diff options
| author | vanhauser-thc <vh@thc.org> | 2021-07-06 19:38:20 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-07-06 19:38:20 +0200 |
| commit | 0662c5580bd46ff37f8f76413ea114712c372d16 (patch) | |
| tree | 3bb101b41bd13ca7d292c765cf557e936d7c831d | |
| parent | 4a02118fdae1ed0bd2cb74a775e7bc0d82d91a81 (diff) | |
| download | afl++-0662c5580bd46ff37f8f76413ea114712c372d16.tar.gz | |
hook update
| -rw-r--r-- | frida_mode/hook/hook.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/frida_mode/hook/hook.c b/frida_mode/hook/hook.c index 97f28db7..b51231cc 100644 --- a/frida_mode/hook/hook.c +++ b/frida_mode/hook/hook.c @@ -1,3 +1,12 @@ +/* + * + * Modify this file to set the right registers with the fuzz input and length. + * It is a good idea to check input_buf_len to be not larger than the + * destination buffer! + * + */ + + #include <stdint.h> #include <string.h> @@ -8,6 +17,8 @@ __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! + memcpy((void *)regs->rdi, input_buf, input_buf_len); regs->rsi = input_buf_len; @@ -18,6 +29,8 @@ __attribute__((visibility("default"))) void afl_persistent_hook( __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! + void **esp = (void **)regs->esp; void * arg1 = esp[0]; void **arg2 = &esp[1]; @@ -31,6 +44,8 @@ __attribute__((visibility("default"))) void afl_persistent_hook( __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! + memcpy((void *)regs->x[0], input_buf, input_buf_len); regs->x[1] = input_buf_len; |