* WIP: windows frida
* frida-windows: fix hooks not present on windows
* windows: allow building using cargo xwin
* frida-windows: fmrt
* frida-windows: cleanup and allow asan/drcov on windows
* frida-windows: fmt
* frida-windows: fix clippy
* frida-windows: handle unknown exceptions gracefully
* frida-windows: rework shadow mapping algo
* frida-windows: add hook functions
* frida-windows: hook functions; fix stack register
* minibsod: enable for windows
* check_shadow: fix edge casees
* asan_rt: rework and add hooks for windows
* inprocess: add minibsod on windows
* Fix warnings
* minibsod: disable test on windows
* WIP: HookRuntime
* Cleanup after merge
* Bump frida-gum version
* Fix conflict marker; update frida
* Make winsafe windows-specific
* Fmt
* Format
* Better detection of clang++ (using cc)
* Make AsanErrors crate public so we can use it in tests
* Add helper to get immediate of operand
* Use HookRuntime to hook asan functions
Tests now passing
* fmt
* Implement recurisve jmp resolve
* Fix reversed logic
* windows_hooks: Don't die if functions are already replaced
* Allow utils to work on windows
* Enable allocator hooking on windows
* Warnings; add trace to free
* Make ASAN tests run windows (with cargo xwin compilation)
* Fmt
* clang-format
* clang-format
* Add more tests
* Fix partial range access bug in unpoisoning/shadow_check
* Merge main
* Fix check_shadow and implement unit tests
* Fix hooking and PC retrieval
* WIP: Working gdiplus fuzzing with frida-ASAN, no false positives
* LibAFL Frida asan_rt and hook_rt fixes for frida_windows (#2095)
* Introduce aarch64
* MacOS fix - MemoryAreas is broken on MacOS and just loops
* Introduce working aarch64 ASAN check
* Implement large blob
* Fix hook_rt for arm64
* Fix poison/unpoison
* Fix shadow check
* Update x86-64
* Fix aarch64 unused import
* Remove extraneous println statement
* merge main
* Fixes
* alloc: add tests, pass the tests
* HookRuntime before AsanRuntime, and don't Asan if Hooked
* hook_rt: Fixes
* Frida windows check shadow fix (#2159)
* Fix check_shadow and add additional tests
* add some additional documentation
* Revert to Interceptor based hooks
* fixes
* format
* Get rid of hook_rt; fixes
* clang-format
* clang-format
* Fix with_threshold
* fixes
* fix build.rs
* fmt
* Fix offset to RDI on stack
* Fix clippy
* Fix build.rs
* clippy
* hook MapViewOfFile
* fmt
* fix
* clippy
* clippy
* Missing brace
* fix
* Clippy
* fomrrat
* fix i64 cast
* clippy exclude
* too many lines
* Undo merge fails
* fmt
* move debug print
* Fix some frida things
* Remove unused frida_to_cs fn for aarch64
* name
* Don't touch libafl_qemu
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Sharad Khanna <sharad@mineo333.dev>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* rands: simpler rand_trait code, remove useless test
* rands: provide and use proper random_seed()
* rands: add missing golden tests
* Don't use current_nanos() for seeding
* rands: remove RandomSeed trait
* match by ref fix
* impl Named for Reference
* rename
* magic indexing
* whoops
* docs, clippy
* some additional CI complaints
* other libafl_qemu fixes
* missed an alloc feature
* a smattering of fixes
* use from not direct construction
* tinyinst fix
* horrible double-mutability things
* fixup nyx
* from not new
* forkserver_simple fixes
* dogfood: forkserver
* mmmm yummy dogfood
* round one CI fixes
* clippy appeasement
* deref generic impl to simplify usage
* adaptive serialization (ouch)
* remaining clippy items
* I am tired
* new not with
* fixup: aflpp tracing was not actually constructable
* fix tmin
* reduce complexity of map feedback now that we do not need to constrain
* frida fixes
* fix concolic
* type_ref => reference
* sample implementation of tracking enforcement (incomplete)
* helpful compiler output
* make it look like a real compiler output
* ensure that the macro may be used outside of libafl
* separate index/novelty tracking funcs
* default const generic values so that we don't need to change this everywhere
* fix tests
* rollback unnecessary specification of stdmapobserver
* register metadata in doc tests
* doc fixes
* doc cleanup
* doc cleanup 2
* reduce implementor overhead to zero
* renaming/docs fixes
* asref isn't reflexive??
