diff options
| author | vanhauser-thc <vh@thc.org> | 2024-10-01 10:13:35 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2024-10-01 10:13:35 +0200 |
| commit | 146e535f7b644a3d38f8e90c415974b23ff295c0 (patch) | |
| tree | fe70e4386d7c44600948d4b2b46506d84bd7e1a3 | |
| parent | b88f132975b41aa16c43ee5e2bc3a243b79330ec (diff) | |
| download | afl++-146e535f7b644a3d38f8e90c415974b23ff295c0.tar.gz | |
persistent record for frida and qmeu
| -rw-r--r-- | src/afl-forkserver.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 16 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 28 |
4 files changed, 40 insertions, 19 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index ae3c7ccc..51299009 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -536,12 +536,15 @@ static void report_error_and_exit(int error) { #ifdef __linux__ void nyx_load_target_hash(afl_forkserver_t *fsrv) { + void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path); - fsrv->nyx_target_hash64 = fsrv->nyx_handlers->nyx_get_target_hash64(nyx_config); + fsrv->nyx_target_hash64 = + fsrv->nyx_handlers->nyx_get_target_hash64(nyx_config); fsrv->nyx_handlers->nyx_config_free(nyx_config); + } -#endif +#endif /* Spins up fork server. The idea is explained here: diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 9eaa661d..a9397232 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1237,19 +1237,26 @@ void perform_dry_run(afl_state_t *afl) { u8 crash_log_fn[PATH_MAX]; snprintf(crash_log_fn, PATH_MAX, "%s.log", crash_fn); - fd = open(crash_log_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); - if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", crash_log_fn); } + fd = open(crash_log_fn, O_WRONLY | O_CREAT | O_EXCL, + DEFAULT_PERMISSION); + if (unlikely(fd < 0)) { + + PFATAL("Unable to create '%s'", crash_log_fn); + + } u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, afl->fsrv.nyx_aux_string_len); - ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, crash_log_fn); + ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, + crash_log_fn); close(fd); } + #endif - + afl->last_crash_time = get_cur_time(); afl->last_crash_execs = afl->fsrv.total_execs; @@ -2905,6 +2912,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { afl->fsrv.target_path); } + #endif if (stat(afl->fsrv.target_path, &st) || !S_ISREG(st.st_mode) || diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index b1a84cb6..a7465330 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -83,12 +83,16 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) { #ifdef __linux__ if (afl->fsrv.nyx_mode) { + nyx_load_target_hash(&afl->fsrv); fprintf(f2, "%llx\n", afl->fsrv.nyx_target_hash64); - } - else { + + } else { + fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path)); + } + #else fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path)); #endif diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a2fd4b76..7a940031 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1505,7 +1505,8 @@ int main(int argc, char **argv_orig, char **envp) { #ifdef __linux__ if (afl->fsrv.nyx_mode) { - OKF("AFL++ Nyx mode is enabled (developed and maintained by Sergej Schumilo)"); + OKF("AFL++ Nyx mode is enabled (developed and maintained by Sergej " + "Schumilo)"); OKF("Nyx is open source, get it at https://github.com/Nyx-Fuzz"); } @@ -2225,23 +2226,27 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->in_place_resume && !afl->afl_env.afl_no_fastresume) { -#ifdef __linux__ + #ifdef __linux__ u64 target_hash = 0; if (afl->fsrv.nyx_mode) { + nyx_load_target_hash(&afl->fsrv); target_hash = afl->fsrv.nyx_target_hash64; - } - else { + + } else { + target_hash = get_binary_hash(afl->fsrv.target_path); + } -#else + + #else u64 target_hash = get_binary_hash(afl->fsrv.target_path); -#endif + #endif if ((!target_hash || prev_target_hash != target_hash) -#ifdef __linux__ - || (afl->fsrv.nyx_mode && target_hash == 0) -#endif + #ifdef __linux__ + || (afl->fsrv.nyx_mode && target_hash == 0) + #endif ) { ACTF("Target binary is different, cannot perform FAST RESUME!"); @@ -2386,10 +2391,11 @@ int main(int argc, char **argv_orig, char **envp) { #ifdef AFL_PERSISTENT_RECORD if (unlikely(afl->fsrv.persistent_record)) { - if (!getenv(PERSIST_ENV_VAR)) { + if (!getenv(PERSIST_ENV_VAR) && !getenv("AFL_FRIDA_PERSISTENT_ADDR") && + !getenv("AFL_QEMU_PERSISTENT_ADDR")) { FATAL( - "Target binary is not compiled in persistent mode, " + "Target binary is not compiled/run in persistent mode, " "AFL_PERSISTENT_RECORD makes no sense."); } |