Deferred exclusion support (#1008)

* Deferred exclusion support * Changes to support different hook libraries for QEMU and FRIDA * Changes to collect more stats Co-authored-by: Your Name <you@example.com>
author: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> 2021-07-06 18:30:50 +0100
committer: GitHub <noreply@github.com> 2021-07-06 19:30:50 +0200
commit: 4a02118fdae1ed0bd2cb74a775e7bc0d82d91a81 (patch)
tree: dc95c8417d58348f6e9ec1a1bbaa3d0a3bbbd358 /frida_mode
parent: 2a433f90c456b19cf9aa39384540f618c6eeb1a8 (diff)
download: afl++-4a02118fdae1ed0bd2cb74a775e7bc0d82d91a81.tar.gz
22 files changed, 144 insertions, 50 deletions
diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile
index 6c17f369..4d8f8507 100644
--- a/frida_mode/GNUmakefile
+++ b/frida_mode/GNUmakefile
@@ -98,9 +98,12 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME)
 AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c
 AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o
 
-HOOK_DIR:=$(PWD)hook/
-AFLPP_DRIVER_HOOK_SRC=$(HOOK_DIR)hook.c
-AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)hook.so
+FRIDA_HOOK_DIR:=$(PWD)hook/
+AFLPP_FRIDA_DRIVER_HOOK_SRC=$(FRIDA_HOOK_DIR)hook.c
+AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(BUILD_DIR)frida_hook.so
+
+QEMU_HOOK_DIR:=$(ROOT)utils/aflpp_driver/
+AFLPP_QEMU_DRIVER_HOOK_OBJ:=$(BUILD_DIR)qemu_hook.so
 
 BIN2C:=$(BUILD_DIR)bin2c
 BIN2C_SRC:=$(PWD)util/bin2c.c
@@ -109,7 +112,7 @@ BIN2C_SRC:=$(PWD)util/bin2c.c
 
 ############################## ALL #############################################
 
-all: $(FRIDA_TRACE) $(AFLPP_DRIVER_HOOK_OBJ)
+all: $(FRIDA_TRACE) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ)
 
 32:
 	CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all
@@ -150,10 +153,10 @@ $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR)
 	wget -O $@ $(GUM_DEVKIT_URL)
 endif
 
-$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL)
+$(GUM_DEVIT_LIBRARY): $(GUM_DEVKIT_TARBALL)
 	tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR)
 
-$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL)
+$(GUM_DEVIT_HEADER): $(GUM_DEVKIT_TARBALL)
 	tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR)
 
 ############################## AFL #############################################
@@ -214,10 +217,14 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL
 
 ############################# HOOK #############################################
 
-$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR)
+$(AFLPP_FRIDA_DRIVER_HOOK_OBJ): $(AFLPP_FRIDA_DRIVER_HOOK_SRC) | $(BUILD_DIR)
 	$(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@
 
-hook: $(AFLPP_DRIVER_HOOK_OBJ)
+$(AFLPP_QEMU_DRIVER_HOOK_OBJ): | $(QEMU_HOOK_DIR)
+	make -C $(QEMU_HOOK_DIR) aflpp_qemu_driver_hook.so
+	cp $(QEMU_HOOK_DIR)aflpp_qemu_driver_hook.so $@
+
+hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ)
 
 ############################# CLEAN ############################################
 clean:
@@ -225,7 +232,7 @@ clean:
 
 ############################# FORMAT ###########################################
 format:
-	cd $(ROOT) && echo $(SOURCES) $(AFLPP_DRIVER_HOOK_SRC) $(BIN2C_SRC) | xargs -L1 ./.custom-format.py -i
+	cd $(ROOT) && echo $(SOURCES) $(AFLPP_FRIDA_DRIVER_HOOK_SRC) $(BIN2C_SRC) | xargs -L1 ./.custom-format.py -i
 	cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i
 
 ############################# RUN #############################################
diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h
index 801c2bbe..cbc5c8c7 100644
--- a/frida_mode/include/entry.h
+++ b/frida_mode/include/entry.h
@@ -3,7 +3,8 @@
 
 #include "frida-gumjs.h"
 
-extern guint64 entry_point;
+extern guint64  entry_point;
+extern gboolean entry_reached;
 
 void entry_config(void);
 
diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h
index 8f00196c..c79f0143 100644
--- a/frida_mode/include/persistent.h
+++ b/frida_mode/include/persistent.h
@@ -30,7 +30,10 @@ void persistent_init(void);
 gboolean persistent_is_supported(void);
 
 void persistent_prologue(GumStalkerOutput *output);
+void persistent_prologue_arch(GumStalkerOutput *output);
+
 void persistent_epilogue(GumStalkerOutput *output);
+void persistent_epilogue_arch(GumStalkerOutput *output);
 
