Merge pull request #1101 from AFLplusplus/dev

Dev
author: van Hauser <vh@thc.org> 2021-12-09 11:55:36 +0100
committer: GitHub <noreply@github.com> 2021-12-09 11:55:36 +0100
commit: 08ca4d54a55fe73e64a994c41a12af61f52e497e (patch)
tree: 2d0f060cf98afbe80f5bf810fd6b167a5152be81 /frida_mode/src/js
parent: 773baf9391ff5f1793deb7968366819e7fa07adc (diff)
parent: 4c6d94ea5f854071277ed9729de2d4ef7d07cc84 (diff)
download: afl++-08ca4d54a55fe73e64a994c41a12af61f52e497e.tar.gz
3 files changed, 72 insertions, 13 deletions
diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js
index 40bb4a16..215fbdaf 100644
--- a/frida_mode/src/js/api.js
+++ b/frida_mode/src/js/api.js
@@ -63,6 +63,12 @@ class Afl {
         Afl.jsApiWrite(STDOUT_FILENO, buf, log.length);
     }
     /**
+     * See `AFL_FRIDA_INST_NO_BACKPATCH`.
+     */
+    static setBackpatchDisable() {
+        Afl.jsApiSetBackpatchDisable();
+    }
+    /**
      * See `AFL_FRIDA_DEBUG_MAPS`.
      */
     static setDebugMaps() {
@@ -145,6 +151,13 @@ class Afl {
         const buf = Memory.allocUtf8String(file);
         Afl.jsApiSetInstrumentUnstableCoverageFile(buf);
     }
+    /*
+     * Set a callback to be called in place of the usual `main` function. This see
+     * `Scripting.md` for details.
+     */
+    static setJsMainHook(address) {
+        Afl.jsApiSetJsMainHook(address);
+    }
     /**
      * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a
      * `NativePointer` should be provided as it's argument.
@@ -199,6 +212,12 @@ class Afl {
         const buf = Memory.allocUtf8String(file);
         Afl.jsApiSetSeccompFile(buf);
     }
+    /**
+     * See `AFL_FRIDA_STALKER_ADJACENT_BLOCKS`.
+     */
+    static setStalkerAdjacentBlocks(val) {
+        Afl.jsApiSetStalkerAdjacentBlocks(val);
+    }
     /*
      * Set a function to be called for each instruction which is instrumented
      * by AFL FRIDA mode.
@@ -243,6 +262,12 @@ class Afl {
         const buf = Memory.allocUtf8String(file);
         Afl.jsApiSetStdOut(buf);
     }
+    /**
+     * See `AFL_FRIDA_TRACEABLE`.
+     */
+    static setTraceable() {
+        Afl.jsApiSetTraceable();
+    }
     static jsApiGetFunction(name, retType, argTypes) {
         const addr = Afl.module.getExportByName(name);
         return new NativeFunction(addr, retType, argTypes);
@@ -261,6 +286,7 @@ Afl.jsApiAddIncludeRange = Afl.jsApiGetFunction("js_api_add_include_range", "voi
 Afl.jsApiAflSharedMemFuzzing = Afl.jsApiGetSymbol("__afl_sharedmem_fuzzing");
 Afl.jsApiDone = Afl.jsApiGetFunction("js_api_done", "void", []);
 Afl.jsApiError = Afl.jsApiGetFunction("js_api_error", "void", ["pointer"]);
+Afl.jsApiSetBackpatchDisable = Afl.jsApiGetFunction("js_api_set_backpatch_disable", "void", []);
