Merge branch 'dev' into docs_edit_readme_move_content_to_docs

7 files changed, 419 insertions, 17 deletions

diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h
index cbc5c8c7..3f0a4ecc 100644
--- a/frida_mode/include/entry.h
+++ b/frida_mode/include/entry.h
@@ -4,7 +4,8 @@
 #include "frida-gumjs.h"
 
 extern guint64  entry_point;
-extern gboolean entry_reached;
+extern gboolean entry_compiled;
+extern gboolean entry_run;
 
 void entry_config(void);
 
diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h
index 29f14da9..909b2a2c 100644
--- a/frida_mode/include/instrument.h
+++ b/frida_mode/include/instrument.h
@@ -6,11 +6,13 @@
 #include "config.h"
 
 extern char *           instrument_debug_filename;
+extern char *           instrument_coverage_filename;
 extern gboolean         instrument_tracing;
 extern gboolean         instrument_optimize;
 extern gboolean         instrument_unique;
 extern __thread guint64 instrument_previous_pc;
 extern guint64          instrument_hash_zero;
+extern char *           instrument_coverage_unstable_filename;
 
 extern gboolean instrument_use_fixed_seed;
 extern guint64  instrument_fixed_seed;
@@ -38,6 +40,15 @@ void     instrument_debug_end(GumStalkerOutput *output);
 void     instrument_flush(GumStalkerOutput *output);
 gpointer instrument_cur(GumStalkerOutput *output);
 
+void instrument_coverage_config(void);
+void instrument_coverage_init(void);
+void instrument_coverage_start(uint64_t address);
+void instrument_coverage_end(uint64_t address);
+
+void instrument_coverage_unstable(guint64 edge, guint64 previous_rip,
+                                  guint64 previous_end, guint64 current_rip,
+                                  guint64 current_end);
+
 void instrument_on_fork();
 
 guint64 instrument_get_offset_hash(GumAddress current_rip);
diff --git a/frida_mode/include/prefetch.h b/frida_mode/include/prefetch.h
index 835d5e8a..d1ea5a31 100644
--- a/frida_mode/include/prefetch.h
+++ b/frida_mode/include/prefetch.h
@@ -4,6 +4,7 @@
 #include "frida-gumjs.h"
 
 extern gboolean prefetch_enable;
+extern gboolean prefetch_backpatch;
 
 void prefetch_config(void);
 void prefetch_init(void);
diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h
index 2eb9b355..0220a59d 100644
--- a/frida_mode/include/ranges.h
+++ b/frida_mode/include/ranges.h
@@ -10,7 +10,7 @@ extern gboolean ranges_inst_jit;
 void ranges_config(void);
 void ranges_init(void);
 
-gboolean range_is_excluded(gpointer address);
+gboolean range_is_excluded(GumAddress address);
 
 void ranges_exclude();
 
