diff options
| author | van Hauser <vh@thc.org> | 2021-12-07 15:18:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-07 15:18:32 +0100 |
| commit | 1f6c72ea1baea69b2dc5b3a68bfacbc00652bc66 (patch) | |
| tree | a5a7ed81710c1dec50f0aa661b53c0cd884a4da2 /frida_mode/Scripting.md | |
| parent | 5469112db90741cb06c0979313938d83e63f793f (diff) | |
| parent | bb506de0b809f97a4221ee1b6e040dcb5f9ca56a (diff) | |
| download | afl++-1f6c72ea1baea69b2dc5b3a68bfacbc00652bc66.tar.gz | |
Merge pull request #1191 from llzmb/docs_quality_assurance
Docs content - quality assurance
Diffstat (limited to 'frida_mode/Scripting.md')
| -rw-r--r-- | frida_mode/Scripting.md | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index fcf8a490..ad86fdd3 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -109,8 +109,8 @@ Afl.setPersistentAddress(address); A persistent hook can be implemented using a conventional shared object, sample source code for a hook suitable for the prototype of `LLVMFuzzerTestOneInput` -can be found in [hook/hook.c](hook/hook.c). This can be configured using code -similar to the following. +can be found in [hook/](hook/). This can be configured using code similar to the +following. ```js const path = Afl.module.path; @@ -334,8 +334,8 @@ Interceptor.replace(LLVMFuzzerTestOneInput, cm.My_LLVMFuzzerTestOneInput); ### Hooking `main` -Lastly, it should be noted that using FRIDA mode's scripting support to hook -the `main` function is a special case. This is because the `main` function is +Lastly, it should be noted that using FRIDA mode's scripting support to hook the +`main` function is a special case. This is because the `main` function is already hooked by the FRIDA mode engine itself and hence the function `main` (or at least the first basic block already been compiled by Stalker ready for execution). Hence any attempt to use `Interceptor.replace` like in the example @@ -405,22 +405,22 @@ Consider the [following](test/js/test2.c) test code... #include <unistd.h> const uint32_t crc32_tab[] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, ... - 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d }; uint32_t crc32(const void *buf, size_t size) { - const uint8_t *p = buf; - uint32_t crc; - crc = ~0U; - while (size--) - crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); - return crc ^ ~0U; + const uint8_t *p = buf; + uint32_t crc; + crc = ~0U; + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + return crc ^ ~0U; } /* @@ -511,7 +511,7 @@ int main(int argc, char **argv) { ``` There are a couple of obstacles with our target application. Unlike when fuzzing -source code, though, we can't simply edit it and recompile it. The following +source code, though, we can't just edit it and recompile it. The following script shows how we can use the normal functionality of FRIDA to modify any troublesome behavior. |