Changes to have persistent mode exit at the end of the loop (#928)

Co-authored-by: Your Name <you@example.com>
author: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> 2021-05-20 18:16:58 +0100
committer: GitHub <noreply@github.com> 2021-05-20 19:16:58 +0200
commit: a1458ea6715e8801bf28fec0ac66f06b96eb1e66 (patch)
tree: 678dc58f9062dba0575b7a948446f6f9f47b322d
parent: cdae3d3d038a28f1096ab6d34128896c19ef4733 (diff)
download: afl++-a1458ea6715e8801bf28fec0ac66f06b96eb1e66.tar.gz
3 files changed, 13 insertions, 74 deletions
diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile
index bc77a451..a0387cac 100644
--- a/frida_mode/GNUmakefile
+++ b/frida_mode/GNUmakefile
@@ -93,7 +93,6 @@ AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o
 ############################## ALL #############################################
 
 all: $(FRIDA_TRACE)
-	make -C $(ROOT)
 
 32:
 	CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all
diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c
index 49f1988c..aa772b7f 100644
--- a/frida_mode/src/persistent/persistent_x64.c
+++ b/frida_mode/src/persistent/persistent_x64.c
@@ -40,7 +40,6 @@ struct x86_64_regs {
 typedef struct x86_64_regs arch_api_regs;
 
 static arch_api_regs saved_regs = {0};
-static void *        saved_return = NULL;
 
 gboolean persistent_is_supported(void) {
 
@@ -183,43 +182,11 @@ static void instrument_persitent_restore_regs(GumX86Writer *      cw,
 
 }
 
-static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) {
+static void instrument_exit(GumX86Writer *cw) {
 
-  GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
-                                        -(GUM_RED_ZONE_SIZE));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
-
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP,
-                                            GUM_RED_ZONE_SIZE + 0x10);
-  gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX);
-
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
-
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
-                                        (GUM_RED_ZONE_SIZE));
-
-}
-
-static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) {
-
-  GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
-                                        -(GUM_RED_ZONE_SIZE));
-
-  /* Place holder for ret */
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0);
-
-  gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit));
+  gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0);
+  gum_x86_writer_put_call_reg(cw, GUM_REG_RAX);
 
 }
 
@@ -302,8 +269,7 @@ void persistent_prologue(GumStalkerOutput *output) {
   /* Stack must be 16-byte aligned per ABI */
   instrument_persitent_save_regs(cw, &saved_regs);
 
-  /* Stash and pop the return value */
-  instrument_save_ret(cw, &saved_return);
+  /* pop the return value */
   gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8));
 
   /* loop: */
@@ -329,7 +295,7 @@ void persistent_prologue(GumStalkerOutput *output) {
   /* done: */
   gum_x86_writer_put_label(cw, done);
 
-  instrument_jump_ret(cw, &saved_return);
+  instrument_exit(cw);
 
   /* original: */
   gum_x86_writer_put_label(cw, original);
diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c
index bd7171b9..20a3dc42 100644
--- a/frida_mode/src/persistent/persistent_x86.c
+++ b/frida_mode/src/persistent/persistent_x86.c
@@ -39,7 +39,6 @@ struct x86_regs {
 typedef struct x86_regs arch_api_regs;
 
 static arch_api_regs saved_regs = {0};
-static void *        saved_return = NULL;
 
 gboolean persistent_is_supported(void) {
 
@@ -138,36 +137,12 @@ static void instrument_persitent_restore_regs(GumX86Writer *   cw,
 
 }
 
-static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) {
+static void instrument_exit(GumX86Writer *cw) {
 
-  GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EBX);
-
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x8);
-  gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, 0, GUM_REG_EBX);
-
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX);
-
-}
-
-static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) {
-
-  GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-
-  /* Place holder for ret */
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_EAX);
-
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EAX, GUM_REG_EAX, 0);
-
-  gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_ESP, 0x4, GUM_REG_EAX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX);
-  gum_x86_writer_put_ret(cw);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit));
+  gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0);
+  gum_x86_writer_put_push_reg(cw, GUM_REG_EDI);
+  gum_x86_writer_put_call_reg(cw, GUM_REG_EAX);
 
 }
 
@@ -238,8 +213,7 @@ void persistent_prologue(GumStalkerOutput *output) {
   /* Stack must be 16-byte aligned per ABI */
   instrument_persitent_save_regs(cw, &saved_regs);
 
-  /* Stash and pop the return value */
-  instrument_save_ret(cw, &saved_return);
+  /* Pop the return value */
   gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4));
 
   /* loop: */
@@ -265,7 +239,7 @@ void persistent_prologue(GumStalkerOutput *output) {
   /* done: */
   gum_x86_writer_put_label(cw, done);
 
-  instrument_jump_ret(cw, &saved_return);
+  instrument_exit(cw);
 
   /* original: */
   gum_x86_writer_put_label(cw, original);
author	WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>	2021-05-20 18:16:58 +0100
committer	GitHub <noreply@github.com>	2021-05-20 19:16:58 +0200
commit	a1458ea6715e8801bf28fec0ac66f06b96eb1e66 (patch)
tree	678dc58f9062dba0575b7a948446f6f9f47b322d
parent	cdae3d3d038a28f1096ab6d34128896c19ef4733 (diff)
download	afl++-a1458ea6715e8801bf28fec0ac66f06b96eb1e66.tar.gz