diff --git a/frida_mode/include/seccomp.h b/frida_mode/include/seccomp.h
new file mode 100644
index 00000000..2c037ff7
--- /dev/null
+++ b/frida_mode/include/seccomp.h
@@ -0,0 +1,359 @@
+#ifndef _SECCOMP_H
+#define _SECCOMP_H
+
+#include <linux/seccomp.h>
+
+#include "frida-gumjs.h"
+
+#define SECCOMP_SOCKET_SEND_FD 0x1D3
+#define SECCOMP_SOCKET_RECV_FD 0x1D4
+
+#define SECCOMP_OUTPUT_FILE_FD 0x1D5
+#define SECCOMP_PARENT_EVENT_FD 0x1D6
+
+enum {
+
+  SYS_READ = 0,
+  SYS_WRITE = 1,
+  SYS_OPEN = 2,
+  SYS_CLOSE = 3,
+  SYS_STAT = 4,
+  SYS_FSTAT = 5,
+  SYS_LSTAT = 6,
+  SYS_POLL = 7,
+  SYS_LSEEK = 8,
+  SYS_MMAP = 9,
+  SYS_MPROTECT = 10,
+  SYS_MUNMAP = 11,
+  SYS_BRK = 12,
+  SYS_RT_SIGACTION = 13,
+  SYS_RT_SIGPROCMASK = 14,
+  SYS_RT_SIGRETURN = 15,
+  SYS_IOCTL = 16,
+  SYS_PREAD64 = 17,
+  SYS_PWRITE64 = 18,
+  SYS_READV = 19,
+  SYS_WRITEV = 20,
+  SYS_ACCESS = 21,
+  SYS_PIPE = 22,
+  SYS_SELECT = 23,
+  SYS_SCHED_YIELD = 24,
+  SYS_MREMAP = 25,
+  SYS_MSYNC = 26,
+  SYS_MINCORE = 27,
+  SYS_MADVISE = 28,
+  SYS_SHMGET = 29,
+  SYS_SHMAT = 30,
+  SYS_SHMCTL = 31,
+  SYS_DUP = 32,
+  SYS_DUP2 = 33,
+  SYS_PAUSE = 34,
+  SYS_NANOSLEEP = 35,
+  SYS_GETITIMER = 36,
+  SYS_ALARM = 37,
+  SYS_SETITIMER = 38,
+  SYS_GETPID = 39,
+  SYS_SENDFILE = 40,
+  SYS_SOCKET = 41,
+  SYS_CONNECT = 42,
+  SYS_ACCEPT = 43,
+  SYS_SENDTO = 44,
+  SYS_RECVFROM = 45,
+  SYS_SENDMSG = 46,
+  SYS_RECVMSG = 47,
+  SYS_SHUTDOWN = 48,
+  SYS_BIND = 49,
+  SYS_LISTEN = 50,
+  SYS_GETSOCKNAME = 51,
+  SYS_GETPEERNAME = 52,
+  SYS_SOCKETPAIR = 53,
+  SYS_SETSOCKOPT = 54,
+  SYS_GETSOCKOPT = 55,
+  SYS_CLONE = 56,
+  SYS_FORK = 57,
+  SYS_VFORK = 58,
+  SYS_EXECVE = 59,
+  SYS_EXIT = 60,
+  SYS_WAIT4 = 61,
+  SYS_KILL = 62,
+  SYS_UNAME = 63,
+  SYS_SEMGET = 64,
+  SYS_SEMOP = 65,
+  SYS_SEMCTL = 66,
+  SYS_SHMDT = 67,
+  SYS_MSGGET = 68,
+  SYS_MSGSND = 69,
+  SYS_MSGRCV = 70,
+  SYS_MSGCTL = 71,
+  SYS_FCNTL = 72,
+  SYS_FLOCK = 73,
+  SYS_FSYNC = 74,
+  SYS_FDATASYNC = 75,
+  SYS_TRUNCATE = 76,
+  SYS_FTRUNCATE = 77,
+  SYS_GETDENTS = 78,
+  SYS_GETCWD = 79,
+  SYS_CHDIR = 80,
+  SYS_FCHDIR = 81,
+  SYS_RENAME = 82,
+  SYS_MKDIR = 83,
+  SYS_RMDIR = 84,
+  SYS_CREAT = 85,
+  SYS_LINK = 86,
+  SYS_UNLINK = 87,
+  SYS_SYMLINK = 88,
+  SYS_READLINK = 89,
+  SYS_CHMOD = 90,
+  SYS_FCHMOD = 91,
+  SYS_CHOWN = 92,
+  SYS_FCHOWN = 93,
+  SYS_LCHOWN = 94,
+  SYS_UMASK = 95,
+  SYS_GETTIMEOFDAY = 96,
+  SYS_GETRLIMIT = 97,
+  SYS_GETRUSAGE = 98,
+  SYS_SYSINFO = 99,
+  SYS_TIMES = 100,
+  SYS_PTRACE = 101,
+  SYS_GETUID = 102,
+  SYS_SYSLOG = 103,
+  SYS_GETGID = 104,
+  SYS_SETUID = 105,
+  SYS_SETGID = 106,
+  SYS_GETEUID = 107,
+  SYS_GETEGID = 108,
+  SYS_SETPGID = 109,
+  SYS_GETPPID = 110,
+  SYS_GETPGRP = 111,
+  SYS_SETSID = 112,
+  SYS_SETREUID = 113,
+  SYS_SETREGID = 114,
+  SYS_GETGROUPS = 115,
+  SYS_SETGROUPS = 116,
+  SYS_SETRESUID = 117,
+  SYS_GETRESUID = 118,
+  SYS_SETRESGID = 119,
+  SYS_GETRESGID = 120,
+  SYS_GETPGID = 121,
+  SYS_SETFSUID = 122,
