From abb0d47985d22d8090540e987b2173d80c574439 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 12 Jul 2020 23:53:29 +0200 Subject: little untracer enhancements --- examples/afl_untracer/afl-untracer.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'examples/afl_untracer/afl-untracer.c') diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 664e691c..dc2cd378 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -56,6 +56,7 @@ #include #include #include +#include #if defined(__linux__) #include @@ -395,7 +396,7 @@ static void __afl_map_shm(void) { } /* Fork server logic. */ -static void __afl_start_forkserver(void) { +inline static void __afl_start_forkserver(void) { u8 tmp[4] = {0, 0, 0, 0}; u32 status = 0; @@ -411,7 +412,7 @@ static void __afl_start_forkserver(void) { } -static u32 __afl_next_testcase(u8 *buf, u32 max_len) { +inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { s32 status; @@ -437,7 +438,7 @@ static u32 __afl_next_testcase(u8 *buf, u32 max_len) { } -static void __afl_end_testcase(int status) { +inline static void __afl_end_testcase(int status) { if (write(FORKSRV_FD + 1, &status, 4) != 4) do_exit = 1; // fprintf(stderr, "write2 %d\n", do_exit); @@ -673,6 +674,8 @@ static void *(*o_function)(u8 *buf, int len); /* the MAIN function */ int main(int argc, char *argv[]) { + (void) personality(ADDR_NO_RANDOMIZE); // disable ASLR + pid = getpid(); if (getenv("AFL_DEBUG")) debug = 1; @@ -706,6 +709,9 @@ int main(int argc, char *argv[]) { while (1) { + // instead of fork() we could also use the snapshot lkm or do our own mini + // snapshot feature like in https://github.com/marcinguy/fuzzer + // -> snapshot.c if ((pid = fork()) == -1) PFATAL("fork failed"); if (pid) { @@ -738,6 +744,9 @@ int main(int argc, char *argv[]) { } +#ifndef _DEBUG +inline +#endif static void fuzz() { // STEP 3: call the function to fuzz, also the functions you might @@ -753,4 +762,3 @@ static void fuzz() { // END STEP 3 } - -- cgit 1.4.1 From 4d929f80fbf22eeb09612a575bcd1a4141b9a8a9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jul 2020 17:57:02 +0200 Subject: fix for laf intel float split not enabled if not not on a tty --- .custom-format.py | 3 ++- docs/Changelog.md | 3 ++- examples/afl_untracer/README.md | 1 + examples/afl_untracer/afl-untracer.c | 14 ++++++++------ llvm_mode/split-compares-pass.so.cc | 4 ++-- 5 files changed, 15 insertions(+), 10 deletions(-) (limited to 'examples/afl_untracer/afl-untracer.c') diff --git a/.custom-format.py b/.custom-format.py index 6f1b0bfa..60f6d9c3 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -32,7 +32,8 @@ if CLANG_FORMAT_BIN is None: p = subprocess.Popen(["clang-format-10", "--version"], stdout=subprocess.PIPE) o, _ = p.communicate() o = str(o, "utf-8") - o = o[len("clang-format version "):].strip() + o = re.sub(r".*ersion ", "", o) + #o = o[len("clang-format version "):].strip() o = o[:o.find(".")] o = int(o) except: diff --git a/docs/Changelog.md b/docs/Changelog.md index b0bda6dc..8fb85ce6 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -13,7 +13,8 @@ sending a mail to . - afl-fuzz: - eliminated CPU affinity race condition for -S/-M runs - llvm_mode: - - fix for laf-intel float splitting + - fixes for laf-intel float splitting (thanks to mark-griffin for + reporting) - LTO: autodictionary mode is a default - LTO: instrim instrumentation disabled, only classic support used as it is always better diff --git a/examples/afl_untracer/README.md b/examples/afl_untracer/README.md index e59792cb..9cb13527 100644 --- a/examples/afl_untracer/README.md +++ b/examples/afl_untracer/README.md @@ -32,6 +32,7 @@ To easily run the scripts without needing to run the GUI with Ghidra: /opt/ghidra/support/analyzeHeadless /tmp/ tmp$$ -import libtestinstr.so -postscript ./ghidra_get_patchpoints.java