From 23e477caa76a0fd56e61419c9c3cee84a7881438 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 11 Oct 2022 18:15:51 +0100 Subject: Updates following FRIDA API changes --- frida_mode/src/js/js.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index 6bc31864..52b88d96 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -18,14 +18,10 @@ static GumScriptScheduler *scheduler; static GMainContext *context; static GMainLoop *main_loop; -static void js_msg(GumScript *script, const gchar *message, GBytes *data, - gpointer user_data) { - - UNUSED_PARAMETER(script); +static void js_msg(const gchar *message, GBytes *data, gpointer user_data) { UNUSED_PARAMETER(data); UNUSED_PARAMETER(user_data); FOKF("%s", message); - } void js_config(void) { @@ -124,8 +120,8 @@ void js_start(void) { main_loop = g_main_loop_new(context, true); g_main_context_push_thread_default(context); - gum_script_backend_create(backend, "example", source, cancellable, create_cb, - &error); + gum_script_backend_create(backend, "example", source, NULL, cancellable, + create_cb, &error); while (g_main_context_pending(context)) g_main_context_iteration(context, FALSE); -- cgit 1.4.1 From 4bb4d6ebfdbbdc1ceb6ebf66474180a5e9020ed3 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 11 Oct 2022 18:15:51 +0100 Subject: ARM branch suppression --- frida_mode/src/instrument/instrument_arm32.c | 63 +++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 5 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index f2e825ee..5b6ddf09 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -1,6 +1,7 @@ #include "frida-gumjs.h" #include "instrument.h" +#include "stalker.h" #include "util.h" #if defined(__arm__) @@ -10,6 +11,7 @@ gboolean instrument_cache_enabled = FALSE; gsize instrument_cache_size = 0; +static GHashTable *coverage_blocks = NULL; extern __thread guint64 instrument_previous_pc; @@ -22,8 +24,25 @@ typedef struct { // shared_mem[cur_location ^ prev_location]++; // prev_location = cur_location >> 1; - /* We can remove this branch when we add support for branch suppression */ - uint32_t b_code; /* b imm */ + // str r0, [sp, #-128] ; 0xffffff80 + // str r1, [sp, #-132] ; 0xffffff7c + // ldr r0, [pc, #-20] ; 0xf691b29c + // ldrh r1, [r0] + // movw r0, #33222 ; 0x81c6 + // eor r0, r0, r1 + // ldr r1, [pc, #-40] ; 0xf691b298 + // add r1, r1, r0 + // ldrb r0, [r1] + // add r0, r0, #1 + // add r0, r0, r0, lsr #8 + // strb r0, [r1] + // movw r0, #49379 ; 0xc0e3 + // ldr r1, [pc, #-64] ; 0xf691b29c + // strh r0, [r1] + // ldr r1, [sp, #-132] ; 0xffffff7c + // ldr r0, [sp, #-128] ; 0xffffff80 + + uint32_t b_code; /* b imm */ uint8_t *shared_mem; uint64_t *prev_location; @@ -115,15 +134,45 @@ gboolean instrument_is_coverage_optimize_supported(void) { } -static void patch_t3_insn(uint32_t *insn, uint16_t val) { +static void instrument_coverage_switch(GumStalkerObserver *self, + gpointer from_address, + gpointer start_address, + const cs_insn * from_insn, + gpointer * target) { + UNUSED_PARAMETER(self); + UNUSED_PARAMETER(from_address); + UNUSED_PARAMETER(start_address); + UNUSED_PARAMETER(from_insn); + + if (!g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target))) { + return; + } + + *target += G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); +} +static void instrument_coverage_suppress_init(void) { + static gboolean initialized = false; + if (initialized) { return; } + initialized = true; + + GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); + iface->switch_callback = instrument_coverage_switch; + + coverage_blocks = g_hash_table_new(g_direct_hash, g_direct_equal); + if (coverage_blocks == NULL) { + FATAL("Failed to g_hash_table_new, errno: %d", errno); + } +} + +static void patch_t3_insn(uint32_t *insn, uint16_t val) { uint32_t orig = GUINT32_FROM_LE(*insn); uint32_t imm12 = (val & 0xfff); uint32_t imm4 = (val >> 12); orig |= imm12; orig |= (imm4 << 16); *insn = GUINT32_TO_LE(orig); - } void instrument_coverage_optimize(const cs_insn *instr, @@ -137,12 +186,16 @@ void instrument_coverage_optimize(const cs_insn *instr, gsize area_offset_ror; GumAddress code_addr = 0; - // gum_arm64_writer_put_brk_imm(cw, 0x0); + instrument_coverage_suppress_init(); code_addr = cw->pc; block_start = GSIZE_TO_POINTER(GUM_ADDRESS(cw->code)); + if (!g_hash_table_add(coverage_blocks, block_start)) { + FATAL("Failed - g_hash_table_add"); + } + code.code = template; g_assert(PAGE_ALIGNED(__afl_area_ptr)); -- cgit 1.4.1 From fac6491ad0bbaee078352990eeb708d82aa412e3 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 11 Oct 2022 18:15:51 +0100 Subject: Bump FRIDA version --- frida_mode/GNUmakefile | 5 +++-- frida_mode/src/ctx/ctx_arm32.c | 2 ++ frida_mode/src/instrument/instrument_arm32.c | 9 +++------ frida_mode/src/instrument/instrument_arm64.c | 29 ++++++++++++++++++++++++---- frida_mode/src/prefetch.c | 1 - frida_mode/src/stats/stats_arm32.c | 1 + 6 files changed, 34 insertions(+), 13 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 39c96d5b..5cd01ffd 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -57,7 +57,8 @@ ifdef DEBUG CFLAGS+=-Werror \ -Wall \ -Wextra \ - -Wpointer-arith + -Wpointer-arith \ + -Wno-unknown-pragmas else CFLAGS+=-Wno-pointer-arith endif @@ -142,7 +143,7 @@ ifndef OS $(error "Operating system unsupported") endif -GUM_DEVKIT_VERSION=15.2.1 +GUM_DEVKIT_VERSION=15.2.2 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" diff --git a/frida_mode/src/ctx/ctx_arm32.c b/frida_mode/src/ctx/ctx_arm32.c index 28fc706b..0e5b25a4 100644 --- a/frida_mode/src/ctx/ctx_arm32.c +++ b/frida_mode/src/ctx/ctx_arm32.c @@ -7,6 +7,8 @@ gsize ctx_read_reg(GumArmCpuContext *ctx, arm_reg