+  SYS_SETFSGID = 123,
+  SYS_GETSID = 124,
+  SYS_CAPGET = 125,
+  SYS_CAPSET = 126,
+  SYS_RT_SIGPENDING = 127,
+  SYS_RT_SIGTIMEDWAIT = 128,
+  SYS_RT_SIGQUEUEINFO = 129,
+  SYS_RT_SIGSUSPEND = 130,
+  SYS_SIGALTSTACK = 131,
+  SYS_UTIME = 132,
+  SYS_MKNOD = 133,
+  SYS_USELIB = 134,
+  SYS_PERSONALITY = 135,
+  SYS_USTAT = 136,
+  SYS_STATFS = 137,
+  SYS_FSTATFS = 138,
+  SYS_SYSFS = 139,
+  SYS_GETPRIORITY = 140,
+  SYS_SETPRIORITY = 141,
+  SYS_SCHED_SETPARAM = 142,
+  SYS_SCHED_GETPARAM = 143,
+  SYS_SCHED_SETSCHEDULER = 144,
+  SYS_SCHED_GETSCHEDULER = 145,
+  SYS_SCHED_GET_PRIORITY_MAX = 146,
+  SYS_SCHED_GET_PRIORITY_MIN = 147,
+  SYS_SCHED_RR_GET_INTERVAL = 148,
+  SYS_MLOCK = 149,
+  SYS_MUNLOCK = 150,
+  SYS_MLOCKALL = 151,
+  SYS_MUNLOCKALL = 152,
+  SYS_VHANGUP = 153,
+  SYS_MODIFY_LDT = 154,
+  SYS_PIVOT_ROOT = 155,
+  SYS__SYSCTL = 156,
+  SYS_PRCTL = 157,
+  SYS_ARCH_PRCTL = 158,
+  SYS_ADJTIMEX = 159,
+  SYS_SETRLIMIT = 160,
+  SYS_CHROOT = 161,
+  SYS_SYNC = 162,
+  SYS_ACCT = 163,
+  SYS_SETTIMEOFDAY = 164,
+  SYS_MOUNT = 165,
+  SYS_UMOUNT2 = 166,
+  SYS_SWAPON = 167,
+  SYS_SWAPOFF = 168,
+  SYS_REBOOT = 169,
+  SYS_SETHOSTNAME = 170,
+  SYS_SETDOMAINNAME = 171,
+  SYS_IOPL = 172,
+  SYS_IOPERM = 173,
+  SYS_CREATE_MODULE = 174,
+  SYS_INIT_MODULE = 175,
+  SYS_DELETE_MODULE = 176,
+  SYS_GET_KERNEL_SYMS = 177,
+  SYS_QUERY_MODULE = 178,
+  SYS_QUOTACTL = 179,
+  SYS_NFSSERVCTL = 180,
+  SYS_GETPMSG = 181,
+  SYS_PUTPMSG = 182,
+  SYS_AFS_SYSCALL = 183,
+  SYS_TUXCALL = 184,
+  SYS_SECURITY = 185,
+  SYS_GETTID = 186,
+  SYS_READAHEAD = 187,
+  SYS_SETXATTR = 188,
+  SYS_LSETXATTR = 189,
+  SYS_FSETXATTR = 190,
+  SYS_GETXATTR = 191,
+  SYS_LGETXATTR = 192,
+  SYS_FGETXATTR = 193,
+  SYS_LISTXATTR = 194,
+  SYS_LLISTXATTR = 195,
+  SYS_FLISTXATTR = 196,
+  SYS_REMOVEXATTR = 197,
+  SYS_LREMOVEXATTR = 198,
+  SYS_FREMOVEXATTR = 199,
+  SYS_TKILL = 200,
+  SYS_TIME = 201,
+  SYS_FUTEX = 202,
+  SYS_SCHED_SETAFFINITY = 203,
+  SYS_SCHED_GETAFFINITY = 204,
+  SYS_SET_THREAD_AREA = 205,
+  SYS_IO_SETUP = 206,
+  SYS_IO_DESTROY = 207,
+  SYS_IO_GETEVENTS = 208,
+  SYS_IO_SUBMIT = 209,
+  SYS_IO_CANCEL = 210,
+  SYS_GET_THREAD_AREA = 211,
+  SYS_LOOKUP_DCOOKIE = 212,
+  SYS_EPOLL_CREATE = 213,
+  SYS_EPOLL_CTL_OLD = 214,
+  SYS_EPOLL_WAIT_OLD = 215,
+  SYS_REMAP_FILE_PAGES = 216,
+  SYS_GETDENTS64 = 217,
+  SYS_SET_TID_ADDRESS = 218,
+  SYS_RESTART_SYSCALL = 219,
+  SYS_SEMTIMEDOP = 220,
+  SYS_FADVISE64 = 221,
+  SYS_TIMER_CREATE = 222,
+  SYS_TIMER_SETTIME = 223,
+  SYS_TIMER_GETTIME = 224,
+  SYS_TIMER_GETOVERRUN = 225,
+  SYS_TIMER_DELETE = 226,
+  SYS_CLOCK_SETTIME = 227,
+  SYS_CLOCK_GETTIME = 228,
+  SYS_CLOCK_GETRES = 229,
+  SYS_CLOCK_NANOSLEEP = 230,
+  SYS_EXIT_GROUP = 231,
+  SYS_EPOLL_WAIT = 232,
+  SYS_EPOLL_CTL = 233,
+  SYS_TGKILL = 234,
+  SYS_UTIMES = 235,
+  SYS_VSERVER = 236,
+  SYS_MBIND = 237,
+  SYS_SET_MEMPOLICY = 238,
+  SYS_GET_MEMPOLICY = 239,
+  SYS_MQ_OPEN = 240,
+  SYS_MQ_UNLINK = 241,