 Afl.jsApiSetDebugMaps = Afl.jsApiGetFunction("js_api_set_debug_maps", "void", []);
 Afl.jsApiSetEntryPoint = Afl.jsApiGetFunction("js_api_set_entrypoint", "void", ["pointer"]);
 Afl.jsApiSetInstrumentCoverageFile = Afl.jsApiGetFunction("js_api_set_instrument_coverage_file", "void", ["pointer"]);
@@ -272,6 +298,7 @@ Afl.jsApiSetInstrumentSeed = Afl.jsApiGetFunction("js_api_set_instrument_seed",
 Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []);
 Afl.jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction("js_api_set_instrument_trace_unique", "void", []);
 Afl.jsApiSetInstrumentUnstableCoverageFile = Afl.jsApiGetFunction("js_api_set_instrument_unstable_coverage_file", "void", ["pointer"]);
+Afl.jsApiSetJsMainHook = Afl.jsApiGetFunction("js_api_set_js_main_hook", "void", ["pointer"]);
 Afl.jsApiSetPersistentAddress = Afl.jsApiGetFunction("js_api_set_persistent_address", "void", ["pointer"]);
 Afl.jsApiSetPersistentCount = Afl.jsApiGetFunction("js_api_set_persistent_count", "void", ["uint64"]);
 Afl.jsApiSetPersistentDebug = Afl.jsApiGetFunction("js_api_set_persistent_debug", "void", []);
@@ -280,12 +307,14 @@ Afl.jsApiSetPersistentReturn = Afl.jsApiGetFunction("js_api_set_persistent_retur
 Afl.jsApiSetPrefetchBackpatchDisable = Afl.jsApiGetFunction("js_api_set_prefetch_backpatch_disable", "void", []);
 Afl.jsApiSetPrefetchDisable = Afl.jsApiGetFunction("js_api_set_prefetch_disable", "void", []);
 Afl.jsApiSetSeccompFile = Afl.jsApiGetFunction("js_api_set_seccomp_file", "void", ["pointer"]);
+Afl.jsApiSetStalkerAdjacentBlocks = Afl.jsApiGetFunction("js_api_set_stalker_adjacent_blocks", "void", ["uint32"]);
 Afl.jsApiSetStalkerCallback = Afl.jsApiGetFunction("js_api_set_stalker_callback", "void", ["pointer"]);
 Afl.jsApiSetStalkerIcEntries = Afl.jsApiGetFunction("js_api_set_stalker_ic_entries", "void", ["uint32"]);
 Afl.jsApiSetStatsFile = Afl.jsApiGetFunction("js_api_set_stats_file", "void", ["pointer"]);
 Afl.jsApiSetStatsInterval = Afl.jsApiGetFunction("js_api_set_stats_interval", "void", ["uint64"]);
 Afl.jsApiSetStdErr = Afl.jsApiGetFunction("js_api_set_stderr", "void", ["pointer"]);
 Afl.jsApiSetStdOut = Afl.jsApiGetFunction("js_api_set_stdout", "void", ["pointer"]);
+Afl.jsApiSetTraceable = Afl.jsApiGetFunction("js_api_set_traceable", "void", []);
 Afl.jsApiWrite = new NativeFunction(
 /* tslint:disable-next-line:no-null-keyword */
 Module.getExportByName(null, "write"), "int", ["int", "pointer", "int"]);
diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c
index e3cd4933..5f477388 100644
--- a/frida_mode/src/js/js.c
+++ b/frida_mode/src/js/js.c
@@ -1,14 +1,13 @@
 #include "frida-gumjs.h"
 
