* llmp docs skeleton
* llmp documentation
* more llmp docu
* llmp
* some core concepts
* start working on tutorial
* adapted rng_core to lain
* fix tutorial build
* warnings, format
* add explanation
* No need to own the types
* metadata
* writing
* fmt
* tutorial folder
* lain needs nightly
* added mdbook test to ci
* fix ci, add linkcheck
* more book
* baby
* tutorial target
* fix mdbook build
* fix mdbook test
* more book
* fixed typo
* fixed build
* spawn instances'
* 'finish' book
* added sugar crate information
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* fix ondisk corpus race condition
* move metadata name to be a dotfile
* note ExitKind for crashes and timeouts in inprocess executor
* potential fix for windows
* added write_file_atomic
* no_std fixes
* no_std testcase fix
* typo fix, windows
* clippy
* more no_std testing
* starting to fix macos linker bugs
* mdetailed error prints
* start shmem service manually
* not a doc comment
* Some fixes
* only send exit msg to shmemservice when start was successful
* incorporated shmem service into provider
* removed unused imports
* trying to fix fuzzers
* fixed build
* check if join_handle is_some
* more debug prints
* fixed shmem service autolaunch
* fixed macos linker
* ignoring broken libpng testcase on macos for now (see #252)
* fmt
* try to fix missing llvm_config (see #253)
* empty issue template added
* Mmanually look for llvm-config on MacOS
* fixing CI
* fixed docs
* ignoring libmozjpg for CI, see #254
* builds on no_std
* fixed std build
* nightly fmt on CI
* nightly fmt on CI (again)
* fmt
* no_std build on unix
* more mem
* added no_std from #212 to gh workflow
* more ci, less nightly
* clippy
* more toolchains?
* docu
* y u no build
* more ci?
* next try
* fixed dockr
* more dockerfile fixes
* ondisk corpus fixed
* panic:?
* ubunutu
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* add Forkserver, Pipe Outfile struct
* add forkserver executor struct, and shmem init
* close pipes in the destructor of Forkserver
* fill pre_exec to write out the inputs
* fix
* read_st, write_ctl
* more handshakes
* wrap Pipe in Arc, fill post_exec
* add Forkserver, Pipe Outfile struct
* add forkserver executor struct, and shmem init
* close pipes in the destructor of Forkserver
* fill pre_exec to write out the inputs
* fix
* read_st, write_ctl
* more handshakes
* wrap Pipe in Arc, fill post_exec
* fix for the lastest HasExecHooks trait
* use Dominik's pipe, remove Arc and temporarily pass RawFd to setstdin but trying to figure out other solutions
* add libafl_tests, put a very simple vulnerable program
* fix
* added forkserver_simple (mostly copy-pasted from babyfuzzer)
* fix test
* handle crash in post_exec
* add README.md
* check exec time to see why it's so slow
* remove double invokation of is_interesting for the obejctive
* make forkserver_simple AFL-like and improve speed
* some debugging help
* do not evaluate feedback if solution
* speedup the things
* working input placement via stdin in Forkserver
* don't call panic! but return errors, rewrite some comments
* use AFLplusplus/afl-cc instead of AFL
* use .cur_input like AFL
* bring the test for forkserver back
* add better README.md message
* failing the initial handshake should return an error
* delete some commented-out code
* format
* format
* ForkserverExecutor needs std and is unix-only for now
* clippy
* OutFile error handling
* fmt
* clippy
* don't build libafl_tests on windows
* fix
* keep test in forkserver.rs simple
* add forkserver_test feature for libafl_tests
* format
* some doc
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* launcher in linux
* silence stdout and stderr linux
* arg parser and other changes
* retry instead of sleep
* no_std fixes
* reordered includes
* launcher for windows and kill clients when broker returns
* cargo fmt
* started launcher api cleanup
* use closures instead of functions
* small change
* reordered launcher params
* fixed clippy warnings
* fixed no_std
* moved launcher example to own folder
* docu
* cleanup launcher
* more docs
* Fix merge issues
* Rework the launcher code to provide a cleaner API
* Open file before spawning clients
* launcher: fix merge issue, sleep for a different amount for each core
* fixed no_std
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* some clippy warning ignored
* using clippy.sh
* Update README.md
* fixed clippy run in workflow
* fixing clippy::match-same-arms
* make clippy less pedantic
* fixed some minor typos in the book
* launcher: use s1341's fork of core_affinity
* Build warning fix proposal, mostly about reference to packed fields. (#79)
* Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
* Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
* fixed clippy warnings
* Frida suppress instrumentation locations option (#87)
* Implement frida option
* Format
