diff options
Diffstat (limited to 'frida_mode/src')
33 files changed, 308 insertions, 317 deletions
diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index cad409ee..3a672d31 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -30,7 +30,7 @@ void asan_init(void) { static gboolean asan_exclude_module(const GumModuleDetails *details, gpointer user_data) { - gchar * symbol_name = (gchar *)user_data; + gchar *symbol_name = (gchar *)user_data; GumAddress address; address = gum_module_find_export_by_name(details->name, symbol_name); diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index b2adfa52..94729939 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -22,8 +22,8 @@ asan_storeN_t asan_storeN = NULL; static void asan_callout(GumCpuContext *ctx, gpointer user_data) { - asan_ctx_t * asan_ctx = (asan_ctx_t *)user_data; - cs_arm64_op * operand = &asan_ctx->operand; + asan_ctx_t *asan_ctx = (asan_ctx_t *)user_data; + cs_arm64_op *operand = &asan_ctx->operand; arm64_op_mem *mem = &operand->mem; gsize base = 0; gsize index = 0; @@ -59,7 +59,7 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { cs_arm64 arm64 = instr->detail->arm64; cs_arm64_op *operand; - asan_ctx_t * ctx; + asan_ctx_t *ctx; if (!asan_initialized) return; diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c index a287ea34..61ce7403 100644 --- a/frida_mode/src/asan/asan_x64.c +++ b/frida_mode/src/asan/asan_x64.c @@ -17,7 +17,7 @@ static void asan_callout(GumCpuContext *ctx, gpointer user_data) { UNUSED_PARAMETER(user_data); - cs_x86_op * operand = (cs_x86_op *)user_data; + cs_x86_op *operand = (cs_x86_op *)user_data; x86_op_mem *mem = &operand->mem; gsize base = 0; gsize index = 0; @@ -48,9 +48,9 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(iterator); cs_x86 x86 = instr->detail->x86; - cs_x86_op * operand; + cs_x86_op *operand; x86_op_mem *mem; - cs_x86_op * ctx; + cs_x86_op *ctx; if (!asan_initialized) return; diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c index 331d026b..d398c102 100644 --- a/frida_mode/src/asan/asan_x86.c +++ b/frida_mode/src/asan/asan_x86.c @@ -17,7 +17,7 @@ static void asan_callout(GumCpuContext *ctx, gpointer user_data) { UNUSED_PARAMETER(user_data); - cs_x86_op * operand = (cs_x86_op *)user_data; + cs_x86_op *operand = (cs_x86_op *)user_data; x86_op_mem *mem = &operand->mem; gsize base = 0; gsize index = 0; @@ -48,9 +48,9 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(iterator); cs_x86 x86 = instr->detail->x86; - cs_x86_op * operand; + cs_x86_op *operand; x86_op_mem *mem; - cs_x86_op * ctx; + cs_x86_op *ctx; if (!asan_initialized) return; diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 355df0b7..b752ac20 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -13,9 +13,9 @@ #define MAX_MEMFD_SIZE (64UL << 10) extern struct cmp_map *__afl_cmp_map; -static GArray * cmplog_ranges = NULL; -static GHashTable * hash_yes = NULL; -static GHashTable * hash_no = NULL; +static GArray *cmplog_ranges = NULL; +static GHashTable *hash_yes = NULL; +static GHashTable *hash_no = NULL; static long page_size = 0; static long page_offset_mask = 0; @@ -24,7 +24,7 @@ static long page_mask = 0; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { - GArray * cmplog_ranges = (GArray *)user_data; + GArray *cmplog_ranges = (GArray *)user_data; GumMemoryRange range = *details->range; g_array_append_val(cmplog_ranges, range); return TRUE; @@ -118,7 +118,7 @@ gboolean cmplog_test_addr(guint64 addr, size_t size) { if (g_hash_table_contains(hash_yes, GSIZE_TO_POINTER(addr))) { return true; } if (g_hash_table_contains(hash_no, GSIZE_TO_POINTER(addr))) { return false; } - void * page_addr = GSIZE_TO_POINTER(addr & page_mask); + void *page_addr = GSIZE_TO_POINTER(addr & page_mask); size_t page_offset = addr & page_offset_mask; /* If it spans a page, then bail */ diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 515a6256..5792cbfa 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -148,7 +148,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, - cs_arm64_op * operand) { + cs_arm64_op *operand) { ctx->type = operand->type; switch (operand->type) { @@ -169,7 +169,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call(const cs_insn * instr, +static void cmplog_instrument_call(const cs_insn *instr, GumStalkerIterator *iterator) { cs_arm64 arm64 = instr->detail->arm64; @@ -247,8 +247,8 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_arm64_op * operand1, - cs_arm64_op * operand2, + cs_arm64_op *operand1, + cs_arm64_op *operand2, size_t size) { cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); @@ -263,7 +263,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, } -static void cmplog_instrument_cmp_sub(const cs_insn * instr, +static void cmplog_instrument_cmp_sub(const cs_insn *instr, GumStalkerIterator *iterator) { cs_arm64 arm64 = instr->detail->arm64; diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 7d515336..17912648 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -141,7 +141,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, - cs_x86_op * operand) { + cs_x86_op *operand) { ctx->type = operand->type; ctx->size = operand->size; @@ -163,7 +163,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call(const cs_insn * instr, +static void cmplog_instrument_call(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; @@ -230,7 +230,7 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand1, + cs_x86_op *operand1, cs_x86_op *operand2) { cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); @@ -244,7 +244,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, } -static void cmplog_instrument_cmp_sub(const cs_insn * instr, +static void cmplog_instrument_cmp_sub(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index 4a747417..a3a02457 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -146,7 +146,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, - cs_x86_op * operand) { + cs_x86_op *operand) { ctx->type = operand->type; ctx->size = operand->size; @@ -168,7 +168,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call(const cs_insn * instr, +static void cmplog_instrument_call(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; @@ -238,7 +238,7 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand1, + cs_x86_op *operand1, cs_x86_op *operand2) { cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); @@ -252,7 +252,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, } -static void cmplog_instrument_cmp_sub(const cs_insn * instr, +static void cmplog_instrument_cmp_sub(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 003c3d00..9ee7db2d 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -28,14 +28,14 @@ guint64 instrument_hash_seed = 0; gboolean instrument_use_fixed_seed = FALSE; guint64 instrument_fixed_seed = 0; -char * instrument_coverage_unstable_filename = NULL; +char *instrument_coverage_unstable_filename = NULL; gboolean instrument_coverage_insn = FALSE; static GumStalkerTransformer *transformer = NULL; static GumAddress previous_rip = 0; static GumAddress previous_end = 0; -static u8 * edges_notified = NULL; +static u8 *edges_notified = NULL; __thread guint64 instrument_previous_pc; __thread guint64 *instrument_previous_pc_addr = NULL; @@ -149,7 +149,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } static void instrument_basic_block(GumStalkerIterator *iterator, - GumStalkerOutput * output, + GumStalkerOutput *output, gpointer user_data) { UNUSED_PARAMETER(user_data); @@ -157,7 +157,7 @@ static void instrument_basic_block(GumStalkerIterator *iterator, const cs_insn *instr; gboolean begin = TRUE; gboolean excluded; - block_ctx_t * ctx = NULL; + block_ctx_t *ctx = NULL; while (gum_stalker_iterator_next(iterator, &instr)) { diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 80f3c26d..572b706c 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -14,7 +14,7 @@ gboolean instrument_is_coverage_optimize_supported(void) { } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); @@ -23,7 +23,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index fab9eee2..afc20f42 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -159,8 +159,8 @@ static gboolean instrument_is_deterministic(const cs_insn *from_insn) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); @@ -218,7 +218,7 @@ static void instrument_coverage_suppress_init(void) { if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; @@ -257,7 +257,7 @@ static void instrument_patch_ardp(guint32 *patch, GumAddress insn, } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { afl_log_code code = {0}; @@ -345,7 +345,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); diff --git a/frida_mode/src/instrument/instrument_coverage.c b/frida_mode/src/instrument/instrument_coverage.c index 098e7269..68842feb 100644 --- a/frida_mode/src/instrument/instrument_coverage.c +++ b/frida_mode/src/instrument/instrument_coverage.c @@ -17,7 +17,7 @@ static int unstable_coverage_fd = -1; static int unstable_coverage_pipes[2] = {-1, -1}; static uint64_t normal_coverage_last_start = 0; -static gchar * unstable_coverage_fuzzer_stats = NULL; +static gchar *unstable_coverage_fuzzer_stats = NULL; typedef struct { @@ -68,7 +68,7 @@ typedef struct { static gboolean coverage_range(const GumRangeDetails *details, gpointer user_data) { - GArray * coverage_ranges = (GArray *)user_data; + GArray *coverage_ranges = (GArray *)user_data; coverage_range_t coverage = {0}; if (details->file == NULL) { return TRUE; } @@ -210,8 +210,8 @@ static GArray *coverage_get_modules(void) { static void instrument_coverage_mark(void *key, void *value, void *user_data) { UNUSED_PARAMETER(key); - coverage_mark_ctx_t * ctx = (coverage_mark_ctx_t *)user_data; - GArray * coverage_modules = ctx->modules; + coverage_mark_ctx_t *ctx = (coverage_mark_ctx_t *)user_data; + GArray *coverage_modules = ctx->modules; normal_coverage_data_t *val = (normal_coverage_data_t *)value; guint i; @@ -289,9 +289,9 @@ static void coverage_write_modules(int fd, GArray *coverage_modules) { coverage_format(fd, "%016" G_GINT64_MODIFIER "X, ", module->base_address); coverage_format(fd, "%016" G_GINT64_MODIFIER "X, ", module->limit); /* entry */ - coverage_format(fd, "%016" G_GINT64_MODIFIER "X, ", 0); + coverage_format(fd, "%016" G_GINT64_MODIFIER "X, ", 0UL); /* checksum */ - coverage_format(fd, "%016" G_GINT64_MODIFIER "X, ", 0); + coverage_format(fd, "%016" G_GINT64_MODIFIER "X, ", 0UL); /* timestamp */ coverage_format(fd, "%08" G_GINT32_MODIFIER "X, ", 0); coverage_format(fd, "%s\n", module->path); @@ -426,7 +426,7 @@ static void instrument_coverage_normal_run() { static GArray *instrument_coverage_unstable_read_unstable_ids(void) { - gchar * contents = NULL; + gchar *contents = NULL; gsize length = 0; GArray *unstable_edge_ids = g_array_sized_new(false, false, sizeof(gpointer), 100); @@ -533,7 +533,7 @@ static GHashTable *instrument_collect_unstable_blocks( while (g_hash_table_iter_next(&iter, NULL, &value)) { unstable_coverage_data_t *unstable = (unstable_coverage_data_t *)value; - normal_coverage_data_t * from = + normal_coverage_data_t *from = gum_malloc0(sizeof(normal_coverage_data_t)); normal_coverage_data_t *to = gum_malloc0(sizeof(normal_coverage_data_t)); from->start = unstable->from; diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index 592ab673..d26f9cec 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -66,7 +66,7 @@ static void instrument_disasm(guint8 *start, guint8 *end, instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t* 0x%016" G_GSIZE_MODIFIER "x\n", - curr, *(size_t *)curr); + (uint64_t)curr, *(size_t *)curr); len += sizeof(size_t); continue; diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index a764b054..bfafe067 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -174,13 +174,13 @@ void instrument_coverage_optimize_init(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); - cs_x86 * x86; + cs_x86 *x86; cs_x86_op *op; if (from_insn == NULL) { return; } @@ -230,7 +230,7 @@ static void instrument_coverage_suppress_init(void) { if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; @@ -333,7 +333,7 @@ static void instrument_coverage_write(GumAddress address, } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; @@ -364,7 +364,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; diff --git a/frida_mode/src/instrument/instrument_x64_cache.c b/frida_mode/src/instrument/instrument_x64_cache.c index 3ea4421a..ef10e133 100644 --- a/frida_mode/src/instrument/instrument_x64_cache.c +++ b/frida_mode/src/instrument/instrument_x64_cache.c @@ -105,11 +105,11 @@ static gboolean instrument_cache_relocate(GumAddress old_pc, GumAddress new_pc, } -static void instrument_cache_rewrite_branch_insn(const cs_insn * instr, +static void instrument_cache_rewrite_branch_insn(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; guint8 modified[sizeof(instr->bytes)] = {0}; guint8 offset = 0; guint8 skip = 0; @@ -225,8 +225,8 @@ static void instrument_cache_rewrite_branch_insn(const cs_insn * instr, } else { GumAddress target = instr->address + old_offset; - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, target); - gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_RAX, GUM_REG_RAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, target); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_X86_RAX, GUM_X86_RAX); return; } @@ -249,29 +249,29 @@ static void instrument_cache_rewrite_branch_insn(const cs_insn * instr, static void instrument_cache_write_push_frame(GumX86Writer *cw) { gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer))), - GUM_REG_XAX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer))), + GUM_X86_XAX); gum_x86_writer_put_lahf(cw); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (2 * sizeof(gpointer))), - GUM_REG_XAX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (2 * sizeof(gpointer))), + GUM_X86_XAX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (3 * sizeof(gpointer))), - GUM_REG_XBX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (3 * sizeof(gpointer))), + GUM_X86_XBX); } static void instrument_cache_write_pop_frame(GumX86Writer *cw) { gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XBX, GUM_REG_XSP, + cw, GUM_X86_XBX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (3 * sizeof(gpointer)))); gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XAX, GUM_REG_XSP, + cw, GUM_X86_XAX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (2 * sizeof(gpointer)))); gum_x86_writer_put_sahf(cw); gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XAX, GUM_REG_XSP, + cw, GUM_X86_XAX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer)))); } @@ -281,21 +281,21 @@ static void instrument_cache_write_lookup(GumX86Writer *cw) { /* &map_base[GPOINTER_TO_SIZE(addr) & MAP_MASK]; */ gsize mask = (instrument_cache_size / sizeof(gpointer)) - 1; - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_XBX, mask); - gum_x86_writer_put_and_reg_reg(cw, GUM_REG_XAX, GUM_REG_XBX); - gum_x86_writer_put_shl_reg_u8(cw, GUM_REG_XAX, util_log2(sizeof(gpointer))); - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_XBX, GPOINTER_TO_SIZE(map_base)); - gum_x86_writer_put_add_reg_reg(cw, GUM_REG_XAX, GUM_REG_XBX); + gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_XBX, mask); + gum_x86_writer_put_and_reg_reg(cw, GUM_X86_XAX, GUM_X86_XBX); + gum_x86_writer_put_shl_reg_u8(cw, GUM_X86_XAX, util_log2(sizeof(gpointer))); + gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_XBX, GPOINTER_TO_SIZE(map_base)); + gum_x86_writer_put_add_reg_reg(cw, GUM_X86_XAX, GUM_X86_XBX); /* Read the return address lookup */ - gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_XAX, GUM_REG_XAX); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_X86_XAX, GUM_X86_XAX); } void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; if (x86->op_count != 1) { FFATAL("Unexpected operand count"); } @@ -315,7 +315,7 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { * red-zone. */ gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XAX, GUM_REG_XSP, + cw, GUM_X86_XAX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer)))); instrument_cache_rewrite_branch_insn(instr, output); @@ -323,33 +323,33 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { instrument_cache_write_lookup(cw); /* Test if its set*/ - gum_x86_writer_put_cmp_reg_i32(cw, GUM_REG_XAX, INVALID); + gum_x86_writer_put_cmp_reg_i32(cw, GUM_X86_XAX, INVALID); gum_x86_writer_put_jcc_short_label(cw, X86_INS_JLE, null, GUM_UNLIKELY); /* If it's set, then stash the address beyond the red-zone */ gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer))), - GUM_REG_XAX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer))), + GUM_X86_XAX); if (instr->id == X86_INS_JMP) { instrument_cache_write_pop_frame(cw); gum_x86_writer_put_jmp_reg_offset_ptr( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer)))); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer)))); } else { gum_x86_writer_put_mov_reg_address( - cw, GUM_REG_XAX, GUM_ADDRESS(instr->address + instr->size)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_XSP, - -sizeof(gpointer), GUM_REG_XAX); + cw, GUM_X86_XAX, GUM_ADDRESS(instr->address + instr->size)); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_X86_XSP, + -sizeof(gpointer), GUM_X86_XAX); instrument_cache_write_pop_frame(cw); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_XSP, GUM_REG_XSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_XSP, GUM_X86_XSP, -sizeof(gpointer)); gum_x86_writer_put_jmp_reg_offset_ptr( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + ((4 - 1) * sizeof(gpointer)))); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + ((4 - 1) * sizeof(gpointer)))); } @@ -362,7 +362,7 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { void instrument_cache_ret(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; guint16 n = 0; if (x86->op_count != 