* Fixed infinite loop on SyncDiskStage
* cargo fmt
* added debug messages
* Add left to sync to metadata. Replace HashSet with Vec
* added check on state metadata to not crash in case it's None (start fuzzing without files to sync)
* fmt & clippy
---------
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* add AFL stage names for calibration, colorization, power and sync stages
* clippy
* add missing name field in sync stage
* use consts instead of hardcoding in functions.
change set_name to with_name for PowerMutationalStage
remove irrelevant fn transforming
* make AFL++ name default for all stages
* WIP: windows frida
* frida-windows: fix hooks not present on windows
* windows: allow building using cargo xwin
* frida-windows: fmrt
* frida-windows: cleanup and allow asan/drcov on windows
* frida-windows: fmt
* frida-windows: fix clippy
* frida-windows: handle unknown exceptions gracefully
* frida-windows: rework shadow mapping algo
* frida-windows: add hook functions
* frida-windows: hook functions; fix stack register
* minibsod: enable for windows
* check_shadow: fix edge casees
* asan_rt: rework and add hooks for windows
* inprocess: add minibsod on windows
* Fix warnings
* minibsod: disable test on windows
* WIP: HookRuntime
* Cleanup after merge
* Bump frida-gum version
* Fix conflict marker; update frida
* Make winsafe windows-specific
* Fmt
* Format
* Better detection of clang++ (using cc)
* Make AsanErrors crate public so we can use it in tests
* Add helper to get immediate of operand
* Use HookRuntime to hook asan functions
Tests now passing
* fmt
* Implement recurisve jmp resolve
* Fix reversed logic
* windows_hooks: Don't die if functions are already replaced
* Allow utils to work on windows
* Enable allocator hooking on windows
* Warnings; add trace to free
* Make ASAN tests run windows (with cargo xwin compilation)
* Fmt
* clang-format
* clang-format
* Add more tests
* Fix partial range access bug in unpoisoning/shadow_check
* Merge main
* Fix check_shadow and implement unit tests
* Fix hooking and PC retrieval
* WIP: Working gdiplus fuzzing with frida-ASAN, no false positives
* LibAFL Frida asan_rt and hook_rt fixes for frida_windows (#2095)
* Introduce aarch64
* MacOS fix - MemoryAreas is broken on MacOS and just loops
* Introduce working aarch64 ASAN check
* Implement large blob
* Fix hook_rt for arm64
* Fix poison/unpoison
* Fix shadow check
* Update x86-64
* Fix aarch64 unused import
* Remove extraneous println statement
* merge main
* Fixes
* alloc: add tests, pass the tests
* HookRuntime before AsanRuntime, and don't Asan if Hooked
* hook_rt: Fixes
* Frida windows check shadow fix (#2159)
* Fix check_shadow and add additional tests
* add some additional documentation
* Revert to Interceptor based hooks
* fixes
* format
* Get rid of hook_rt; fixes
* clang-format
* clang-format
* Fix with_threshold
* fixes
* fix build.rs
* fmt
* Fix offset to RDI on stack
* Fix clippy
* Fix build.rs
* clippy
* hook MapViewOfFile
* fmt
* fix
* clippy
* clippy
* Missing brace
* fix
* Clippy
* fomrrat
* fix i64 cast
* clippy exclude
* too many lines
* Undo merge fails
* fmt
* move debug print
* Fix some frida things
* Remove unused frida_to_cs fn for aarch64
* name
* Don't touch libafl_qemu
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Sharad Khanna <sharad@mineo333.dev>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* QEMU generic memory iterator + Refactoring
* Generic Memory Iterator (systemmode only for now): It is now possible to iterator over memory ranges, independently of the address kind
* Refactoring or Emulator / Qemu structures: they are now handled separately in different files
* Refactoring of Exit Handlers: Result / Error structs have been clarified
* Simple handler for signals
* add new `check-cfg` calls for libafl qemu
* Allow for more frequent updates of TOML monitor
* Don't skip first client
* Reduce code duplication
* Immediately write first TOML file
* Rust fmt
* Use same client numbering as other monitors
* Fmt
* Generalize `AsIter` to allow iterating over contents of a `RefCell`
Towards `MapObserver`s in safe Rust.
* Helpers for `RefCellValueObserver`
* MapObserver: Return owned Self::Entry from .get()
`Self::Entry` is `Copy`, so there's not much value in returning a
reference from `get()`. Futhermore, returning a reference limits the
possible implementations of `MapObserver`, because it forces the
borrow/reset to outlive the body of the method.
* MapObserver: Replace `.get_mut()` with `.set(idx, val)`
Like the previous commit, this is intended to expand the possible
implementations of `MapObserver` to types with interior mutability,
which can't necessarily loan out their content.
* Make `RefCellValueObserver` into a safe `MapObserver`
* as iter mut
* as slice (mut): allow for non-& refs
* nostd
* CI round 1
* cleanup + AsSlice defs for RefCellValueObserver
* clippy fixes
* avoid unnecessary imports
* whoops, too aggressive
* use deref instead of as slice
* whoops
* fix as slice conditional importing in stable
---------
Co-authored-by: Addison Crump <addison.crump@cispa.de>
* match by ref fix
* impl Named for Reference
* rename
* magic indexing
* whoops
* docs, clippy
* some additional CI complaints
* other libafl_qemu fixes
* missed an alloc feature
* a smattering of fixes
* use from not direct construction
* tinyinst fix
* horrible double-mutability things
* fixup nyx
* from not new
* forkserver_simple fixes
* dogfood: forkserver
* mmmm yummy dogfood
* round one CI fixes
* clippy appeasement
* deref generic impl to simplify usage
* adaptive serialization (ouch)
* remaining clippy items
* I am tired
* new not with
* fixup: aflpp tracing was not actually constructable
* fix tmin
* reduce complexity of map feedback now that we do not need to constrain
* frida fixes
* fix concolic
* type_ref => reference
* Architecture-specific stuff is now in the `arch` directory
* Helpers are now in the `helpers` directory
* `emu.rs` has been moved as `emu/mod.rs` for consistency with the rest of the repository
* introduce load_initial_inputs_disallow_solution to exit if a solution is found during seed loading
* fmt
* rename CorpusError to Corpus
* add LoadConfig to simplify configuration for loading initial inputs
* Rename Error::Corpus to Error::InvalidCorpus
Add documentation to LoadConfig struct
fix nostd for LoadConfig
---------
Co-authored-by: aarnav <aarnav@srlabs.de>