 #endif
 
diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h
index 2136fe52..b5e05d5a 100644
--- a/frida_mode/include/stalker.h
+++ b/frida_mode/include/stalker.h
@@ -7,6 +7,7 @@ void        stalker_config(void);
 void        stalker_init(void);
 GumStalker *stalker_get(void);
 void        stalker_start(void);
+void        stalker_trust(void);
 
 #endif
 
diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c
index e95b923b..1d3b3e43 100644
--- a/frida_mode/src/entry.c
+++ b/frida_mode/src/entry.c
@@ -4,12 +4,15 @@
 
 #include "entry.h"
 #include "instrument.h"
+#include "persistent.h"
+#include "ranges.h"
 #include "stalker.h"
 #include "util.h"
 
 extern void __afl_manual_init();
 
-guint64 entry_point = 0;
+guint64  entry_point = 0;
+gboolean entry_reached = FALSE;
 
 static void entry_launch(void) {
 
@@ -50,6 +53,16 @@ static void entry_callout(GumCpuContext *cpu_context, gpointer user_data) {
 void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output) {
 
   UNUSED_PARAMETER(output);
+  OKF("AFL_ENTRYPOINT reached");
+
+  if (persistent_start == 0) {
+
+    entry_reached = TRUE;
+    ranges_exclude();
+    stalker_trust();
+
+  }
+
   gum_stalker_iterator_put_callout(iterator, entry_callout, NULL, NULL);
 
 }
diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c
index c646843c..2d857716 100644
--- a/frida_mode/src/instrument/instrument.c
+++ b/frida_mode/src/instrument/instrument.c
@@ -149,7 +149,13 @@ static void instrument_basic_block(GumStalkerIterator *iterator,
 
     if (unlikely(begin)) {
 
-      prefetch_write(GSIZE_TO_POINTER(instr->address));
+      instrument_debug_start(instr->address, output);
+
+      if (likely(entry_reached)) {
+
+        prefetch_write(GSIZE_TO_POINTER(instr->address));
+
+      }
 
       if (likely(!excluded)) {
 
diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c
index bcc59ea7..639a694e 100644
--- a/frida_mode/src/persistent/persistent.c
+++ b/frida_mode/src/persistent/persistent.c
@@ -5,7 +5,10 @@
 #include "config.h"
 #include "debug.h"
 
+#include "entry.h"
 #include "persistent.h"
+#include "ranges.h"
+#include "stalker.h"
 #include "util.h"
 
 int          __afl_sharedmem_fuzzing = 0;
@@ -83,3 +86,20 @@ void persistent_init(void) {
 
 }
 
+void persistent_prologue(GumStalkerOutput *output) {
+
+  OKF("AFL_FRIDA_PERSISTENT_ADDR reached");
+  entry_reached = TRUE;
+  ranges_exclude();
+  stalker_trust();
+  persistent_prologue_arch(output);
+
+}
+
+void persistent_epilogue(GumStalkerOutput *output) {
+
+  OKF("AFL_FRIDA_PERSISTENT_RET reached");
+  persistent_epilogue_arch(output);
+
+}
+
diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c
index f12f1af8..769f1505 100644
--- a/frida_mode/src/persistent/persistent_arm32.c
+++ b/frida_mode/src/persistent/persistent_arm32.c
@@ -61,14 +61,14 @@ gboolean persistent_is_supported(void) {
 
 }
 
-void persistent_prologue(GumStalkerOutput *output) {
+void persistent_prologue_arch(GumStalkerOutput *output) {
 
   UNUSED_PARAMETER(output);
   FATAL("Persistent mode not supported on this architecture");
 
 }
 
-void persistent_epilogue(GumStalkerOutput *output) {
+void persistent_epilogue_arch(GumStalkerOutput *output) {
 
   UNUSED_PARAMETER(output);
   FATAL("Persistent mode not supported on this architecture");
diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c
index 003f058a..4ab7b283 100644
--- a/frida_mode/src/persistent/persistent_arm64.c
+++ b/frida_mode/src/persistent/persistent_arm64.c
@@ -299,7 +299,7 @@ static void instrument_persitent_save_lr(GumArm64Writer *cw) {
 