0) { @@ -381,16 +381,16 @@ void instrument_cache_ret(const cs_insn *instr, GumStalkerOutput *output) { instrument_cache_write_push_frame(cw); - gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_XAX, GUM_REG_XSP); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_X86_XAX, GUM_X86_XSP); instrument_cache_write_lookup(cw); /* Test if its set*/ - gum_x86_writer_put_cmp_reg_i32(cw, GUM_REG_XAX, INVALID); + gum_x86_writer_put_cmp_reg_i32(cw, GUM_X86_XAX, INVALID); gum_x86_writer_put_jcc_short_label(cw, X86_INS_JLE, null, GUM_UNLIKELY); /* If it's set, then overwrite our return address and return */ - gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_XSP, GUM_REG_XAX); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_XSP, GUM_X86_XAX); instrument_cache_write_pop_frame(cw); if (n == 0) { diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 1baa98ca..048daf32 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -86,14 +86,14 @@ gboolean instrument_is_coverage_optimize_supported(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); - cs_x86 * x86; + cs_x86 *x86; cs_x86_op *op; if (from_insn == NULL) { return; } @@ -136,7 +136,7 @@ static void instrument_coverage_suppress_init(void) { if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; @@ -149,7 +149,7 @@ static void instrument_coverage_suppress_init(void) { } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { afl_log_code code = {0}; @@ -223,7 +223,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index 1ca2237f..6bc31864 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -7,16 +7,16 @@ gboolean js_done = FALSE; js_api_stalker_callback_t js_user_callback = NULL; js_main_hook_t js_main_hook = NULL; -static char * js_script = NULL; -static gchar * filename = "afl.js"; -static gchar * contents; -static GumScriptBackend * backend; -static GCancellable * cancellable = NULL; -static GError * error = NULL; -static GumScript * script; +static char *js_script = NULL; +static gchar *filename = "afl.js"; +static gchar *contents; +static GumScriptBackend *backend; +static GCancellable *cancellable = NULL; +static GError *error = NULL; +static GumScript *script; static GumScriptScheduler *scheduler; -static GMainContext * context; -static GMainLoop * main_loop; +static GMainContext *context; +static GMainLoop *main_loop; static void js_msg(GumScript *script, const gchar *message, GBytes *data, gpointer user_data) { diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index 39480ce9..d563b69b 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -69,8 +69,8 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { Elf_Addr preferred_base; Elf_Shdr *shdr; Elf_Shdr *shstrtab; - char * shstr; - char * section_name; + char *shstr; + char *section_name; Elf_Shdr *curr; char text_name[] = ".text"; diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c index 65c1d937..634e0e30 100644 --- a/frida_mode/src/lib/lib_apple.c +++ b/frida_mode/src/lib/lib_apple.c @@ -16,9 +16,9 @@ static gboolean lib_get_main_module(const GumModuleDetails *details, gpointer user_data) { GumDarwinModule **ret = (GumDarwinModule **)user_data; - GumDarwinModule * module = gum_darwin_module_new_from_memory( - details->path, mach_task_self(), details->range->base_address, - GUM_DARWIN_MODULE_FLAGS_NONE, NULL); + GumDarwinModule *module = gum_darwin_module_new_from_memory( + details->path, mach_task_self(), details->range->base_address, + GUM_DARWIN_MODULE_FLAGS_NONE, NULL); FVERBOSE("Found main module: %s", module->name); diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index bb6e4109..844c42b9 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -92,7 +92,7 @@ static void embedded_init(void) { static void afl_print_cmdline(void) { #if defined(__linux__) - char * buffer = g_malloc0(PROC_MAX); + char *buffer = g_malloc0(PROC_MAX); gchar *fname = g_strdup_printf("/proc/%d/cmdline", getppid()); int fd = open(fname, O_RDONLY); @@ -144,7 +144,7 @@ static void afl_print_cmdline(void) { static void afl_print_env(void) { - char * buffer = g_malloc0(PROC_MAX); + char *buffer = g_malloc0(PROC_MAX); gchar *fname = g_strdup_printf("/proc/%d/environ", getppid()); int fd = open(fname, O_RDONLY); diff --git a/frida_mode/src/module.c b/frida_mode/src/module.c index 60e69fec..4b6b2b3f 100644 --- a/frida_mode/src/module.c +++ b/frida_mode/src/module.c @@ -31,7 +31,7 @@ typedef struct { gboolean found_range(const GumRangeDetails *details, gpointer user_data) { gum_range_t range = {0}; - GArray * ranges = (GArray *)user_data; + GArray *ranges = (GArray *)user_data; range.range = *details->range; range.protection = details->protection; @@ -45,9 +45,9 @@ gboolean found_range(const GumRangeDetails *details, gpointer user_data) { #if defined(__linux__) && !defined(__ANDROID__) static int on_dlclose(void *handle) { - GArray * ranges = NULL; + GArray *ranges = NULL; struct link_map *lm = NULL; - gum_range_t * range = NULL; + gum_range_t *range = NULL; GumAddress base; GumAddress limit; gpointer mem; diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 16ecf39c..565a2b8c 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -24,7 +24,7 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumArm64Writer * cw, +static void instrument_persitent_save_regs(GumArm64Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -105,18 +105,13 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, offsetof(persistent_ctx_t, rflags)); /* Q */ - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, - offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, - offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, - offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, - offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); + for (int i = 0; i < 16; i++) { + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0, + offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + + } /* x0 & x1 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, @@ -136,7 +131,7 