diff options
| author | Your Name <you@example.com> | 2021-11-08 18:17:09 +0000 |
|---|---|---|
| committer | Your Name <you@example.com> | 2021-11-08 18:17:09 +0000 |
| commit | 93b8f17242f6f354da189fee68e69c55288e2488 (patch) | |
| tree | 94fbad64eb7f7842d293778bfbf21d8e0d812e69 /frida_mode/src | |
| parent | f4312255d9e7d1e981ed5da6b57af1c37d1cce85 (diff) | |
| download | afl++-93b8f17242f6f354da189fee68e69c55288e2488.tar.gz | |
Add support for option to disable backpatch
Diffstat (limited to 'frida_mode/src')
| -rw-r--r-- | frida_mode/src/js/api.js | 7 | ||||
| -rw-r--r-- | frida_mode/src/js/js_api.c | 6 | ||||
| -rw-r--r-- | frida_mode/src/stalker.c | 9 |
3 files changed, 20 insertions, 2 deletions
diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index 6f9f05d8..5db62389 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -63,6 +63,12 @@ class Afl { Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); } /** + * See `AFL_FRIDA_INST_NO_BACKPATCH`. + */ + static setBackpatchDisable() { + Afl.jsApiSetBackpatchDisable(); + } + /** * See `AFL_FRIDA_DEBUG_MAPS`. */ static setDebugMaps() { @@ -267,6 +273,7 @@ Afl.jsApiAddIncludeRange = Afl.jsApiGetFunction("js_api_add_include_range", "voi Afl.jsApiAflSharedMemFuzzing = Afl.jsApiGetSymbol("__afl_sharedmem_fuzzing"); Afl.jsApiDone = Afl.jsApiGetFunction("js_api_done", "void", []); Afl.jsApiError = Afl.jsApiGetFunction("js_api_error", "void", ["pointer"]); +Afl.jsApiSetBackpatchDisable = Afl.jsApiGetFunction("js_api_set_backpatch_disable", "void", []); Afl.jsApiSetDebugMaps = Afl.jsApiGetFunction("js_api_set_debug_maps", "void", []); Afl.jsApiSetEntryPoint = Afl.jsApiGetFunction("js_api_set_entrypoint", "void", ["pointer"]); Afl.jsApiSetInstrumentCoverageFile = Afl.jsApiGetFunction("js_api_set_instrument_coverage_file", "void", ["pointer"]); diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index f3d81a32..abc0ac30 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -237,3 +237,9 @@ __attribute__((visibility("default"))) void js_api_set_traceable(void) { } +__attribute__((visibility("default"))) void js_api_set_backpatch_disable(void) { + + backpatch_enable = FALSE; + +} + diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 814aaeb3..6ba41bc6 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -6,7 +6,8 @@ #include "stats.h" #include "util.h" -guint stalker_ic_entries = 0; +guint stalker_ic_entries = 0; +gboolean backpatch_enable = TRUE; static GumStalker *stalker = NULL; @@ -58,6 +59,8 @@ void stalker_config(void) { if (!gum_stalker_is_supported()) { FATAL("Failed to initialize embedded"); } + backpatch_enable = (getenv("AFL_FRIDA_INST_NO_BACKPATCH") == NULL); + stalker_ic_entries = util_read_num("AFL_FRIDA_STALKER_IC_ENTRIES"); observer = g_object_new(GUM_TYPE_AFL_STALKER_OBSERVER, NULL); @@ -87,6 +90,8 @@ static gboolean stalker_exclude_self(const GumRangeDetails *details, void stalker_init(void) { + OKF("Instrumentation - backpatch [%c]", backpatch_enable ? 'X' : ' '); + OKF("Stalker - ic_entries [%u]", stalker_ic_entries); #if !(defined(__x86_64__) || defined(__i386__)) @@ -134,7 +139,7 @@ void stalker_start(void) { void stalker_trust(void) { - gum_stalker_set_trust_threshold(stalker, 0); + if (backpatch_enable) { gum_stalker_set_trust_threshold(stalker, 0); } } |