5c856cccc8
* frida_asan: Implemented initial asan runtime library * frida_asan: Switch to hashbrown * Implemented GOT-based hooking to isolate the hooking of the memory functions. Implemented initial ASAN instrumentation * WIP: Shadowing all used memory. Currently tracking pages using a BTreeSet. Slow AF! * Add SigTrap to unix_signals and inprocess * Working frida-asan, almost no speed degradation. Currently the shadow check is reversed, so it checks only that the shadow is not 0. We need to implement sub-8-byte checking. * Format * Cleanup and formatting * Sub-qword and 16-byte checks implemented; Fixed unaligned access to QWORD * Pass the ucontext_t to signal handlers. Initial regdump on crash * Fix typo * Make the context argument a mut ref * Add missing files; Implement initial reporting * Refactor out gothook; Move safety checkers to dynasm * Get rid of const assembly blobs no longer needed * Move to a handler function instead of using SIGTRAP. This bloats the transformed code, but doesn't seem to have a major impact on performance. Also, implemented pretty backtraces and assembly output. * Formatting * Get rid of all the pinning crap I wasted my day on, We don't need it * windows fixes * ashmem * ashmem_service: server side ready * ashmem_service: client side ready. Ready for integration * ashmem_service: changes to UnixShMem to make it 'threadable' * ashmem_service: format * ashmem_service: Undo changes to UnixShMem, make the thread own the AshmemService instead; Fix protocol bug * ashmem_service: working ashmem service. Fix merge issues * use the newly released capston e 0.8.0; Fix a nasty bug where the afl_area an pc_pointer were reversed. Changed Vectors to Boxed [u8] * Implement type detection for reporting; Implement double-free/unallocated free checking * fmt * Cleanup code a little * frida-asan: This is an omnibus commit. Should probably have been a bunch of small commits, but I don't have the time/patience. - Implemented DrCov support in order to debug a failing harness. This is actually generic and should be moved out of libafl_frida. - Implemented LIBAFL_FRIDA_OPTIONS env var to pass options to the frida helper, to dynamically enable/disable asan and drcov. - Implemented memory reuse - after each test case the used pages are recycled and can be reused in the next test case. - Implemented and tested vectorized instruction instrumentation. - Implemented not instrumenting atomic load/store instructions. The cost of trying to emulate their behaviour is too high at the moment. - Implemented probing of shadow bit to determine the best match for the current system. - Implemented shadow memory pre-mapping where it is available. We probe for this too. - Implemented ability to specify a list of modules to instrument on the command line. This allows fine-grained control of which modules are instrumented for coverage/asan/drcov. - Implemented unpoisoning of the Input target_bytes in a pre_exec hook. - Added support for zero-sized allocations. We return 0x10 bytes at the moment. - Added all known operator new/delete functions to hooks. - Added workaround for frida_gum_allocate_near bug. - Cleaned up reporting, added reporting for different error types. * frida-asan: Implement leak detection * Fix merge issues * Rebased on dev to get llmp/shmem changes; Clippy fixes * Add FridaOptions struct * Add the Custom ExitKind; Get rid of Clone/PartialEq on ExitKind * Make it possible to recover from an ASAN error * Add SIGTRAP to crashing signals * Add back (conditional) crashing on Asan errors. * Fix too-large immediates in add instruction * Implement RcShMemProvider, finally fix the EOP bug * Clear ASAN_ERRORS before each test * Fix warnings; Fix review issues * Cleanup prints * Add timeout to Frida mode * Make allocation-/free-site backtraces optional * CPU Context and backtrace (on android/aarch64 atm) on crash * Make stalker conditional * Add metadata to solution, and write metadata files * Add addresses to backtrace; Add reporting of ASAN stack errors; Fix ASAN reporting bugs * Remove meaningless backtrace on crash * Fix the x0, x1 load in report * use upstream color-backtrace * use __builtin_thread_pointer instead of custom asm * Don't unwrap ASAN_ERRORS if it isn't some * Fix bug where we weren't clearing the drcov basicblocks after each run * Fix bug where we were dropping an ashmem too soon * Fix OwnedPtr instead of CPtr * Fix gettls for all archs * cfg guards for target arch, disabling Frida-ASAN/-DrCov if not on aarch64 * Cargo fmt * Only panic in options when asan/drcov are turned on; Merge fixes * gothook only supported on unix * Fix gettls on msvc * Another attempt to fix MSVC gettls * Fix backtrace use * nostd fixes; warning fixes * formatting * Migrate FridaEdgeCoverageHelper into libafl_frida, and rename to FridaInstrumentationHelper * Clean up uses * Move DrCovWriter to libafl_targets * Refactor DrCovWriter to get a vec of DrCovBasicBlocks; formatting * Update to newer backtrace which supports android with gimli * windows fixes Co-authored-by: Dominik Maier <domenukk@gmail.com> Co-authored-by: andreafioraldi <andreafioraldi@gmail.com>
26 lines
639 B
TOML
26 lines
639 B
TOML
[package]
|
|
name = "libafl_targets"
|
|
version = "0.1.0"
|
|
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
|
|
description = "Common code for target instrumentation that can be used combined with LibAFL"
|
|
documentation = "https://docs.rs/libafl_targets"
|
|
repository = "https://github.com/AFLplusplus/LibAFL/"
|
|
license = "MIT OR Apache-2.0"
|
|
keywords = ["fuzzing", "testing"]
|
|
edition = "2018"
|
|
|
|
[features]
|
|
default = []
|
|
pcguard_edges = []
|
|
pcguard_hitcounts = []
|
|
libfuzzer = []
|
|
value_profile = []
|
|
cmplog = []
|
|
pcguard = ["pcguard_hitcounts"]
|
|
|
|
[build-dependencies]
|
|
cc = { version = "1.0", features = ["parallel"] }
|
|
|
|
[dependencies]
|
|
rangemap = "0.1.10"
|