From 39ad3b89467d6de12cbb9d08ccd77d331c0d1f9e Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 28 Apr 2021 09:25:26 +0100 Subject: Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name --- frida_mode/test/cmplog/GNUmakefile | 66 +++++++++++++ frida_mode/test/cmplog/Makefile | 12 +++ frida_mode/test/cmplog/get_section_addrs.py | 49 ++++++++++ frida_mode/test/png/GNUmakefile | 106 ++++++++++++++++++++ frida_mode/test/png/Makefile | 12 +++ frida_mode/test/png/persistent/GNUmakefile | 54 +++++++++++ frida_mode/test/png/persistent/Makefile | 12 +++ frida_mode/test/png/persistent/get_symbol_addr.py | 36 +++++++ frida_mode/test/png/persistent/hook/GNUmakefile | 70 ++++++++++++++ frida_mode/test/png/persistent/hook/Makefile | 12 +++ frida_mode/test/testinstr.c | 112 ---------------------- frida_mode/test/testinstr.py | 49 ---------- frida_mode/test/testinstr/GNUmakefile | 50 ++++++++++ frida_mode/test/testinstr/Makefile | 12 +++ frida_mode/test/testinstr/testinstr.c | 112 ++++++++++++++++++++++ 15 files changed, 603 insertions(+), 161 deletions(-) create mode 100644 frida_mode/test/cmplog/GNUmakefile create mode 100644 frida_mode/test/cmplog/Makefile create mode 100755 frida_mode/test/cmplog/get_section_addrs.py create mode 100644 frida_mode/test/png/GNUmakefile create mode 100644 frida_mode/test/png/Makefile create mode 100644 frida_mode/test/png/persistent/GNUmakefile create mode 100644 frida_mode/test/png/persistent/Makefile create mode 100755 frida_mode/test/png/persistent/get_symbol_addr.py create mode 100644 frida_mode/test/png/persistent/hook/GNUmakefile create mode 100644 frida_mode/test/png/persistent/hook/Makefile delete mode 100644 frida_mode/test/testinstr.c delete mode 100755 frida_mode/test/testinstr.py create mode 100644 frida_mode/test/testinstr/GNUmakefile create mode 100644 frida_mode/test/testinstr/Makefile create mode 100644 frida_mode/test/testinstr/testinstr.c (limited to 'frida_mode/test') diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile new file mode 100644 index 00000000..c203fc5e --- /dev/null +++ b/frida_mode/test/cmplog/GNUmakefile @@ -0,0 +1,66 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../)/ +BUILD_DIR:=$(PWD)build/ + +TEST_CMPLOG_DIR:=$(ROOT)qemu_mode/libcompcov/ +TEST_CMPLOG_OBJ=$(TEST_CMPLOG_DIR)compcovtest + +TEST_BIN:=$(PWD)../../build/test + + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +CMP_LOG_INPUT:=$(TEST_DATA_DIR)in +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(CMP_LOG_INPUT): | $(TEST_DATA_DIR) + truncate -s 64 $@ + +$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc + make -C $(TEST_CMPLOG_DIR) compcovtest + +qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -c 0 \ + -l 3AT \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + +frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -c 0 \ + -l 3AT \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + +clean: + rm -rf $(BUILD_DIR) \ No newline at end of file diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/cmplog/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/cmplog/get_section_addrs.py b/frida_mode/test/cmplog/get_section_addrs.py new file mode 100755 index 00000000..f648808b --- /dev/null +++ b/frida_mode/test/cmplog/get_section_addrs.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 +import argparse +from elftools.elf.elffile import ELFFile + + +def process_file(file, section, base): + with open(file, "rb") as f: + for sect in ELFFile(f).iter_sections(): + if sect.name == section: + start = base + sect.header["sh_offset"] + end = start + sect.header["sh_size"] + print("0x%016x-0x%016x" % (start, end)) + return + + print("Section '%s' not found in '%s'" % (section, file)) + + +def hex_value(x): + return int(x, 16) + + +def main(): + parser = argparse.ArgumentParser(description="Process some integers.") + parser.add_argument( + "-f", "--file", dest="file", type=str, help="elf file name", required=True + ) + parser.add_argument( + "-s", + "--section", + dest="section", + type=str, + help="elf section name", + required=True, + ) + parser.add_argument( + "-b", + "--base", + dest="base", + type=hex_value, + help="elf base address", + required=True, + ) + + args = parser.parse_args() + process_file(args.file, args.section, args.base) + + +if __name__ == "__main__": + main() diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile new file mode 100644 index 00000000..c381f5ab --- /dev/null +++ b/frida_mode/test/png/GNUmakefile @@ -0,0 +1,106 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +LIBPNG_BUILD_DIR:=$(BUILD_DIR)libpng/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ + +LIBPNG_FILE:=$(LIBPNG_BUILD_DIR)libpng-1.2.56.tar.gz +LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz +LIBPNG_DIR:=$(LIBPNG_BUILD_DIR)libpng-1.2.56/ +LIBPNG_MAKEFILE:=$(LIBPNG_DIR)Makefile +LIBPNG_LIB:=$(LIBPNG_DIR).libs/libpng12.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +PNGTEST_FILE:=$(PNGTEST_BUILD_DIR)target.cc +PNGTEST_OBJ:=$(PNGTEST_BUILD_DIR)target.o +PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" + +TEST_BIN:=$(BUILD_DIR)test + +TEST_DATA_DIR:=$(LIBPNG_DIR)contrib/pngsuite/ + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) -o $@ -c $< + +######### PNGTEST ######## + +$(PNGTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PNGTEST_FILE): | $(PNGTEST_BUILD_DIR) + wget -O $@ $(PNGTEST_URL) + +$(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) + $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< + +######### LIBPNG ######## + +$(LIBPNG_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPNG_FILE): | $(LIBPNG_BUILD_DIR) + wget -O $@ $(LIBPNG_URL) + +$(LIBPNG_DIR): $(LIBPNG_FILE) + tar zxvf $(LIBPNG_FILE) -C $(LIBPNG_BUILD_DIR) + +$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) + cd $(LIBPNG_DIR) && ./configure + +$(LIBPNG_LIB): $(LIBPNG_MAKEFILE) + make -C $(LIBPNG_DIR) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) + $(CXX) \ + -o $@ \ + $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ + -lz \ + $(TEST_LDFLAGS) + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida: $(TEST_BIN) + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile new file mode 100644 index 00000000..25ddc782 --- /dev/null +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -0,0 +1,54 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../..)