reg) { + UNUSED_PARAMETER(ctx); + UNUSED_PARAMETER(reg); FFATAL("ctx_read_reg unimplemented for this architecture"); } diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 5b6ddf09..44e37e11 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -137,8 +137,8 @@ gboolean instrument_is_coverage_optimize_supported(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + void *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); @@ -148,7 +148,7 @@ static void instrument_coverage_switch(GumStalkerObserver *self, return; } - *target += G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); + *target = (guint8 *)*target + G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); } static void instrument_coverage_suppress_init(void) { @@ -184,12 +184,9 @@ void instrument_coverage_optimize(const cs_insn *instr, guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); gsize map_size_pow2; gsize area_offset_ror; - GumAddress code_addr = 0; instrument_coverage_suppress_init(); - code_addr = cw->pc; - block_start = GSIZE_TO_POINTER(GUM_ADDRESS(cw->code)); if (!g_hash_table_add(coverage_blocks, block_start)) { diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 87811b38..fe70a8bb 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -156,26 +156,47 @@ static gboolean instrument_is_deterministic(const cs_insn *from_insn) { } +cs_insn * +instrument_disassemble (gconstpointer address) +{ + csh capstone; + cs_insn * insn = NULL; + + cs_open (CS_ARCH_ARM64, GUM_DEFAULT_CS_ENDIAN, &capstone); + cs_option (capstone, CS_OPT_DETAIL, CS_OPT_ON); + + cs_disasm (capstone, address, 16, GPOINTER_TO_SIZE (address), 1, &insn); + + cs_close (&capstone); + + return insn; +} + static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn *from_insn, + void *from_insn, gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); + cs_insn * insn = NULL; + gboolean deterministic = FALSE; gsize fixup_offset; if (!g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target)) && - !g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target + 4))) { + !g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER((guint8 *)*target + 4))) { return; } - if (instrument_is_deterministic(from_insn)) { return; } + insn = instrument_disassemble (from_insn); + deterministic = instrument_is_deterministic(insn); + cs_free (insn, 1); + if (deterministic) { return; } /* * Since each block is prefixed with a restoration prologue, we need to be @@ -208,7 +229,7 @@ static void instrument_coverage_switch(GumStalkerObserver *self, */ fixup_offset = GUM_RESTORATION_PROLOG_SIZE + G_STRUCT_OFFSET(afl_log_code_asm_t, restoration_prolog); - *target += fixup_offset; + *target = (guint8 *)*target + fixup_offset; } diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 905e0ae9..f093cd53 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -29,7 +29,6 @@ gboolean prefetch_enable = TRUE; gboolean prefetch_backpatch = TRUE; static prefetch_data_t *prefetch_data = NULL; -static int prefetch_shm_id = -1; static GHashTable *cant_prefetch = NULL; diff --git a/frida_mode/src/stats/stats_arm32.c b/frida_mode/src/stats/stats_arm32.c index bd652aa3..6c72a476 100644 --- a/frida_mode/src/stats/stats_arm32.c +++ b/frida_mode/src/stats/stats_arm32.c @@ -13,6 +13,7 @@ void starts_arch_init(void) { void stats_write_arch(stats_data_t *data) { + UNUSED_PARAMETER(data); FFATAL("Stats not supported on this architecture"); } -- cgit 1.4.1 From 7461c52278ff3a96ebc4d71d369d3a8b24fd19b1 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 11 Oct 2022 18:15:51 +0100 Subject: Fixes for x64 --- frida_mode/GNUmakefile | 56 ++++++++++++++-------------- frida_mode/hook/frida_hook.c | 2 + frida_mode/src/instrument/instrument_arm32.c | 28 ++++++++++---- frida_mode/src/instrument/instrument_arm64.c | 34 ++++++++--------- frida_mode/src/instrument/instrument_x64.c | 39 ++++++++++++++++--- frida_mode/src/instrument/instrument_x86.c | 39 ++++++++++++++++--- frida_mode/src/js/js.c | 2 + 7 files changed, 138 insertions(+), 62 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 5cd01ffd..79367671 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -58,7 +58,9 @@ CFLAGS+=-Werror \ -Wall \ -Wextra \ -Wpointer-arith \ - -Wno-unknown-pragmas + -Wno-unknown-pragmas \ + -Wno-pointer-to-int-cast \ + -Wno-int-to-pointer-cast else CFLAGS+=-Wno-pointer-arith endif @@ -207,7 +209,7 @@ $(FRIDA_MAKEFILE): | $(BUILD_DIR) .PHONY: $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_LIBRARY): $(FRIDA_MAKEFILE) - cd $(FRIDA_DIR) && make gum-$(OS)$(GUM_ARCH) + cd $(FRIDA_DIR) && make gum-$(OS)$(GUM_ARCH) FRIDA_V8=disabled $(GUM_DEVIT_HEADER): $(FRIDA_MAKEFILE) | $(FRIDA_BUILD_DIR) echo "#include " > $@ @@ -246,40 +248,40 @@ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ else ifeq "$(ARCH)" "arm64" -CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ +CFLAGS+=-I $(FRIDA_DIR)build/$(OS)-$(ARCH)/include/frida-1.0 \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ ifeq "$(OS)" "android" CFLAGS += -static-libstdc++ endif else -CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ +CFLAGS+=-I $(FRIDA_DIR)build/$(OS)-$(ARCH)/include/frida-1.0 \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ endif TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libtcc.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libquickjs.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libcapstone.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libunwind.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libffi.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libdwarf.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libelf.