* add append/discard_metadata for and/or/not feedback (#86)
* add append/discard_metadata for and/or/not feedback
* fix
* Call append_metadata on crash (#88)
* Call append_metadata on crash
* Formatting
* Reachability example (#65)
* add reachability observer/feedback
* add fuzzer exmaple
* fmt
* remove reachabilityobserver, use stdmapobserver instead
* update diff.patch
* update README
* fix the clippy warning
* Squashed commit of the following:
commit f20524ebd77011481e86b420c925e8504bd11308
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 16:00:39 2021 +0200
Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
commit e06efaa03bc96ef71740d7376c7381572bf11c6c
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 13:54:46 2021 +0200
Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
commit 17c6fcd31cb746c099654be2b7a168bd04d46381
Merge: 08a2d43 a78a4b7
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:16:49 2021 +0200
Merge branch 'main' into dev
commit 08a2d43790797d8864565fec99e7043289a46283
Author: David CARLIER <devnexen@gmail.com>
Date: Mon May 3 10:15:28 2021 +0100
Build warning fix proposal, mostly about reference to packed fields. (#79)
commit 88fe8fa532ac34cbc10782f5f71264f620385dda
Merge: d5d46ad d2e7719
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:05:42 2021 +0200
Merge pull request #80 from marcograss/book-typos
fixed some minor typos in the book
commit a78a4b73fa798c1ed7a3d053369cca435e57aa07
Author: s1341 <s1341@users.noreply.github.com>
Date: Mon May 3 10:34:15 2021 +0300
frida-asan: Un-inline report funclet to reduce code bloat (#81)
* frida-asan: Outline report funclet to reduce code bloat
* fmt
commit d2e7719a8bea3a993394c187e2183d3e91f02c75
Author: Marco Grassi <marco.gra@gmail.com>
Date: Sun May 2 21:58:33 2021 +0800
fixed some minor typos in the book
commit d5d46ad7e440fd4a2925352ed1ccb9ced5d9463d
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 23:09:10 2021 +0200
make clippy less pedantic
commit 52d25e979e23589587c885803641058dc36aa998
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 22:23:59 2021 +0200
fixing clippy::match-same-arms
commit cd66f880dea830d1e38e89fd1bf3c20fd89c9d70
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 14:02:07 2021 +0200
fixed clippy run in workflow
commit ddcf086acde2b703c36e4ec3976588313fc3d591
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:53:29 2021 +0200
Update README.md
commit c715f1fe6e42942e53bd13ea6a23214620f6c829
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:48:38 2021 +0200
using clippy.sh
commit 9374b26b1d2d44c6042fdd653a8d960ce698592c
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:47:44 2021 +0200
some clippy warning ignored
commit b9e75c0c98fdfb1e70778e6f3612a94b71dcd21a
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:24:02 2021 +0200
Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* feedbacks now return a boolean value
* use feedback_or, and modify Cargo.toml
* fix diff between dev and this branch
* fmt
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* clippy fixes
* clippy fixes
* clippy fixes, x86_64 warnings
* more docs
* Observers lifetime (#89)
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* Better docu (#90)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* Clippy fixes (#92)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* swapped if/else, as per clippy
* more docu, less clippy
* more fixes
* Fix merge issues
* Get rid of unneeded prints
* Fix merge errors
* added b2b to restarting interface
* Setting SO_REUSEPORT
* added b2b to launcher api
* more windows launcher
* Fix merge errors
* Add b2b support to frida_libpng
* make frida_libpng bind to a public address
* Convert launcher into a builder LauncherBuilder
* formatting
* Convert setup_restarting_mgr to a builder RestartingMgrBuilder; leave setup_restarting_mgr_std as is, so that fuzzers work
* RcShmem should be locked via a mutex
* Wait at least 1 second between broker and first client, to avoid race
* update frida_libpng README for cross-compiling to android (#100)
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* Fixed build for Windows
* no_std fixes
* reverted aa6773dcade93b3a66ce86e6b2cc75f55ce194e7 & windows fixes
* added pipes, moving to remove race conditions for rc shmem
* fix unix build
* fixed clippy:
* fixed no_std once more
* renamed b2b to remote_broker_addr
* you get a pre_fork, and you get a post_fork, forks for everyone
* switched to typed_builder
* Fix merge isseu
* Fix frida fuzzer with new Launcher builder
* Introspection (#97)
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* typos (please review)
* merged clippy.sh
* utils
* Add asan cores option (#102)
* added asan-cores option for frida fuzzer
When asan is enabled (via LIBBAFL_FRIDA_OPTIONS enable-asan), you can
filter exactly which of the cores asan should run on with the
asan-cores variable.
