* launcher in linux
* silence stdout and stderr linux
* arg parser and other changes
* retry instead of sleep
* no_std fixes
* reordered includes
* launcher for windows and kill clients when broker returns
* cargo fmt
* started launcher api cleanup
* use closures instead of functions
* small change
* reordered launcher params
* fixed clippy warnings
* fixed no_std
* moved launcher example to own folder
* docu
* cleanup launcher
* more docs
* Fix merge issues
* Rework the launcher code to provide a cleaner API
* Open file before spawning clients
* launcher: fix merge issue, sleep for a different amount for each core
* fixed no_std
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* some clippy warning ignored
* using clippy.sh
* Update README.md
* fixed clippy run in workflow
* fixing clippy::match-same-arms
* make clippy less pedantic
* fixed some minor typos in the book
* launcher: use s1341's fork of core_affinity
* Build warning fix proposal, mostly about reference to packed fields. (#79)
* Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
* Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
* fixed clippy warnings
* Frida suppress instrumentation locations option (#87)
* Implement frida option
* Format
* add append/discard_metadata for and/or/not feedback (#86)
* add append/discard_metadata for and/or/not feedback
* fix
* Call append_metadata on crash (#88)
* Call append_metadata on crash
* Formatting
* Reachability example (#65)
* add reachability observer/feedback
* add fuzzer exmaple
* fmt
* remove reachabilityobserver, use stdmapobserver instead
* update diff.patch
* update README
* fix the clippy warning
* Squashed commit of the following:
commit f20524ebd77011481e86b420c925e8504bd11308
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 16:00:39 2021 +0200
Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
commit e06efaa03bc96ef71740d7376c7381572bf11c6c
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 13:54:46 2021 +0200
Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
commit 17c6fcd31cb746c099654be2b7a168bd04d46381
Merge: 08a2d43 a78a4b7
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:16:49 2021 +0200
Merge branch 'main' into dev
commit 08a2d43790797d8864565fec99e7043289a46283
Author: David CARLIER <devnexen@gmail.com>
Date: Mon May 3 10:15:28 2021 +0100
Build warning fix proposal, mostly about reference to packed fields. (#79)
commit 88fe8fa532ac34cbc10782f5f71264f620385dda
Merge: d5d46ad d2e7719
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:05:42 2021 +0200
Merge pull request #80 from marcograss/book-typos
fixed some minor typos in the book
commit a78a4b73fa798c1ed7a3d053369cca435e57aa07
Author: s1341 <s1341@users.noreply.github.com>
Date: Mon May 3 10:34:15 2021 +0300
frida-asan: Un-inline report funclet to reduce code bloat (#81)
* frida-asan: Outline report funclet to reduce code bloat
* fmt
commit d2e7719a8bea3a993394c187e2183d3e91f02c75
Author: Marco Grassi <marco.gra@gmail.com>
Date: Sun May 2 21:58:33 2021 +0800
fixed some minor typos in the book
commit d5d46ad7e440fd4a2925352ed1ccb9ced5d9463d
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 23:09:10 2021 +0200
make clippy less pedantic
commit 52d25e979e23589587c885803641058dc36aa998
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 22:23:59 2021 +0200
fixing clippy::match-same-arms
commit cd66f880dea830d1e38e89fd1bf3c20fd89c9d70
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 14:02:07 2021 +0200
fixed clippy run in workflow
commit ddcf086acde2b703c36e4ec3976588313fc3d591
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:53:29 2021 +0200
Update README.md
commit c715f1fe6e42942e53bd13ea6a23214620f6c829
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:48:38 2021 +0200
using clippy.sh
commit 9374b26b1d2d44c6042fdd653a8d960ce698592c
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:47:44 2021 +0200
some clippy warning ignored
commit b9e75c0c98fdfb1e70778e6f3612a94b71dcd21a
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:24:02 2021 +0200
Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* feedbacks now return a boolean value
* use feedback_or, and modify Cargo.toml
* fix diff between dev and this branch
* fmt
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* clippy fixes
* clippy fixes
* clippy fixes, x86_64 warnings
* more docs
* Observers lifetime (#89)
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* Better docu (#90)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* Clippy fixes (#92)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* swapped if/else, as per clippy
* more docu, less clippy
* more fixes
* Fix merge issues
* Get rid of unneeded prints
* Fix merge errors
* added b2b to restarting interface
* Setting SO_REUSEPORT
* added b2b to launcher api
* more windows launcher
* Fix merge errors
* Add b2b support to frida_libpng
* make frida_libpng bind to a public address
* Convert launcher into a builder LauncherBuilder
* formatting
* Convert setup_restarting_mgr to a builder RestartingMgrBuilder; leave setup_restarting_mgr_std as is, so that fuzzers work
* RcShmem should be locked via a mutex
* Wait at least 1 second between broker and first client, to avoid race
* update frida_libpng README for cross-compiling to android (#100)
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* Fixed build for Windows
* no_std fixes
* reverted aa6773dcade93b3a66ce86e6b2cc75f55ce194e7 & windows fixes
* added pipes, moving to remove race conditions for rc shmem
* fix unix build
* fixed clippy:
* fixed no_std once more
* renamed b2b to remote_broker_addr
* you get a pre_fork, and you get a post_fork, forks for everyone
* switched to typed_builder
* Fix merge isseu
* Fix frida fuzzer with new Launcher builder
* Introspection (#97)
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* typos (please review)
* merged clippy.sh
* utils
* Add asan cores option (#102)
* added asan-cores option for frida fuzzer
When asan is enabled (via LIBBAFL_FRIDA_OPTIONS enable-asan), you can
filter exactly which of the cores asan should run on with the
asan-cores variable.