+  SYS_MQ_TIMEDSEND = 242,
+  SYS_MQ_TIMEDRECEIVE = 243,
+  SYS_MQ_NOTIFY = 244,
+  SYS_MQ_GETSETATTR = 245,
+  SYS_KEXEC_LOAD = 246,
+  SYS_WAITID = 247,
+  SYS_ADD_KEY = 248,
+  SYS_REQUEST_KEY = 249,
+  SYS_KEYCTL = 250,
+  SYS_IOPRIO_SET = 251,
+  SYS_IOPRIO_GET = 252,
+  SYS_INOTIFY_INIT = 253,
+  SYS_INOTIFY_ADD_WATCH = 254,
+  SYS_INOTIFY_RM_WATCH = 255,
+  SYS_MIGRATE_PAGES = 256,
+  SYS_OPENAT = 257,
+  SYS_MKDIRAT = 258,
+  SYS_MKNODAT = 259,
+  SYS_FCHOWNAT = 260,
+  SYS_FUTIMESAT = 261,
+  SYS_NEWFSTATAT = 262,
+  SYS_UNLINKAT = 263,
+  SYS_RENAMEAT = 264,
+  SYS_LINKAT = 265,
+  SYS_SYMLINKAT = 266,
+  SYS_READLINKAT = 267,
+  SYS_FCHMODAT = 268,
+  SYS_FACCESSAT = 269,
+  SYS_PSELECT6 = 270,
+  SYS_PPOLL = 271,
+  SYS_UNSHARE = 272,
+  SYS_SET_ROBUST_LIST = 273,
+  SYS_GET_ROBUST_LIST = 274,
+  SYS_SPLICE = 275,
+  SYS_TEE = 276,
+  SYS_SYNC_FILE_RANGE = 277,
+  SYS_VMSPLICE = 278,
+  SYS_MOVE_PAGES = 279,
+  SYS_UTIMENSAT = 280,
+  SYS_EPOLL_PWAIT = 281,
+  SYS_SIGNALFD = 282,
+  SYS_TIMERFD_CREATE = 283,
+  SYS_EVENTFD = 284,
+  SYS_FALLOCATE = 285,
+  SYS_TIMERFD_SETTIME = 286,
+  SYS_TIMERFD_GETTIME = 287,
+  SYS_ACCEPT4 = 288,
+  SYS_SIGNALFD4 = 289,
+  SYS_EVENTFD2 = 290,
+  SYS_EPOLL_CREATE1 = 291,
+  SYS_DUP3 = 292,
+  SYS_PIPE2 = 293,
+  SYS_INOTIFY_INIT1 = 294,
+  SYS_PREADV = 295,
+  SYS_PWRITEV = 296,
+  SYS_RT_TGSIGQUEUEINFO = 297,
+  SYS_PERF_EVENT_OPEN = 298,
+  SYS_RECVMMSG = 299,
+  SYS_FANOTIFY_INIT = 300,
+  SYS_FANOTIFY_MARK = 301,
+  SYS_PRLIMIT64 = 302
+
+};
+
+extern char *seccomp_filename;
+
+typedef void (*seccomp_child_func_t)(int event_fd, void *ctx);
+
+typedef void (*seccomp_filter_callback_t)(struct seccomp_notif *     req,
+                                          struct seccomp_notif_resp *resp,
+                                          GumReturnAddressArray *    frames);
+
+void seccomp_config(void);
+void seccomp_init(void);
+void seccomp_on_fork(void);
+void seccomp_print(char *format, ...);
+
+void seccomp_atomic_set(volatile bool *ptr, bool val);
+bool seccomp_atomic_try_set(volatile bool *ptr, bool val);
+void seccomp_atomic_wait(volatile bool *ptr, bool val);
+
+void seccomp_child_run(seccomp_child_func_t child_func, void *ctx, pid_t *child,
+                       int *event_fd);
+void seccomp_child_wait(int event_fd);
+
+int  seccomp_event_create(void);
+void seccomp_event_signal(int fd);
+void seccomp_event_wait(int fd);
+void seccomp_event_destroy(int fd);
+
+int  seccomp_filter_install(pid_t child);
+void seccomp_filter_child_install(void);
+void seccomp_filter_run(int fd, seccomp_filter_callback_t callback);
+
+void seccomp_socket_create(int *sock);
+void seccomp_socket_send(int sockfd, int fd);
+int  seccomp_socket_recv(int sockfd);
+
+char *seccomp_syscall_lookup(int id);
+
+#endif
+
diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h
index b5e05d5a..955f3913 100644
--- a/frida_mode/include/stalker.h
+++ b/frida_mode/include/stalker.h
@@ -3,11 +3,15 @@
 