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/liblzma.a \ - $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libz.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libunwind.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libdwarf.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libelf.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \ + $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \ CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ diff --git a/frida_mode/hook/frida_hook.c b/frida_mode/hook/frida_hook.c index 79e2348d..da1a59b2 100644 --- a/frida_mode/hook/frida_hook.c +++ b/frida_mode/hook/frida_hook.c @@ -54,10 +54,12 @@ __attribute__((visibility("default"))) void afl_persistent_hook( __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! memcpy((void *)regs->r[0], input_buf, input_buf_len); regs->r[1] = input_buf_len; + } #else diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 44e37e11..cb2a322b 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -9,8 +9,8 @@ #define PAGE_MASK (~(GUM_ADDRESS(0xfff))) #define PAGE_ALIGNED(x) ((GUM_ADDRESS(x) & PAGE_MASK) == GUM_ADDRESS(x)) -gboolean instrument_cache_enabled = FALSE; -gsize instrument_cache_size = 0; +gboolean instrument_cache_enabled = FALSE; +gsize instrument_cache_size = 0; static GHashTable *coverage_blocks = NULL; extern __thread guint64 instrument_previous_pc; @@ -42,7 +42,7 @@ typedef struct { // ldr r1, [sp, #-132] ; 0xffffff7c // ldr r0, [sp, #-128] ; 0xffffff80 - uint32_t b_code; /* b imm */ + uint32_t b_code; /* b imm */ uint8_t *shared_mem; uint64_t *prev_location; @@ -136,43 +136,53 @@ gboolean instrument_is_coverage_optimize_supported(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, - gpointer start_address, - void *from_insn, - gpointer *target) { + gpointer start_address, void *from_insn, + gpointer *target) { + UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); UNUSED_PARAMETER(from_insn); if (!g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target))) { + return; + } - *target = (guint8 *)*target + G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); + *target = + (guint8 *)*target + G_STRUCT_OFFSET(afl_log_code_asm_t, str_r0_sp_rz); + } static void instrument_coverage_suppress_init(void) { + static gboolean initialized = false; if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; coverage_blocks = g_hash_table_new(g_direct_hash, g_direct_equal); if (coverage_blocks == NULL) { + FATAL("Failed to g_hash_table_new, errno: %d", errno); + } + } static void patch_t3_insn(uint32_t *insn, uint16_t val) { + uint32_t orig = GUINT32_FROM_LE(*insn); uint32_t imm12 = (val & 0xfff); uint32_t imm4 = (val >> 12); orig |= imm12; orig |= (imm4 << 16); *insn = GUINT32_TO_LE(orig); + } void instrument_coverage_optimize(const cs_insn *instr, @@ -190,7 +200,9 @@ void instrument_coverage_optimize(const cs_insn *instr, block_start = GSIZE_TO_POINTER(GUM_ADDRESS(cw->code)); if (!g_hash_table_add(coverage_blocks, block_start)) { + FATAL("Failed - g_hash_table_add"); + } code.code = template; diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index fe70a8bb..c7584a87 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -156,46 +156,46 @@ static gboolean instrument_is_deterministic(const cs_insn *from_insn) { } -cs_insn * -instrument_disassemble (gconstpointer address) -{ - csh capstone; - cs_insn * insn = NULL; +cs_insn *instrument_disassemble(gconstpointer address) { - cs_open (CS_ARCH_ARM64, GUM_DEFAULT_CS_ENDIAN, &capstone); - cs_option (capstone, CS_OPT_DETAIL, CS_OPT_ON); + csh capstone; + cs_insn *insn = NULL; - cs_disasm (capstone, address, 16, GPOINTER_TO_SIZE (address), 1, &insn); + cs_open(CS_ARCH_ARM64, GUM_DEFAULT_CS_ENDIAN, &capstone); + cs_option(capstone, CS_OPT_DETAIL, CS_OPT_ON); - cs_close (&capstone); + cs_disasm(capstone, address, 16, GPOINTER_TO_SIZE(address), 1, &insn); + + cs_close(&capstone); return insn; + } static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, - gpointer start_address, - void *from_insn, - gpointer *target) { + gpointer start_address, void *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); - cs_insn * insn = NULL; + cs_insn *insn = NULL; gboolean deterministic = FALSE; - gsize fixup_offset; + gsize fixup_offset; if (!g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target)) && - !g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER((guint8 *)*target + 4))) { + !g_hash_table_contains(coverage_blocks, + GSIZE_TO_POINTER((guint8 *)*target + 4))) { return; } - insn = instrument_disassemble (from_insn); + insn = instrument_disassemble(from_insn); deterministic = instrument_is_deterministic(insn); - cs_free (insn, 1); + cs_free(insn, 1); if (deterministic) { return; } /* diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index 13ced4a3..f7b7d6c5 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -171,11 +171,11 @@ void instrument_coverage_optimize_init(void) { } -static void instrument_coverage_switch(GumStalkerObserver *self, - gpointer from_address, - gpointer start_address, - const cs_insn *from_insn, - gpointer *target) { +static void instrument_coverage_switch_insn(GumStalkerObserver *self, + gpointer from_address, + gpointer start_address, + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); @@ -224,6 +224,35 @@ static void instrument_coverage_switch(GumStalkerObserver *self, } +cs_insn *instrument_disassemble(gconstpointer address) { + + csh capstone; + cs_insn *insn = NULL; + + cs_open(CS_ARCH_X86, GUM_CPU_MODE, &capstone); + cs_option(capstone, CS_OPT_DETAIL, CS_OPT_ON); + + cs_disasm(capstone, address, 16, GPOINTER_TO_SIZE(address), 1, &insn); + + cs_close(&capstone); + + return