about summary refs log tree commit diff
path: root/frida_mode/src/persistent/persistent.c
diff options
context:
space:
mode:
Diffstat (limited to 'frida_mode/src/persistent/persistent.c')
-rw-r--r--frida_mode/src/persistent/persistent.c80
1 files changed, 36 insertions, 44 deletions
diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c
index 639a694e..2ec5b9cc 100644
--- a/frida_mode/src/persistent/persistent.c
+++ b/frida_mode/src/persistent/persistent.c
@@ -1,31 +1,30 @@
 #include <dlfcn.h>
 
-#include "frida-gumjs.h"
+#include "frida-gum.h"
 
 #include "config.h"
 #include "debug.h"
 
-#include "entry.h"
 #include "persistent.h"
-#include "ranges.h"
-#include "stalker.h"
 #include "util.h"
 
-int          __afl_sharedmem_fuzzing = 0;
-static char *hook_name = NULL;
-
-afl_persistent_hook_fn persistent_hook = NULL;
+int                    __afl_sharedmem_fuzzing = 0;
+afl_persistent_hook_fn hook = NULL;
 guint64                persistent_start = 0;
 guint64                persistent_count = 0;
 guint64                persistent_ret = 0;
+guint64                persistent_ret_offset = 0;
 gboolean               persistent_debug = FALSE;
 
-void persistent_config(void) {
+void persistent_init(void) {
+
+  char *hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK");
 
-  hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK");
   persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR");
   persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT");
   persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET");
+  persistent_ret_offset =
+      util_read_address("AFL_FRIDA_PERSISTENT_RETADDR_OFFSET");
 
   if (getenv("AFL_FRIDA_PERSISTENT_DEBUG") != NULL) { persistent_debug = TRUE; }
 
@@ -37,11 +36,6 @@ void persistent_config(void) {
 
   }
 
-  if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000;
-
-  if (persistent_start != 0 && !persistent_is_supported())
-    FATAL("Persistent mode not supported on this architecture");
-
   if (persistent_ret != 0 && persistent_start == 0) {
 
     FATAL(
@@ -50,28 +44,21 @@ void persistent_config(void) {
 
   }
 
-  if (hook_name == NULL) { return; }
+  if (persistent_ret_offset != 0 && persistent_ret == 0) {
 
-  void *hook_obj = dlopen(hook_name, RTLD_NOW);
-  if (hook_obj == NULL)
-    FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name);
-
-  int (*afl_persistent_hook_init_ptr)(void) =
-      dlsym(hook_obj, "afl_persistent_hook_init");
-  if (afl_persistent_hook_init_ptr == NULL)
-    FATAL("Failed to find afl_persistent_hook_init in %s", hook_name);
+    FATAL(
+        "AFL_FRIDA_PERSISTENT_RET must be specified if "
+        "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET is");
 
-  if (afl_persistent_hook_init_ptr() == 0)
-    FATAL("afl_persistent_hook_init returned a failure");
+  }
 
-  persistent_hook =
-      (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook");
-  if (persistent_hook == NULL)
-    FATAL("Failed to find afl_persistent_hook in %s", hook_name);
+  if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000;
 
-}
+  if (persistent_count != 0 && persistent_count < 100)
+    WARNF("Persistent count out of recommended range (<100)");
 
-void persistent_init(void) {
+  if (persistent_start != 0 && !persistent_is_supported())
+    FATAL("Persistent mode not supported on this architecture");
 
   OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)",
       persistent_start == 0 ? ' ' : 'X', persistent_start);
@@ -81,25 +68,30 @@ void persistent_init(void) {
 
   OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)",
       persistent_ret == 0 ? ' ' : 'X', persistent_ret);
+  OKF("Instrumentation - persistent ret offset [%c] (%" G_GINT64_MODIFIER "d)",
+      persistent_ret_offset == 0 ? ' ' : 'X', persistent_ret_offset);
 
-  if (persistent_hook != NULL) { __afl_sharedmem_fuzzing = 1; }
+  if (hook_name != NULL) {
 
-}
+    void *hook_obj = dlopen(hook_name, RTLD_NOW);
+    if (hook_obj == NULL)
+      FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name);
 
-void persistent_prologue(GumStalkerOutput *output) {
+    int (*afl_persistent_hook_init_ptr)(void) =
+        dlsym(hook_obj, "afl_persistent_hook_init");
+    if (afl_persistent_hook_init_ptr == NULL)
+      FATAL("Failed to find afl_persistent_hook_init in %s", hook_name);
 
-  OKF("AFL_FRIDA_PERSISTENT_ADDR reached");
-  entry_reached = TRUE;
-  ranges_exclude();
-  stalker_trust();
-  persistent_prologue_arch(output);
+    if (afl_persistent_hook_init_ptr() == 0)
+      FATAL("afl_persistent_hook_init returned a failure");
 
-}
+    hook = (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook");
+    if (hook == NULL)
+      FATAL("Failed to find afl_persistent_hook in %s", hook_name);
 
-void persistent_epilogue(GumStalkerOutput *output) {
+    __afl_sharedmem_fuzzing = 1;
 
-  OKF("AFL_FRIDA_PERSISTENT_RET reached");
-  persistent_epilogue_arch(output);
+  }
 
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 16:10:03 +0000