about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/forkserver.h2
-rw-r--r--src/afl-forkserver.c8
-rw-r--r--src/afl-fuzz-bitmap.c14
-rw-r--r--src/afl-fuzz.c4
4 files changed, 27 insertions, 1 deletions
diff --git a/include/forkserver.h b/include/forkserver.h
index fd4d283c..cb68ce4f 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -70,6 +70,7 @@ typedef struct {
   enum NyxReturnValue (*nyx_exec)(void *qemu_process);
   uint8_t *(*nyx_get_bitmap_buffer)(void *qemu_process);
   size_t (*nyx_get_bitmap_buffer_size)(void *qemu_process);
+  uint32_t (*nyx_get_aux_string)(void *nyx_process, uint8_t *buffer, uint32_t size);
 
 } nyx_plugin_handler_t;
 
@@ -173,6 +174,7 @@ typedef struct afl_forkserver {
   void *                nyx_runner;      /* nyx runner object                */
   u32                   nyx_id;          /* nyx runner id (0 -> master)      */
   u32                   nyx_bind_cpu_id; /* nyx runner cpu id                */
+  char*                 nyx_aux_string;
 #endif
 
 } afl_forkserver_t;
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 8997781d..54f28852 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -450,6 +450,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
     fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0);
     fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner);
 
+    fsrv->nyx_aux_string = malloc(0x1000);
+    memset(fsrv->nyx_aux_string, 0, 0x1000);
+
     /* dry run */
     fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4);
     switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) {
@@ -1253,7 +1256,10 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) {
   fsrv->child_pid = -1;
 
 #ifdef __linux__
-  if (fsrv->nyx_mode) { fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); }
+  if (fsrv->nyx_mode) {
+    free(fsrv->nyx_aux_string);
+    fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); 
+  }
 #endif
 
 }
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index b963caf8..bce1a195 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -771,6 +771,20 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
   ck_write(fd, mem, len, fn);
   close(fd);
 
+  if(afl->fsrv.nyx_mode && fault == FSRV_RUN_CRASH) {
+    u8  fn_log[PATH_MAX];
+
+    snprintf(fn_log, PATH_MAX, "%s.log", fn);
+
+    fd = open(fn_log, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
+    if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); }
+
+    u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string(afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000);
+
+    ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log);
+    close(fd);
+  }
+
   return keeping;
 
 }
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index a3f57c1e..df6e5404 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -468,6 +468,10 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
       dlsym(handle, "nyx_get_bitmap_buffer_size");
   if (plugin->nyx_get_bitmap_buffer_size == NULL) { goto fail; }
 
+  plugin->nyx_get_aux_string =
+      dlsym(handle, "nyx_get_aux_string");
+  if (plugin->nyx_get_aux_string == NULL) { goto fail; }
+
   OKF("libnyx plugin is ready!");
   return plugin;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-20 16:43:12 +0000