insn; + +} + +static void instrument_coverage_switch(GumStalkerObserver *self, + gpointer from_address, + gpointer start_address, void *from_insn, + gpointer *target) { + + if (from_insn == NULL) { return; } + cs_insn *insn = instrument_disassemble(from_insn); + instrument_coverage_switch_insn(self, from_address, start_address, insn, + target); + cs_free(insn, 1); + +} + static void instrument_coverage_suppress_init(void) { static gboolean initialized = false; diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index eabd5be4..f15893cb 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -83,11 +83,11 @@ gboolean instrument_is_coverage_optimize_supported(void) { } -static void instrument_coverage_switch(GumStalkerObserver *self, - gpointer from_address, - gpointer start_address, - const cs_insn *from_insn, - gpointer *target) { +static void instrument_coverage_switch_insn(GumStalkerObserver *self, + gpointer from_address, + gpointer start_address, + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); @@ -130,6 +130,35 @@ static void instrument_coverage_switch(GumStalkerObserver *self, } +cs_insn *instrument_disassemble(gconstpointer address) { + + csh capstone; + cs_insn *insn = NULL; + + cs_open(CS_ARCH_X86, GUM_CPU_MODE, &capstone); + cs_option(capstone, CS_OPT_DETAIL, CS_OPT_ON); + + cs_disasm(capstone, address, 16, GPOINTER_TO_SIZE(address), 1, &insn); + + cs_close(&capstone); + + return insn; + +} + +static void instrument_coverage_switch(GumStalkerObserver *self, + gpointer from_address, + gpointer start_address, void *from_insn, + gpointer *target) { + + if (from_insn == NULL) { return; } + cs_insn *insn = instrument_disassemble(from_insn); + instrument_coverage_switch_insn(self, from_address, start_address, insn, + target); + cs_free(insn, 1); + +} + static void instrument_coverage_suppress_init(void) { static gboolean initialized = false; diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index 52b88d96..25187694 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -19,9 +19,11 @@ static GMainContext *context; static GMainLoop *main_loop; static void js_msg(const gchar *message, GBytes *data, gpointer user_data) { + UNUSED_PARAMETER(data); UNUSED_PARAMETER(user_data); FOKF("%s", message); + } void js_config(void) { -- cgit 1.4.1 From ad6a4cf1c2b7089179c77544b9749e72a2dd6d0f Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 18 Nov 2022 08:11:26 +0000 Subject: Fix cmplog block ID generation to use hashes rather than bit-shifts --- frida_mode/src/cmplog/cmplog_arm64.c | 5 +---- frida_mode/src/cmplog/cmplog_x64.c | 5 +---- frida_mode/src/cmplog/cmplog_x86.c | 5 +---- 3 files changed, 3 insertions(+), 12 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 5792cbfa..095dc242 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -204,10 +204,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, gsize address = context->pc; - register uintptr_t k = (uintptr_t)address; - - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; + register uintptr_t k = instrument_get_offset_hash(GUM_ADDRESS(address)); if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) __afl_cmp_map->headers[k].hits = 0; diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 17912648..ce6b8681 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -188,10 +188,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, gsize address = ctx_read_reg(context, X86_REG_RIP); - register uintptr_t k = (uintptr_t)address; - - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 7; + register uintptr_t k = instrument_get_offset_hash(GUM_ADDRESS(address)); if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) __afl_cmp_map->headers[k].hits = 0; diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index a3a02457..fa06d611 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -193,10 +193,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, gsize address = ctx_read_reg(context, X86_REG_EIP); - register uintptr_t k = (uintptr_t)address; - - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; + register uintptr_t k = instrument_get_offset_hash(GUM_ADDRESS(address)); if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) __afl_cmp_map->headers[k].hits = 0; -- cgit 1.4.1 From 9734d0b3c09b3d604941d43fd96454100349d8b1 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 23 Nov 2022 18:18:26 +0000 Subject: Fixes to make things easier to build for ARM --- frida_mode/GNUmakefile | 3 +++ frida_mode/src/instrument/instrument_arm32.c | 10 +++++++++- frida_mode/test/png/GNUmakefile | 14 +++++++------- frida_mode/test/testinstr/GNUmakefile | 3 +++ 4 files changed, 22 insertions(+), 8 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 9f2bcd42..ccc4841d 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -191,6 +191,9 @@ all: $(FRIDA_TRACE) $(FRIDA_TRACE_LIB) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QE 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all +arm: + CFLAGS="-marm" LDFLAGS="-marm" ARCH="armhf" TARGET_CC=arm-linux-gnueabihf-gcc TARGET_CXX=arm-linux-gnueabihf-g++ make all + $(BUILD_DIR): mkdir -p $(BUILD_DIR) diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index cb2a322b..84dbb3be 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -273,7 +273,15 @@ void instrument_flush(GumStalkerOutput *output) { gpointer instrument_cur(GumStalkerOutput *output) { - return gum_arm_writer_cur(output->writer.arm); + gpointer curr = NULL; + + if (output->encoding == GUM_INSTRUCTION_SPECIAL) { + curr = gum_thumb_writer_cur(output->writer.thumb); + } else { + curr = gum_arm_writer_cur(output->writer.arm); + } + + return curr; } diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 