Merge pull request #1023 from AFLplusplus/dev

push to stable
author: van Hauser <vh@thc.org> 2021-07-19 10:31:56 +0200
committer: GitHub <noreply@github.com> 2021-07-19 10:31:56 +0200
commit: 939729e504ea269dd6d7252c363b160e01d1be1a (patch)
tree: 808710139e53d9958cdb660d61680d48e64e8c3a /frida_mode/src/js
parent: 458eb0813a6f7d63eed97f18696bca8274533123 (diff)
parent: 18fd97fc5ffc5ad94e735cfbfa0d500463dcb585 (diff)
download: afl++-939729e504ea269dd6d7252c363b160e01d1be1a.tar.gz
3 files changed, 128 insertions, 45 deletions
diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js
index 4cb04704..b8f2d39a 100644
--- a/frida_mode/src/js/api.js
+++ b/frida_mode/src/js/api.js
@@ -100,6 +100,12 @@ class Afl {
         Afl.jsApiSetInstrumentTrace();
     }
     /**
+     * See `AFL_FRIDA_INST_JIT`.
+     */
+    static setInstrumentJit() {
+        Afl.jsApiSetInstrumentJit();
+    }
+    /**
      * See `AFL_INST_LIBS`.
      */
     static setInstrumentLibraries() {
@@ -111,6 +117,12 @@ class Afl {
     static setInstrumentNoOptimize() {
         Afl.jsApiSetInstrumentNoOptimize();
     }
+    /*
+     * See `AFL_FRIDA_INST_SEED`
+     */
+    static setInstrumentSeed(seed) {
+        Afl.jsApiSetInstrumentSeed(seed);
+    }
     /**
      * See `AFL_FRIDA_INST_TRACE_UNIQUE`.
      */
@@ -222,8 +234,10 @@ Afl.jsApiError = Afl.jsApiGetFunction("js_api_error", "void", ["pointer"]);
 Afl.jsApiSetDebugMaps = Afl.jsApiGetFunction("js_api_set_debug_maps", "void", []);
 Afl.jsApiSetEntryPoint = Afl.jsApiGetFunction("js_api_set_entrypoint", "void", ["pointer"]);
 Afl.jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction("js_api_set_instrument_debug_file", "void", ["pointer"]);
+Afl.jsApiSetInstrumentJit = Afl.jsApiGetFunction("js_api_set_instrument_jit", "void", []);
 Afl.jsApiSetInstrumentLibraries = Afl.jsApiGetFunction("js_api_set_instrument_libraries", "void", []);
 Afl.jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction("js_api_set_instrument_no_optimize", "void", []);
+Afl.jsApiSetInstrumentSeed = Afl.jsApiGetFunction("js_api_set_instrument_seed", "void", ["uint64"]);
 Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []);
 Afl.jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction("js_api_set_instrument_trace_unique", "void", []);
 Afl.jsApiSetPersistentAddress = Afl.jsApiGetFunction("js_api_set_persistent_address", "void", ["pointer"]);
diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c
index ed378d2c..e3cd4933 100644
--- a/frida_mode/src/js/js.c
+++ b/frida_mode/src/js/js.c
@@ -9,12 +9,15 @@ static char *             js_script = NULL;
 gboolean                  js_done = FALSE;
 js_api_stalker_callback_t js_user_callback = NULL;
 
-static gchar *           filename = "afl.js";
-static gchar *           contents;
-static GumScriptBackend *backend;
-static GCancellable *    cancellable = NULL;
-static GError *          error = NULL;
-static GumScript *       script;
+static gchar *             filename = "afl.js";
+static gchar *             contents;
+static GumScriptBackend *  backend;
+static GCancellable *      cancellable = NULL;
+static GError *            error = NULL;
+static GumScript *         script;
+static GumScriptScheduler *scheduler;
+static GMainContext *      context;
+static GMainLoop *         main_loop;
 
 static void js_msg(GumScript *script, const gchar *message, GBytes *data,
                    gpointer user_data) {
@@ -80,31 +83,48 @@ static void js_print_script(gchar *source) {
 
 }
 
-void js_start(void) {
+static void load_cb(GObject *source_object, GAsyncResult *result,
+                    gpointer user_data) {
 