* add is_some check instead of !None
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* moved utils to bolts
* fixed typo
* no_std fixes
* unix fixes
* fixed unix no_std build
* fix llmp.rs
* adapt libfuzzer_libpng_launcher
* added all fuzzers to ci
* fmt, improved ci
* tests crate not ready for prime time
* clippy fixes
* make ci script executable
* trying to fix example fuzzers
* working libfuzzer_libpng_laucnher
* frida_libpng builds
* clippy
* bump version
* fix no_std
* fix dep version
* clippy fixes
* more fies
* clippy++
* warn again
* clearer readme
Co-authored-by: Vimal Joseph <vimaljoseph027@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: s1341 <github@shmarya.net>
Co-authored-by: Marco Grassi <marco.gra@gmail.com>
Co-authored-by: s1341 <s1341@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: Toka <tokazerkje@outlook.com>
Co-authored-by: r-e-l-z <azentner@gmail.com>
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
* save work
* it builds
* MutationalStage builds
* compile lib.rs test
* libafl tests work
* adapt stb_image example
* change fuzzer to not hold executor and event manager as type field
* libfuzzer_stb_image running example
* restore ReachabilityFeedback
* restore introspection
* adapt fuzzers except frida_libpng
* format
* compile on windows
* clippy
* fix libafl_frida
* adapt frida_libpng
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* add compression
* modify event/llmp.rs
* rename to LLMP_TAG_COMPRESS
* remove compression code from bolts/llmp.rs
* add compress.rs
* handle compress & decompress in GzipCompress struct, compress if the size is large enough
* add code for benchmark
* remove LLMP_TAG_COMPRESS, use a flag instead
* cargo fmt
* rm test.sh
* passes the test
* comment benchmarks code out
* add recv_buf_with_flag()
* add the llmp_compress feature
* add send_buf, do not compile compression code if it's not used
* fix warning
* merged dev
* add error handling code
* doc for compress.rs
* remove tag from decompress
* rename every flag to flags
* fix some clippy.sh errors
* simplify recv_buf
* delete benchmark printf code
* cargo fmt
* fix doc
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* add LogMutation trait
* change &self to &mut self
* move self.scheduler out of StdFuzzer
* reorder generics?, implement post_exec
* append metadata to the corresponding testcase in the corpus
* turn mutations into Mutators
* impl Named for mutations
* add LoggerScheduledMutator, add fn get_name() to MutatorTuple
* Fix BytesDeleteMutator, and format
* remove TupleList bound on Tail
* turn TokenInsert, TokenReplace into Mutator, fill havoc_mutations
* libfuzzer_libpng
* libfuzzer_libpng_cmpalloc
* libfuzzer_libmozjpeg
* fix tests
* fix libfuzzer_libmozjpeg
* fix tests
* fix LoggerScheduledMutator::mutate
* use vec<u8> instead of String
* fix post_exec and get_name
* fmt
* NamedTuple and HasNameIdTuple
* always clear mutations log
* fix tests
* format
* remove libafl_targets default features
* use vec<string> instead of vec<vec<u8>>
* add alloc::string::String
* format
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* inprocess: Allow InProcessExecutor to take a function pointer or a closure
* frida: initial working (but slow + buggy) frida helper
Issues:
- it's slow as ****
- there is an Llmp exception after the 227th corpus entry is found
- Cargo.toml lines currently import from a local ../frida-rust dir, as frida-rust is still under development
* inprocess: let the InProcessExecutor take a closure or a function pointer
* frida: working FridaHelper with InProcessExecutor
* frida: Apply suggestions; Move to RefCell; Cleanup warnings
