diff options
| author | Khaled Yakdan <yakdan@code-intelligence.de> | 2019-08-01 14:22:48 +0200 |
|---|---|---|
| committer | Khaled Yakdan <yakdan@code-intelligence.de> | 2019-08-01 14:22:48 +0200 |
| commit | ebf2c8caa590468e1eafbc257e44dc30af82e5f8 (patch) | |
| tree | 2b277b9bde32b82c2cedf684869c96424baa005f /afl-showmap.c | |
| parent | a949b40d11956f34c51f4546412a73e0400d1ffc (diff) | |
| parent | 7ca22cd552ff21ac0ef7cc1ab5e6e71912752a58 (diff) | |
| download | afl++-ebf2c8caa590468e1eafbc257e44dc30af82e5f8.tar.gz | |
Merge remote-tracking branch 'github/master' into custom_mutator
# Conflicts: # Makefile # afl-fuzz.c
Diffstat (limited to 'afl-showmap.c')
| -rw-r--r-- | afl-showmap.c | 104 |
1 files changed, 18 insertions, 86 deletions
diff --git a/afl-showmap.c b/afl-showmap.c index 316490d8..baf8352e 100644 --- a/afl-showmap.c +++ b/afl-showmap.c @@ -28,6 +28,8 @@ #include "debug.h" #include "alloc-inl.h" #include "hash.h" +#include "sharedmem.h" +#include "afl-common.h" #include <stdio.h> #include <unistd.h> @@ -48,7 +50,7 @@ static s32 child_pid; /* PID of the tested program */ -static u8* trace_bits; /* SHM with instrumentation bitmap */ + u8* trace_bits; /* SHM with instrumentation bitmap */ static u8 *out_file, /* Trace output file */ *doc_path, /* Path to docs */ @@ -59,8 +61,6 @@ static u32 exec_tmout; /* Exec timeout (ms) */ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ -static s32 shm_id; /* ID of the SHM region */ - static u8 quiet_mode, /* Hide non-essential messages? */ edges_only, /* Ignore hit counts? */ cmin_mode, /* Generate output in afl-cmin mode? */ @@ -126,39 +126,6 @@ static void classify_counts(u8* mem, const u8* map) { } -/* Get rid of shared memory (atexit handler). */ - -static void remove_shm(void) { - - shmctl(shm_id, IPC_RMID, NULL); - -} - - -/* Configure shared memory. */ - -static void setup_shm(void) { - - u8* shm_str; - - shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600); - - if (shm_id < 0) PFATAL("shmget() failed"); - - atexit(remove_shm); - - shm_str = alloc_printf("%d", shm_id); - - setenv(SHM_ENV_VAR, shm_str, 1); - - ck_free(shm_str); - - trace_bits = shmat(shm_id, NULL, 0); - - if (!trace_bits) PFATAL("shmat() failed"); - -} - /* Write results. */ static u32 write_results(void) { @@ -413,50 +380,6 @@ static void setup_signal_handlers(void) { } -/* Detect @@ in args. */ - -static void detect_file_args(char** argv) { - - u32 i = 0; - u8* cwd = getcwd(NULL, 0); - - if (!cwd) PFATAL("getcwd() failed"); - - while (argv[i]) { - - u8* aa_loc = strstr(argv[i], "@@"); - - if (aa_loc) { - - u8 *aa_subst, *n_arg; - - if (!at_file) FATAL("@@ syntax is not supported by this tool."); - - /* Be sure that we're always using fully-qualified paths. */ - - if (at_file[0] == '/') aa_subst = at_file; - else aa_subst = alloc_printf("%s/%s", cwd, at_file); - - /* Construct a replacement argv value. */ - - *aa_loc = 0; - n_arg = alloc_printf("%s%s%s", argv[i], aa_subst, aa_loc + 2); - argv[i] = n_arg; - *aa_loc = '@'; - - if (at_file[0] != '/') ck_free(aa_subst); - - } - - i++; - - } - - free(cwd); /* not tracked */ - -} - - /* Show banner. */ static void show_banner(void) { @@ -481,7 +404,9 @@ static void usage(u8* argv0) { " -t msec - timeout for each run (none)\n" " -m megs - memory limit for child process (%u MB)\n" - " -Q - use binary-only instrumentation (QEMU mode)\n\n" + " -Q - use binary-only instrumentation (QEMU mode)\n" + " -U - use Unicorn-based instrumentation (Unicorn mode)\n" + " (Not necessary, here for consistency with other afl-* tools)\n\n" "Other settings:\n\n" @@ -610,19 +535,18 @@ static char** get_qemu_argv(u8* own_loc, char** argv, int argc) { } - /* Main entry point */ int main(int argc, char** argv) { s32 opt; - u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0; + u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0; u32 tcnt; char** use_argv; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQbc")) > 0) + while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQUbc")) > 0) switch (opt) { @@ -719,6 +643,14 @@ int main(int argc, char** argv) { qemu_mode = 1; break; + case 'U': + + if (unicorn_mode) FATAL("Multiple -U options not supported"); + if (!mem_limit_given) mem_limit = MEM_LIMIT_UNICORN; + + unicorn_mode = 1; + break; + case 'b': /* Secret undocumented mode. Writes output in raw binary format @@ -741,7 +673,7 @@ int main(int argc, char** argv) { if (optind == argc || !out_file) usage(argv[0]); - setup_shm(); + setup_shm(0); setup_signal_handlers(); set_up_environment(); @@ -753,7 +685,7 @@ int main(int argc, char** argv) { ACTF("Executing '%s'...\n", target_path); } - detect_file_args(argv + optind); + detect_file_args(argv + optind, at_file); if (qemu_mode) use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind); |