diff options
| author | Your Name <you@example.com> | 2022-10-11 18:15:51 +0100 |
|---|---|---|
| committer | Your Name <you@example.com> | 2022-10-11 18:15:51 +0100 |
| commit | fac6491ad0bbaee078352990eeb708d82aa412e3 (patch) | |
| tree | 5a100fdcdd4df1041f1ab647086c8411b547757d /frida_mode/src/instrument | |
| parent | 4bb4d6ebfdbbdc1ceb6ebf66474180a5e9020ed3 (diff) | |
| download | afl++-fac6491ad0bbaee078352990eeb708d82aa412e3.tar.gz | |
Bump FRIDA version
Diffstat (limited to 'frida_mode/src/instrument')
| -rw-r--r-- | frida_mode/src/instrument/instrument_arm32.c | 9 | ||||
| -rw-r--r-- | frida_mode/src/instrument/instrument_arm64.c | 29 |
2 files changed, 28 insertions, 10 deletions
diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 5b6ddf09..44e37e11 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -137,8 +137,8 @@ gboolean instrument_is_coverage_optimize_supported(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + void *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); @@ -148,7 +148,7 @@ static void instrument_coverage_switch(GumStalkerObserver *self, return; } - *target += G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); + *target = (guint8 *)*target + G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); } static void instrument_coverage_suppress_init(void) { @@ -184,12 +184,9 @@ void instrument_coverage_optimize(const cs_insn *instr, guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); gsize map_size_pow2; gsize area_offset_ror; - GumAddress code_addr = 0; instrument_coverage_suppress_init(); - code_addr = cw->pc; - block_start = GSIZE_TO_POINTER(GUM_ADDRESS(cw->code)); if (!g_hash_table_add(coverage_blocks, block_start)) { diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 87811b38..fe70a8bb 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -156,26 +156,47 @@ static gboolean instrument_is_deterministic(const cs_insn *from_insn) { } +cs_insn * +instrument_disassemble (gconstpointer address) +{ + csh capstone; + cs_insn * insn = NULL; + + cs_open (CS_ARCH_ARM64, GUM_DEFAULT_CS_ENDIAN, &capstone); + cs_option (capstone, CS_OPT_DETAIL, CS_OPT_ON); + + cs_disasm (capstone, address, 16, GPOINTER_TO_SIZE (address), 1, &insn); + + cs_close (&capstone); + + return insn; +} + static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn *from_insn, + void *from_insn, gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); + cs_insn * insn = NULL; + gboolean deterministic = FALSE; gsize fixup_offset; if (!g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target)) && - !g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target + 4))) { + !g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER((guint8 *)*target + 4))) { return; } - if (instrument_is_deterministic(from_insn)) { return; } + insn = instrument_disassemble (from_insn); + deterministic = instrument_is_deterministic(insn); + cs_free (insn, 1); + if (deterministic) { return; } /* * Since each block is prefixed with a restoration prologue, we need to be @@ -208,7 +229,7 @@ static void instrument_coverage_switch(GumStalkerObserver *self, */ fixup_offset = GUM_RESTORATION_PROLOG_SIZE + G_STRUCT_OFFSET(afl_log_code_asm_t, restoration_prolog); - *target += fixup_offset; + *target = (guint8 *)*target + fixup_offset; } |