diff options
| author | WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> | 2021-07-06 18:51:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-06 19:51:52 +0200 |
| commit | 43db577dbbdf6973c274f6cffcd27435262df751 (patch) | |
| tree | 16e25af19d3df2f01a3fcffd262e61628c416b28 | |
| parent | 0662c5580bd46ff37f8f76413ea114712c372d16 (diff) | |
| download | afl++-43db577dbbdf6973c274f6cffcd27435262df751.tar.gz | |
Changes to make JS run in foreground thread (#1009)
Co-authored-by: Your Name <you@example.com>
| -rw-r--r-- | frida_mode/src/js/js.c | 56 | ||||
| -rw-r--r-- | frida_mode/test/js/GNUmakefile | 14 | ||||
| -rw-r--r-- | frida_mode/test/js/entry.js | 15 |
3 files changed, 65 insertions, 20 deletions
diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index ed378d2c..cf98ff3e 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -9,12 +9,15 @@ static char * js_script = NULL; gboolean js_done = FALSE; js_api_stalker_callback_t js_user_callback = NULL; -static gchar * filename = "afl.js"; -static gchar * contents; -static GumScriptBackend *backend; -static GCancellable * cancellable = NULL; -static GError * error = NULL; -static GumScript * script; +static gchar * filename = "afl.js"; +static gchar * contents; +static GumScriptBackend * backend; +static GCancellable * cancellable = NULL; +static GError * error = NULL; +static GumScript * script; +static GumScriptScheduler *scheduler; +static GMainContext * context; +static GMainLoop * main_loop; static void js_msg(GumScript *script, const gchar *message, GBytes *data, gpointer user_data) { @@ -80,18 +83,44 @@ static void js_print_script(gchar *source) { } -void js_start(void) { +static void create_cb(GObject *source_object, GAsyncResult *result, + gpointer user_data) { + + UNUSED_PARAMETER(source_object); + UNUSED_PARAMETER(user_data); + script = gum_script_backend_create_finish(backend, result, &error); + +} + +static void load_cb(GObject *source_object, GAsyncResult *result, + gpointer user_data) { + + UNUSED_PARAMETER(source_object); + UNUSED_PARAMETER(user_data); + gum_script_load_finish(script, result); + +} - GMainContext *context; +void js_start(void) { gchar *source = js_get_script(); if (source == NULL) { return; } js_print_script(source); + scheduler = gum_script_backend_get_scheduler(); + gum_script_scheduler_disable_background_thread(scheduler); + backend = gum_script_backend_obtain_qjs(); - script = gum_script_backend_create_sync(backend, "example", source, - cancellable, &error); + context = gum_script_scheduler_get_js_context(scheduler); + main_loop = g_main_loop_new(context, true); + g_main_context_push_thread_default(context); + + gum_script_backend_create(backend, "example", source, cancellable, create_cb, + &error); + + while (g_main_context_pending(context)) + g_main_context_iteration(context, FALSE); if (error != NULL) { @@ -100,14 +129,13 @@ void js_start(void) { } - gum_script_set_message_handler(script, js_msg, NULL, NULL); - - gum_script_load_sync(script, cancellable); + gum_script_load(script, cancellable, load_cb, NULL); - context = g_main_context_get_thread_default(); while (g_main_context_pending(context)) g_main_context_iteration(context, FALSE); + gum_script_set_message_handler(script, js_msg, NULL, NULL); + if (!js_done) { FATAL("Script didn't call Afl.done()"); } } diff --git a/frida_mode/test/js/GNUmakefile b/frida_mode/test/js/GNUmakefile index 766862a5..ee8d4ebc 100644 --- a/frida_mode/test/js/GNUmakefile +++ b/frida_mode/test/js/GNUmakefile @@ -17,7 +17,7 @@ ifeq "$(shell uname)" "Darwin" AFL_PRELOAD=/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation endif -.PHONY: all 32 clean qemu frida +.PHONY: all 32 clean qemu frida debug all: $(TESTINSTBIN) $(TESTINSTBIN2) make -C $(ROOT)frida_mode/ @@ -84,3 +84,15 @@ frida_js_stalker: $(TESTINSTBIN2) $(TEST_DATA_FILE) -o $(FRIDA_OUT) \ -- \ $(TESTINSTBIN2) @@ + +debug: $(TEST_DATA_FILE) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_FRIDA_JS_SCRIPT=entry.js' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TEST_DATA_FILE) + +strace: $(TEST_DATA_FILE) + LD_PRELOAD=$(ROOT)afl-frida-trace.so \ + AFL_FRIDA_JS_SCRIPT=entry.js \ + strace $(TESTINSTBIN) $(TEST_DATA_FILE) diff --git a/frida_mode/test/js/entry.js b/frida_mode/test/js/entry.js index 0b233ddb..2bdd7d13 100644 --- a/frida_mode/test/js/entry.js +++ b/frida_mode/test/js/entry.js @@ -9,13 +9,18 @@ new ModuleMap().values().forEach(m => { Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); }); -Afl.print('Searching...\n'); -const entry_point = DebugSymbol.fromName('run'); -Afl.print(`entry_point: ${entry_point}`); +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); -Afl.setEntryPoint(entry_point.address); +if (name === 'test') { -// Afl.error('HARD NOPE'); + Afl.print('Searching...\n'); + const entry_point = DebugSymbol.fromName('run'); + Afl.print(`entry_point: ${entry_point}`); + + Afl.setEntryPoint(entry_point.address); + +} Afl.done(); Afl.print("done"); |