diff options
Diffstat (limited to 'src/afl-analyze.c')
| -rw-r--r-- | src/afl-analyze.c | 67 |
1 files changed, 63 insertions, 4 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index e106cd31..aabdbf1a 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -83,6 +83,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_timed_out; /* Child timed out? */ static u8 *target_path; +static u8 frida_mode; static u8 qemu_mode; static u32 map_size = MAP_SIZE; @@ -717,9 +718,11 @@ static void handle_stop_sig(int sig) { /* Do basic preparations - persistent fds, filenames, etc. */ -static void set_up_environment(void) { +static void set_up_environment(char **argv) { - u8 *x; + u8 * x; + char *afl_preload; + char *frida_afl_preload = NULL; dev_null_fd = open("/dev/null", O_RDWR); if (dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } @@ -781,6 +784,18 @@ static void set_up_environment(void) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "symbolize=0")) { + + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); + + } + + } + setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" @@ -818,12 +833,38 @@ static void set_up_environment(void) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0:" + "symbolize=0:" + "print_suppressions=0", + 0); + if (get_afl_env("AFL_PRELOAD")) { if (qemu_mode) { /* afl-qemu-trace takes care of converting AFL_PRELOAD. */ + } else if (frida_mode) { + + afl_preload = getenv("AFL_PRELOAD"); + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + if (afl_preload) { + + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + + } else { + + frida_afl_preload = alloc_printf("%s", frida_binary); + + } + + ck_free(frida_binary); + + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); + } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); @@ -831,8 +872,17 @@ static void set_up_environment(void) { } + } else if (frida_mode) { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + ck_free(frida_binary); + } + if (frida_afl_preload) { ck_free(frida_afl_preload); } + } /* Setup signal handlers, duh. */ @@ -872,6 +922,7 @@ static void usage(u8 *argv0) { " -f file - input file read by the tested program (stdin)\n" " -t msec - timeout for each run (%u ms)\n" " -m megs - memory limit for child process (%u MB)\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine " @@ -914,7 +965,7 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n"); - while ((opt = getopt(argc, argv, "+i:f:m:t:eQUWh")) > 0) { + while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) { switch (opt) { @@ -1008,6 +1059,14 @@ int main(int argc, char **argv_orig, char **envp) { break; + case 'O': /* FRIDA mode */ + + if (frida_mode) { FATAL("Multiple -O options not supported"); } + + frida_mode = 1; + + break; + case 'Q': if (qemu_mode) { FATAL("Multiple -Q options not supported"); } @@ -1062,7 +1121,7 @@ int main(int argc, char **argv_orig, char **envp) { atexit(at_exit_handler); setup_signal_handlers(); - set_up_environment(); + set_up_environment(argv); target_path = find_binary(argv[optind]); detect_file_args(argv + optind, prog_in, &use_stdin); |