diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-17 16:39:05 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-17 16:39:05 +0100 |
| commit | 55e9297202d646cfe7da8d6c5eb6937952812569 (patch) | |
| tree | 42b402e419e225a644b8cedb7c1c0481d4404cc7 /include | |
| parent | bd58094dbc87463680a54d99ffcff7ae2a591353 (diff) | |
| download | afl++-55e9297202d646cfe7da8d6c5eb6937952812569.tar.gz | |
first experiment cmplog
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-fuzz.h | 12 | ||||
| -rw-r--r-- | include/cmplog.h | 49 | ||||
| -rw-r--r-- | include/config.h | 4 | ||||
| -rw-r--r-- | include/sharedmem.h | 2 |
4 files changed, 66 insertions, 1 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 9ecf1f29..33ba50f1 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -168,7 +168,9 @@ enum { /* 16 */ STAGE_SPLICE, /* 17 */ STAGE_PYTHON, /* 18 */ STAGE_RADAMSA, - /* 19 */ STAGE_CUSTOM_MUTATOR + /* 19 */ STAGE_CUSTOM_MUTATOR, + /* 20 */ STAGE_COLORIZATION, + /* 21 */ STAGE_ITS, }; @@ -645,6 +647,14 @@ char** get_qemu_argv(u8*, char**, int); char** get_wine_argv(u8*, char**, int); void save_cmdline(u32, char**); +/* RedQueen */ + +extern u8* cmplog_binary; +extern s32 cmplog_forksrv_pid; + +void init_cmplog_forkserver(char **argv); +u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len, u32 exec_cksum); + /**** Inline routines ****/ /* Generate a random number (from 0 to limit - 1). This may diff --git a/include/cmplog.h b/include/cmplog.h new file mode 100644 index 00000000..26d4b692 --- /dev/null +++ b/include/cmplog.h @@ -0,0 +1,49 @@ +#ifndef _AFL_REDQUEEN_H +#define _AFL_REDQUEEN_H + +#include "config.h" + +#define CMP_MAP_W 65536 +#define CMP_MAP_H 256 + +#define SHAPE_BYTES(x) (x+1) + +#define CMP_TYPE_INS 0 +#define CMP_TYPE_RTN 1 + +struct cmp_header { + + unsigned hits : 20; + + unsigned cnt : 20; + unsigned id : 16; + + unsigned shape : 5; // from 0 to 31 + unsigned type : 1; + +} __attribute__((packed)); + +struct cmp_operands { + + u64 v0; + u64 v1; + +}; + +struct cmpfn_operands { + + u8 v0[32]; + u8 v1[32]; + +}; + +typedef struct cmp_operands cmp_map_list[CMP_MAP_H]; + +struct cmp_map { + + struct cmp_header headers[CMP_MAP_W]; + struct cmp_operands log[CMP_MAP_W][CMP_MAP_H]; + +}; + +#endif diff --git a/include/config.h b/include/config.h index c5139dbd..2c6ee707 100644 --- a/include/config.h +++ b/include/config.h @@ -361,6 +361,10 @@ #define AFL_QEMU_NOT_ZERO +/* AFL RedQueen */ + +#define CMPLOG_SHM_ENV_VAR "__AFL_CMPLOG_SHM_ID" + /* Uncomment this to use inferior block-coverage-based instrumentation. Note that you need to recompile the target binary for this to have any effect: */ diff --git a/include/sharedmem.h b/include/sharedmem.h index 69291330..25c7336d 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -30,5 +30,7 @@ void setup_shm(unsigned char dumb_mode); void remove_shm(void); +extern int cmplog_mode; + #endif |