diff options
| author | van Hauser <vh@thc.org> | 2018-03-01 10:37:42 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2018-03-01 10:37:42 +0100 |
| commit | 004d0b084fa51dbf10da19d83859c0500f57dfbd (patch) | |
| tree | 83470d2206c9e7ab36d6fc1b733ea8f85c27983b | |
| parent | c1e6ecb1653611a50a835ee920dec1b605c809dc (diff) | |
| download | afl-dyninst-004d0b084fa51dbf10da19d83859c0500f57dfbd.tar.gz | |
stdout/stderr fix
| -rw-r--r-- | AUTHORS | 2 | ||||
| -rw-r--r-- | CHANGES | 1 | ||||
| -rwxr-xr-x | afl-fuzz.sh | 5 | ||||
| -rw-r--r-- | libAflDyninst.cpp | 23 |
4 files changed, 14 insertions, 17 deletions
diff --git a/AUTHORS b/AUTHORS index 4016c17..cc113dc 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,5 +2,5 @@ This code was developed as part of a project with the Cisco Talos VULNDEV Team Authors: Aleksandar Nikolic <anikolich@sourcefire.com> - van Hauser <vh@thc.org> + Marc "van Hauser" Heuse <mh@mh-sec.de> || <vh@thc.org> diff --git a/CHANGES b/CHANGES index b9d86e3..550a845 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog ========= vh@thc.org / https://github.com/vanhauser-thc/afl-dyninst: + - Fix for programs that were unable to print to stdout after instrumentation - added -f switch to fix a bug in dyninst where sometimes the edi/rdi register is not saved which is used in the instrumentation function when a function is using edi/rdi for parameter passing diff --git a/afl-fuzz.sh b/afl-fuzz.sh index c9986c6..bb10a95 100755 --- a/afl-fuzz.sh +++ b/afl-fuzz.sh @@ -2,5 +2,8 @@ test -z "$1" -o "$1" = "-h" && { echo Syntax: $0 afl-fuzz-options ; echo sets the afl-dyninst environment variables ; exit 1 ; } export AFL_SKIP_BIN_CHECK=1 export DYNINSTAPI_RT_LIB=/usr/local/lib/libdyninstAPI_RT.so -#export AFL_PRELOAD=./desock.so +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:. +export AFL_EXIT_WHEN_DONE=1 +#export AFL_TMPDIR=/run/$$ +#export AFL_PRELOAD=./desock.so:./libdislocator/libdislocator.so afl-fuzz $* diff --git a/libAflDyninst.cpp b/libAflDyninst.cpp index ef9d046..3374010 100644 --- a/libAflDyninst.cpp +++ b/libAflDyninst.cpp @@ -22,36 +22,39 @@ static unsigned short prev_id; static long saved_di; register long rdi asm("di"); // the warning is fine - we need the warning because of a bug in dyninst +#define PRINT_ERROR(string) write(2, string, strlen(string)) + void initAflForkServer() { + // we can not use fprint* stdout/stderr functions here, it fucks up some programs char *shm_env_var = getenv(SHM_ENV_VAR); if (!shm_env_var) { - printf("Error getting shm\n"); + PRINT_ERROR("Error getting shm\n"); return; } shm_id = atoi(shm_env_var); trace_bits = (u8 *) shmat(shm_id, NULL, 0); if (trace_bits == (u8 *) - 1) { - perror("shmat"); + PRINT_ERROR("Error: shmat\n"); return; } // enter fork() server thyme! int n = write(FORKSRV_FD + 1, &__afl_temp_data, 4); if (n != 4) { - printf("Error writting fork server\n"); + PRINT_ERROR("Error writting fork server\n"); return; } while (1) { n = read(FORKSRV_FD, &__afl_temp_data, 4); if (n != 4) { - printf("Error reading fork server %x\n", __afl_temp_data); + PRINT_ERROR("Error reading fork server\n"); return; } __afl_fork_pid = fork(); if (__afl_fork_pid < 0) { - printf("Error on fork()\n"); + PRINT_ERROR("Error on fork()\n"); return; } if (__afl_fork_pid == 0) { @@ -81,18 +84,8 @@ void bbCallback(unsigned short id) { void save_rdi() { saved_di = rdi; -/* - asm("pop %rax"); // take care of rip - asm("push %rdi"); - asm("push %rax"); -*/ } void restore_rdi() { rdi = saved_di; -/* - asm("pop %rax"); // take care of rip - asm("pop %rdi"); - asm("push %rax"); -*/ } |