ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

write nyx crash logs to AFL++ work directory

Browse Source
This commit is contained in:
Sergej Schumilo
2022-03-04 05:41:40 +01:00
parent 7c9b7c0bc0
commit 0f7419fc91
4 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/forkserver.h
View File

@ -70,6 +70,7 @@ typedef struct {
enum NyxReturnValue (*nyx_exec)(void *qemu_process);
uint8_t *(*nyx_get_bitmap_buffer)(void *qemu_process);
size_t (*nyx_get_bitmap_buffer_size)(void *qemu_process);
uint32_t (*nyx_get_aux_string)(void *nyx_process, uint8_t *buffer, uint32_t size);
} nyx_plugin_handler_t;
@ -173,6 +174,7 @@ typedef struct afl_forkserver {
void * nyx_runner; /* nyx runner object */
u32 nyx_id; /* nyx runner id (0 -> master) */
u32 nyx_bind_cpu_id; /* nyx runner cpu id */
char* nyx_aux_string;
#endif
} afl_forkserver_t;

8
src/afl-forkserver.c
View File

@ -450,6 +450,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0);
fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner);
fsrv->nyx_aux_string = malloc(0x1000);
memset(fsrv->nyx_aux_string, 0, 0x1000);
/* dry run */
fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4);
switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) {
@ -1253,7 +1256,10 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) {
fsrv->child_pid = -1;
#ifdef __linux__
if (fsrv->nyx_mode) { fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); }
if (fsrv->nyx_mode) {
free(fsrv->nyx_aux_string);
fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner);
}
#endif
}

14
src/afl-fuzz-bitmap.c
View File

@ -771,6 +771,20 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
ck_write(fd, mem, len, fn);
close(fd);
if(afl->fsrv.nyx_mode && fault == FSRV_RUN_CRASH) {
u8 fn_log[PATH_MAX];
snprintf(fn_log, PATH_MAX, "%s.log", fn);
fd = open(fn_log, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); }
u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string(afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000);
ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log);
close(fd);
}
return keeping;
}

4
src/afl-fuzz.c
View File

@ -468,6 +468,10 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
dlsym(handle, "nyx_get_bitmap_buffer_size");
if (plugin->nyx_get_bitmap_buffer_size == NULL) { goto fail; }
plugin->nyx_get_aux_string =
dlsym(handle, "nyx_get_aux_string");
if (plugin->nyx_get_aux_string == NULL) { goto fail; }
OKF("libnyx plugin is ready!");
return plugin;