864265e0..86fd1483 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -7,10 +7,10 @@ LIBPNG_BUILD_DIR:=$(BUILD_DIR)libpng/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ -LIBZ_FILE:=$(LIBZ_BUILD_DIR)zlib-1.2.12.tar.gz -LIBZ_URL:=http://www.zlib.net/zlib-1.2.12.tar.gz -LIBZ_DIR:=$(LIBZ_BUILD_DIR)zlib-1.2.12/ -LIBZ_PC:=$(ZLIB_DIR)zlib.pc +LIBZ_FILE:=$(LIBZ_BUILD_DIR)zlib-1.2.13.tar.gz +LIBZ_URL:=http://www.zlib.net/zlib-1.2.13.tar.gz +LIBZ_DIR:=$(LIBZ_BUILD_DIR)zlib-1.2.13/ +LIBZ_PC:=$(LIBZ_DIR)zlib.pc LIBZ_LIB:=$(LIBZ_DIR)libz.a LIBPNG_FILE:=$(LIBPNG_BUILD_DIR)libpng-1.2.56.tar.gz @@ -48,7 +48,7 @@ all: $(TEST_BIN) CFLAGS="-m32" LDFLAGS="-m32" make $(TEST_BIN) arm: - ARCH="arm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TEST_BIN) + CFLAGS="-marm" LDFLAGS="-marm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TEST_BIN) $(BUILD_DIR): mkdir -p $@ @@ -96,7 +96,7 @@ $(LIBZ_PC): | $(LIBZ_DIR) --static \ --archs="$(ARCH)" -$(LIBZ_LIB): $(LIBZ_PC) +$(LIBZ_LIB): | $(LIBZ_PC) CFLAGS="$(CFLAGS) -fPIC" \ make \ -C $(LIBZ_DIR) \ @@ -133,7 +133,7 @@ png: $(LIBPNG_LIB) ######### TEST ######## -$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) +$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) $(LIBZ_LIB) $(CXX) \ $(CFLAGS) \ $(LDFLAGS) \ diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile index 79eee213..ebc0b2dc 100644 --- a/frida_mode/test/testinstr/GNUmakefile +++ b/frida_mode/test/testinstr/GNUmakefile @@ -18,6 +18,9 @@ all: $(TESTINSTBIN) 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all +arm: + CFLAGS="-marm" LDFLAGS="-marm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TESTINSTBIN) + $(BUILD_DIR): mkdir -p $@ -- cgit 1.4.1 From 0885dda767ec29330c57c88f3102d5ee565b645d Mon Sep 17 00:00:00 2001 From: Your Date: Thu, 1 Dec 2022 18:17:21 +0000 Subject: Fix branch suppression for ARM64 --- frida_mode/src/instrument/instrument_arm64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index c7584a87..39e32b12 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -196,7 +196,7 @@ static void instrument_coverage_switch(GumStalkerObserver *self, insn = instrument_disassemble(from_insn); deterministic = instrument_is_deterministic(insn); cs_free(insn, 1); - if (deterministic) { return; } + if (!deterministic) { return; } /* * Since each block is prefixed with a restoration prologue, we need to be -- cgit 1.4.1 From e26c173041b185d7ea37aa923cca3ec4aed51b1b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Dec 2022 09:13:52 +0100 Subject: code format --- frida_mode/src/instrument/instrument_arm32.c | 4 ++++ utils/argv_fuzzing/argv-fuzz-inl.h | 4 +--- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 84dbb3be..51f78a35 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -276,9 +276,13 @@ gpointer instrument_cur(GumStalkerOutput *output) { gpointer curr = NULL; if (output->encoding == GUM_INSTRUCTION_SPECIAL) { + curr = gum_thumb_writer_cur(output->writer.thumb); + } else { + curr = gum_arm_writer_cur(output->writer.arm); + } return curr; diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index e350dd4e..ec22c53b 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -65,9 +65,7 @@ static char **afl_init_argv(int *argc) { int rc = 0; ssize_t num = read(0, in_buf, MAX_CMDLINE_LEN - 2); - if (num < 0) { - exit(1); - } + if (num < 1) { _exit(1); } in_buf[num] = '\0'; in_buf[num + 1] = '\0'; -- cgit 1.4.1 From 31727f36a8438cc3274b9a87c5ceab420ddf34e5 Mon Sep 17 00:00:00 2001 From: Your Date: Tue, 31 Jan 2023 06:23:00 +0000 Subject: Changes to revert broken branch suppression fix --- frida_mode/src/instrument/instrument_arm64.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'frida_mode/src') diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 39e32b12..77aa8c1d 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -196,7 +196,15 @@ static void instrument_coverage_switch(GumStalkerObserver *self, insn = instrument_disassemble(from_insn); deterministic = instrument_is_deterministic(insn); cs_free(insn, 1); - if (!deterministic) { return; } + + /* + * If the branch is deterministic, then we should start execution at the + * begining of the block. From here, we will branch and skip the coverage + * code and jump right to the target code of the instrumented block. + * Otherwise, if the branch is non-deterministic, then we need to branch + * part way into the block to where the coverage instrumentation starts. + */ + if (deterministic) { return; } /* * Since each block is prefixed with a restoration prologue, we need to be -- cgit 1.4.1 From 0d55feb11db1f79ee92db5f44ed04277388c933d Mon Sep 17 00:00:00 2001 From: Your Date: Tue, 31 Jan 2023 06:49:32 +0000 Subject: Add support for disabling branch suppression --- frida_mode/README.md | 7 + frida_mode/frida.map | 1 + frida_mode/include/instrument.h | 1 + frida_mode/src/instrument/instrument.c | 5 + frida_mode/src/instrument/instrument_arm64.c | 22 +- frida_mode/src/instrument/instrument_x64.c | 10 +- frida_mode/src/instrument/instrument_x86.c | 12 +- frida_mode/src/js/api.js | 7 + frida_mode/src/js/js_api.c | 7 + frida_mode/test/png/GNUmakefile | 2 +- frida_mode/ts/lib/afl.ts | 12 + frida_mode/ts/package-lock.json | 432 ++++++++++++++++++++++++++- include/envs.h | 1 + 13 files changed, 502 insertions(+), 17 deletions(-) (limited to 'frida_mode/src') diff --git a/frida_mode/README.md b/frida_mode/README.md index 055bb3ee..aac13153 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -193,6 +193,13 @@ instrumented address block translations. backpatching information. By default, the child will report applied backpatches to the parent so that they can be applied and then