* generalization stage updates
* add better documentation about require_{indices,novelties}_tracking
* remaining generic updates
* round one CI pass (knowingly introduces breaking changes)
* typo
* round 2 clippy
* rollback: libafl_frida changes
* fmt
* moar porting
* fix remaining fuzzers
* fix windows build, maybe
* fixup libafl_libfuzzer
* fmt nighlty all the things
* attempt to fix some broken additions
* fix fmt
* oops
* fix new invocation
* minimizer scheduler fixes
* fix accounting
* rename
* fix
* Fix build
* Sort generics
* Move more generics into the right place
* Rename A -> C
* Fix test
* Fix test some more
* Fix doc some more
* critical formatting
* More A->C
* CanTrack harder
---------
Co-authored-by: Dominik Maier <dmnk@google.com>
* POC attempt to make cmplog work on x64
windows POC seems working
unix POC seems working :)
* no register collisions
* rsp-related ref support
iced optional dep
iced depends on cmplog
warnings
one more warning
comments cleanup
ci unbreak
rebase windows unbreak
rebase unix unbreak
unix only
fmt check
clang formatting
clang formatting again
make clippy happy
formatting
double import
windows unbreak
hashmap is conditional
leftover definition
tutorial related formatter
review fixes
comments
.asm fuzz targets for cmplog on Windows
more tests
rip-relative reference support without index register form
proper ignore rip-related references and ignore 8 bit comparisons
another try_into packing
* harness modification reverted
* dummy commit to restart CI
* review comments
---------
Co-authored-by: sbarsky <sbarsky@denuvo.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* impr(frida): Don't keep FuzzerOptions in Helper
Instead, keep the actual values that are needed. This allows us to make
a builder for FridaInstrumentationBuilder in a subsequent commit.
* refactor(frida): Move workaround to separate method
This is just code movement.
* refactor(frida): move transformer initialization
Mostly code movement here, sets up replacing `new` with a builder. The
one exception is the introduction of a lifetime bound on RT, which needs
to outlive the transformer. This could be generic, but there's probably
no reason to introduce an additional lifetime.
However, because of this lifetime introduction, this is _technically_ a
breaking change.
* impr(frida): Pass module map to runtimes
Instead of passing a slice of modules to instrument, and re-building the
modulemap, pass a Ref-counted module map directly to the initialization.
* feat(frida): Builder for InstrumentationHelper
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* impr(frida/alloc): optional options in allocator
Move all the initialization into Default::default with sensible defaults
and override parameters set from options in new.
* impr(frida): remove options from AsanError
The only option AsanError uses is whether to continue on error. Instead
of keeping a whole clone of the options around, just store that single
boolean value.
* impr(frida/asan): Use less FuzzerOptions
* Implement Default::default to get a good default AsanRuntime
---------
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Change executor trait to allow \&mut Input
* Add mut inprocess executor
* Add mut inprocess executor
* Format and fix clippy errors
* Fix more clippy errors
* Revert accidental refactoring of InMemoryCorpus
* Add mut versions of all executors that can support it
* Do not persist possible testcase mutation in stages, shadow/differential executors, or corpus minimization
* Fix missing imports
* Fix executor type for missed qemu items
* Add re-exports for mut executors
* Use InProcessForkExecutorMut in QemuForkExecutorMut
* Update BytesInput harnesses to take mutable references
* Update other-input-type-taking harnesses to take mut references
* Clippy fixes
* Feature gate TryFromIntError import
* Fix missed harness input type in baby_fuzzer
* Fix additional clippy issues
* Fix unnecessary hashes on string literal
* Even MORE clippy fixes
* Fix one more clippy issue
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* Created macro to get the metadata form State and Testcase
* Expanded the macros for mutable, or not, State and Testcase metadata
* Created functions on traits HasMetadata and HasNamedMetadatato get, mutable or not, metadata
* Created the functions to get metadata
* Added #[inline] attribute and renamed the functions
* Renamed the functions and added #[inline] attribute
* Temporarily added testcase() function
* Added testcase() function
* Changed Ref import to core::cell:Ref
* Added testcase_mut() and renamed occurences of metadata() and metadata_mut()
* Renamed more occurences
* Renamed the metadata() on impl HasMetadata for NopState
---------
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* Associated types for Corpus, State
* cleanup
* fix no_std
* drop unused clauses
* Corpus
* cleanup
* adding things
* fixed fuzzer
* remove phantom data
* python
* progress?
* more more
* oof
* wow it builds?
