diff options
| author | WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> | 2021-06-24 18:46:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-24 19:46:08 +0200 |
| commit | f348a35ec6cece54796599865c683505a475fe88 (patch) | |
| tree | 38b46a34787b467a203d7432a8a3886b4123d621 /frida_mode/test/persistent_ret | |
| parent | 4057134d3c6ed202d426ebdcc9aa4edf3e122bda (diff) | |
| download | afl++-f348a35ec6cece54796599865c683505a475fe88.tar.gz | |
Added JS support (#992)
* Added JS support * Added some documentation Co-authored-by: Your Name <you@example.com>
Diffstat (limited to 'frida_mode/test/persistent_ret')
| -rw-r--r-- | frida_mode/test/persistent_ret/GNUmakefile | 10 | ||||
| -rw-r--r-- | frida_mode/test/persistent_ret/test.js | 38 |
2 files changed, 48 insertions, 0 deletions
diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 2de51d86..81fdd069 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -82,6 +82,16 @@ frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ +frida_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=test.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ diff --git a/frida_mode/test/persistent_ret/test.js b/frida_mode/test/persistent_ret/test.js new file mode 100644 index 00000000..43c6ad7c --- /dev/null +++ b/frida_mode/test/persistent_ret/test.js @@ -0,0 +1,38 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const persistent_addr = DebugSymbol.fromName('main'); +Afl.print(`persistent_addr: ${persistent_addr.address}`); + +const persistent_ret = DebugSymbol.fromName('slow'); +Afl.print(`persistent_ret: ${persistent_ret.address}`); + +Afl.setPersistentAddress(persistent_addr.address); +Afl.setPersistentReturn(persistent_ret.address); +Afl.setPersistentCount(1000000); + +Afl.setDebugMaps(); + +const mod = Process.findModuleByName("libc-2.31.so") +Afl.addExcludedRange(mod.base, mod.size); +Afl.setInstrumentLibraries(); +Afl.setInstrumentDebugFile("/tmp/instr.log"); +Afl.setPrefetchDisable(); +Afl.setInstrumentNoOptimize(); +Afl.setInstrumentEnableTracing(); +Afl.setInstrumentTracingUnique(); +Afl.setStdOut("/tmp/stdout.txt"); +Afl.setStdErr("/tmp/stderr.txt"); +Afl.setStatsFile("/tmp/stats.txt"); +Afl.setStatsInterval(1); +Afl.setStatsTransitions(); +Afl.done(); +Afl.print("done"); |