From ad6a4cf1c2b7089179c77544b9749e72a2dd6d0f Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 18 Nov 2022 08:11:26 +0000 Subject: Fix cmplog block ID generation to use hashes rather than bit-shifts --- frida_mode/src/cmplog/cmplog_arm64.c | 5 +---- frida_mode/src/cmplog/cmplog_x64.c | 5 +---- frida_mode/src/cmplog/cmplog_x86.c | 5 +---- 3 files changed, 3 insertions(+), 12 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 5792cbfa..095dc242 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -204,10 +204,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, gsize address = context->pc; - register uintptr_t k = (uintptr_t)address; - - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; + register uintptr_t k = instrument_get_offset_hash(GUM_ADDRESS(address)); if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) __afl_cmp_map->headers[k].hits = 0; diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 17912648..ce6b8681 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -188,10 +188,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, gsize address = ctx_read_reg(context, X86_REG_RIP); - register uintptr_t k = (uintptr_t)address; - - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 7; + register uintptr_t k = instrument_get_offset_hash(GUM_ADDRESS(address)); if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) __afl_cmp_map->headers[k].hits = 0; diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index a3a02457..fa06d611 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -193,10 +193,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, gsize address = ctx_read_reg(context, X86_REG_EIP); - register uintptr_t k = (uintptr_t)address; - - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; + register uintptr_t k = instrument_get_offset_hash(GUM_ADDRESS(address)); if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) __afl_cmp_map->headers[k].hits = 0; -- cgit 1.4.1 From 9734d0b3c09b3d604941d43fd96454100349d8b1 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 23 Nov 2022 18:18:26 +0000 Subject: Fixes to make things easier to build for ARM --- frida_mode/GNUmakefile | 3 +++ frida_mode/src/instrument/instrument_arm32.c | 10 +++++++++- frida_mode/test/png/GNUmakefile | 14 +++++++------- frida_mode/test/testinstr/GNUmakefile | 3 +++ 4 files changed, 22 insertions(+), 8 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 9f2bcd42..ccc4841d 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -191,6 +191,9 @@ all: $(FRIDA_TRACE) $(FRIDA_TRACE_LIB) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QE 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all +arm: + CFLAGS="-marm" LDFLAGS="-marm" ARCH="armhf" TARGET_CC=arm-linux-gnueabihf-gcc TARGET_CXX=arm-linux-gnueabihf-g++ make all + $(BUILD_DIR): mkdir -p $(BUILD_DIR) diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index cb2a322b..84dbb3be 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -273,7 +273,15 @@ void instrument_flush(GumStalkerOutput *output) { gpointer instrument_cur(GumStalkerOutput *output) { - return gum_arm_writer_cur(output->writer.arm); + gpointer curr = NULL; + + if (output->encoding == GUM_INSTRUCTION_SPECIAL) { + curr = gum_thumb_writer_cur(output->writer.thumb); + } else { + curr = gum_arm_writer_cur(output->writer.arm); + } + + return curr; } diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 864265e0..86fd1483 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -7,10 +7,10 @@ LIBPNG_BUILD_DIR:=$(BUILD_DIR)libpng/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ -LIBZ_FILE:=$(LIBZ_BUILD_DIR)zlib-1.2.12.tar.gz -LIBZ_URL:=http://www.zlib.net/zlib-1.2.12.tar.gz -LIBZ_DIR:=$(LIBZ_BUILD_DIR)zlib-1.2.12/ -LIBZ_PC:=$(ZLIB_DIR)zlib.pc +LIBZ_FILE:=$(LIBZ_BUILD_DIR)zlib-1.2.13.tar.gz +LIBZ_URL:=http://www.zlib.net/zlib-1.2.13.tar.gz +LIBZ_DIR:=$(LIBZ_BUILD_DIR)zlib-1.2.13/ +LIBZ_PC:=$(LIBZ_DIR)zlib.pc LIBZ_LIB:=$(LIBZ_DIR)libz.a LIBPNG_FILE:=$(LIBPNG_BUILD_DIR)libpng-1.2.56.tar.gz @@ -48,7 +48,7 @@ all: $(TEST_BIN) CFLAGS="-m32" LDFLAGS="-m32" make $(TEST_BIN) arm: - ARCH="arm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TEST_BIN) + CFLAGS="-marm" LDFLAGS="-marm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TEST_BIN) $(BUILD_DIR): mkdir -p $@ @@ -96,7 +96,7 @@ $(LIBZ_PC): | $(LIBZ_DIR) --static \ --archs="$(ARCH)" -$(LIBZ_LIB): $(LIBZ_PC) +$(LIBZ_LIB): | $(LIBZ_PC) CFLAGS="$(CFLAGS) -fPIC" \ make \ -C $(LIBZ_DIR) \ @@ -133,7 +133,7 @@ png: $(LIBPNG_LIB) ######### TEST ######## -$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) +$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) $(LIBZ_LIB) $(CXX) \ $(CFLAGS) \ $(LDFLAGS) \ diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile index 79eee213..ebc0b2dc 100644 --- a/frida_mode/test/testinstr/GNUmakefile +++ b/frida_mode/test/testinstr/GNUmakefile @@ -18,6 +18,9 @@ all: $(TESTINSTBIN) 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all +arm: + CFLAGS="-marm" LDFLAGS="-marm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TESTINSTBIN) + $(BUILD_DIR): mkdir -p $@ -- cgit 1.4.1 From 0885dda767ec29330c57c88f3102d5ee565b645d Mon Sep 17 00:00:00 2001 From: Your Date: Thu, 1 Dec 2022 18:17:21 +0000 Subject: Fix branch suppression for ARM64 --- frida_mode/src/instrument/instrument_arm64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index c7584a87..39e32b12 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -196,7 +196,7 @@ static void instrument_coverage_switch(GumStalkerObserver *self, insn = instrument_disassemble(from_insn); deterministic = instrument_is_deterministic(insn); cs_free(insn, 1); - if (deterministic) { return; } + if (!deterministic) { return; } /* * Since each block is prefixed with a restoration prologue, we need to be -- cgit 1.4.1 From e26c173041b185d7ea37aa923cca3ec4aed51b1b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Dec 2022 09:13:52 +0100 Subject: code format --- frida_mode/src/instrument/instrument_arm32.c | 4 ++++ utils/argv_fuzzing/argv-fuzz-inl.h | 4 +--- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 84dbb3be..51f78a35 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -276,9 +276,13 @@ gpointer instrument_cur(GumStalkerOutput *output) { gpointer curr = NULL; if (output->encoding == GUM_INSTRUCTION_SPECIAL) { + curr = gum_thumb_writer_cur(output->writer.thumb); + } else { + curr = gum_arm_writer_cur(output->writer.arm); + } return curr; diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index e350dd4e..ec22c53b 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -65,9 +65,7 @@ static char **afl_init_argv(int *argc) { int rc = 0; ssize_t num = read(0, in_buf, MAX_CMDLINE_LEN - 2); - if (num < 0) { - exit(1); - } + if (num < 1) { _exit(1); } in_buf[num] = '\0'; in_buf[num + 1] = '\0'; -- cgit 1.4.1