 }
 
-void persistent_prologue(GumStalkerOutput *output) {
+void persistent_prologue_arch(GumStalkerOutput *output) {
 
   /*
    *  SAVE REGS
@@ -366,7 +366,7 @@ void persistent_prologue(GumStalkerOutput *output) {
 
 }
 
-void persistent_epilogue(GumStalkerOutput *output) {
+void persistent_epilogue_arch(GumStalkerOutput *output) {
 
   GumArm64Writer *cw = output->writer.arm64;
 
diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c
index b2186db1..ce3017e4 100644
--- a/frida_mode/src/persistent/persistent_x64.c
+++ b/frida_mode/src/persistent/persistent_x64.c
@@ -244,7 +244,7 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) {
 
 }
 
-void persistent_prologue(GumStalkerOutput *output) {
+void persistent_prologue_arch(GumStalkerOutput *output) {
 
   /*
    *  SAVE REGS
@@ -313,7 +313,7 @@ void persistent_prologue(GumStalkerOutput *output) {
 
 }
 
-void persistent_epilogue(GumStalkerOutput *output) {
+void persistent_epilogue_arch(GumStalkerOutput *output) {
 
   GumX86Writer *cw = output->writer.x86;
 
diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c
index f50bccb0..cc1f1a4f 100644
--- a/frida_mode/src/persistent/persistent_x86.c
+++ b/frida_mode/src/persistent/persistent_x86.c
@@ -184,7 +184,7 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) {
 
 }
 
-void persistent_prologue(GumStalkerOutput *output) {
+void persistent_prologue_arch(GumStalkerOutput *output) {
 
   /*
    *  SAVE REGS
@@ -251,7 +251,7 @@ void persistent_prologue(GumStalkerOutput *output) {
 
 }
 
-void persistent_epilogue(GumStalkerOutput *output) {
+void persistent_epilogue_arch(GumStalkerOutput *output) {
 
   GumX86Writer *cw = output->writer.x86;
 
diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c
index 98483cde..5df0386f 100644
--- a/frida_mode/src/stalker.c
+++ b/frida_mode/src/stalker.c
@@ -38,7 +38,7 @@ void stalker_init(void) {
   stalker = gum_stalker_new();
   if (stalker == NULL) { FATAL("Failed to initialize stalker"); }
 
-  gum_stalker_set_trust_threshold(stalker, 0);
+  gum_stalker_set_trust_threshold(stalker, -1);
 
   /* *NEVER* stalk the stalker, only bad things will ever come of this! */
   gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, stalker_exclude_self, NULL);
@@ -59,3 +59,9 @@ void stalker_start(void) {
 
 }
 
+void stalker_trust(void) {
+
+  gum_stalker_set_trust_threshold(stalker, 0);
+
+}
+
diff --git a/frida_mode/src/stats/stats_x64.c b/frida_mode/src/stats/stats_x64.c
index 7c3a90d7..11464a2a 100644
--- a/frida_mode/src/stats/stats_x64.c
+++ b/frida_mode/src/stats/stats_x64.c
@@ -31,6 +31,9 @@ typedef struct {
 
   guint64 num_rip_relative;
 
+  guint64 num_rip_relative_type[X86_INS_ENDING];
+  char    name_rip_relative_type[X86_INS_ENDING][CS_MNEMONIC_SIZE];
+
 } stats_data_arch_t;
 
 gboolean stats_is_supported_arch(void) {
@@ -136,6 +139,18 @@ void stats_write_arch(void) {
               stats_data_arch->num_rip_relative,
               (stats_data_arch->num_rip_relative * 100 / num_instructions));
 
+  for (size_t i = 0; i < X86_INS_ENDING; i++) {
+
+    if (stats_data_arch->num_rip_relative_type[i] != 0) {
+
+      stats_print("                     %10d %s\n",
+                  stats_data_arch->num_rip_relative_type[i],
+                  stats_data_arch->name_rip_relative_type[i]);
+
+    }
+
+  }
+
   stats_print("\n");
   stats_print("\n");
 
@@ -256,6 +271,9 @@ static void stats_collect_rip_relative_arch(const cs_insn *instr) {
   if (rm != 5) { return; }
 
   stats_data_arch->num_rip_relative++;
+  stats_data_arch->num_rip_relative_type[instr->id]++;
+  memcpy(stats_data_arch->name_rip_relative_type[instr->id], instr->mnemonic,
+         CS_MNEMONIC_SIZE);
 
