From 770e868d04c0f52a1c57e5471e459dd24a002748 Mon Sep 17 00:00:00 2001
From: yangzao <yangzaocn@outlook.com>
Date: Fri, 24 Nov 2023 11:06:06 -0700
Subject: add custom_post_run.c

---
 include/afl-fuzz.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'include/afl-fuzz.h')

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 8112d430..7e91dc03 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -1020,6 +1020,18 @@ struct custom_mutator {
    */
   void (*afl_custom_fuzz_send)(void *data, const u8 *buf, size_t buf_size);
 
+  /**
+   * This method can be used if you want to run some code or scripts each time
+   * AFL++ executes the target with afl-fuzz.
+   *
+   * (Optional)
+   *
+   * @param data pointer returned in afl_custom_init by this custom mutator
+   * @param buf Buffer containing the test case
+   * @param buf_size Size of the test case
+   */
+  void (*afl_custom_post_run)(void *data, const u8 *buf, size_t buf_size);
+
   /**
    * Allow for additional analysis (e.g. calling a different tool that does a
    * different kind of coverage and saves this for the custom mutator).
-- 
cgit 1.4.1


From 8af74bcaeebbe2407006333024d8803baacdb4e2 Mon Sep 17 00:00:00 2001
From: yangzao <yangzaocn@outlook.com>
Date: Fri, 24 Nov 2023 22:47:50 -0700
Subject: update afl-fuzz-run

---
 custom_mutators/examples/custom_post_run.c |  6 +++---
 include/afl-fuzz.h                         |  4 +---
 src/afl-fuzz-run.c                         | 19 ++++++++++++++++++-
 3 files changed, 22 insertions(+), 7 deletions(-)

(limited to 'include/afl-fuzz.h')

diff --git a/custom_mutators/examples/custom_post_run.c b/custom_mutators/examples/custom_post_run.c
index 073aac96..828216ea 100644
--- a/custom_mutators/examples/custom_post_run.c
+++ b/custom_mutators/examples/custom_post_run.c
@@ -2,10 +2,10 @@
 // This is an example on how to use afl_custom_post_run
 // It executes custom code each time after AFL++ executes the target
 //
-// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c /////////////////////to_be_edited
+// cc -O3 -fPIC -shared -g -o custom_post_run.so -I../../include custom_post_run.c
 // cd ../..
 // afl-cc -o test-instr test-instr.c
-// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \
+// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_post_run.so \
 //   afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo
 //
 
@@ -39,7 +39,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
 
 }
 
-void afl_custom_post_run(my_mutator_t *data, uint8_t *buf, size_t buf_size) {
+void afl_custom_post_run(my_mutator_t *data) {
 
   printf("hello from afl_custom_post_run\n");
   return;
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 7e91dc03..94f48009 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -1027,10 +1027,8 @@ struct custom_mutator {
    * (Optional)
    *
    * @param data pointer returned in afl_custom_init by this custom mutator
-   * @param buf Buffer containing the test case
-   * @param buf_size Size of the test case
    */
-  void (*afl_custom_post_run)(void *data, const u8 *buf, size_t buf_size);
+  void (*afl_custom_post_run)(void *data);
 
   /**
    * Allow for additional analysis (e.g. calling a different tool that does a
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 29cc5352..ac346b86 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -60,7 +60,7 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
 
   fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon);
 
-  
+  post_run(afl);
 
 #ifdef PROFILING
   clock_gettime(CLOCK_REALTIME, &spec);
@@ -1113,3 +1113,20 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
 }
 
+/* Run some code each time scripts each time AFL++ executes the target
+   with afl-fuzz. */
+
+void post_run(afl_state_t *afl) {
+  if (unlikely(afl->custom_mutators_count)) {
+
+      LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
+
+        if (el->afl_custom_post_run) {
+
+          el->afl_custom_post_run(el->data);
+
+        }
+
+      });
+    }
+}
\ No newline at end of file
-- 
cgit 1.4.1


From faedb3fb29186c29a4f0cf28daa5d07350ed8094 Mon Sep 17 00:00:00 2001
From: yangzao <yangzaocn@outlook.com>
Date: Sat, 25 Nov 2023 21:18:32 -0700
Subject: update python module

---
 custom_mutators/examples/example.py |  5 +++++
 include/afl-fuzz.h                  |  2 ++
 src/afl-fuzz-python.c               | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+)

(limited to 'include/afl-fuzz.h')

diff --git a/custom_mutators/examples/example.py b/custom_mutators/examples/example.py
index 3a6d22e4..830f302f 100644
--- a/custom_mutators/examples/example.py
+++ b/custom_mutators/examples/example.py
@@ -133,6 +133,11 @@ def fuzz(buf, add_buf, max_size):
 #     @return: The buffer containing the test case after
 #     '''
 #     return buf
+# def post_run():
+#     '''
+#     Called after each time the execution of the target program by AFL++
+#     '''
+#     pass
 #
 # def havoc_mutation(buf, max_size):
 #     '''
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 94f48009..f1813df6 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -345,6 +345,7 @@ enum {
   /* 13 */ PY_FUNC_DESCRIBE,
   /* 14 */ PY_FUNC_FUZZ_SEND,
   /* 15 */ PY_FUNC_SPLICE_OPTOUT,
+  /* 16 */ PY_FUNC_POST_RUN,
   PY_FUNC_COUNT
 
 };
@@ -1085,6 +1086,7 @@ void                   finalize_py_module(void *);
 
 u32         fuzz_count_py(void *, const u8 *, size_t);
 void        fuzz_send_py(void *, const u8 *, size_t);
+void        post_run_py(void *);
 size_t      post_process_py(void *, u8 *, size_t, u8 **);
 s32         init_trim_py(void *, u8 *, size_t);
 s32         post_trim_py(void *, u8);
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c
index 7dad0770..1b287405 100644
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@@ -249,6 +249,8 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
         PyObject_GetAttrString(py_module, "queue_get");
     py_functions[PY_FUNC_FUZZ_SEND] =
         PyObject_GetAttrString(py_module, "fuzz_send");
+    py_functions[PY_FUNC_POST_RUN] =
+        PyObject_GetAttrString(py_module, "post_run");
     py_functions[PY_FUNC_SPLICE_OPTOUT] =
         PyObject_GetAttrString(py_module, "splice_optout");
     if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { afl->custom_splice_optout = 1; }
@@ -468,6 +470,12 @@ struct custom_mutator *load_custom_mutator_py(afl_state_t *afl,
 
   }
 
+  if (py_functions[PY_FUNC_POST_RUN]) {
+
+    mutator->afl_custom_post_run = post_run_py;
+
+  }
+
   if (py_functions[PY_FUNC_SPLICE_OPTOUT]) {
 
     mutator->afl_custom_splice_optout = splice_optout_py;
@@ -925,6 +933,30 @@ void fuzz_send_py(void *py_mutator, const u8 *buf, size_t buf_size) {
 
 }
 
+void post_run_py(void *py_mutator) {
+
+  PyObject *py_args, *py_value;
+
+  py_args = PyTuple_New(0);
+  py_value = PyObject_CallObject(
+      ((py_mutator_t *)py_mutator)
+          ->py_functions[PY_FUNC_POST_RUN],
+      py_args);
+  Py_DECREF(py_args);
+
+  if (py_value != NULL) {
+
+    Py_DECREF(py_value);
+
+  } else {
+
+    PyErr_Print();
+    FATAL("Call failed");
+
+  }
+
+}
+
 u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
                       const u8 *filename_orig_queue) {
 
-- 
cgit 1.4.1