Merge pull request #1189 from WorksButNotTested/arm32

Fixes for arm32

6 files changed, 64 insertions, 18 deletions

diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile
index 52439979..2186517e 100644
--- a/frida_mode/GNUmakefile
+++ b/frida_mode/GNUmakefile
@@ -45,6 +45,11 @@ FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/
 FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so
 FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded
 
+TARGET_CC?=$(CC)
+TARGET_CXX?=$(CXX)
+HOST_CC?=$(CC)
+HOST_CXX?=$(CXX)
+
 ifndef ARCH
 
 ARCH=$(shell uname -m)
@@ -99,6 +104,11 @@ ifneq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" ""
  endif
 endif
 
+ifeq "$(ARCH)" "armhf"
+ TARGET_CC:=arm-linux-gnueabihf-gcc
+ TARGET_CXX:=arm-linux-gnueabihf-g++
+endif
+
 ifndef OS
  $(error "Operating system unsupported")
 endif
@@ -188,7 +198,7 @@ $(GUM_DEVIT_HEADER): $(GUM_DEVKIT_TARBALL)
 
 ############################## AFL #############################################
 $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC)
-	$(CC) \
+	$(TARGET_CC) \
 		$(CFLAGS) \
 		$(AFL_CFLAGS) \
 		-I $(ROOT) \
@@ -197,7 +207,7 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC)
 		-c $<
 
 $(AFL_PERFORMANCE_OBJ): $(AFL_PERFORMANCE_SRC)
-	$(CC) \
+	$(TARGET_CC) \
 		$(CFLAGS) \
 		$(AFL_CFLAGS) \
 		-I $(ROOT) \
@@ -208,13 +218,13 @@ $(AFL_PERFORMANCE_OBJ): $(AFL_PERFORMANCE_SRC)
 ############################### JS #############################################
 
 $(BIN2C): $(BIN2C_SRC)
-	$(CC) -D_GNU_SOURCE -o $@ $<
+	$(HOST_CC) -D_GNU_SOURCE -o $@ $<
 
 $(JS_SRC): $(JS) $(BIN2C)| $(BUILD_DIR)
 	cd $(JS_DIR) && $(BIN2C) api_js $(JS) $@
 
 $(JS_OBJ): $(JS_SRC) GNUmakefile
-	$(CC) \
+	$(TARGET_CC) \
 		$(CFLAGS) \
 		-I $(ROOT)include \
 		-I $(FRIDA_BUILD_DIR) \
@@ -226,7 +236,7 @@ $(JS_OBJ): $(JS_SRC) GNUmakefile
 
 define BUILD_SOURCE
 $(2): $(1) $(INCLUDES) GNUmakefile | $(OBJ_DIR)
-	$(CC) \
+	$(TARGET_CC) \
 		$(CFLAGS) \
 		-I $(ROOT)include \
 		-I $(FRIDA_BUILD_DIR) \
@@ -240,7 +250,7 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $(
 ######################## AFL-FRIDA-TRACE #######################################
 
 $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL_COMPILER_RT_OBJ) $(AFL_PERFORMANCE_OBJ) GNUmakefile | $(BUILD_DIR)
-	$(CXX) \
+	$(TARGET_CXX) \
 		$(OBJS) \
 		$(JS_OBJ) \
 		$(GUM_DEVIT_LIBRARY) \
@@ -255,10 +265,10 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL
 ############################# HOOK #############################################
 
 $(AFLPP_FRIDA_DRIVER_HOOK_OBJ): $(AFLPP_FRIDA_DRIVER_HOOK_SRC) $(GUM_DEVIT_HEADER) | $(BUILD_DIR)
-	$(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@
+	$(TARGET_CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@
 
 $(AFLPP_QEMU_DRIVER_HOOK_OBJ): $(AFLPP_QEMU_DRIVER_HOOK_SRC) | $(BUILD_DIR)
-	$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@
+	$(TARGET_CC) $(CFLAGS) $(LDFLAGS) $< -o $@
 
 hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ)
 
diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h
index cac5ee93..a5d52616 100644
--- a/frida_mode/include/instrument.h
+++ b/frida_mode/include/instrument.h
@@ -36,7 +36,8 @@ void instrument_coverage_optimize(const cs_insn *   instr,
 void     instrument_debug_config(void);
 void     instrument_debug_init(void);
 void     instrument_debug_start(uint64_t address, GumStalkerOutput *output);
-void     instrument_debug_instruction(uint64_t address, uint16_t size);
+void     instrument_debug_instruction(uint64_t address, uint16_t size,
+                                      GumStalkerOutput *output);
 void     instrument_debug_end(GumStalkerOutput *output);
 void     instrument_flush(GumStalkerOutput *output);
 gpointer instrument_cur(GumStalkerOutput *output);
diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c
index 414dc84c..8ee21f5b 100644
--- a/frida_mode/src/instrument/instrument.c
+++ b/frida_mode/src/instrument/instrument.c
@@ -193,7 +193,20 @@ static void instrument_basic_block(GumStalkerIterator *iterator,
       instrument_debug_start(instr->address, output);
       instrument_coverage_start(instr->address);
 
