PWD:=$(shell pwd)/
ROOT:=$(PWD)../../../
BUILD_DIR:=$(PWD)build/
TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/
TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in
AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)dummy.dat

HARNESS_BIN:=$(BUILD_DIR)harness
HARNESS_SRC:=$(PWD)harness.c

HARNESS2_BIN:=$(BUILD_DIR)harness2
HARNESS2_SRC:=$(PWD)harness2.c

LIB_BIN:=$(BUILD_DIR)libcrashme.dylib
LIB_SRC:=$(PWD)lib.c

QEMU_OUT:=$(BUILD_DIR)qemu-out
FRIDA_OUT:=$(BUILD_DIR)frida-out

HARNESS_LDFLAGS:=-Wl,-no_pie
LIB_CFLAGS:=-dynamiclib

GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh
AFL_FRIDA_MAIN_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) main 0x0)
AFL_FRIDA_FUZZ_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) LLVMFuzzerTestOneInput 0x0)
AFL_FRIDA_FUZZ_ADDR2=$(shell $(GET_SYMBOL_ADDR) $(HARNESS2_BIN) LLVMFuzzerTestOneInput 0x0)

AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so

TEST_FILE:=$(BUILD_DIR)test.dat

.PHONY: all clean qemu frida

all: $(HARNESS_BIN) $(LIB_BIN)
	make -C $(ROOT)frida_mode/

$(BUILD_DIR):
	mkdir -p $@

$(TESTINSTR_DATA_DIR): | $(BUILD_DIR)
	mkdir -p $@

$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR)
	echo -n "$$FA$$" > $@

$(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR)
	truncate -s 1M $@

$(HARNESS_BIN): $(HARNESS_SRC) | $(BUILD_DIR)
	$(CC) $(CFLAGS) $(LDFLAGS) $(HARNESS_LDFLAGS) -o $@ $<

$(LIB_BIN): $(LIB_SRC) | $(BUILD_DIR)
	$(CC) $(CFLAGS) $(LDFLAGS) $(LIB_CFLAGS) -o $@ $<

$(HARNESS2_BIN): $(HARNESS2_SRC) $(LIB_BIN) | $(BUILD_DIR)
	$(CC) $(CFLAGS) $(LDFLAGS) $(HARNESS_LDFLAGS) -L$(BUILD_DIR) -lcrashme -o $@ $<

clean:
	rm -rf $(BUILD_DIR)

.ONESHELL:
frida_persistent: $(HARNESS_BIN) $(LIB_BIN) $(TESTINSTR_DATA_FILE)
	cd $(BUILD_DIR) && \
	AFL_INST_LIBS=1 \
	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_MAIN_ADDR) \
	AFL_FRIDA_PERSISTENT_CNT=1000000 \
	AFL_ENTRYPOINT=$(AFL_FRIDA_MAIN_ADDR) \
	$(ROOT)afl-fuzz \
		-D \
		-O \
		-i $(TESTINSTR_DATA_DIR) \
		-o $(FRIDA_OUT) \
		-f $(TEST_FILE) \
		-- \
			$(HARNESS_BIN) $(TEST_FILE)

.ONESHELL:
frida_persistent_hook: $(HARNESS_BIN) $(LIB_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) $(TESTINSTR_DATA_FILE)
	cd $(BUILD_DIR) && \
	AFL_INST_LIBS=1 \
	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_FUZZ_ADDR) \
	AFL_FRIDA_PERSISTENT_CNT=1000000 \
	AFL_ENTRYPOINT=$(AFL_FRIDA_FUZZ_ADDR) \
	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
	AFL_FRIDA_INST_RANGES=libcrashme.dylib,harness \
	$(ROOT)afl-fuzz \
		-D \
		-O \
		-i $(TESTINSTR_DATA_DIR) \
		-o $(FRIDA_OUT) \
		-- \
			$(HARNESS_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)

.ONESHELL:
frida_persistent_hook2: $(HARNESS2_BIN) $(LIB_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) $(TESTINSTR_DATA_FILE)
	cd $(BUILD_DIR) && \
	AFL_INST_LIBS=1 \
	AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_FUZZ_ADDR2) \
	AFL_FRIDA_PERSISTENT_CNT=1000000 \
	AFL_ENTRYPOINT=$(AFL_FRIDA_FUZZ_ADDR2) \
	AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \
	AFL_FRIDA_INST_RANGES=libcrashme.dylib,harness2 \
	$(ROOT)afl-fuzz \
		-D \
		-O \
		-i $(TESTINSTR_DATA_DIR) \
		-o $(FRIDA_OUT) \
		-- \
			$(HARNESS2_BIN) $(AFLPP_DRIVER_DUMMY_INPUT)