* add is_some check instead of !None
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* moved utils to bolts
* fixed typo
* no_std fixes
* unix fixes
* fixed unix no_std build
* fix llmp.rs
* adapt libfuzzer_libpng_launcher
* added all fuzzers to ci
* fmt, improved ci
* tests crate not ready for prime time
* clippy fixes
* make ci script executable
* trying to fix example fuzzers
* working libfuzzer_libpng_laucnher
* frida_libpng builds
* clippy
* bump version
* fix no_std
* fix dep version
* clippy fixes
* more fies
* clippy++
* warn again
* clearer readme
Co-authored-by: Vimal Joseph <vimaljoseph027@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: s1341 <github@shmarya.net>
Co-authored-by: Marco Grassi <marco.gra@gmail.com>
Co-authored-by: s1341 <s1341@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: Toka <tokazerkje@outlook.com>
Co-authored-by: r-e-l-z <azentner@gmail.com>
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
* save work
* it builds
* MutationalStage builds
* compile lib.rs test
* libafl tests work
* adapt stb_image example
* change fuzzer to not hold executor and event manager as type field
* libfuzzer_stb_image running example
* restore ReachabilityFeedback
* restore introspection
* adapt fuzzers except frida_libpng
* format
* compile on windows
* clippy
* fix libafl_frida
* adapt frida_libpng
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* shmeme/llmp refactor to convert ShMem into a stateful ShMemProvider
factory.
At the moment we use parking_lot::ReentrantMutex. That may not be
necessary.
* fix merge issue
* formatting
* Fix fuzzer examples for new ShMemProvider
* Fix clippy warnings
* Fix build and clippy for x86_64
* Resolve review comments
* Remove ReentrantMutex and RefCell - they are not needed
* Hopefully fix win32 build
* Fix tests, windows build
* Rename ShMemProvider to ShMem
* Revert "Rename ShMemProvider to ShMem"
This reverts commit eca07c8d7bb3d5e829fecf3f7213c763470a41e9.
* Rename ShMemMapping to ShMem; Test fixes
* Add missing trait to scope
* Fix from_int
* Fix try_into
* Move to alloc::sync::Arc and spin::Mutex to support nostd
* Fix tests
* nostd fixes; Make new() a part of the ShMemProvider trait
* Fix errant ?
* Fix windows
* Fix missing trait
* nostd remove dbg!
* Add Default and Clone to ShMemProvider
* Formatting
* Fix windows
* Get rid of ArcMutex in favor of RefCell
* Rc RefCell
* moved to refs
* SHP->SP
* Use alloc::rc::Rc instead of std::rc::Rc
* Format
* Add setup_restarting_mgr_std which selects the right ShMemProvider; changed fuzzers to use it
* Get rid of unnecessary clone
* Fix clippy error on windows
* Fix nostd
* Fix formatting
* Make StdShmemProvider include ServedShMemProvider
* Get rid of lifetime specifiers now that we are using Rc
* Get rid of unneccesary spin
* Rename ShMemProvider::Mapping to ShMemProvider::Mem
* Formatting
* fix Windows
* Rename DefaultUnixShmem* to CommonUnixShmem*
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* add LogMutation trait
* change &self to &mut self
* move self.scheduler out of StdFuzzer
* reorder generics?, implement post_exec
* append metadata to the corresponding testcase in the corpus
* turn mutations into Mutators
* impl Named for mutations
* add LoggerScheduledMutator, add fn get_name() to MutatorTuple
* Fix BytesDeleteMutator, and format
* remove TupleList bound on Tail
* turn TokenInsert, TokenReplace into Mutator, fill havoc_mutations
* libfuzzer_libpng
* libfuzzer_libpng_cmpalloc
* libfuzzer_libmozjpeg
* fix tests
* fix libfuzzer_libmozjpeg
* fix tests
* fix LoggerScheduledMutator::mutate
* use vec<u8> instead of String
* fix post_exec and get_name
* fmt
* NamedTuple and HasNameIdTuple
* always clear mutations log
* fix tests
* format
* remove libafl_targets default features
* use vec<string> instead of vec<vec<u8>>
* add alloc::string::String
* format
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* windows fuzzer target and minor changes - breaks android support and maybe linux build
* adapted windows example
* removed warnings from build.rs
* fixed build on unix
* fixed no_std
* build fix, silenced warnings
* no_std warning silenced
* clippy fixes
* fmt
* windows fuzzer target and minor changes - breaks android support and maybe linux build
* adapted windows example
* removed warnings from build.rs
* fixed build on unix
* fixed no_std
* build fix, silenced warnings
* no_std warning silenced
* clippy fixes
* fmt
* clippy
* trying to add clang support
* debugging win build
* debugging win build more
* debuggin..