be inherited by the next child on fork. +* `AFL_FRIDA_INST_NO_SUPPRESS` - Disable deterministic branch suppression. + Deterministic branch suppression skips the preamble which generates coverage + information at the start of each block, if the block is reached by a + deterministic branch. This reduces map polution, and may improve performance + when all the executing blocks have been prefetched and backpatching applied. + However, in the event that backpatching is incomplete, this may incur a + performance penatly as branch instructions are disassembled on each branch. * `AFL_FRIDA_INST_SEED` - Sets the initial seed for the hash function used to generate block (and hence edge) IDs. Setting this to a constant value may be useful for debugging purposes, e.g., investigating unstable edges. diff --git a/frida_mode/frida.map b/frida_mode/frida.map index 73fff686..baf067ab 100644 --- a/frida_mode/frida.map +++ b/frida_mode/frida.map @@ -22,6 +22,7 @@ js_api_set_instrument_no_optimize; js_api_set_instrument_regs_file; js_api_set_instrument_seed; + js_api_set_instrument_suppress_disable; js_api_set_instrument_trace; js_api_set_instrument_trace_unique; js_api_set_instrument_unstable_coverage_file; diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 8c93d881..1825e331 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -15,6 +15,7 @@ extern guint64 instrument_hash_zero; extern char *instrument_coverage_unstable_filename; extern gboolean instrument_coverage_insn; extern char *instrument_regs_filename; +extern gboolean instrument_suppress; extern gboolean instrument_use_fixed_seed; extern guint64 instrument_fixed_seed; diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index e1e4ac22..a6aac666 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -27,6 +27,7 @@ gboolean instrument_optimize = false; gboolean instrument_unique = false; guint64 instrument_hash_zero = 0; guint64 instrument_hash_seed = 0; +gboolean instrument_suppress = false; gboolean instrument_use_fixed_seed = FALSE; guint64 instrument_fixed_seed = 0; @@ -290,6 +291,7 @@ void instrument_config(void) { (getenv("AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE")); instrument_coverage_insn = (getenv("AFL_FRIDA_INST_INSN") != NULL); instrument_regs_filename = getenv("AFL_FRIDA_INST_REGS_FILE"); + instrument_suppress = (getenv("AFL_FRIDA_INST_NO_SUPPRESS") == NULL); instrument_debug_config(); instrument_coverage_config(); @@ -321,6 +323,9 @@ void instrument_init(void) { FOKF(cBLU "Instrumentation" cRST " - " cGRN "instructions:" cYEL " [%c]", instrument_coverage_insn ? 'X' : ' '); + FOKF(cBLU "Instrumentation" cRST " - " cGRN "suppression:" cYEL " [%c]", + instrument_suppress ? 'X' : ' '); + if (instrument_tracing && instrument_optimize) { WARNF("AFL_FRIDA_INST_TRACE implies AFL_FRIDA_INST_NO_OPTIMIZE"); diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 77aa8c1d..4372861d 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -313,7 +313,7 @@ void instrument_coverage_optimize(const cs_insn *instr, // gum_arm64_writer_put_brk_imm(cw, 0x0); - instrument_coverage_suppress_init(); + if (instrument_suppress) { instrument_coverage_suppress_init(); } code_addr = cw->pc; @@ -333,9 +333,13 @@ void instrument_coverage_optimize(const cs_insn *instr, block_start = GSIZE_TO_POINTER(GUM_ADDRESS(cw->code) - GUM_RESTORATION_PROLOG_SIZE); - if (!g_hash_table_add(coverage_blocks, block_start)) { + if (instrument_suppress) { - FATAL("Failed - g_hash_table_add"); + if (!g_hash_table_add(coverage_blocks, block_start)) { + + FATAL("Failed - g_hash_table_add"); + + } } @@ -371,7 +375,17 @@ void instrument_coverage_optimize(const cs_insn *instr, code.code.mov_x1_curr_loc_shr_1 |= (area_offset_ror << 5); - gum_arm64_writer_put_bytes(cw, code.bytes, sizeof(afl_log_code)); + if (instrument_suppress) { + + gum_arm64_writer_put_bytes(cw, code.bytes, sizeof(afl_log_code)); + + } else { + + size_t offset = offsetof(afl_log_code, code.stp_x0_x1); + gum_arm64_writer_put_bytes(cw, &code.bytes[offset], + sizeof(afl_log_code) - offset); + + } } diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index f7b7d6c5..8338f8e7 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -380,11 +380,15 @@ void instrument_coverage_optimize(const cs_insn *instr, } - instrument_coverage_suppress_init(); + if (instrument_suppress) { - if (!g_hash_table_add(coverage_blocks, GSIZE_TO_POINTER(cw->code))) { + instrument_coverage_suppress_init(); - FATAL("Failed - g_hash_table_add"); + if (!g_hash_table_add(coverage_blocks, GSIZE_TO_POINTER(cw->code))) { + + FATAL("Failed - g_hash_table_add"); + + } } diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index f15893cb..4667ea29 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -203,13 +203,17 @@ void instrument_coverage_optimize(const cs_insn *instr, code.code = template; - instrument_coverage_suppress_init(); + if (instrument_suppress) { - // gum_x86_writer_put_breakpoint(cw); + instrument_coverage_suppress_init(); - if (!g_hash_table_add(coverage_blocks, GSIZE_TO_POINTER(cw->code))) { + // gum_x86_writer_put_breakpoint(cw); - FATAL("Failed - g_hash_table_add"); + if (!g_hash_table_add(coverage_blocks, GSIZE_TO_POINTER(cw->code))) { + + FATAL("Failed - g_hash_table_add"); + + } } diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index fce7a5d7..f9ea1ffb 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -170,6 +170,12 @@ class Afl { static setInstrumentSeed(seed) { Afl.jsApiSetInstrumentSeed(seed); } + /* + * See `AFL_FRIDA_INST_NO_SUPPRESS` + */ + static setInstrumentSuppressDisable() { + Afl.jsApiSetInstrumentSuppressDisable(); + } /** * See `AFL_FRIDA_INST_TRACE_UNIQUE`. */ @@ -339,6 +345,7 @@ Afl.jsApiSetInstrumentLibraries = Afl.jsApiGetFunction("js_api_set_instrument_li Afl.jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction("js_api_set_instrument_no_optimize", "void", []); Afl.jsApiSetInstrumentRegsFile = Afl.jsApiGetFunction("js_api_set_instrument_regs_file", "void", ["pointer"]); Afl.jsApiSetInstrumentSeed = Afl.jsApiGetFunction("js_api_set_instrument_seed", "void", ["uint64"]); +Afl.jsApiSetInstrumentSuppressDisable = Afl.jsApiGetFunction("js_api_set_instrument_suppress_disable", "void", []); Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []); Afl.jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction("js_api_set_instrument_trace_unique", "void", []); Afl.jsApiSetInstrumentUnstableCoverageFile = Afl.jsApiGetFunction("js_api_set_instrument_unstable_coverage_file", "void", ["pointer"]); diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index 01bba4ff..2e996c1c 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -289,6 +289,13 @@ __attribute__((visibility("default"))) void js_api_set_instrument_cache_size( } +__attribute__((visibility("default"))) void +js_api_set_instrument_suppress_disable(void) { + + instrument_suppress = false; + +} + __attribute__((visibility("default"))) void js_api_set_js_main_hook( const js_main_hook_t hook) { diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 86fd1483..408b7dcb 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -25,7 +25,7 @@ HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler- PNGTEST_FILE:=$(PNGTEST_BUILD_DIR)target.cc PNGTEST_OBJ:=$(PNGTEST_BUILD_DIR)target.o -PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" +PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/e0c4a994b6999bae46e8dec5bcea9a73251b8dba/benchmarks/libpng-1.2.56/target.cc" TEST_BIN:=$(BUILD_DIR)test ifeq "$(shell uname)" "Darwin" diff --git a/frida_mode/ts/lib/afl.ts b/frida_mode/ts/lib/afl.ts index 7a83c0fb..6a2350e7 100644 --- a/frida_mode/ts/lib/afl.ts +++ b/frida_mode/ts/lib/afl.ts @@ -201,6 +201,13 @@ class Afl { Afl.jsApiSetInstrumentSeed(seed); } + /* + * See `AFL_FRIDA_INST_NO_SUPPRESS` + */ + public static setInstrumentSuppressDisable(): void{ + Afl.jsApiSetInstrumentSuppressDisable(); + } + /** * See `AFL_FRIDA_INST_TRACE_UNIQUE`. */ @@ -451,6 +458,11 @@ class Afl { "void", ["uint64"]); + private static readonly jsApiSetInstrumentSuppressDisable = Afl.jsApiGetFunction( + "js_api_set_instrument_suppress_disable", + "void", + []); + private static readonly jsApiSetInstrumentTrace = Afl.jsApiGetFunction( "js_api_set_instrument_trace", "void", diff --git a/frida_mode/ts/package-lock.json b/frida_mode/ts/package-lock.json index e766c2c2..670d7a83 100644 --- a/frida_mode/ts/package-lock.json +++ b/frida_mode/ts/package-lock.json @@ -1,11 +1,433 @@ { - "requires": true, + "name": "@worksbutnottested/aflplusplus-frida", + "version": "1.0.1", "lockfileVersion": 1, + "requires": true, "dependencies": { - "tsc": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/tsc/-/tsc-2.0.3.tgz", - "integrity": "sha512-SN+9zBUtrpUcOpaUO7GjkEHgWtf22c7FKbKCA4e858eEM7Qz86rRDpgOU2lBIDf0fLCsEg65ms899UMUIB2+Ow==", + "@babel/code-frame": { + "version": "7.18.6", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz", + "integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==", + "dev": true, + "requires": { + "@babel/highlight": "^7.18.6" + } + }, + "@babel/helper-validator-identifier": { + "version": "7.19.1", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz", + "integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==", + "dev": true + }, + "@babel/highlight": { + "version": "7.18.6", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz", + "integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==", + "dev": true, + "requires": { + "@babel/helper-validator-identifier": "^7.18.6", + "chalk": "^2.0.0", + "js-tokens": "^4.0.0" + } + }, + "@types/frida-gum": { + "version": "16.5.1", + "resolved": "https://registry.npmjs.org/@types/frida-gum/-/frida-gum-16.5.1.tgz", + "integrity": "sha512-t+2HZG6iBO2cEKtb2KvtP33m/7TGmzSd42YqznToA34+TkS97NttsFZ9OY2s0hPyDQOg+hZTjR1QggRkEL/Ovg==" + }, + "@types/node": { + "version": "14.18.36", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.36.tgz", + "integrity": "sha512-FXKWbsJ6a1hIrRxv+FoukuHnGTgEzKYGi7kilfMae96AL9UNkPFNWJEEYWzdRI9ooIkbr4AKldyuSTLql06vLQ==", + "dev": true + }, + "ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "requires": { + "color-convert": "^1.9.0" + } + }, + "argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, + "requires": { + "sprintf-js": "~1.0.2" + } + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "builtin-modules": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz", + "integrity": "sha512-wxXCdllwGhI2kCC0MnvTGYTMvnVZTvqgypkiTI8Pa5tcz2i6VqsqwYGgqwXji+4RgCzms6EajE4IxiUH6HH8nQ==", + "dev": true + }, + "chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "requires": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + } + }, + "color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "requires": { + "color-name": "1.1.3" + } + }, + "color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==", + "dev": true + }, + "commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true + }, + "diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "dev": true + }, + "escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "dev": true + }, + "esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, + "get-caller-file": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.3.tgz", + "integrity": "sha512-3t6rVToeoZfYSGd8YoLFR2DJkiQrIiUrGcjvFX2mDw3bn6k2OtwHN0TNCLbBO+w8qTvimhDkv+LSscbJY1vE6w==", + "dev": true + }, + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "dev": true + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "is-core-module": { + "version": "2.11.0", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz", + "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==", + "dev": true, + "requires": { + "has": "^1.0.3" + } + }, + "js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true + }, + "js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dev": true, + "requires": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + } + }, + "minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz", + "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==", + "dev": true + }, + "mkdirp": { + "version": "0.5.6", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==", + "dev": true, + "requires": { + "minimist": "^1.2.6" + } + }, + "mock-require": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/mock-require/-/mock-require-3.0.3.tgz", + "integrity": "sha512-lLzfLHcyc10MKQnNUCv7dMcoY/2Qxd6wJfbqCcVk3LDb8An4hF6ohk5AztrvgKhJCqj36uyzi/p5se+tvyD+Wg==", + "dev": true, + "requires": { + "get-caller-file": "^1.0.2", + "normalize-path": "^2.1.1" + } + }, + "normalize-path": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz", + "integrity": "sha512-3pKJwH184Xo/lnH6oyP1q2pMd7HcypqqmRs91/6/i2CGtWwIKGCkOOMTm/zXbgTEWHw1uNpNi/igc3ePOYHb6w==", + "dev": true, + "requires": { + "remove-trailing-separator": "^1.0.1" + } + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "dev": true + }, + "path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true + }, + "remove-trailing-separator": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz", + "integrity": "sha512-/hS+Y0u3aOfIETiaiirUFwDBDzmXPvO+jAfKTitUngIPzdKc6Z0LoFjM/CK5PL4C+eKwHohlHAb6H0VFfmmUsw==", + "dev": true + }, + "resolve": { + "version": "1.22.1", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz", + "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==", + "dev": true, + "requires": { + "is-core-module": "^2.9.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + } + }, + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + }, + "sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", + "dev": true + }, + "supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "requires": { + "has-flag": "^3.0.0" + } + }, + "supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true + }, + "tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", + "dev": true + }, + "tslint": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/tslint/-/tslint-6.1.3.tgz", + "integrity": "sha512-IbR4nkT96EQOvKE2PW/djGz8iGNeJ4rF2mBfiYaR/nvUWYKJhLwimoJKgjIFEIDibBtOevj7BqCRL4oHeWWUCg==", + "dev": true, + "requires": { + "@babel/code-frame": "^7.0.0", + "builtin-modules": "^1.1.1", + "chalk": "^2.3.0", + "commander": "^2.12.1", + "diff": "^4.0.1", + "glob": "^7.1.1", + "js-yaml": "^3.13.1", + "minimatch": "^3.0.4", + "mkdirp": "^0.5.3", + "resolve": "^1.3.2", + "semver": "^5.3.0", + "tslib": "^1.13.0", + "tsutils": "^2.29.0" + } + }, + "tsutils": { + "version": "2.29.0", + "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-2.29.0.tgz", + "integrity": "sha512-g5JVHCIJwzfISaXpXE1qvNalca5Jwob6FjI4AoPlqMusJ6ftFE7IkkFoMhVLRgK+4Kx3gkzb8UZK5t5yTTvEmA==", + "dev": true, + "requires": { + "tslib": "^1.8.1" + } + }, + "typescript": { + "version": "4.9.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", + "dev": true + }, + "typescript-tslint-plugin": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/typescript-tslint-plugin/-/typescript-tslint-plugin-0.5.5.tgz", + "integrity": "sha512-tR5igNQP+6FhxaPJYRlUBVsEl0n5cSuXRbg7L1y80mL4B1jUHb8uiIcbQBJ9zWyypJEdFYFUccpXxvMwZR8+AA==", + "dev": true, + "requires": { + "minimatch": "^3.0.4", + "mock-require": "^3.0.3", + "vscode-languageserver": "^5.2.1" + } + }, + "vscode-jsonrpc": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-4.0.0.tgz", + "integrity": "sha512-perEnXQdQOJMTDFNv+UF3h1Y0z4iSiaN9jIlb0OqIYgosPCZGYh/MCUlkFtV2668PL69lRDO32hmvL2yiidUYg==", + "dev": true + }, + "vscode-languageserver": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/vscode-languageserver/-/vscode-languageserver-5.2.1.tgz", + "integrity": "sha512-GuayqdKZqAwwaCUjDvMTAVRPJOp/SLON3mJ07eGsx/Iq9HjRymhKWztX41rISqDKhHVVyFM+IywICyZDla6U3A==", + "dev": true, + "requires": { + "vscode-languageserver-protocol": "3.14.1", + "vscode-uri": "^1.0.6" + } + }, + "vscode-languageserver-protocol": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.14.1.tgz", + "integrity": "sha512-IL66BLb2g20uIKog5Y2dQ0IiigW0XKrvmWiOvc0yXw80z3tMEzEnHjaGAb3ENuU7MnQqgnYJ1Cl2l9RvNgDi4g==", + "dev": true, + "requires": { + "vscode-jsonrpc": "^4.0.0", + "vscode-languageserver-types": "3.14.0" + } + }, + "vscode-languageserver-types": { + "version": "3.14.0", + "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.14.0.tgz", + "integrity": "sha512-lTmS6AlAlMHOvPQemVwo3CezxBp0sNB95KNPkqp3Nxd5VFEnuG1ByM0zlRWos0zjO3ZWtkvhal0COgiV1xIA4A==", + "dev": true + }, + "vscode-uri": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-1.0.8.tgz", + "integrity": "sha512-obtSWTlbJ+a+TFRYGaUumtVwb+InIUVI0Lu0VBUAPmj2cU5JutEXg3xUE0c2J5Tcy7h2DEKVJBFi+Y9ZSFzzPQ==", + "dev": true + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true } } diff --git a/include/envs.h b/include/envs.h index f4cdf390..46fc796b 100644 --- a/include/envs.h +++ b/include/envs.h @@ -68,6 +68,7 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_NO_OPTIMIZE", "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH", + "AFL_FRIDA_INST_NO_SUPPRESS" "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_REGS_FILE", "AFL_FRIDA_INST_SEED", -- cgit 1.4.1