diff options
| -rw-r--r-- | include/forkserver.h | 1 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 13 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 13 |
4 files changed, 23 insertions, 7 deletions
diff --git a/include/forkserver.h b/include/forkserver.h index 01f45587..fd4d283c 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -162,6 +162,7 @@ typedef struct afl_forkserver { void (*add_extra_func)(void *afl_ptr, u8 *mem, u32 len); u8 kill_signal; + u8 persistent_mode; #ifdef __linux__ nyx_plugin_handler_t *nyx_handlers; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index ce554170..fdaf7d0d 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -59,7 +59,11 @@ static list_t fsrv_list = {.element_prealloc_count = 0}; static void fsrv_exec_child(afl_forkserver_t *fsrv, char **argv) { - if (fsrv->qemu_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } + if (fsrv->qemu_mode || fsrv->frida_mode || fsrv->cs_mode) { + + setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); + + } execv(fsrv->target_path, argv); @@ -281,13 +285,13 @@ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) { sigaction(SIGPIPE, &sa, NULL); signal(SIGCHLD, old_sigchld_handler); + // FORKSRV_FD is for communication with AFL, we don't need it in the - // child. + // child close(FORKSRV_FD); close(FORKSRV_FD + 1); - // TODO: exec... - + // finally: exec... execv(fsrv->target_path, argv); /* Use a distinctive bitmap signature to tell the parent about execv() @@ -567,6 +571,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + if (!be_quiet) { ACTF("Using AFL++ faux forkserver..."); } fsrv->init_child_func = afl_fauxsrv_execv; } diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 5449460e..9e74079b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2818,7 +2818,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { OKF(cPIN "Persistent mode binary detected."); setenv(PERSIST_ENV_VAR, "1", 1); afl->persistent_mode = 1; - + afl->fsrv.persistent_mode = 1; afl->shmem_testcase_mode = 1; } else if (getenv("AFL_PERSISTENT")) { @@ -2830,7 +2830,6 @@ void check_binary(afl_state_t *afl, u8 *fname) { OKF("FRIDA Persistent mode configuration options detected."); setenv(PERSIST_ENV_VAR, "1", 1); afl->persistent_mode = 1; - afl->shmem_testcase_mode = 1; } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9ef2669a..80059783 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -198,7 +198,7 @@ static void usage(u8 *argv0, int more_help) { " -I command - execute this command/script when a new crash is " "found\n" //" -B bitmap.txt - mutate a specific test case, use the - //out/default/fuzz_bitmap file\n" + // out/default/fuzz_bitmap file\n" " -C - crash exploration mode (the peruvian rabbit thing)\n" " -b cpu_id - bind the fuzzing process to the specified CPU core " "(0-...)\n" @@ -1897,6 +1897,17 @@ int main(int argc, char **argv_orig, char **envp) { check_binary(afl, argv[optind]); + if (getenv(PERSIST_ENV_VAR) && !afl->persistent_mode) { + + WARNF( + "Persistent mode environment variable detected, forcing persitent " + "mode!"); + afl->persistent_mode = 1; + afl->fsrv.persistent_mode = 1; + afl->shmem_testcase_mode = 1; + + } + #ifdef AFL_PERSISTENT_RECORD if (unlikely(afl->fsrv.persistent_record)) { |