From eb5bf85c86ed788539758f54ff1a3c6b22af40c2 Mon Sep 17 00:00:00 2001 From: talos-vulndev Date: Fri, 8 Apr 2016 18:11:31 -0700 Subject: initial checkin --- libAflDyninst.cpp | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 libAflDyninst.cpp (limited to 'libAflDyninst.cpp') diff --git a/libAflDyninst.cpp b/libAflDyninst.cpp new file mode 100644 index 0000000..514144f --- /dev/null +++ b/libAflDyninst.cpp @@ -0,0 +1,83 @@ +#include +#include +#include +#include +#include +#include +#include "config.h" +#include +#include +#include +#include +#include +#include + +using namespace std; + + +static u8* trace_bits; +static s32 shm_id; /* ID of the SHM region */ +static int __afl_temp_data; +static pid_t __afl_fork_pid; +static unsigned short prev_id; + + +void initAflForkServer() +{ + char *shm_env_var = getenv(SHM_ENV_VAR); + if(!shm_env_var) { + printf("Error getting shm\n"); + return; + } + shm_id = atoi(shm_env_var); + trace_bits = (u8*)shmat(shm_id, NULL, 0); + if(trace_bits == (u8*)-1) { + perror("shmat"); + return; + } + + // enter fork() server thyme! + int n = write(FORKSRV_FD+1, &__afl_temp_data,4); + if( n!=4 ) { + printf("Error writting fork server\n"); + return; + } + while(1) { + n = read(FORKSRV_FD,&__afl_temp_data,4); + if(n != 4) { + printf("Error reading fork server %x\n",__afl_temp_data); + return; + } + + __afl_fork_pid = fork(); + if(__afl_fork_pid < 0) { + printf("Error on fork()\n"); + return; + } + if(__afl_fork_pid == 0) { + close(FORKSRV_FD); + close(FORKSRV_FD+1); + break; + } else { + // parrent stuff + n = write(FORKSRV_FD+1,&__afl_fork_pid, 4); + pid_t temp_pid = waitpid(__afl_fork_pid,&__afl_temp_data,2); + if(temp_pid == 0) { + return; + } + n = write(FORKSRV_FD+1,&__afl_temp_data,4); + } + + } + +} + + +// Should be called on basic block entry +void bbCallback(unsigned short id) +{ + if(trace_bits) { + trace_bits[prev_id ^ id]++; + prev_id = id >> 1; + } +} -- cgit 1.4.1