Merge pull request #737 from AFLplusplus/dev

push to stable
author: van Hauser <vh@thc.org> 2021-02-15 15:20:06 +0100
committer: GitHub <noreply@github.com> 2021-02-15 15:20:06 +0100
commit: d999725de217a0adf4f936954c418ad8c8c3da2a (patch)
tree: a562435e463b9f9d10b8339992d85052f558e4d6 /utils/afl_untracer
parent: 91f2f057e4eacab4cd3a1a11cde157e3a31470d0 (diff)
parent: 145c673a80878d92013882eda6ef56e6948c397b (diff)
download: afl++-d999725de217a0adf4f936954c418ad8c8c3da2a.tar.gz
2 files changed, 21 insertions, 11 deletions
diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c
index 695f8dd1..2baeb58d 100644
--- a/utils/afl_untracer/afl-untracer.c
+++ b/utils/afl_untracer/afl-untracer.c
@@ -56,9 +56,9 @@
 #include <sys/shm.h>
 #include <sys/wait.h>
 #include <sys/types.h>
-#include <sys/personality.h>
 
 #if defined(__linux__)
+  #include <sys/personality.h>
   #include <sys/ucontext.h>
 #elif defined(__APPLE__) && defined(__LP64__)
   #include <mach-o/dyld_images.h>
@@ -143,7 +143,7 @@ void read_library_information(void) {
       b = buf;
       m = index(buf, '-');
       e = index(buf, ' ');
-      if ((n = rindex(buf, '/')) == NULL) n = rindex(buf, ' ');
+      if ((n = strrchr(buf, '/')) == NULL) n = strrchr(buf, ' ');
       if (n &&
           ((*n >= '0' && *n <= '9') || *n == '[' || *n == '{' || *n == '('))
         n = NULL;
@@ -480,6 +480,9 @@ void setup_trap_instrumentation(void) {
     // Index into the coverage bitmap for the current trap instruction.
 #ifdef __aarch64__
   uint64_t bitmap_index = 0;
+  #ifdef __APPLE__
+  pthread_jit_write_protect_np(0);
+  #endif
 #else
   uint32_t bitmap_index = 0;
 #endif
@@ -508,7 +511,6 @@ void setup_trap_instrumentation(void) {
               lib_size);
 
       lib_addr = (u8 *)lib_base->addr_start;
-
       // Make library code writable.
       if (mprotect((void *)lib_addr, lib_size,
                    PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
@@ -625,8 +627,13 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) {
   // Must re-execute the instruction, so decrement PC by one instruction.
   ucontext_t *ctx = (ucontext_t *)context;
 #if defined(__APPLE__) && defined(__LP64__)
+  #if defined(__x86_64__)
   ctx->uc_mcontext->__ss.__rip -= 1;
   addr = ctx->uc_mcontext->__ss.__rip;
+  #else
+  ctx->uc_mcontext->__ss.__pc -= 4;
+  addr = ctx->uc_mcontext->__ss.__pc;
+  #endif
 #elif defined(__linux__)
   #if defined(__x86_64__) || defined(__i386__)
   ctx->uc_mcontext.gregs[REG_RIP] -= 1;
@@ -676,7 +683,9 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) {
 /* the MAIN function */
 int main(int argc, char *argv[]) {
 
+#if defined(__linux__)
   (void)personality(ADDR_NO_RANDOMIZE);  // disable ASLR
+#endif
 
   pid = getpid();
   if (getenv("AFL_DEBUG")) debug = 1;
diff --git a/utils/afl_untracer/ida_get_patchpoints.py b/utils/afl_untracer/ida_get_patchpoints.py
index 43cf6d89..807685b3 100644
--- a/utils/afl_untracer/ida_get_patchpoints.py
+++ b/utils/afl_untracer/ida_get_patchpoints.py
@@ -11,6 +11,7 @@ import idc
 # See https://www.hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml
 
 from os.path import expanduser
+
 home = expanduser("~")
 
 patchpoints = set()
@@ -18,7 +19,7 @@ patchpoints = set()
 max_offset = 0
 for seg_ea in idautils.Segments():
     name = idc.get_segm_name(seg_ea)
-    #print("Segment: " + name)
+    # print("Segment: " + name)
     if name != "__text" and name != ".text":
         continue
 
@@ -26,7 +27,7 @@ for seg_ea in idautils.Segments():
     end = idc.get_segm_end(seg_ea)
     first = 0
     subtract_addr = 0
-    #print("Start: " + hex(start) + " End: " + hex(end))
+    # print("Start: " + hex(start) + " End: " + hex(end))
     for func_ea in idautils.Functions(start, end):
         f = idaapi.get_func(func_ea)
         if not f:
@@ -37,10 +38,10 @@ for seg_ea in idautils.Segments():
                     if block.start_ea >= 0x1000:
                         subtract_addr = 0x1000
                         first = 1
-                        
+
                 max_offset = max(max_offset, block.start_ea)
                 patchpoints.add(block.start_ea - subtract_addr)
-            #else:
+            # else:
             #    print("Warning: broken CFG?")
 
 # Round up max_offset to page size
@@ -52,11 +53,11 @@ if rem != 0:
 print("Writing to " + home + "/Desktop/patches.txt")
 
 with open(home + "/Desktop/patches.txt", "w") as f:
-    f.write(ida_nalt.get_root_filename() + ':' + hex(size) + '\n')
-    f.write('\n'.join(map(hex, sorted(patchpoints))))
-    f.write('\n')
+    f.write(ida_nalt.get_root_filename() + ":" + hex(size) + "\n")
+    f.write("\n".join(map(hex, sorted(patchpoints))))
+    f.write("\n")
 
 print("Done, found {} patchpoints".format(len(patchpoints)))
 
 # For headless script running remove the comment from the next line
-#ida_pro.qexit()
+# ida_pro.qexit()
author	van Hauser <vh@thc.org>	2021-02-15 15:20:06 +0100
committer	GitHub <noreply@github.com>	2021-02-15 15:20:06 +0100
commit	d999725de217a0adf4f936954c418ad8c8c3da2a (patch)
tree	a562435e463b9f9d10b8339992d85052f558e4d6 /utils/afl_untracer
parent	91f2f057e4eacab4cd3a1a11cde157e3a31470d0 (diff)
parent	145c673a80878d92013882eda6ef56e6948c397b (diff)
download	afl++-d999725de217a0adf4f936954c418ad8c8c3da2a.tar.gz