* debuggin....
* more debugging
* giving up
Co-authored-by: richinseattle <richinseattle@gmail.com>
* inprocess: Allow InProcessExecutor to take a function pointer or a closure
* frida: initial working (but slow + buggy) frida helper
Issues:
- it's slow as ****
- there is an Llmp exception after the 227th corpus entry is found
- Cargo.toml lines currently import from a local ../frida-rust dir, as frida-rust is still under development
* inprocess: let the InProcessExecutor take a closure or a function pointer
* frida: working FridaHelper with InProcessExecutor
* frida: Apply suggestions; Move to RefCell; Cleanup warnings
* frida: link libstdc++_static.a on android
* take an FnMut in InProcessExecutor
* adapt libfuzzer_libpng to FnMut in InProcessExecutor
* create FridaInProcessExecutor and FridaEdgeCoverageHelper
* fix frida build.rs
* frida: move gum to main, get rid of lazy_static; use PageProtection enum
* stalker exclude
* frida: implement inline map-update for x86_64
* inprocess: add harness/harness_mut accessors
* format
* remove get_module_size from FridaEdgeCoverageHelper
* frida: implement aarch64 inline map update
* frida: add missing IndexMode
* add timeouts for executors
* move timeouts to observer
* add with_timeout constructor for Observer
* cast to i64 later in pre_exec
* add cfg(unix) guards
* add TimeoutExecutor
* add TimeoutFeedback and send ExitKind::Timeout from the handler
* pass Duration and move timeout stuff to post_exec
* format
* add timeouts to libpng_libfuzzer
* 10 sec timeout
* timeout executor file
* fix timeout executor no_std
* format
* todos
* Win32ShMem
* win32 exceptions
* fixes
* fix win32 build.rs
* fix win32 build.rs
* fixes fro win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* fixes for win32
* inprocess::windows_exception_handler
* inprocess::windows_exception_handler fixes
* windows_exception_handler in InProcessExecutor
* inprocess::windows_exception_handler fix
* fix windows exceptions mapping
* format
* format
* inprocess: Allow InProcessExecutor to take a function pointer or a closure
* frida: initial working (but slow + buggy) frida helper
Issues:
- it's slow as ****
- there is an Llmp exception after the 227th corpus entry is found
- Cargo.toml lines currently import from a local ../frida-rust dir, as frida-rust is still under development
* inprocess: let the InProcessExecutor take a closure or a function pointer
* frida: Apply suggestions; Move to RefCell; Cleanup warnings
* take an FnMut in InProcessExecutor
* adapt libfuzzer_libpng to FnMut in InProcessExecutor
* reenabled ci for prs
* frida: update to frida-rust 0.3.2
* frida: fix buid errors
* frida: fix build_and_test.yml
* frida: uses crates.io for frida-gum and frida-gum-sys
* fix merge errors
* fix typo
* frida: x86_64 now working
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: toka <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* unix_domain_sockets: Added Listener abstraction
Tested and TCP is still working
* unix_domain_sockets: turn off the unstable feature except on android
* unix_domain_sockets: more turn off the unstable feature except on android
* unix_domain_sockets: always import UnixListener
* unix_domain_sockets: Finished implementation. Tested working on android when both sides are root
* unix_domain_sockets: adjust conditional compilation
* unix_domain_sockets: formatting
* unix_domain_sockets/android: implement ashmem hooks
* unix_domain_sockets/android: formatting
* unix_domain_sockets: make Listener abstraction public
* unix_domain_sockets: add cfg(std) to Listener
* unix_domain_sockets: add cfg(std) to imports
* unix_domain_sockets: formatting
* unix_domain_sockets: Handle SIGTERM, SIGQUIT and SIGINT gracefully and cleanup the unix socket
* unix_domain_sockets: formatting
* unix_domain_sockets: fix conditional compilation
* unix_domain_sockets: use String::default instead of a literal
* unix_domain_sockets: socket_name should be an Option<>
* fixed build
* fmt
* fixed warnings
* using volatile reads and writes for shutdown flag
* reordered compiler fence on write
* moved the signal handler method to its own function
* readme
* moved to HasShmId
* unix_domain_sockets: fix warnings
* renamed HasShmId to HasFd
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* android: cleanup build.rs and allow for cross-compilation
* aarch64: use an aarch64 undefined instruction
* android: i8 should be u8
* android: siginfo_t is different on arm
* android: cast to c_char instead of u8/i8
It turns out that c_char is different on android and linux
* android: handle LDFLAGS being empty
* android: formatting
* fixed warning
Co-authored-by: Dominik Maier <domenukk@gmail.com>