-#include "debug.h"
-
 #include "js.h"
 #include "util.h"
 
-static char *             js_script = NULL;
 gboolean                  js_done = FALSE;
 js_api_stalker_callback_t js_user_callback = NULL;
+js_main_hook_t            js_main_hook = NULL;
 
+static char *              js_script = NULL;
 static gchar *             filename = "afl.js";
 static gchar *             contents;
 static GumScriptBackend *  backend;
@@ -25,7 +24,7 @@ static void js_msg(GumScript *script, const gchar *message, GBytes *data,
   UNUSED_PARAMETER(script);
   UNUSED_PARAMETER(data);
   UNUSED_PARAMETER(user_data);
-  OKF("%s", message);
+  FOKF("%s", message);
 
 }
 
@@ -50,14 +49,14 @@ static gchar *js_get_script() {
 
     } else {
 
-      FATAL("Could not load script file: %s", filename);
+      FFATAL("Could not load script file: %s", filename);
 
     }
 
   } else {
 
-    OKF("Loaded AFL script: %s, %" G_GSIZE_MODIFIER "d bytes", filename,
-        length);
+    FOKF("Loaded AFL script: %s, %" G_GSIZE_MODIFIER "d bytes", filename,
+         length);
 
     gchar *source = g_malloc0(api_js_len + length + 1);
     memcpy(source, api_js, api_js_len);
@@ -75,7 +74,7 @@ static void js_print_script(gchar *source) {
 
   for (size_t i = 0; split[i] != NULL; i++) {
 
-    OKF("%3" G_GSIZE_MODIFIER "d. %s", i + 1, split[i]);
+    FOKF("%3" G_GSIZE_MODIFIER "d. %s", i + 1, split[i]);
 
   }
 
@@ -89,7 +88,7 @@ static void load_cb(GObject *source_object, GAsyncResult *result,
   UNUSED_PARAMETER(source_object);
   UNUSED_PARAMETER(user_data);
   gum_script_load_finish(script, result);
-  if (error != NULL) { FATAL("Failed to load script - %s", error->message); }
+  if (error != NULL) { FFATAL("Failed to load script - %s", error->message); }
 
 }
 
@@ -99,7 +98,7 @@ static void create_cb(GObject *source_object, GAsyncResult *result,
   UNUSED_PARAMETER(source_object);
   UNUSED_PARAMETER(user_data);
   script = gum_script_backend_create_finish(backend, result, &error);
-  if (error != NULL) { FATAL("Failed to create script: %s", error->message); }
+  if (error != NULL) { FFATAL("Failed to create script: %s", error->message); }
 
   gum_script_set_message_handler(script, js_msg, NULL, NULL);
 
@@ -128,7 +127,7 @@ void js_start(void) {
   while (g_main_context_pending(context))
     g_main_context_iteration(context, FALSE);
 
-  if (!js_done) { FATAL("Script didn't call Afl.done()"); }
+  if (!js_done) { FFATAL("Script didn't call Afl.done()"); }
 
 }
 
diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c
index 9dba79aa..5021b531 100644
--- a/frida_mode/src/js/js_api.c
+++ b/frida_mode/src/js/js_api.c
@@ -1,4 +1,3 @@
-#include "debug.h"
 
 #include "entry.h"
 #include "instrument.h"
@@ -12,6 +11,10 @@
 #include "stats.h"
 #include "util.h"
 
+typedef uint8_t u8;
+
+extern void __afl_set_persistent_mode(u8 mode);
+
 __attribute__((visibility("default"))) void js_api_done() {
 
   js_done = TRUE;
@@ -20,7 +23,7 @@ __attribute__((visibility("default"))) void js_api_done() {
 
 __attribute__((visibility("default"))) void js_api_error(char *msg) {
 
-  FATAL("%s", msg);
+  FFATAL("%s", msg);
 
 }
 
@@ -48,6 +51,8 @@ __attribute__((visibility("default"))) void js_api_set_persistent_address(
 
   persistent_start = GPOINTER_TO_SIZE(address);
 
+  __afl_set_persistent_mode(1);
+
 }
 
 __attribute__((visibility("default"))) void js_api_set_persistent_return(
@@ -231,3 +236,29 @@ __attribute__((visibility("default"))) void js_api_set_stalker_ic_entries(
 
 }
 
+__attribute__((visibility("default"))) void js_api_set_traceable(void) {
+
+  traceable = TRUE;
+
+}
+
+__attribute__((visibility("default"))) void js_api_set_backpatch_disable(void) {
+
+  backpatch_enable = FALSE;
+
+}
+
+__attribute__((visibility("default"))) void js_api_set_stalker_adjacent_blocks(
+    guint val) {
+
+  stalker_adjacent_blocks = val;
+
+}
+
+__attribute__((visibility("default"))) void js_api_set_js_main_hook(
+    const js_main_hook_t hook) {
+
+  js_main_hook = hook;
+
+}
+
author	van Hauser <vh@thc.org>	2021-12-09 11:55:36 +0100
committer	GitHub <noreply@github.com>	2021-12-09 11:55:36 +0100
commit	08ca4d54a55fe73e64a994c41a12af61f52e497e (patch)
tree	2d0f060cf98afbe80f5bf810fd6b167a5152be81 /frida_mode/src/js
parent	773baf9391ff5f1793deb7968366819e7fa07adc (diff)
parent	4c6d94ea5f854071277ed9729de2d4ef7d07cc84 (diff)
download	afl++-08ca4d54a55fe73e64a994c41a12af61f52e497e.tar.gz