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, } -static void instrument_persitent_restore_regs(GumArm64Writer * cw, +static void instrument_persitent_restore_regs(GumArm64Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -201,18 +196,14 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, offsetof(persistent_ctx_t, rflags)); gum_arm64_writer_put_instruction(cw, msr_nzcv_x1); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, - offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, - offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, - offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, - offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); + /* Q */ + for (int i = 0; i < 16; i++) { + + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0, + offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + + } /* x2 & x3 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset( @@ -258,7 +249,7 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) { } -static void persistent_prologue_hook(GumArm64Writer * cw, +static void persistent_prologue_hook(GumArm64Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 56141787..a8bed7be 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -25,148 +25,148 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, +static void instrument_persitent_save_regs(GumX86Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); /* Should be pushing FPU here, but meh */ gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RAX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, regs_address); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rbx), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rbx), GUM_X86_RBX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rcx), GUM_REG_RCX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rcx), GUM_X86_RCX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rdx), GUM_REG_RDX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rdx), GUM_X86_RDX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rdi), GUM_REG_RDI); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rdi), GUM_X86_RDI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rsi), GUM_REG_RSI); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rsi), GUM_X86_RSI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rbp), GUM_REG_RBP); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rbp), GUM_X86_RBP); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r8), GUM_REG_R8); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r8), GUM_X86_R8); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r9), GUM_REG_R9); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r9), GUM_X86_R9); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r10), GUM_REG_R10); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r10), GUM_X86_R10); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r11), GUM_REG_R11); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r11), GUM_X86_R11); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r12), GUM_REG_R12); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r12), GUM_X86_R12); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r13), GUM_REG_R13); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r13), GUM_X86_R13); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r14), GUM_REG_R14); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r14), GUM_X86_R14); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r15), GUM_REG_R15); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r15), GUM_X86_R15); /* Store RIP */ - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RBX, GUM_ADDRESS(persistent_start)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rip), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rip), GUM_X86_RBX); /* Store adjusted RSP */ - gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP); + gum_x86_writer_put_mov_reg_reg(cw, GUM_X86_RBX, GUM_X86_RSP); /* RED_ZONE + Saved flags, RAX, alignment */ - gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, + gum_x86_writer_put_add_reg_imm(cw, GUM_X86_RBX, GUM_RED_ZONE_SIZE + (0x8 * 2)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rsp), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rsp), GUM_X86_RBX); /* Save the flags */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, 0x8); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(persistent_ctx_t, rflags), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(persistent_ctx_t, rflags), GUM_X86_RBX); /* Save the RAX */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, 0x0); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rax), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rax), GUM_X86_RBX); /* Pop the saved values */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, 0x10); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } -static void instrument_persitent_restore_regs(GumX86Writer * cw, +static void instrument_persitent_restore_regs(GumX86Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, regs_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RCX, GUM_X86_RAX, offsetof(GumCpuContext, rcx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RAX, offsetof(GumCpuContext, rdx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDI, GUM_X86_RAX, offsetof(GumCpuContext, rdi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSI, GUM_X86_RAX, offsetof(GumCpuContext, rsi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBP, GUM_X86_RAX, offsetof(GumCpuContext, rbp)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R8, GUM_X86_RAX, offsetof(GumCpuContext, r8)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R9, GUM_X86_RAX, offsetof(GumCpuContext, r9)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R10, GUM_X86_RAX, offsetof(GumCpuContext, r10)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R11, GUM_X86_RAX, offsetof(GumCpuContext, r11)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R12, GUM_X86_RAX, offsetof(GumCpuContext, r12)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R13, GUM_X86_RAX, offsetof(GumCpuContext, r13)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R14, GUM_X86_RAX, offsetof(GumCpuContext, r14)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R15, GUM_X86_RAX, offsetof(GumCpuContext, r15)); /* Don't