diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-fuzz.h | 19 | ||||
| -rw-r--r-- | include/cmplog.h | 76 | ||||
| -rw-r--r-- | include/config.h | 4 | ||||
| -rw-r--r-- | include/sharedmem.h | 3 | ||||
| -rw-r--r-- | include/types.h | 14 |
5 files changed, 115 insertions, 1 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 00d29f76..967e16fe 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -168,7 +168,9 @@ enum { /* 16 */ STAGE_SPLICE, /* 17 */ STAGE_PYTHON, /* 18 */ STAGE_RADAMSA, - /* 19 */ STAGE_CUSTOM_MUTATOR + /* 19 */ STAGE_CUSTOM_MUTATOR, + /* 20 */ STAGE_COLORIZATION, + /* 21 */ STAGE_ITS, }; @@ -450,6 +452,11 @@ extern u32 a_extras_cnt; /* Total number of tokens available */ u8* (*post_handler)(u8* buf, u32* len); +/* CmpLog */ + +extern u8* cmplog_binary; +extern s32 cmplog_forksrv_pid; + /* hooks for the custom mutator function */ /** * Perform custom mutations on a given input @@ -645,6 +652,16 @@ char** get_qemu_argv(u8*, char**, int); char** get_wine_argv(u8*, char**, int); void save_cmdline(u32, char**); +/* CmpLog */ + +void init_cmplog_forkserver(char** argv); +u8 common_fuzz_cmplog_stuff(char** argv, u8* out_buf, u32 len); + +/* RedQueen */ + +u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len, + u32 exec_cksum); + /**** Inline routines ****/ /* Generate a random number (from 0 to limit - 1). This may diff --git a/include/cmplog.h b/include/cmplog.h new file mode 100644 index 00000000..c02650ee --- /dev/null +++ b/include/cmplog.h @@ -0,0 +1,76 @@ +/* + american fuzzy lop++ - cmplog header + ------------------------------------ + + Originally written by Michal Zalewski + + Forkserver design by Jann Horn <jannhorn@googlemail.com> + + Now maintained by by Marc Heuse <mh@mh-sec.de>, + Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and + Andrea Fioraldi <andreafioraldi@gmail.com> + + Copyright 2016, 2017 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + Shared code to handle the shared memory. This is used by the fuzzer + as well the other components like afl-tmin, afl-showmap, etc... + + */ + +#ifndef _AFL_CMPLOG_H +#define _AFL_CMPLOG_H + +#include "config.h" + +#define CMP_MAP_W 65536 +#define CMP_MAP_H 256 + +#define SHAPE_BYTES(x) (x + 1) + +#define CMP_TYPE_INS 0 +#define CMP_TYPE_RTN 1 + +struct cmp_header { + + unsigned hits : 20; + + unsigned cnt : 20; + unsigned id : 16; + + unsigned shape : 5; // from 0 to 31 + unsigned type : 1; + +} __attribute__((packed)); + +struct cmp_operands { + + u64 v0; + u64 v1; + +}; + +struct cmpfn_operands { + + u8 v0[32]; + u8 v1[32]; + +}; + +typedef struct cmp_operands cmp_map_list[CMP_MAP_H]; + +struct cmp_map { + + struct cmp_header headers[CMP_MAP_W]; + struct cmp_operands log[CMP_MAP_W][CMP_MAP_H]; + +}; + +#endif + diff --git a/include/config.h b/include/config.h index 83fcb8f9..8b8924f5 100644 --- a/include/config.h +++ b/include/config.h @@ -365,6 +365,10 @@ #define AFL_QEMU_NOT_ZERO +/* AFL RedQueen */ + +#define CMPLOG_SHM_ENV_VAR "__AFL_CMPLOG_SHM_ID" + /* Uncomment this to use inferior block-coverage-based instrumentation. Note that you need to recompile the target binary for this to have any effect: */ diff --git a/include/sharedmem.h b/include/sharedmem.h index 7604d64c..f92fd8be 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -30,5 +30,8 @@ void setup_shm(unsigned char dumb_mode); void remove_shm(void); +extern int cmplog_mode; +extern struct cmp_map* cmp_map; + #endif diff --git a/include/types.h b/include/types.h index 9e681e81..6aad9762 100644 --- a/include/types.h +++ b/include/types.h @@ -78,6 +78,20 @@ typedef int64_t s64; \ }) +#define SWAP64(_x) \ + ({ \ + \ + u64 _ret = (_x); \ + _ret = \ + (_ret & 0x00000000FFFFFFFF) << 32 | (_ret & 0xFFFFFFFF00000000) >> 32; \ + _ret = \ + (_ret & 0x0000FFFF0000FFFF) << 16 | (_ret & 0xFFFF0000FFFF0000) >> 16; \ + _ret = \ + (_ret & 0x00FF00FF00FF00FF) << 8 | (_ret & 0xFF00FF00FF00FF00) >> 8; \ + _ret; \ + \ + }) + #ifdef AFL_LLVM_PASS #if defined(__linux__) #define AFL_SR(s) (srandom(s)) |