about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/forkserver.h11
-rw-r--r--nyx_mode/LIBNYX_VERSION2
-rw-r--r--nyx_mode/PACKER_VERSION2
m---------nyx_mode/libnyx0
m---------nyx_mode/packer0
-rw-r--r--src/afl-forkserver.c16
-rw-r--r--src/afl-fuzz-stats.c11
-rw-r--r--src/afl-fuzz.c17
8 files changed, 55 insertions, 4 deletions
diff --git a/include/forkserver.h b/include/forkserver.h
index 6c649528..db1832c4 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -89,11 +89,14 @@ typedef struct {
   bool (*nyx_config_set_aux_buffer_size)(void    *config,
                                          uint32_t aux_buffer_size);
 
+  uint64_t (*nyx_get_target_hash64)(void *config);
+
+  void (*nyx_config_free)(void *config);
+
 } nyx_plugin_handler_t;
 
 /* Imports helper functions to enable Nyx mode (Linux only )*/
 nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary);
-
 #endif
 
 typedef struct afl_forkserver {
@@ -204,6 +207,7 @@ typedef struct afl_forkserver {
   bool                  nyx_use_tmp_workdir;
   char                 *nyx_tmp_workdir_path;
   s32                   nyx_log_fd;
+  u64                   nyx_target_hash64;
 #endif
 
 #ifdef __AFL_CODE_COVERAGE
@@ -241,6 +245,11 @@ void              afl_fsrv_killall(void);
 void              afl_fsrv_deinit(afl_forkserver_t *fsrv);
 void              afl_fsrv_kill(afl_forkserver_t *fsrv);
 
+#ifdef __linux__
+void nyx_load_target_hash(afl_forkserver_t *fsrv);
+#endif
+
+
 #ifdef __APPLE__
   #define MSG_FORK_ON_APPLE                                                    \
     "    - On MacOS X, the semantics of fork() syscalls are non-standard and " \
diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION
index 9aae19be..5f7c9a5b 100644
--- a/nyx_mode/LIBNYX_VERSION
+++ b/nyx_mode/LIBNYX_VERSION
@@ -1 +1 @@
-6833d23
+ea6ceb9
\ No newline at end of file
diff --git a/nyx_mode/PACKER_VERSION b/nyx_mode/PACKER_VERSION
index cc20a3b6..0b9e5d4e 100644
--- a/nyx_mode/PACKER_VERSION
+++ b/nyx_mode/PACKER_VERSION
@@ -1 +1 @@
-bcf3e24
+6067e5c
diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx
-Subproject 6833d236dfe785a8a23d8c8d79e74c99fa63500
+Subproject ea6ceb994ab975b81aea0daaf64b92a3066c1e8
diff --git a/nyx_mode/packer b/nyx_mode/packer
-Subproject bcf3e248b660764f48af54232a3388389a2dfc2
+Subproject 6067e5c0ffb3e9aec35aa3aef29b3e390dd313b
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index c7c493cf..ae3c7ccc 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -136,6 +136,12 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
       dlsym(handle, "nyx_config_set_aux_buffer_size");
   if (plugin->nyx_config_set_aux_buffer_size == NULL) { goto fail; }
 
+  plugin->nyx_get_target_hash64 = dlsym(handle, "nyx_get_target_hash64");
+  if (plugin->nyx_get_target_hash64 == NULL) { goto fail; }
+
+  plugin->nyx_config_free = dlsym(handle, "nyx_config_free");
+  if (plugin->nyx_get_target_hash64 == NULL) { goto fail; }
+
   OKF("libnyx plugin is ready!");
   return plugin;
 
@@ -224,6 +230,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) {
   fsrv->nyx_use_tmp_workdir = false;
   fsrv->nyx_tmp_workdir_path = NULL;
   fsrv->nyx_log_fd = -1;
+  fsrv->nyx_target_hash64 = 0;
 #endif
 
   // this structure needs default so we initialize it if this was not done
@@ -527,6 +534,15 @@ static void report_error_and_exit(int error) {
 
 }
 
+#ifdef __linux__
+void nyx_load_target_hash(afl_forkserver_t *fsrv) {
+  void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path);
+  fsrv->nyx_target_hash64 = fsrv->nyx_handlers->nyx_get_target_hash64(nyx_config);
+  fsrv->nyx_handlers->nyx_config_free(nyx_config);
+}
+#endif
+
+
 /* Spins up fork server. The idea is explained here:
 
    https://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 9f5f59c0..b1a84cb6 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -80,7 +80,18 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
 
   snprintf(fn2, PATH_MAX, "%s/target_hash", afl->out_dir);
   FILE *f2 = create_ffile(fn2);
+
+#ifdef __linux__
+  if (afl->fsrv.nyx_mode) {
+    nyx_load_target_hash(&afl->fsrv);
+    fprintf(f2, "%llx\n", afl->fsrv.nyx_target_hash64);
+  }
+  else {
+    fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path));
+  }
+#else
   fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path));
+#endif
   fclose(f2);
 
   snprintf(fn, PATH_MAX, "%s/fuzzer_setup", afl->out_dir);
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 5ab8d7e9..a2fd4b76 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -2225,9 +2225,24 @@ int main(int argc, char **argv_orig, char **envp) {
 
   if (afl->in_place_resume && !afl->afl_env.afl_no_fastresume) {
 
+#ifdef __linux__
+    u64 target_hash = 0;
+    if (afl->fsrv.nyx_mode) {
+      nyx_load_target_hash(&afl->fsrv);
+      target_hash = afl->fsrv.nyx_target_hash64;
+    }
+    else {
+      target_hash = get_binary_hash(afl->fsrv.target_path);
+    }
+#else
     u64 target_hash = get_binary_hash(afl->fsrv.target_path);
+#endif
 
-    if (!target_hash || prev_target_hash != target_hash) {
+    if ((!target_hash || prev_target_hash != target_hash)
+#ifdef __linux__
+      || (afl->fsrv.nyx_mode && target_hash == 0)
+#endif
+    ) {
 
       ACTF("Target binary is different, cannot perform FAST RESUME!");
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-20 19:17:34 +0000