rm -rf /tmp/tmp$$ ``` +The file is created at `~/Desktop/patches.txt` ### Fuzzing diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index dc2cd378..68658bfd 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -74,6 +74,9 @@ // STEP 1: +/* here you need to specify the parameter for the target function */ +static void *(*o_function)(u8 *buf, int len); + /* use stdin (1) or a file on the commandline (0) */ static u32 use_stdin = 1; @@ -668,13 +671,10 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) { } -/* here you need to specify the parameter for the target function */ -static void *(*o_function)(u8 *buf, int len); - /* the MAIN function */ int main(int argc, char *argv[]) { - (void) personality(ADDR_NO_RANDOMIZE); // disable ASLR + (void)personality(ADDR_NO_RANDOMIZE); // disable ASLR pid = getpid(); if (getenv("AFL_DEBUG")) debug = 1; @@ -745,9 +745,10 @@ int main(int argc, char *argv[]) { } #ifndef _DEBUG -inline +inline #endif -static void fuzz() { + static void + fuzz() { // STEP 3: call the function to fuzz, also the functions you might // need to call to prepare the function and - important! - @@ -762,3 +763,4 @@ static void fuzz() { // END STEP 3 } + diff --git a/llvm_mode/split-compares-pass.so.cc b/llvm_mode/split-compares-pass.so.cc index 0681fbd6..55128ca2 100644 --- a/llvm_mode/split-compares-pass.so.cc +++ b/llvm_mode/split-compares-pass.so.cc @@ -1263,8 +1263,6 @@ bool SplitComparesTransform::runOnModule(Module &M) { if (enableFPSplit) { - simplifyFPCompares(M); - errs() << "Split-floatingpoint-compare-pass: " << splitFPCompares(M) << " FP comparisons splitted\n"; @@ -1274,6 +1272,8 @@ bool SplitComparesTransform::runOnModule(Module &M) { be_quiet = 1; + if (enableFPSplit) simplifyFPCompares(M); + simplifyCompares(M); simplifyIntSignedness(M); -- cgit 1.4.1 From c661587128fd84847e88bb1b66e8403b81d0d296 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 30 Jul 2020 18:06:25 +0200 Subject: cdecl void --- examples/afl_untracer/afl-untracer.c | 10 +++++----- include/snapshot-inl.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'examples/afl_untracer/afl-untracer.c') diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 68658bfd..77b15eb8 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -115,10 +115,10 @@ static library_list_t liblist[MAX_LIB_COUNT]; static u32 liblist_cnt; static void sigtrap_handler(int signum, siginfo_t *si, void *context); -static void fuzz(); +static void fuzz(void); /* read the library information */ -void read_library_information() { +void read_library_information(void) { #if defined(__linux__) FILE *f; @@ -284,7 +284,7 @@ library_list_t *find_library(char *name) { // this seems to work for clang too. nice :) requires gcc 4.4+ #pragma GCC push_options #pragma GCC optimize("O0") -void breakpoint() { +void breakpoint(void) { if (debug) fprintf(stderr, "Breakpoint function \"breakpoint\" reached.\n"); @@ -461,7 +461,7 @@ inline static void __afl_end_testcase(int status) { ((uintptr_t)addr & 0x3) * 0x10000000000)) #endif -void setup_trap_instrumentation() { +void setup_trap_instrumentation(void) { library_list_t *lib_base = NULL; size_t lib_size = 0; @@ -748,7 +748,7 @@ int main(int argc, char *argv[]) { inline #endif static void - fuzz() { + fuzz(void) { // STEP 3: call the function to fuzz, also the functions you might // need to call to prepare the function and - important! - diff --git a/include/snapshot-inl.h b/include/snapshot-inl.h index a75d69c0..a18187ef 100644 --- a/include/snapshot-inl.h +++ b/include/snapshot-inl.h @@ -66,7 +66,7 @@ struct afl_snapshot_vmrange_args { static int afl_snapshot_dev_fd; -static int afl_snapshot_init() { +static int afl_snapshot_init(void) { afl_snapshot_dev_fd = open(AFL_SNAPSHOT_FILE_NAME, 0); return afl_snapshot_dev_fd; -- cgit 1.4.1