* python fixes, tests
* fix python fun
* black fmt for python
* clippy, added Nop things
* fixes
* fix merge
* make it compile (#836)
* doc-test fixes, prelude-b-gone for cargo-hack compat
* fixes for windows, concolic
* really fix windows, maybe
* imagine using windows
* ...
* elide I generic when used with S: State
* Elide many, many generics, but at what cost?
* progress on push
* Constraint HasCorpus, HasSolutions at trait definition
* remove unused feature
* remove unstable usage since we constrained HasCorpus at definition
* compiled, but still no type inference for MaxMapFeedback
* cleanup inprocess
* resolve some std conflicts
* simplify map
* undo unnecessary cfg specification
* fix breaking test case for CI on no-std
* fix concolic build failures
* fix macos build
* fixes for windows build
* timeout fixes for windows build
* fix pybindings issues
* fixup qemu
* fix outstanding local build issues
* maybe fix windows inprocess
* doc fixes
* unbridled fury
* de-associate State from Feedback, replace with generic as AT inference is not sufficient to derive specialisation for MapFeedback
* merge update
* refactor + speed up fuzzer builds by sharing build work
* cleanup lingering compiler errors
* lol missed one
* revert QEMU-Nyx change, not sure how I did that
* move HasInput to inputs
* HasInput => KnowsInput
* update bounds to enforce via associated types
* disentangle observers with fuzzer
* revert --target; update some fuzzers to match new API
* resolve outstanding fuzzer build blockers (that I can run on my system)
* fixes for non-linux unixes
* fix for windows
* Knows => Uses, final fixes for windows
* <guttural screaming>
* fixes for concolic
* loosen bound for frida executor so windows builds correctly
* cleanup generics for eventmanager/eventprocessor to drop observers requirement
* improve inference over fuzz_one and friends
* update migration notes
* fixes for python bindings
* fixes for generic counts in event managers
* finish migration notes
* post-merge fix
Co-authored-by: Addison Crump <addison.crump@cispa.de>
* Use the new bolts::cli with the frida_libpng sample
* Fix comment and add must_use
* Fix windows
* Fix windows more
* Fix windows more, more
* Fix windows more, more, more
* Remove comma
* fmt
* documentation, warnings
* fixed docs
* docs
* no_std
* test
* windows
* nautilus docs
* more fixes
* more docs
* nits
* windows clippy
* docs, windows
* nits
* debug all the things
* derive debug for all core library components
* Docu for libafl_targets
* nits
* reordered generics
* add docs to frida, debug
* nits
* fixes
* more docu for frida, nits
* more docu
* more docu
* Sugar docs
* debug for qemu
* more debug
* import debug
* fmt
* debug
* anyap_debug feature no longer needed
* tidy up unused fn
* indicate if we left out values for struct debug
* implement Debug for sugar
* debug allthethings
* ci
* remove libafl_tests
* fmt
* fix
* fix
* fix
* first
* width
* start working on runtime side
* experimental c code for generate_shadow_check_function
* generate shadow_check_blob
* add
* debuggin
* fix
* passes assert tests
* cargo fmt
* generate_shadow_check_blob, untested
* save flags
* add
* make registers numbers a const
* register frames?
* comment
* debugging memcpy
* fix a bug, more to come
* finally error removed
* finally working function hooking & clean up
* fix for arm & update stub
* fix
* blob
* blob_check_mem works? (at least no errors) & fmt
* add an link to show how the asm code are generated
* put probe code for aarch64 back & clippy
* fmt
* still blob emitting errors
* fmt
* now that blob works?
* stack alignment
* testing speed with hook_function only
* comment some printlns out
* small fix: ignore rep, jmp to current_report_impl iff blob_check_mems are emitted
* make rip accessible by pc()
* Program counter accessors for both arch
* fmt
* fix
* fix offset
* retrieve accessed memory addr, r/w rip
* inspect the fault triggering instruction
* AsanError Classification
* clippy fixes
* pass basereg/indexreg/disp to AsanErros
* update asanerrors for amd64
* clippy
* fmt
* use frida/frida-rust
* just use 44
* fix debug build
* fix
* fix
* crate.io
* change
* fmt
* fix ondisk corpus race condition
* move metadata name to be a dotfile
* note ExitKind for crashes and timeouts in inprocess executor
* potential fix for windows
* added write_file_atomic
* no_std fixes
* no_std testcase fix
* typo fix, windows
* clippy
* more no_std testing