 }
 
diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile
index 68469782..1c124743 100644
--- a/frida_mode/test/jpeg/GNUmakefile
+++ b/frida_mode/test/jpeg/GNUmakefile
@@ -2,7 +2,7 @@ PWD:=$(shell pwd)/
 ROOT:=$(shell realpath $(PWD)../../..)/
 BUILD_DIR:=$(PWD)build/
 
-AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so
+AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so
 
 LIBJPEG_BUILD_DIR:=$(BUILD_DIR)libjpeg/
 HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/
@@ -132,7 +132,7 @@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR)
 clean:
 	rm -rf $(BUILD_DIR)
 
-frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE)
+frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE)
 	AFL_DEBUG_CHILD=1 \
 	AFL_DISABLE_TRIM=1 \
 	AFL_FRIDA_PERSISTENT_CNT=1000000 \
@@ -144,7 +144,7 @@ frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE)
 	AFL_SKIP_CPUFREQ=1 \
 	AFL_SKIP_CRASHES=1 \
 	AFL_TESTCACHE_SIZE=2 \
-	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
 	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	$(ROOT)afl-fuzz \
diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile
index 4d0bc4f1..f1ad06e4 100644
--- a/frida_mode/test/libpcap/GNUmakefile
+++ b/frida_mode/test/libpcap/GNUmakefile
@@ -2,7 +2,8 @@ PWD:=$(shell pwd)/
 ROOT:=$(shell realpath $(PWD)../../..)/
 BUILD_DIR:=$(PWD)build/
 
-AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so
+AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so
+AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so
 
 LIBPCAP_BUILD_DIR:=$(BUILD_DIR)libpcap/
 HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/
@@ -148,8 +149,8 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR)
 clean:
 	rm -rf $(BUILD_DIR)
 
-qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR)
-	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+qemu: $(TEST_BIN) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR)
+	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \
 	AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_QEMU_PERSISTENT_GPR=1 \
@@ -162,8 +163,8 @@ qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDU
 		-- \
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
-frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR)
-	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR)
+	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
 	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	$(ROOT)afl-fuzz \
diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile
index fdb2c318..a1a7f1a5 100644
--- a/frida_mode/test/png/GNUmakefile
+++ b/frida_mode/test/png/GNUmakefile
@@ -112,3 +112,9 @@ frida: $(TEST_BIN)
 		-o $(FRIDA_OUT) \
 		-- \
 			$(TEST_BIN) @@
+
+debug:
+	gdb \
+		--ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \
+		--ex 'set disassembly-flavor intel' \
+		--args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.png
diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile
index 4bef1ccb..f843af19 100644
--- a/frida_mode/test/png/Makefile
+++ b/frida_mode/test/png/Makefile
@@ -14,3 +14,6 @@ qemu:
 
 frida:
 	@gmake frida
+
+debug:
+	@gmake debug
diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile
index 8a1a9a60..ddf63a96 100644
--- a/frida_mode/test/png/persistent/hook/GNUmakefile
+++ b/frida_mode/test/png/persistent/hook/GNUmakefile
@@ -2,7 +2,8 @@ PWD:=$(shell pwd)/
 ROOT:=$(shell realpath $(PWD)../../../../..)/
 BUILD_DIR:=$(PWD)build/
 
-AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so
+AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so
+AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so
 
 CFLAGS+=-O3 \
 		-funroll-loops \
@@ -73,8 +74,8 @@ $(TEST_DATA_DIR): | $(BUILD_DIR)
 $(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR)
 	truncate -s 1M $@
 
-qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
-	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
+	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \
 	AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_QEMU_PERSISTENT_GPR=1 \
 	$(ROOT)/afl-fuzz \
@@ -86,8 +87,8 @@ qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 		-- \
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
-qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
-	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
+	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \
 	AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_QEMU_PERSISTENT_GPR=1 \
@@ -100,8 +101,8 @@ qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 		-- \
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
-frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
-	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
+	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
 	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	$(ROOT)afl-fuzz \
 		-D \
@@ -113,8 +114,8 @@ frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
 
-frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
-	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
+	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
 	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	$(ROOT)afl-fuzz \
@@ -126,7 +127,7 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 		-- \
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
-frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
+frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 	AFL_PRELOAD=$(AFL_PRELOAD) \
 	AFL_FRIDA_JS_SCRIPT=load.js \
 	$(ROOT)afl-fuzz \
@@ -139,7 +140,7 @@ frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DI
 		-- \
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
-frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
+frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 	AFL_PRELOAD=$(AFL_PRELOAD) \
 	AFL_FRIDA_JS_SCRIPT=cmodule.js \
 	$(ROOT)afl-fuzz \
@@ -155,7 +156,7 @@ debug: $(AFLPP_DRIVER_DUMMY_INPUT)
 	echo $(AFL_FRIDA_PERSISTENT_ADDR)
 	gdb \
 		--ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \
-		--ex 'set environment AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ)' \
+		--ex 'set environment AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ)' \
 		--ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \
 		--ex 'set disassembly-flavor intel' \
 		--args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
diff --git a/frida_mode/test/png/persistent/hook/load.js b/frida_mode/test/png/persistent/hook/load.js
index ce4374ae..ea4d28c3 100644
--- a/frida_mode/test/png/persistent/hook/load.js
+++ b/frida_mode/test/png/persistent/hook/load.js
@@ -19,7 +19,7 @@ Afl.setPersistentAddress(persistent_addr);
 
 const path = Afl.module.path;
 const dir = path.substring(0, path.lastIndexOf("/"));
-const mod = Module.load(`${dir}/frida_mode/build/hook.so`);
+const mod = Module.load(`${dir}/frida_mode/build/frida_hook.so`);
 const hook = mod.getExportByName('afl_persistent_hook');
 Afl.setPersistentHook(hook);
 
diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile
index 6ce03fd3..8555ebad 100644
--- a/frida_mode/test/proj4/GNUmakefile
+++ b/frida_mode/test/proj4/GNUmakefile
@@ -2,7 +2,7 @@ PWD:=$(shell pwd)/
 ROOT:=$(shell realpath $(PWD)../../..)/
 BUILD_DIR:=$(PWD)build/
 
-AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so
+AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so
 
 LIBPROJ4_BUILD_DIR:=$(BUILD_DIR)libproj4/
 HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/
@@ -132,7 +132,7 @@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR)
 clean:
 	rm -rf $(BUILD_DIR)
 
-frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE)
+frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE)
 	AFL_DEBUG_CHILD=1 \
 	AFL_DISABLE_TRIM=1 \
 	AFL_FRIDA_PERSISTENT_CNT=1000000 \
@@ -144,7 +144,7 @@ frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE)
 	AFL_SKIP_CPUFREQ=1 \
 	AFL_SKIP_CRASHES=1 \
 	AFL_TESTCACHE_SIZE=2 \
-	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
 	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	$(ROOT)afl-fuzz \
diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile
index ab986190..ce95df3b 100644
--- a/frida_mode/test/re2/GNUmakefile
+++ b/frida_mode/test/re2/GNUmakefile
@@ -2,7 +2,8 @@ PWD:=$(shell pwd)/
 ROOT:=$(shell realpath $(PWD)../../..)/
 BUILD_DIR:=$(PWD)build/
 
-AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so
+AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so
+AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so
 
 LIBRE2_BUILD_DIR:=$(BUILD_DIR)libre2/
 HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/
@@ -130,8 +131,8 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TEST_DATA_DIR)
 clean:
 	rm -rf $(BUILD_DIR)
 
-qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT)
-	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+qemu: $(TEST_BIN) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT)
+	AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \
 	AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \
 	AFL_QEMU_PERSISTENT_GPR=1 \
@@ -144,8 +145,8 @@ qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT)
 		-- \
 			$(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)
 
-frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT)
-	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \
+frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT)
+	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
 	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \
 	$(ROOT)afl-fuzz \
diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile
index a35073ab..3701ddc8 100644
--- a/frida_mode/test/testinstr/GNUmakefile
+++ b/frida_mode/test/testinstr/GNUmakefile
@@ -53,6 +53,13 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE)
 			$(TESTINSTBIN) @@
 
 debug:
+	echo $(AFL_FRIDA_PERSISTENT_ADDR)
+	gdb \
+		--ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \
+		--ex 'set disassembly-flavor intel' \
+		--args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE)
+
+debug:
 	gdb \
 		--ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \
 		--ex 'set disassembly-flavor intel' \
author	WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>	2021-07-06 18:30:50 +0100
committer	GitHub <noreply@github.com>	2021-07-06 19:30:50 +0200
commit	4a02118fdae1ed0bd2cb74a775e7bc0d82d91a81 (patch)
tree	dc95c8417d58348f6e9ec1a1bbaa3d0a3bbbd358 /frida_mode
parent	2a433f90c456b19cf9aa39384540f618c6eeb1a8 (diff)
download	afl++-4a02118fdae1ed0bd2cb74a775e7bc0d82d91a81.tar.gz