diff options
| author | vanhauser-thc <vh@thc.org> | 2022-04-18 13:11:19 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2022-04-18 13:14:20 +0200 |
| commit | 1d00bde6c508ed86366e4a7d3730e6d1203bcb60 (patch) | |
| tree | 45fe2f0209eb89b5231ae01c922f622306518aa0 | |
| parent | b1da7500b2ef915887322d4a1903fe981d49acb5 (diff) | |
| download | afl++-1d00bde6c508ed86366e4a7d3730e6d1203bcb60.tar.gz | |
code format
| -rw-r--r-- | custom_mutators/symcc/README.md | 5 | ||||
| -rw-r--r-- | frida_mode/src/instrument/instrument_arm64.c | 4 | ||||
| -rw-r--r-- | frida_mode/src/instrument/instrument_x64.c | 3 | ||||
| -rw-r--r-- | instrumentation/cmplog-instructions-pass.cc | 10 | ||||
| -rw-r--r-- | utils/libdislocator/libdislocator.so.c | 9 |
5 files changed, 19 insertions, 12 deletions
diff --git a/custom_mutators/symcc/README.md b/custom_mutators/symcc/README.md index 337362ae..364a348e 100644 --- a/custom_mutators/symcc/README.md +++ b/custom_mutators/symcc/README.md @@ -1,6 +1,9 @@ # custum mutator: symcc -This uses the excellent symcc to find new paths into the target. +This uses the symcc to find new paths into the target. + +Note that this is a just a proof of concept example! It is better to use +the fuzzing helpers of symcc, symqemu, Fuzzolic, etc. rather than this. To use this custom mutator follow the steps in the symcc repository [https://github.com/eurecom-s3/symcc/](https://github.com/eurecom-s3/symcc/) diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index e6251cb4..2bc8f8aa 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -18,8 +18,8 @@ #if defined(__aarch64__) -gboolean instrument_cache_enabled = FALSE; -gsize instrument_cache_size = 0; +gboolean instrument_cache_enabled = FALSE; +gsize instrument_cache_size = 0; static GHashTable *coverage_blocks = NULL; __attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_SIZE]; diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index d54c8353..f02c971e 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -336,7 +336,8 @@ void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - /* guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); */ + /* guint64 area_offset = + * instrument_get_offset_hash(GUM_ADDRESS(instr->address)); */ if (instrument_previous_pc_addr == NULL) { GumAddressSpec spec = {.near_address = cw->code, diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index e21289b4..85d48835 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -116,7 +116,7 @@ class CmpLogInstructions : public ModulePass { #endif private: - bool hookInstrs(Module &M, LoopInfoCallback LCallback); + bool hookInstrs(Module &M, LoopInfoCallback LCallback); unsigned int instrumented = 0; }; @@ -305,6 +305,7 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) { const LoopInfo * LI = LCallback(F); #if 0 for (LoopInfo::iterator I = LI->begin(), E = LI->end(); I != E; ++I) { + Loop * L = *I; BasicBlock *In, *Out; bool ok = false ; L->getIncomingAndBackEdge(In, Out); @@ -333,9 +334,10 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) { } } + } -#endif +#endif // fprintf(stderr, "Loops in %s: %zu\n", F.getName().str().c_str(), // lcomps.size()); @@ -703,7 +705,7 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) { break; } - + ++instrumented; } @@ -718,7 +720,7 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) { } } - + fprintf(stderr, "instrumented: %u (%zu)\n", instrumented, icomps.size()); if (icomps.size()) diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index 72fafa4b..bd08a678 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -257,16 +257,17 @@ static void *__dislocator_alloc(size_t len) { } #if defined(USENAMEDPAGE) -#if defined(__linux__) + #if defined(__linux__) // in the /proc/<pid>/maps file, the anonymous page appears as // `<start>-<end> ---p 00000000 00:00 0 [anon:libdislocator]` - if (prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, - (unsigned long)ret, tlen, (unsigned long)"libdislocator") < 0) { + if (prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, (unsigned long)ret, tlen, + (unsigned long)"libdislocator") < 0) { DEBUGF("prctl() failed"); } -#endif + + #endif #endif /* Set PROT_NONE on the last page. */ |