about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--custom_mutators/symcc/README.md5
-rw-r--r--frida_mode/src/instrument/instrument_arm64.c4
-rw-r--r--frida_mode/src/instrument/instrument_x64.c3
-rw-r--r--instrumentation/cmplog-instructions-pass.cc10
-rw-r--r--utils/libdislocator/libdislocator.so.c9
5 files changed, 19 insertions, 12 deletions
diff --git a/custom_mutators/symcc/README.md b/custom_mutators/symcc/README.md
index 337362ae..364a348e 100644
--- a/custom_mutators/symcc/README.md
+++ b/custom_mutators/symcc/README.md
@@ -1,6 +1,9 @@
 # custum mutator: symcc
 
-This uses the excellent symcc to find new paths into the target.
+This uses the symcc to find new paths into the target.
+
+Note that this is a just a proof of concept example! It is better to use
+the fuzzing helpers of symcc, symqemu, Fuzzolic, etc. rather than this.
 
 To use this custom mutator follow the steps in the symcc repository 
 [https://github.com/eurecom-s3/symcc/](https://github.com/eurecom-s3/symcc/) 
diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c
index e6251cb4..2bc8f8aa 100644
--- a/frida_mode/src/instrument/instrument_arm64.c
+++ b/frida_mode/src/instrument/instrument_arm64.c
@@ -18,8 +18,8 @@
 
 #if defined(__aarch64__)
 
-gboolean instrument_cache_enabled = FALSE;
-gsize    instrument_cache_size = 0;
+gboolean           instrument_cache_enabled = FALSE;
+gsize              instrument_cache_size = 0;
 static GHashTable *coverage_blocks = NULL;
 
 __attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_SIZE];
diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c
index d54c8353..f02c971e 100644
--- a/frida_mode/src/instrument/instrument_x64.c
+++ b/frida_mode/src/instrument/instrument_x64.c
@@ -336,7 +336,8 @@ void instrument_coverage_optimize(const cs_insn *   instr,
                                   GumStalkerOutput *output) {
 
   GumX86Writer *cw = output->writer.x86;
-  /* guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); */
+  /* guint64 area_offset =
+   * instrument_get_offset_hash(GUM_ADDRESS(instr->address)); */
   if (instrument_previous_pc_addr == NULL) {
 
     GumAddressSpec spec = {.near_address = cw->code,
diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc
index e21289b4..85d48835 100644
--- a/instrumentation/cmplog-instructions-pass.cc
+++ b/instrumentation/cmplog-instructions-pass.cc
@@ -116,7 +116,7 @@ class CmpLogInstructions : public ModulePass {
 #endif
 
  private:
-  bool hookInstrs(Module &M, LoopInfoCallback LCallback);
+  bool         hookInstrs(Module &M, LoopInfoCallback LCallback);
   unsigned int instrumented = 0;
 
 };
@@ -305,6 +305,7 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) {
     const LoopInfo *          LI = LCallback(F);
 #if 0
     for (LoopInfo::iterator I = LI->begin(), E = LI->end(); I != E; ++I) {
+
       Loop *      L = *I;
       BasicBlock *In, *Out;
       bool        ok = false ; L->getIncomingAndBackEdge(In, Out);
@@ -333,9 +334,10 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) {
         }
 
       }
+
     }
-#endif
 
+#endif
 
     //    fprintf(stderr, "Loops in %s: %zu\n", F.getName().str().c_str(),
     //    lcomps.size());
@@ -703,7 +705,7 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) {
               break;
 
           }
-          
+
           ++instrumented;
 
         }
@@ -718,7 +720,7 @@ bool CmpLogInstructions::hookInstrs(Module &M, LoopInfoCallback LCallback) {
     }
 
   }
-  
+
   fprintf(stderr, "instrumented: %u (%zu)\n", instrumented, icomps.size());
 
   if (icomps.size())
diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c
index 72fafa4b..bd08a678 100644
--- a/utils/libdislocator/libdislocator.so.c
+++ b/utils/libdislocator/libdislocator.so.c
@@ -257,16 +257,17 @@ static void *__dislocator_alloc(size_t len) {
   }
 
 #if defined(USENAMEDPAGE)
-#if defined(__linux__)
+  #if defined(__linux__)
   // in the /proc/<pid>/maps file, the anonymous page appears as
   // `<start>-<end> ---p 00000000 00:00 0 [anon:libdislocator]`
-  if (prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME,
-    (unsigned long)ret, tlen, (unsigned long)"libdislocator") < 0) {
+  if (prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, (unsigned long)ret, tlen,
+            (unsigned long)"libdislocator") < 0) {
 
     DEBUGF("prctl() failed");
 
   }
-#endif
+
+  #endif
 #endif
 
   /* Set PROT_NONE on the last page. */
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-15 20:34:48 +0000