 #include "frida-gumjs.h"
 
+extern guint stalker_ic_entries;
+
 void        stalker_config(void);
 void        stalker_init(void);
 GumStalker *stalker_get(void);
 void        stalker_start(void);
 void        stalker_trust(void);
 
+GumStalkerObserver *stalker_get_observer(void);
+
 #endif
 
diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h
index cd2350ea..0ad227c3 100644
--- a/frida_mode/include/stats.h
+++ b/frida_mode/include/stats.h
@@ -5,30 +5,56 @@
 
 typedef struct {
 
-  guint64 num_blocks;
-  guint64 num_instructions;
-  guint64 stats_last_time;
-  guint64 stats_idx;
-  guint64 transitions_idx;
+  guint64 stats_time;
+  guint64 total;
+  guint64 call_imm;
+  guint64 call_reg;
+  guint64 call_mem;
+  guint64 excluded_call_reg;
+  guint64 ret_slow_path;
+  guint64 ret;
+  guint64 post_call_invoke;
+  guint64 excluded_call_imm;
+  guint64 jmp_imm;
+  guint64 jmp_reg;
+  guint64 jmp_mem;
+  guint64 jmp_cond_imm;
+  guint64 jmp_cond_mem;
+  guint64 jmp_cond_reg;
+  guint64 jmp_cond_jcxz;
+  guint64 jmp_cond_cc;
+  guint64 jmp_cond_cbz;
+  guint64 jmp_cond_cbnz;
+  guint64 jmp_cond_tbz;
+  guint64 jmp_cond_tbnz;
+  guint64 jmp_continuation;
+
+} stats_t;
 
-} stats_data_header_t;
+typedef struct {
+
+  /* transitions */
+  stats_t curr;
+  stats_t prev;
+
+} stats_data_t;
 
-extern stats_data_header_t *stats_data;
+#define GUM_TYPE_AFL_STALKER_STATS (gum_afl_stalker_stats_get_type())
+G_DECLARE_FINAL_TYPE(GumAflStalkerStats, gum_afl_stalker_stats, GUM,
+                     AFL_STALKER_STATS, GObject)
 
-extern char *   stats_filename;
-extern guint64  stats_interval;
-extern gboolean stats_transitions;
+extern char *  stats_filename;
+extern guint64 stats_interval;
 
 void stats_config(void);
 void stats_init(void);
 void stats_collect(const cs_insn *instr, gboolean begin);
 void stats_print(char *format, ...);
 
-gboolean stats_is_supported_arch(void);
-size_t   stats_data_size_arch(void);
-void     stats_collect_arch(const cs_insn *instr);
-void     stats_write_arch(void);
-void     stats_on_fork(void);
+void starts_arch_init(void);
+void stats_collect_arch(const cs_insn *instr, gboolean begin);
+void stats_write_arch(stats_data_t *data);
+void stats_on_fork(void);
 
 #endif