* frida: link libstdc++_static.a on android
* take an FnMut in InProcessExecutor
* adapt libfuzzer_libpng to FnMut in InProcessExecutor
* create FridaInProcessExecutor and FridaEdgeCoverageHelper
* fix frida build.rs
* frida: move gum to main, get rid of lazy_static; use PageProtection enum
* stalker exclude
* frida: implement inline map-update for x86_64
* inprocess: add harness/harness_mut accessors
* format
* remove get_module_size from FridaEdgeCoverageHelper
* frida: implement aarch64 inline map update
* frida: add missing IndexMode
* add timeouts for executors
* move timeouts to observer
* add with_timeout constructor for Observer
* cast to i64 later in pre_exec
* add cfg(unix) guards
* add TimeoutExecutor
* add TimeoutFeedback and send ExitKind::Timeout from the handler
* pass Duration and move timeout stuff to post_exec
* format
* add timeouts to libpng_libfuzzer
* 10 sec timeout
* timeout executor file
* fix timeout executor no_std
* format
* todos
* Win32ShMem
* win32 exceptions
* fixes
* fix win32 build.rs
* fix win32 build.rs
* fixes fro win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* inprocess::windows_exception_handler
* inprocess::windows_exception_handler fixes
* windows_exception_handler in InProcessExecutor
* inprocess::windows_exception_handler fix
* fix windows exceptions mapping
* format
* format
* inprocess: Allow InProcessExecutor to take a function pointer or a closure
* frida: initial working (but slow + buggy) frida helper
Issues:
- it's slow as ****
- there is an Llmp exception after the 227th corpus entry is found
- Cargo.toml lines currently import from a local ../frida-rust dir, as frida-rust is still under development
* inprocess: let the InProcessExecutor take a closure or a function pointer
* frida: Apply suggestions; Move to RefCell; Cleanup warnings
* take an FnMut in InProcessExecutor
* adapt libfuzzer_libpng to FnMut in InProcessExecutor
* reenabled ci for prs
* frida: update to frida-rust 0.3.2
* frida: fix buid errors
* frida: fix build_and_test.yml
* frida: uses crates.io for frida-gum and frida-gum-sys
* fix merge errors
* fix typo
* frida: x86_64 now working
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: toka <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* unix_domain_sockets: Added Listener abstraction
Tested and TCP is still working
* unix_domain_sockets: turn off the unstable feature except on android
* unix_domain_sockets: more turn off the unstable feature except on android
* unix_domain_sockets: always import UnixListener
* unix_domain_sockets: Finished implementation. Tested working on android when both sides are root
* unix_domain_sockets: adjust conditional compilation
* unix_domain_sockets: formatting
* unix_domain_sockets/android: implement ashmem hooks
* unix_domain_sockets/android: formatting
* unix_domain_sockets: make Listener abstraction public
* unix_domain_sockets: add cfg(std) to Listener
* unix_domain_sockets: add cfg(std) to imports
* unix_domain_sockets: formatting
* unix_domain_sockets: Handle SIGTERM, SIGQUIT and SIGINT gracefully and cleanup the unix socket
* unix_domain_sockets: formatting
* unix_domain_sockets: fix conditional compilation
* unix_domain_sockets: use String::default instead of a literal
* unix_domain_sockets: socket_name should be an Option<>
* fixed build
* fmt
* fixed warnings
* using volatile reads and writes for shutdown flag
* reordered compiler fence on write
* moved the signal handler method to its own function
* readme
* moved to HasShmId
* unix_domain_sockets: fix warnings
* renamed HasShmId to HasFd
Co-authored-by: Dominik Maier <domenukk@gmail.com>