-  GMainContext *context;
+  UNUSED_PARAMETER(source_object);
+  UNUSED_PARAMETER(user_data);
+  gum_script_load_finish(script, result);
+  if (error != NULL) { FATAL("Failed to load script - %s", error->message); }
 
-  gchar *source = js_get_script();
-  if (source == NULL) { return; }
-  js_print_script(source);
+}
 
-  backend = gum_script_backend_obtain_qjs();
+static void create_cb(GObject *source_object, GAsyncResult *result,
+                      gpointer user_data) {
 
-  script = gum_script_backend_create_sync(backend, "example", source,
-                                          cancellable, &error);
+  UNUSED_PARAMETER(source_object);
+  UNUSED_PARAMETER(user_data);
+  script = gum_script_backend_create_finish(backend, result, &error);
+  if (error != NULL) { FATAL("Failed to create script: %s", error->message); }
 
-  if (error != NULL) {
+  gum_script_set_message_handler(script, js_msg, NULL, NULL);
 
-    g_printerr("%s\n", error->message);
-    FATAL("Error processing script");
+  gum_script_load(script, cancellable, load_cb, NULL);
 
-  }
+}
 
-  gum_script_set_message_handler(script, js_msg, NULL, NULL);
+void js_start(void) {
+
+  gchar *source = js_get_script();
+  if (source == NULL) { return; }
+  js_print_script(source);
+
+  scheduler = gum_script_backend_get_scheduler();
+  gum_script_scheduler_disable_background_thread(scheduler);
+
+  backend = gum_script_backend_obtain_qjs();
+
+  context = gum_script_scheduler_get_js_context(scheduler);
+  main_loop = g_main_loop_new(context, true);
+  g_main_context_push_thread_default(context);
 
-  gum_script_load_sync(script, cancellable);
+  gum_script_backend_create(backend, "example", source, cancellable, create_cb,
+                            &error);
 
-  context = g_main_context_get_thread_default();
   while (g_main_context_pending(context))
     g_main_context_iteration(context, FALSE);
 
diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c
index 91dccab2..930a6dc0 100644
--- a/frida_mode/src/js/js_api.c
+++ b/frida_mode/src/js/js_api.c
@@ -9,142 +9,191 @@
 #include "ranges.h"
 #include "stats.h"
 #include "util.h"
-
-void js_api_done() {
+__attribute__((visibility("default"))) void js_api_done() {
 
   js_done = TRUE;
 
 }
 
-void js_api_error(char *msg) {
+__attribute__((visibility("default"))) void js_api_error(char *msg) {
 
   FATAL("%s", msg);
 
 }
 
-void js_api_set_entrypoint(void *address) {
+__attribute__((visibility("default"))) void js_api_set_entrypoint(
+    void *address) {
+
+  if (address == NULL) {
+
+    js_api_error("js_api_set_entrypoint called with NULL");
+
+  }
 
   entry_point = GPOINTER_TO_SIZE(address);
 
 }
 
-void js_api_set_persistent_address(void *address) {
+__attribute__((visibility("default"))) void js_api_set_persistent_address(
+    void *address) {
+
+  if (address == NULL) {
+
+    js_api_error("js_api_set_persistent_address called with NULL");
+
+  }
 
   persistent_start = GPOINTER_TO_SIZE(address);
 
 }
 
-void js_api_set_persistent_return(void *address) {
+__attribute__((visibility("default"))) void js_api_set_persistent_return(
+    void *address) {
+
+  if (address == NULL) {
+
+    js_api_error("js_api_set_persistent_return called with NULL");
+
+  }
 
   persistent_ret = GPOINTER_TO_SIZE(address);
 
 }
 
-void js_api_set_persistent_count(uint64_t count) {
+__attribute__((visibility("default"))) void js_api_set_persistent_count(
+    uint64_t count) {
 
   persistent_count = count;
 
 }
 
-void js_api_set_persistent_debug() {
+__attribute__((visibility("default"))) void js_api_set_persistent_debug() {
 
   persistent_debug = TRUE;
 
 }
 
-void js_api_set_debug_maps() {
+__attribute__((visibility("default"))) void js_api_set_debug_maps() {
 
   ranges_debug_maps = TRUE;
 
