ensure afl-frida uses persistent mode

author: van Hauser <vh@thc.org> 2020-07-15 00:08:38 +0200
committer: van Hauser <vh@thc.org> 2020-07-15 00:08:38 +0200
commit: a8726b8254f2f8c429c8b3e1c2d30b9f7baa6e93 (patch)
tree: c28ca705308f7ec63065d782379271d4ab75f496 /examples/afl_frida/afl-frida.c
parent: c5963f707c9a1b1ec0d869d90fabf09072093e1d (diff)
download: afl++-a8726b8254f2f8c429c8b3e1c2d30b9f7baa6e93.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/examples/afl_frida/afl-frida.c b/examples/afl_frida/afl-frida.c
index c24e05b7..ff10ffb7 100644
--- a/examples/afl_frida/afl-frida.c
+++ b/examples/afl_frida/afl-frida.c
@@ -39,6 +39,7 @@
 
 #ifndef __APPLE__
   #include <sys/wait.h>
+  #include <sys/personality.h>
 #endif
 
 
@@ -216,6 +217,10 @@ static int enumerate_ranges(const GumRangeDetails *details,
 
 int main() {
 
+#ifndef __APPLE__
+  (void)personality(ADDR_NO_RANDOMIZE);  // disable ASLR
+#endif
+
   // STEP 2: load the library you want to fuzz and lookup the functions,
   //         inclusive of the cleanup functions.
   //         If there is just one function, then there is nothing to change
@@ -264,6 +269,9 @@ int main() {
 
   GumEventSink *event_sink = gum_fake_event_sink_new();
 
+  // to ensure that the signatures are not optimized out
+  memcpy(__afl_area_ptr, (void*)AFL_PERSISTENT, sizeof(AFL_PERSISTENT) + 1);
+  memcpy(__afl_area_ptr + 32, (void*)AFL_DEFER_FORKSVR, sizeof(AFL_DEFER_FORKSVR) + 1);
   __afl_manual_init();
 
   //
author	van Hauser <vh@thc.org>	2020-07-15 00:08:38 +0200
committer	van Hauser <vh@thc.org>	2020-07-15 00:08:38 +0200
commit	a8726b8254f2f8c429c8b3e1c2d30b9f7baa6e93 (patch)
tree	c28ca705308f7ec63065d782379271d4ab75f496 /examples/afl_frida/afl-frida.c
parent	c5963f707c9a1b1ec0d869d90fabf09072093e1d (diff)
download	afl++-a8726b8254f2f8c429c8b3e1c2d30b9f7baa6e93.tar.gz