restore RIP */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSP, GUM_X86_RAX, offsetof(GumCpuContext, rsp)); /* Restore RBX, RAX & Flags */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX, offsetof(GumCpuContext, rbx)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX, offsetof(GumCpuContext, rax)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX, offsetof(persistent_ctx_t, rflags)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); gum_x86_writer_put_popfx(cw); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RBX); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } static void instrument_exit(GumX86Writer *cw) { - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit)); - gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0); - gum_x86_writer_put_call_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_RDI, 0); + gum_x86_writer_put_call_reg(cw, GUM_X86_RAX); } @@ -186,13 +186,13 @@ static int instrument_afl_persistent_loop_func(void) { static void instrument_afl_persistent_loop(GumX86Writer *cw) { - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); - gum_x86_writer_put_test_reg_reg(cw, GUM_REG_RAX, GUM_REG_RAX); + gum_x86_writer_put_test_reg_reg(cw, GUM_X86_RAX, GUM_X86_RAX); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -200,26 +200,26 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RDX, GUM_ADDRESS(&__afl_fuzz_len)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); - gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RDX, GUM_REG_RDI); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RDX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RDX, 0); + gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_RDI, 0xffffffff); + gum_x86_writer_put_and_reg_reg(cw, GUM_X86_RDX, GUM_X86_RDI); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RSI, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RSI, GUM_ADDRESS(&__afl_fuzz_ptr)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RSI, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSI, GUM_X86_RSI, 0); gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, - GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_RSI, GUM_ARG_REGISTER, - GUM_REG_RDX); + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_X86_RSI, GUM_ARG_REGISTER, + GUM_X86_RDX); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -228,23 +228,23 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) { /* Stack usage by this function */ gssize offset = GUM_RED_ZONE_SIZE + (3 * 8); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, offset); - gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_RAX, GUM_REG_RBX); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_RAX, GUM_X86_RBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RAX); gum_x86_writer_put_popfx(cw); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -278,7 +278,7 @@ void persistent_prologue_arch(GumStalkerOutput *output) { FVERBOSE("Persistent loop reached"); /* Pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, 8); instrument_persitent_save_regs(cw, &saved_regs); @@ -326,13 +326,13 @@ void persistent_epilogue_arch(GumStalkerOutput *output) { /* The stack should be aligned when we re-enter our loop */ gconstpointer zero = cw->code + 1; - gum_x86_writer_put_test_reg_u32(cw, GUM_REG_RSP, 0xF); + gum_x86_writer_put_test_reg_u32(cw, GUM_X86_RSP, 0xF); gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, zero, GUM_NO_HINT); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -8); gum_x86_writer_put_label(cw, zero); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_RAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_RAX); } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 76c25334..e9bde3d2 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -25,105 +25,105 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, +static void instrument_persitent_save_regs(GumX86Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); /* Should be pushing FPU here, but meh */ gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EAX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, ebx), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, ebx), GUM_X86_EBX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, ecx), GUM_REG_ECX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, ecx), GUM_X86_ECX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, edx), GUM_REG_EDX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, edx), GUM_X86_EDX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, edi), GUM_REG_EDI); + cw, GUM_X86_EAX, offsetof(GumCpuContext, edi), GUM_X86_EDI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, esi), GUM_REG_ESI); + cw, GUM_X86_EAX, offsetof(GumCpuContext, esi), GUM_X86_ESI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, ebp), GUM_REG_EBP); + cw, GUM_X86_EAX, offsetof(GumCpuContext, ebp), GUM_X86_EBP); /* Store RIP */ - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EBX, GUM_ADDRESS(persistent_start)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, eip), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, eip), GUM_X86_EBX); /* Store adjusted RSP */ - gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP); + gum_x86_writer_put_mov_reg_reg(cw, GUM_X86_EBX, GUM_X86_ESP); /* RED_ZONE + Saved flags, RAX */ - gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2)); + gum_x86_writer_put_add_reg_imm(cw, GUM_X86_EBX, (0x4 * 2)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, esp), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, esp), GUM_X86_EBX); /* Save the flags */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, 