about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/forkserver.h2
-rw-r--r--instrumentation/compare-transform-pass.so.cc3
-rw-r--r--nyx_mode/LIBNYX_VERSION2
-rw-r--r--nyx_mode/PACKER_VERSION2
m---------nyx_mode/QEMU-Nyx0
-rw-r--r--nyx_mode/QEMU_NYX_VERSION2
m---------nyx_mode/libnyx0
m---------nyx_mode/packer0
-rw-r--r--src/afl-forkserver.c8
-rw-r--r--src/afl-fuzz-bitmap.c16
-rw-r--r--src/afl-fuzz.c4
11 files changed, 33 insertions, 6 deletions
diff --git a/include/forkserver.h b/include/forkserver.h
index fd4d283c..cb68ce4f 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -70,6 +70,7 @@ typedef struct {
   enum NyxReturnValue (*nyx_exec)(void *qemu_process);
   uint8_t *(*nyx_get_bitmap_buffer)(void *qemu_process);
   size_t (*nyx_get_bitmap_buffer_size)(void *qemu_process);
+  uint32_t (*nyx_get_aux_string)(void *nyx_process, uint8_t *buffer, uint32_t size);
 
 } nyx_plugin_handler_t;
 
@@ -173,6 +174,7 @@ typedef struct afl_forkserver {
   void *                nyx_runner;      /* nyx runner object                */
   u32                   nyx_id;          /* nyx runner id (0 -> master)      */
   u32                   nyx_bind_cpu_id; /* nyx runner cpu id                */
+  char*                 nyx_aux_string;
 #endif
 
 } afl_forkserver_t;
diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
index c668ba95..9a4e4f00 100644
--- a/instrumentation/compare-transform-pass.so.cc
+++ b/instrumentation/compare-transform-pass.so.cc
@@ -76,8 +76,7 @@ class CompareTransform : public ModulePass {
 
 #endif
 
-  //#if LLVM_MAJOR >= 11                                /* use new pass manager
-  /                                                                        /*/
+  //#if LLVM_MAJOR >= 11                             /* use new pass manager */
   //  PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM);
   //#else
   bool runOnModule(Module &M) override;
diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION
index b45b4e90..65e119c9 100644
--- a/nyx_mode/LIBNYX_VERSION
+++ b/nyx_mode/LIBNYX_VERSION
@@ -1 +1 @@
-2e45754
+8a77c71
diff --git a/nyx_mode/PACKER_VERSION b/nyx_mode/PACKER_VERSION
index 43488114..d67dee20 100644
--- a/nyx_mode/PACKER_VERSION
+++ b/nyx_mode/PACKER_VERSION
@@ -1 +1 @@
-76100c5
+5d143ee
diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx
-Subproject c2c69cfc528398d9db9363b92f8c50db4008c98
+Subproject c08e4ac94244a9739b4484b3010abc06b372923
diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION
index be13a784..2d9ee5e3 100644
--- a/nyx_mode/QEMU_NYX_VERSION
+++ b/nyx_mode/QEMU_NYX_VERSION
@@ -1 +1 @@
-c2c69cfc52
+c08e4ac942
diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx
-Subproject 2e45754e271463f446c31a6f467231d8657910e
+Subproject 8a77c71dc8a8c0b73abd8fb9c22e30d565184ef
diff --git a/nyx_mode/packer b/nyx_mode/packer
-Subproject 76100c52db96429350693a6c7284c5c6cbcb6b0
+Subproject 5d143eee4e4dcd12a1fc5d6786dd8da25cbb995
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 8997781d..54f28852 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -450,6 +450,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
     fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0);
     fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner);
 
+    fsrv->nyx_aux_string = malloc(0x1000);
+    memset(fsrv->nyx_aux_string, 0, 0x1000);
+
     /* dry run */
     fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4);
     switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) {
@@ -1253,7 +1256,10 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) {
   fsrv->child_pid = -1;
 
 #ifdef __linux__
-  if (fsrv->nyx_mode) { fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); }
+  if (fsrv->nyx_mode) {
+    free(fsrv->nyx_aux_string);
+    fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); 
+  }
 #endif
 
 }
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index b963caf8..226dfa5c 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -771,6 +771,22 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
   ck_write(fd, mem, len, fn);
   close(fd);
 
+#ifdef __linux__
+  if(afl->fsrv.nyx_mode && fault == FSRV_RUN_CRASH) {
+    u8  fn_log[PATH_MAX];
+
+    snprintf(fn_log, PATH_MAX, "%s.log", fn);
+
+    fd = open(fn_log, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
+    if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); }
+
+    u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string(afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000);
+
+    ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log);
+    close(fd);
+  }
+#endif
+
   return keeping;
 
 }
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index a3f57c1e..df6e5404 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -468,6 +468,10 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
       dlsym(handle, "nyx_get_bitmap_buffer_size");
   if (plugin->nyx_get_bitmap_buffer_size == NULL) { goto fail; }
 
+  plugin->nyx_get_aux_string =
+      dlsym(handle, "nyx_get_aux_string");
+  if (plugin->nyx_get_aux_string == NULL) { goto fail; }
+
   OKF("libnyx plugin is ready!");
   return plugin;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 10:11:08 +0000