+#if defined(__arm__)
+      if (output->encoding == GUM_INSTRUCTION_SPECIAL) {
+
+        prefetch_write(GSIZE_TO_POINTER(instr->address + 1));
+
+      } else {
+
+        prefetch_write(GSIZE_TO_POINTER(instr->address));
+
+      }
+
+#else
       prefetch_write(GSIZE_TO_POINTER(instr->address));
+#endif
 
       if (likely(!excluded)) {
 
@@ -213,7 +226,7 @@ static void instrument_basic_block(GumStalkerIterator *iterator,
 
     }
 
-    instrument_debug_instruction(instr->address, instr->size);
+    instrument_debug_instruction(instr->address, instr->size, output);
 
     if (likely(!excluded)) {
 
diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c
index fa8b0bd2..16e8eaab 100644
--- a/frida_mode/src/instrument/instrument_arm32.c
+++ b/frida_mode/src/instrument/instrument_arm32.c
@@ -28,7 +28,15 @@ void instrument_coverage_optimize_init(void) {
 
 void instrument_flush(GumStalkerOutput *output) {
 
-  gum_arm_writer_flush(output->writer.arm);
+  if (output->encoding == GUM_INSTRUCTION_SPECIAL) {
+
+    gum_thumb_writer_flush(output->writer.thumb);
+
+  } else {
+
+    gum_arm_writer_flush(output->writer.arm);
+
+  }
 
 }
 
diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c
index a175b585..9c95857f 100644
--- a/frida_mode/src/instrument/instrument_debug.c
+++ b/frida_mode/src/instrument/instrument_debug.c
@@ -32,18 +32,27 @@ static void instrument_debug(char *format, ...) {
 
 }
 
-static void instrument_disasm(guint8 *start, guint8 *end) {
+static void instrument_disasm(guint8 *start, guint8 *end,
+                              GumStalkerOutput *output) {
 
   csh      capstone;
   cs_err   err;
+  cs_mode  mode;
   uint16_t size;
   cs_insn *insn;
   size_t   count = 0;
   size_t   i;
   uint16_t len;
 
+  mode = GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN;
+
+#if defined(__arm__)
+  if (output->encoding == GUM_INSTRUCTION_SPECIAL) { mode |= CS_MODE_THUMB; }
+#endif
+
   err = cs_open(GUM_DEFAULT_CS_ARCH,
-                GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN, &capstone);
+                CS_MODE_THUMB | GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN,
+                &capstone);
   g_assert(err == CS_ERR_OK);
 
   size = GPOINTER_TO_SIZE(end) - GPOINTER_TO_SIZE(start);
@@ -121,11 +130,12 @@ void instrument_debug_start(uint64_t address, GumStalkerOutput *output) {
 
 }
 
-void instrument_debug_instruction(uint64_t address, uint16_t size) {
+void instrument_debug_instruction(uint64_t address, uint16_t size,
+                                  GumStalkerOutput *output) {
 
   if (likely(debugging_fd < 0)) { return; }
   uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address);
-  instrument_disasm(start, start + size);
+  instrument_disasm(start, start + size, output);
 
 }
 
@@ -136,7 +146,7 @@ void instrument_debug_end(GumStalkerOutput *output) {
 
   instrument_debug("\nGenerated block %p-%p\n", instrument_gen_start,
                    instrument_gen_end);
-  instrument_disasm(instrument_gen_start, instrument_gen_end);
+  instrument_disasm(instrument_gen_start, instrument_gen_end, output);
 
 }
 
diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c
index 913e3a46..1be63bc4 100644
--- a/frida_mode/src/main.c
+++ b/frida_mode/src/main.c
@@ -219,6 +219,8 @@ __attribute__((visibility("default"))) void afl_frida_start(void) {
 
 static int on_main(int argc, char **argv, char **envp) {
 
+  int ret;
+
   on_main_os(argc, argv, envp);
 
   intercept_unhook_self();
@@ -227,14 +229,16 @@ static int on_main(int argc, char **argv, char **envp) {
 
   if (js_main_hook != NULL) {
 
-    return js_main_hook(argc, argv, envp);
+    ret = js_main_hook(argc, argv, envp);
 
   } else {
 
-    return main_fn(argc, argv, envp);
+    ret = main_fn(argc, argv, envp);
 
   }
 
+  return ret;
+
 }
 
 #if defined(EMBEDDED)