0x4); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(persistent_ctx_t, eflags), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(persistent_ctx_t, eflags), GUM_X86_EBX); /* Save the RAX */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, 0x0); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, eax), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, eax), GUM_X86_EBX); /* Pop the saved values */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 0x8); } -static void instrument_persitent_restore_regs(GumX86Writer * cw, +static void instrument_persitent_restore_regs(GumX86Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_EAX, offsetof(GumCpuContext, ecx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDX, GUM_X86_EAX, offsetof(GumCpuContext, edx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDI, GUM_X86_EAX, offsetof(GumCpuContext, edi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ESI, GUM_X86_EAX, offsetof(GumCpuContext, esi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBP, GUM_X86_EAX, offsetof(GumCpuContext, ebp)); /* Don't restore RIP */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ESP, GUM_X86_EAX, offsetof(GumCpuContext, esp)); /* Restore RBX, RAX & Flags */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX, offsetof(GumCpuContext, ebx)); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX, offsetof(GumCpuContext, eax)); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX, offsetof(persistent_ctx_t, eflags)); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); gum_x86_writer_put_popfx(cw); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX); } static void instrument_exit(GumX86Writer *cw) { - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit)); - gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0); - gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); - gum_x86_writer_put_call_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_EDI, 0); + gum_x86_writer_put_push_reg(cw, GUM_X86_EDI); + gum_x86_writer_put_call_reg(cw, GUM_X86_EAX); } @@ -145,7 +145,7 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); - gum_x86_writer_put_test_reg_reg(cw, GUM_REG_EAX, GUM_REG_EAX); + gum_x86_writer_put_test_reg_reg(cw, GUM_X86_EAX, GUM_X86_EAX); } @@ -153,20 +153,20 @@ static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_ECX, GUM_ADDRESS(&__afl_fuzz_len)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_ECX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_ECX, 0); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EDX, GUM_ADDRESS(&__afl_fuzz_ptr)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EDX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDX, GUM_X86_EDX, 0); /* Base address is 64-bits (hence two zero arguments) */ gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, - GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, - GUM_REG_ECX); + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_X86_EDX, GUM_ARG_REGISTER, + GUM_X86_ECX); } @@ -176,16 +176,16 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) { gssize offset = (3 * 4); gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, offset); - gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_EAX, GUM_REG_EBX); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_EAX, GUM_X86_EBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX); gum_x86_writer_put_popfx(cw); } @@ -219,7 +219,7 @@ void persistent_prologue_arch(GumStalkerOutput *output) { FVERBOSE("Persistent loop reached"); /* Pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 4); instrument_persitent_save_regs(cw, &saved_regs); @@ -263,8 +263,8 @@ void persistent_epilogue_arch(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_EAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_EAX); } diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 59bfecc2..5621a685 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -19,7 +19,7 @@ typedef struct { size_t count; - void * entry[PREFETCH_ENTRIES]; + void *entry[PREFETCH_ENTRIES]; guint8 backpatch_data[BP_SIZE]; gsize backpatch_size; @@ -173,7 +173,7 @@ static void prefetch_read_blocks(void) { static void prefetch_read_patches(void) { gsize offset = 0; - GumStalker * stalker = stalker_get(); + GumStalker *stalker = stalker_get(); GumBackpatch *backpatch = NULL; for (gsize remaining = prefetch_data->backpatch_size - offset; @@ -319,7 +319,7 @@ void prefetch_init(void) { if (!prefetch_backpatch) { return; } - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->notify_backpatch = gum_afl_stalker_backpatcher_notify; diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index d47d1c14..72cb9730 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -9,7 +9,7 @@ typedef struct { - gchar * suffix; + gchar *suffix; GumMemoryRange *range; gboolean done; @@ -135,7 +135,7 @@ static gboolean convert_name_token_for_module(const GumModuleDetails *details, static void convert_name_token(gchar *token, GumMemoryRange *range) { - gchar * suffix = g_strconcat("/", token, NULL); + gchar *suffix = g_strconcat("/", token, NULL); convert_name_ctx_t ctx = {.suffix = suffix, .range = range, .done = false}; gum_process_enumerate_modules(convert_name_token_for_module, &ctx); @@ -235,7 +235,7 @@ static void print_ranges(char *key, GArray *ranges) { static gboolean collect_module_ranges_callback(const GumRangeDetails *details, gpointer user_data) { - GArray * ranges = (GArray *)user_data; + GArray *ranges = (GArray *)user_data; GumMemoryRange range = *details->range; g_array_append_val(ranges, range); return TRUE; @@ -292,12 +292,12 @@ void ranges_add_exclude(GumMemoryRange *range) { static GArray *collect_ranges(char *env_key) { - char * env_val; - gchar ** tokens; + char *env_val; + gchar **tokens; int token_count; GumMemoryRange range; int i; - GArray * result; + GArray *result; result = g_array_new(false, false, sizeof(GumMemoryRange)); @@ -330,7 +330,7 @@ static GArray *collect_ranges(char *env_key) { static GArray *collect_libs_ranges(void) { - GArray * result; + GArray *result; GumMemoryRange range; result = g_array_new(false, false, sizeof(GumMemoryRange)); @@ -422,7 +422,7 @@ static gboolean intersect_range(GumMemoryRange *rr, GumMemoryRange *ra, static GArray *intersect_ranges(GArray *a, GArray *b) { - GArray * result; + GArray *result; GumMemoryRange *ra; GumMemoryRange *rb; GumMemoryRange ri; @@ -452,7 +452,7 @@ static GArray *intersect_ranges(GArray *a, GArray *b) { static GArray *subtract_ranges(GArray *a, GArray *b) { - GArray * result; + GArray *result; GumMemoryRange *ra; GumAddress ral; GumMemoryRange *rb; @@ -528,7 +528,7 @@ static GArray *subtract_ranges(GArray *a, GArray *b) { static GArray *merge_ranges(GArray *a) { - GArray * result; + GArray *result; GumMemoryRange rp; GumMemoryRange *r; @@ -585,11 +585,11 @@ void ranges_config(void) { void ranges_init(void) { GumMemoryRange ri; - GArray * step1; - GArray * step2; - GArray * step3; - GArray * step4; - GArray * step5; + GArray *step1; + GArray *step2; + GArray *step3; + GArray *step4; + GArray *step5; FOKF(cBLU "Ranges" cRST " - " cGRN "instrument jit:" cYEL " [%c]", ranges_inst_jit ? 'X' : ' '); @@ -669,7 +669,7 @@ gboolean range_is_excluded(GumAddress address) { void ranges_exclude() { GumMemoryRange *r; - GumStalker * stalker = stalker_get(); + GumStalker *stalker = stalker_get(); FVERBOSE("Excluding ranges"); diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index c86e753f..8d3c8af0 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -8,9 +8,9 @@ #include "seccomp.h" #include "util.h" -static void seccomp_callback_filter(struct seccomp_notif * req, +static void seccomp_callback_filter(struct seccomp_notif *req, struct seccomp_notif_resp *resp, - GumReturnAddressArray * frames) { + GumReturnAddressArray *frames) { GumDebugSymbolDetails details = {0}; if (req->data.nr == SYS_OPENAT) { @@ -54,7 +54,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req, free(syms); #else void **syms = (void **)__builtin_frame_address(0); - void * framep = __builtin_frame_address(1); + void *framep = __builtin_frame_address(1); int i = 0; syms = framep; diff --git a/frida_mode/src/seccomp/seccomp_child.c b/frida_mode/src/seccomp/seccomp_child.c index c02ef67c..493aafcf 100644 --- a/frida_mode/src/seccomp/seccomp_child.c +++ b/frida_mode/src/seccomp/seccomp_child.c @@ -21,7 +21,7 @@ typedef struct { seccomp_child_func_t func; int event_fd; - void * ctx; + void *ctx; } seccomp_child_func_ctx_t; diff --git a/frida_mode/src/seccomp/seccomp_filter.c b/frida_mode/src/seccomp/seccomp_filter.c index 075d793a..c96b919c 100644 --- a/frida_mode/src/seccomp/seccomp_filter.c +++ b/frida_mode/src/seccomp/seccomp_filter.c @@ -129,7 +129,7 @@ static volatile bool seccomp_filter_child_done = false; static pid_t seccomp_filter_child = -1; static GumCpuContext seccomp_filter_cpu_context = {0}; static GumReturnAddressArray seccomp_filter_frames = {.len = 0, .items = {0}}; -static GumBacktracer * seccomp_filter_backtracer = NULL; +static GumBacktracer *seccomp_filter_backtracer = NULL; static void seccomp_filter_child_handler(int sig, siginfo_t *info, void *ucontext) { @@ -209,7 +209,7 @@ int seccomp_filter_install(pid_t child) { void seccomp_filter_run(int fd, seccomp_filter_callback_t callback) { - struct seccomp_notif * req = NULL; + struct seccomp_notif *req = NULL; struct seccomp_notif_resp *resp = NULL; struct seccomp_notif_sizes sizes; diff --git a/frida_mode/src/seccomp/seccomp_socket.c b/frida_mode/src/seccomp/seccomp_socket.c index a01e88ee..fbedbc75 100644 --- a/frida_mode/src/seccomp/seccomp_socket.c +++ b/frida_mode/src/seccomp/seccomp_socket.c @@ -59,9 +59,9 @@ void seccomp_socket_send(int sockfd, int fd) { struct iovec iov = {.iov_base = &data, .iov_len = sizeof(data)}; union cmsg control_msg = {.hdr = { - .cmsg_len = CMSG_LEN(sizeof(int)), - .cmsg_level = SOL_SOCKET, - .cmsg_type = SCM_RIGHTS, + .cmsg_len = CMSG_LEN(sizeof(int)), + .cmsg_level = SOL_SOCKET, + .cmsg_type = SCM_RIGHTS, }}; diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index ddc17b81..5abda34a 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -74,7 +74,7 @@ static gboolean stalker_exclude_self(const GumRangeDetails *details, gpointer user_data) { UNUSED_PARAMETER(user_data); - gchar * name; + gchar *name; gboolean found; GumStalker *stalker; if (details->file == NULL) { return TRUE; } diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 39aca0db..af08cd71 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -16,7 +16,7 @@ #define MICRO_TO_SEC 1000000 -char * stats_filename = NULL; +char *stats_filename = NULL; guint64 stats_interval = 0; static guint64 stats_interval_us = 0; static int stats_fd = -1; @@ -41,8 +41,8 @@ void stats_write(void) { stats_data->curr.stats_time = current_time; GDateTime *date_time = g_date_time_new_now_local(); - char * date_string = g_date_time_format(date_time, "%Y-%m-%d"); - char * time_string = g_date_time_format(date_time, "%H:%M:%S"); + char *date_string = g_date_time_format(date_time, "%Y-%m-%d"); + char *time_string = g_date_time_format(date_time, "%H:%M:%S"); guint elapsed = (stats_data->curr.stats_time - stats_data->prev.stats_time) / MICRO_TO_SEC; diff --git a/frida_mode/src/stats/stats_x86_64.c b/frida_mode/src/stats/stats_x86_64.c index 0bfe3baa..761ca133 100644 --- a/frida_mode/src/stats/stats_x86_64.c +++ b/frida_mode/src/stats/stats_x86_64.c @@ -248,7 +248,7 @@ void stats_write_arch(stats_data_t *data) { static x86_op_type stats_get_operand_type(const cs_insn *instr) { - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; cs_x86_op *operand; if (x86->op_count != 1) { @@ -266,7 +266,7 @@ static x86_op_type stats_get_operand_type(const cs_insn *instr) { static void stats_collect_call_imm_excluded_arch(const cs_insn *instr) { - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; cs_x86_op *operand = &x86->operands[0]; if (range_is_excluded(GUM_ADDRESS(operand->imm))) { |