From ed63364a777dd7a01a0cfdba938888707053e192 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 18:13:06 +0200 Subject: add touch shmem in forkserver, add binary library and patches.txt for easy testing --- examples/afl_untracer/afl-untracer.c | 2 ++ examples/afl_untracer/libtestinstr.so | Bin 0 -> 17152 bytes examples/afl_untracer/patches.txt | 57 ++++++++++++++++++++-------------- 3 files changed, 36 insertions(+), 23 deletions(-) create mode 100755 examples/afl_untracer/libtestinstr.so (limited to 'examples/afl_untracer') diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 77b15eb8..f6dbbcd6 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -437,6 +437,8 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1; // fprintf(stderr, "write1 %d\n", do_exit); + __afl_area_ptr[0] = 1; // put something in the map + return status; } diff --git a/examples/afl_untracer/libtestinstr.so b/examples/afl_untracer/libtestinstr.so new file mode 100755 index 00000000..389a946c Binary files /dev/null and b/examples/afl_untracer/libtestinstr.so differ diff --git a/examples/afl_untracer/patches.txt b/examples/afl_untracer/patches.txt index b3063e3a..7e964249 100644 --- a/examples/afl_untracer/patches.txt +++ b/examples/afl_untracer/patches.txt @@ -1,23 +1,34 @@ -libtestinstr.so:0x2000L -0x1050L -0x1063L -0x106fL -0x1078L -0x1080L -0x10a4L -0x10b0L -0x10b8L -0x10c0L -0x10c9L -0x10d7L -0x10e3L -0x10f8L -0x1100L -0x1105L -0x111aL -0x1135L -0x1143L -0x114eL -0x115cL -0x116aL -0x116bL +libtestinstr.so:0x1000 +0x10 +0x12 +0x20 +0x36 +0x30 +0x40 +0x50 +0x63 +0x6f +0x78 +0x80 +0xa4 +0xb0 +0xb8 +0x100 +0xc0 +0xc9 +0xd7 +0xe3 +0xe8 +0xf8 +0x105 +0x11a +0x135 +0x141 +0x143 +0x14e +0x15a +0x15c +0x168 +0x16a +0x16b +0x170 -- cgit 1.4.1 From e6e38d1703c5765a1d62cba211e881b0f34b959c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 21:25:32 +0200 Subject: give document edge id a unique id per module --- examples/afl_untracer/afl-untracer.c | 2 +- llvm_mode/afl-llvm-lto-instrumentation.so.cc | 30 +++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 4 deletions(-) (limited to 'examples/afl_untracer') diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index f6dbbcd6..cb6f948c 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -437,7 +437,7 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1; // fprintf(stderr, "write1 %d\n", do_exit); - __afl_area_ptr[0] = 1; // put something in the map + __afl_area_ptr[0] = 1; // put something in the map return status; diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 5686eb56..4023c1d6 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -105,6 +105,11 @@ bool AFLLTOPass::runOnModule(Module &M) { char * ptr; FILE * documentFile = NULL; + srand((unsigned int)time(NULL)); + + unsigned long long int moduleID = + (((unsigned long long int)(rand() & 0xffffffff)) << 32) | getpid(); + IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C); @@ -189,13 +194,32 @@ bool AFLLTOPass::runOnModule(Module &M) { ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); ConstantInt *One = ConstantInt::get(Int8Ty, 1); + /* This dumps all inialized global strings - might be useful in the future + for (auto G=M.getGlobalList().begin(); G!=M.getGlobalList().end(); G++) { + + GlobalVariable &GV=*G; + if (!GV.getName().str().empty()) { + + fprintf(stderr, "Global Variable: %s", GV.getName().str().c_str()); + if (GV.hasInitializer()) + if (auto *Val = dyn_cast(GV.getInitializer())) + fprintf(stderr, " Value: \"%s\"", Val->getAsString().str().c_str()); + fprintf(stderr, "\n"); + + } + + } + + */ + /* Instrument all the things! */ int inst_blocks = 0; for (auto &F : M) { - // fprintf(stderr, "DEBUG: Function %s\n", F.getName().str().c_str()); + // fprintf(stderr, "DEBUG: Module %s Function %s\n", + // M.getName().str().c_str(), F.getName().str().c_str()); if (F.size() < function_minimum_size) continue; if (isIgnoreFunction(&F)) continue; @@ -603,8 +627,8 @@ bool AFLLTOPass::runOnModule(Module &M) { if (documentFile) { - fprintf(documentFile, "%s %u\n", F.getName().str().c_str(), - afl_global_id); + fprintf(documentFile, "ModuleID=%llu Function=%s edgeID=%u\n", + moduleID, F.getName().str().c_str(), afl_global_id); } -- cgit 1.4.1