/ +BUILD_DIR:=$(PWD)build/ + +TEST_BIN:=$(PWD)../build/test +TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/test/png/ + +$(BUILD_DIR): + mkdir -p $@ + +qemu: | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida: | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +clean: + rm -rf $(BUILD_DIR) \ No newline at end of file diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/persistent/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/png/persistent/get_symbol_addr.py b/frida_mode/test/png/persistent/get_symbol_addr.py new file mode 100755 index 00000000..6458c212 --- /dev/null +++ b/frida_mode/test/png/persistent/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) \ No newline at end of file diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile new file mode 100644 index 00000000..2457287d --- /dev/null +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -0,0 +1,70 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_DIR=$(ROOT)utils/aflpp_driver/ +AFLPP_DRIVER_HOOK_OBJ=$(AFLPP_DRIVER_HOOK_DIR)aflpp_qemu_driver_hook.so + +TEST_BIN:=$(PWD)../../build/test +TEST_DATA_DIR:=../../build/libpng/libpng-1.2.56/contrib/pngsuite/ + +AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/test/png/persistent/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) + truncate -s 1M $@ + +$(AFLPP_DRIVER_HOOK_OBJ): | $(AFLPP_DRIVER_HOOK_DIR) + make -C $(AFLPP_DRIVER_HOOK_DIR) + +qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)/afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +clean: + rm -rf $(BUILD_DIR) + diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr.c b/frida_mode/test/testinstr.c deleted file mode 100644 index 37d47f91..00000000 --- a/frida_mode/test/testinstr.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - american fuzzy lop++ - a trivial program to test the build - -------------------------------------------------------- - Originally written by Michal Zalewski - Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 - */ - -#include -#include -#include -#include -#include - -#ifdef __APPLE__ - #define TESTINSTR_SECTION -#else - #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) -#endif - -TESTINSTR_SECTION void testinstr(char *buf, int len) { - - if (len < 1) return; - buf[len] = 0; - - // we support three input cases - if (buf[0] == '0') - printf("Looks like a zero to me!\n"); - else if (buf[0] == '1') - printf("Pretty sure that is a one!\n"); - else - printf("Neither one or zero? How quaint!\n"); - -} - -int main(int argc, char **argv) { - - char * file; - int fd = -1; - off_t len; - char * buf = NULL; - size_t n_read; - int result = -1; - - if (argc != 2) { return 1; } - - do { - - file = argv[1]; - - dprintf(STDERR_FILENO, "Running: %s\n", file); - - fd = open(file, O_RDONLY); - if (fd < 0) { - - perror("open"); - break; - - } - - len = lseek(fd, 0, SEEK_END); - if (len < 0) { - - perror("lseek (SEEK_END)"); - break; - - } - - if (lseek(fd, 0, SEEK_SET) != 0) { - - perror("lseek (SEEK_SET)"); - break; - - } - - buf = malloc(len); - if (buf == NULL) { - - perror("malloc"); - break; - - } - - n_read = read(fd, buf, len); - if (n_read != len) { - - perror("read"); - break; - - } - - dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); - - testinstr(buf, len); - dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); - - result = 0; - - } while (false); - - if (buf != NULL) { free(buf); } - - if (fd != -1) { close(fd); } - - return result; - -} - diff --git a/frida_mode/test/testinstr.py b/frida_mode/test/testinstr.py deleted file mode 100755 index f648808b..00000000 --- a/frida_mode/test/testinstr.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python3 -import argparse -from elftools.elf.elffile import ELFFile - - -def process_file(file, section, base): - with open(file, "rb") as f: - for sect in ELFFile(f).iter_sections(): - if sect.name == section: - start = base + sect.header["sh_offset"] - end = start + sect.header["sh_size"] - print("0x%016x-0x%016x" % (start, end)) - return - - print("Section '%s' not found in '%s'" % (section, file)) - - -def hex_value(x): - return int(x, 16) - - -def main(): - parser = argparse.ArgumentParser(description="Process some integers.") - parser.add_argument( - "-f", "--file", dest="file", type=str, help="elf file name", required=True - ) - parser.add_argument( - "-s", - "--section", - dest="section", - type=str, - help="elf section name", - required=True, - ) - parser.add_argument( - "-b", - "--base", - dest="base", - type=hex_value, - help="elf base address", - required=True, - ) - - args = parser.parse_args() - process_file(args.file, args.section, args.base) - - -if __name__ == "__main__": - main() diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile new file mode 100644 index 00000000..9aa24ee5 --- /dev/null +++ b/frida_mode/test/testinstr/GNUmakefile @@ -0,0 +1,50 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/testinstr/Makefile b/frida_mode/test/testinstr/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/testinstr/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr/testinstr.c b/frida_mode/test/testinstr/testinstr.c new file mode 100644 index 00000000..5e26fc46 --- /dev/null +++ b/frida_mode/test/testinstr/testinstr.c @@ -0,0 +1,112 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + -- cgit 1.4.1