diff options
| author | Your Name <you@example.com> | 2022-08-01 08:10:45 +0100 |
|---|---|---|
| committer | Your Name <you@example.com> | 2022-08-05 20:57:54 +0100 |
| commit | 608ea5f8abbfce9c309d452e2ee3dbb014dc511a (patch) | |
| tree | ff645a8bd0a5d81e3f6f825efebf87845b463436 | |
| parent | 00b5d3792de4a7867da9cb5abd08de9fca484db1 (diff) | |
| download | afl++-608ea5f8abbfce9c309d452e2ee3dbb014dc511a.tar.gz | |
Add support for Android SHM
| -rw-r--r-- | frida_mode/src/asan/asan.c | 17 | ||||
| -rw-r--r-- | frida_mode/src/shm.c | 44 |
2 files changed, 47 insertions, 14 deletions
diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index 3a672d31..bd4062be 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -8,23 +8,17 @@ static gboolean asan_enabled = FALSE; gboolean asan_initialized = FALSE; void asan_config(void) { - if (getenv("AFL_USE_FASAN") != NULL) { asan_enabled = TRUE; } - } void asan_init(void) { - FOKF(cBLU "Instrumentation" cRST " - " cGRN "asan:" cYEL " [%c]", asan_enabled ? 'X' : ' '); if (asan_enabled) { - asan_arch_init(); asan_initialized = TRUE; - } - } static gboolean asan_exclude_module(const GumModuleDetails *details, @@ -36,14 +30,17 @@ static gboolean asan_exclude_module(const GumModuleDetails *details, address = gum_module_find_export_by_name(details->name, symbol_name); if (address == 0) { return TRUE; } + /* If the reported address of the symbol is outside of the range of the module + * then ignore it */ + if (address < details->range->base_address) { return TRUE; } + if (address > (details->range->base_address + details->range->size)) { + return TRUE; + } + ranges_add_exclude((GumMemoryRange *)details->range); return FALSE; - } void asan_exclude_module_by_symbol(gchar *symbol_name) { - gum_process_enumerate_modules(asan_exclude_module, symbol_name); - } - diff --git a/frida_mode/src/shm.c b/frida_mode/src/shm.c index c76427cb..5b885b04 100644 --- a/frida_mode/src/shm.c +++ b/frida_mode/src/shm.c @@ -7,9 +7,48 @@ #include <sys/ipc.h> #include <sys/mman.h> #include <sys/shm.h> +#ifdef __ANDROID__ + #include <linux/ashmem.h> + #include <sys/ioctl.h> +#endif + +#ifdef __ANDROID__ + #define ASHMEM_DEVICE "/dev/ashmem" void *shm_create(size_t size) { + int fd = -1; + char ourkey[11] = {0}; + void * addr = MAP_FAILED; + struct ashmem_pin pin = {0, size}; + + fd = open(ASHMEM_DEVICE, O_RDWR); + if (fd < 0) { FFATAL("Failed open /dev/ashmem: %d", errno); } + + if (snprintf(ourkey, sizeof(ourkey) - 1, "%d", IPC_PRIVATE) < 0) { + FFATAL("Failed to generate key: %d", errno); + } + + if (ioctl(fd, ASHMEM_SET_NAME, ourkey) < 0) { + FFATAL("ioctl(ASHMEM_SET_NAME) errno: %d\n", errno); + } + + if (ioctl(fd, ASHMEM_SET_SIZE, size) < 0) { + FFATAL("ioctl(ASHMEM_SET_SIZE) errno: %d\n", errno); + } + + addr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if (addr == MAP_FAILED) { FFATAL("mmap failed: %d\n", errno); } + /* Shared memory pinning has been deprecated. So if the ioctl fails, then + just assume we are running on a version where it has been. Worst case, we + will leak the shared memory region.*/ + ioctl(fd, ASHMEM_UNPIN, &pin); + close(fd); + + return addr; +} +#else +void *shm_create(size_t size) { int shm_id = shmget(IPC_PRIVATE, size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); } @@ -22,15 +61,12 @@ void *shm_create(size_t size) { * dies. */ if (shmctl(shm_id, IPC_RMID, NULL) < 0) { - FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); - } /* Clear it, not sure it's necessary, just seems like good practice */ memset(addr, '\0', size); return addr; - } - +#endif |