, added reporting for different error types.
* frida-asan: Implement leak detection
* Fix merge issues
* Rebased on dev to get llmp/shmem changes; Clippy fixes
* Add FridaOptions struct
* Add the Custom ExitKind; Get rid of Clone/PartialEq on ExitKind
* Make it possible to recover from an ASAN error
* Add SIGTRAP to crashing signals
* Add back (conditional) crashing on Asan errors.
* Fix too-large immediates in add instruction
* Implement RcShMemProvider, finally fix the EOP bug
* Clear ASAN_ERRORS before each test
* Fix warnings; Fix review issues
* Cleanup prints
* Add timeout to Frida mode
* Make allocation-/free-site backtraces optional
* CPU Context and backtrace (on android/aarch64 atm) on crash
* Make stalker conditional
* Add metadata to solution, and write metadata files
* Add addresses to backtrace; Add reporting of ASAN stack errors; Fix ASAN reporting bugs
* Remove meaningless backtrace on crash
* Fix the x0, x1 load in report
* use upstream color-backtrace
* use __builtin_thread_pointer instead of custom asm
* Don't unwrap ASAN_ERRORS if it isn't some
* Fix bug where we weren't clearing the drcov basicblocks after each run
* Fix bug where we were dropping an ashmem too soon
* Fix OwnedPtr instead of CPtr
* Fix gettls for all archs
* cfg guards for target arch, disabling Frida-ASAN/-DrCov if not on aarch64
* Cargo fmt
* Only panic in options when asan/drcov are turned on; Merge fixes
* gothook only supported on unix
* Fix gettls on msvc
* Another attempt to fix MSVC gettls
* Fix backtrace use
* nostd fixes; warning fixes
* formatting
* Migrate FridaEdgeCoverageHelper into libafl_frida, and rename to FridaInstrumentationHelper
* Clean up uses
* Move DrCovWriter to libafl_targets
* Refactor DrCovWriter to get a vec of DrCovBasicBlocks; formatting
* Update to newer backtrace which supports android with gimli
* windows fixes
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: andreafioraldi <andreafioraldi@gmail.com>
* shmeme/llmp refactor to convert ShMem into a stateful ShMemProvider
factory.
At the moment we use parking_lot::ReentrantMutex. That may not be
necessary.
* fix merge issue
* formatting
* Fix fuzzer examples for new ShMemProvider
* Fix clippy warnings
* Fix build and clippy for x86_64
* Resolve review comments
* Remove ReentrantMutex and RefCell - they are not needed
* Hopefully fix win32 build
* Fix tests, windows build
* Rename ShMemProvider to ShMem
* Revert "Rename ShMemProvider to ShMem"
This reverts commit eca07c8d7bb3d5e829fecf3f7213c763470a41e9.
* Rename ShMemMapping to ShMem; Test fixes
* Add missing trait to scope
* Fix from_int
* Fix try_into
* Move to alloc::sync::Arc and spin::Mutex to support nostd
* Fix tests
* nostd fixes; Make new() a part of the ShMemProvider trait
* Fix errant ?
* Fix windows
* Fix missing trait
* nostd remove dbg!
* Add Default and Clone to ShMemProvider
* Formatting
* Fix windows
* Get rid of ArcMutex in favor of RefCell
* Rc RefCell
* moved to refs
* SHP->SP
* Use alloc::rc::Rc instead of std::rc::Rc
* Format
* Add setup_restarting_mgr_std which selects the right ShMemProvider; changed fuzzers to use it
* Get rid of unnecessary clone
* Fix clippy error on windows
* Fix nostd
* Fix formatting
* Make StdShmemProvider include ServedShMemProvider
* Get rid of lifetime specifiers now that we are using Rc
* Get rid of unneccesary spin
* Rename ShMemProvider::Mapping to ShMemProvider::Mem
* Formatting
* fix Windows
* Rename DefaultUnixShmem* to CommonUnixShmem*
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* unix_domain_sockets: Added Listener abstraction
Tested and TCP is still working
* unix_domain_sockets: turn off the unstable feature except on android
* unix_domain_sockets: more turn off the unstable feature except on android
* unix_domain_sockets: always import UnixListener
* unix_domain_sockets: Finished implementation. Tested working on android when both sides are root
* unix_domain_sockets: adjust conditional compilation
* unix_domain_sockets: formatting
* unix_domain_sockets/android: implement ashmem hooks
* unix_domain_sockets/android: formatting
* unix_domain_sockets: make Listener abstraction public
* unix_domain_sockets: add cfg(std) to Listener
* unix_domain_sockets: add cfg(std) to imports
* unix_domain_sockets: formatting
* unix_domain_sockets: Handle SIGTERM, SIGQUIT and SIGINT gracefully and cleanup the unix socket
* unix_domain_sockets: formatting
* unix_domain_sockets: fix conditional compilation
* unix_domain_sockets: use String::default instead of a literal
* unix_domain_sockets: socket_name should be an Option<>
* fixed build
* fmt
* fixed warnings
* using volatile reads and writes for shutdown flag
* reordered compiler fence on write
* moved the signal handler method to its own function
* readme
* moved to HasShmId
* unix_domain_sockets: fix warnings
* renamed HasShmId to HasFd
Co-authored-by: Dominik Maier <domenukk@gmail.com>