 }
 
-void js_api_add_include_range(void *address, gsize size) {
+__attribute__((visibility("default"))) void js_api_add_include_range(
+    void *address, gsize size) {
 
   GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size};
   ranges_add_include(&range);
 
 }
 
-void js_api_add_exclude_range(void *address, gsize size) {
+__attribute__((visibility("default"))) void js_api_add_exclude_range(
+    void *address, gsize size) {
 
   GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size};
   ranges_add_exclude(&range);
 
 }
 
-void js_api_set_instrument_libraries() {
+__attribute__((visibility("default"))) void js_api_set_instrument_jit() {
+
+  ranges_inst_jit = TRUE;
+
+}
+
+__attribute__((visibility("default"))) void js_api_set_instrument_libraries() {
 
   ranges_inst_libs = TRUE;
 
 }
 
-void js_api_set_instrument_debug_file(char *path) {
+__attribute__((visibility("default"))) void js_api_set_instrument_debug_file(
+    char *path) {
 
   instrument_debug_filename = g_strdup(path);
 
 }
 
-void js_api_set_prefetch_disable(void) {
+__attribute__((visibility("default"))) void js_api_set_prefetch_disable(void) {
 
   prefetch_enable = FALSE;
 
 }
 
-void js_api_set_instrument_no_optimize(void) {
+__attribute__((visibility("default"))) void js_api_set_instrument_no_optimize(
+    void) {
 
   instrument_optimize = FALSE;
 
 }
 
-void js_api_set_instrument_trace(void) {
+__attribute__((visibility("default"))) void js_api_set_instrument_seed(
+    guint64 seed) {
+
+  instrument_use_fixed_seed = TRUE;
+  instrument_fixed_seed = seed;
+
+}
+
+__attribute__((visibility("default"))) void js_api_set_instrument_trace(void) {
 
   instrument_tracing = TRUE;
 
 }
 
-void js_api_set_instrument_trace_unique(void) {
+__attribute__((visibility("default"))) void js_api_set_instrument_trace_unique(
+    void) {
 
   instrument_unique = TRUE;
 
 }
 
-void js_api_set_stdout(char *file) {
+__attribute__((visibility("default"))) void js_api_set_stdout(char *file) {
 
   output_stdout = g_strdup(file);
 
 }
 
-void js_api_set_stderr(char *file) {
+__attribute__((visibility("default"))) void js_api_set_stderr(char *file) {
 
   output_stderr = g_strdup(file);
 
 }
 
-void js_api_set_stats_file(char *file) {
+__attribute__((visibility("default"))) void js_api_set_stats_file(char *file) {
 
   stats_filename = g_strdup(file);
 
 }
 
-void js_api_set_stats_interval(uint64_t interval) {
+__attribute__((visibility("default"))) void js_api_set_stats_interval(
+    uint64_t interval) {
 
   stats_interval = interval;
 
 }
 
-void js_api_set_stats_transitions() {
+__attribute__((visibility("default"))) void js_api_set_stats_transitions() {
 
   stats_transitions = TRUE;
 
 }
 
-void js_api_set_persistent_hook(void *address) {
+__attribute__((visibility("default"))) void js_api_set_persistent_hook(
+    void *address) {
+
+  if (address == NULL) {
+
+    js_api_error("js_api_set_persistent_hook called with NULL");
+
+  }
 
   persistent_hook = address;
 
 }
 
-void js_api_set_stalker_callback(const js_api_stalker_callback_t callback) {
+__attribute__((visibility("default"))) void js_api_set_stalker_callback(
+    const js_api_stalker_callback_t callback) {
 
   js_user_callback = callback;
author	van Hauser <vh@thc.org>	2021-07-19 10:31:56 +0200
committer	GitHub <noreply@github.com>	2021-07-19 10:31:56 +0200
commit	939729e504ea269dd6d7252c363b160e01d1be1a (patch)
tree	808710139e53d9958cdb660d61680d48e64e8c3a /frida_mode/src/js
parent	458eb0813a6f7d63eed97f18696bca8274533123 (diff)
parent	18fd97fc5ffc5ad94e735cfbfa0d500463dcb585 (diff)
download	afl++-939729e504ea269dd6d7252c363b160e01d1be1a.tar.gz