mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 19:08:08 +00:00
utils/afl_frida is not 5% faster
This commit is contained in:
van Hauser
@ -26,6 +26,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
|
|||||||
- LLVM mode is now compiled with -j4, unicorn with all cores. qemu was
|
- LLVM mode is now compiled with -j4, unicorn with all cores. qemu was
|
||||||
already building with all cores, the gcc plugin needs only one.
|
already building with all cores, the gcc plugin needs only one.
|
||||||
- added dummy Makefile to instrumentation/
|
- added dummy Makefile to instrumentation/
|
||||||
|
- Updated utils/afl_frida to be 5% faster
|
||||||
|
|
||||||
|
|
||||||
### Version ++3.00c (release)
|
### Version ++3.00c (release)
|
||||||
|
|||||||
@ -61,55 +61,12 @@ static void *(*o_function)(uint8_t *, int);
|
|||||||
|
|
||||||
#include "frida-gum.h"
|
#include "frida-gum.h"
|
||||||
|
|
||||||
G_BEGIN_DECLS
|
|
||||||
|
|
||||||
#define GUM_TYPE_FAKE_EVENT_SINK (gum_fake_event_sink_get_type())
|
|
||||||
G_DECLARE_FINAL_TYPE(GumFakeEventSink, gum_fake_event_sink, GUM,
|
|
||||||
FAKE_EVENT_SINK, GObject)
|
|
||||||
|
|
||||||
struct _GumFakeEventSink {
|
|
||||||
|
|
||||||
GObject parent;
|
|
||||||
GumEventType mask;
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
GumEventSink *gum_fake_event_sink_new(void);
|
|
||||||
void gum_fake_event_sink_reset(GumFakeEventSink *self);
|
|
||||||
|
|
||||||
G_END_DECLS
|
|
||||||
|
|
||||||
static void gum_fake_event_sink_iface_init(gpointer g_iface,
|
|
||||||
gpointer iface_data);
|
|
||||||
static void gum_fake_event_sink_finalize(GObject *obj);
|
|
||||||
static GumEventType gum_fake_event_sink_query_mask(GumEventSink *sink);
|
|
||||||
static void gum_fake_event_sink_process(GumEventSink *sink, const GumEvent *ev);
|
|
||||||
void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output,
|
void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output,
|
||||||
gpointer user_data);
|
gpointer user_data);
|
||||||
void afl_setup(void);
|
void afl_setup(void);
|
||||||
void afl_start_forkserver(void);
|
void afl_start_forkserver(void);
|
||||||
int __afl_persistent_loop(unsigned int max_cnt);
|
int __afl_persistent_loop(unsigned int max_cnt);
|
||||||
|
|
||||||
static void gum_fake_event_sink_class_init(GumFakeEventSinkClass *klass) {
|
|
||||||
|
|
||||||
GObjectClass *object_class = G_OBJECT_CLASS(klass);
|
|
||||||
object_class->finalize = gum_fake_event_sink_finalize;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static void gum_fake_event_sink_iface_init(gpointer g_iface,
|
|
||||||
gpointer iface_data) {
|
|
||||||
|
|
||||||
GumEventSinkInterface *iface = (GumEventSinkInterface *)g_iface;
|
|
||||||
iface->query_mask = gum_fake_event_sink_query_mask;
|
|
||||||
iface->process = gum_fake_event_sink_process;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
G_DEFINE_TYPE_EXTENDED(GumFakeEventSink, gum_fake_event_sink, G_TYPE_OBJECT, 0,
|
|
||||||
G_IMPLEMENT_INTERFACE(GUM_TYPE_EVENT_SINK,
|
|
||||||
gum_fake_event_sink_iface_init))
|
|
||||||
|
|
||||||
#include "../../config.h"
|
#include "../../config.h"
|
||||||
|
|
||||||
// Shared memory fuzzing.
|
// Shared memory fuzzing.
|
||||||
@ -183,34 +140,6 @@ void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output,
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void gum_fake_event_sink_init(GumFakeEventSink *self) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static void gum_fake_event_sink_finalize(GObject *obj) {
|
|
||||||
|
|
||||||
G_OBJECT_CLASS(gum_fake_event_sink_parent_class)->finalize(obj);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
GumEventSink *gum_fake_event_sink_new(void) {
|
|
||||||
|
|
||||||
GumFakeEventSink *sink;
|
|
||||||
sink = (GumFakeEventSink *)g_object_new(GUM_TYPE_FAKE_EVENT_SINK, NULL);
|
|
||||||
return GUM_EVENT_SINK(sink);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
void gum_fake_event_sink_reset(GumFakeEventSink *self) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static GumEventType gum_fake_event_sink_query_mask(GumEventSink *sink) {
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
typedef struct library_list {
|
typedef struct library_list {
|
||||||
|
|
||||||
uint8_t *name;
|
uint8_t *name;
|
||||||
@ -402,11 +331,6 @@ library_list_t *find_library(char *name) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void gum_fake_event_sink_process(GumEventSink * sink,
|
|
||||||
const GumEvent *ev) {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Because this CAN be called more than once, it will return the LAST range */
|
/* Because this CAN be called more than once, it will return the LAST range */
|
||||||
static int enumerate_ranges(const GumRangeDetails *details,
|
static int enumerate_ranges(const GumRangeDetails *details,
|
||||||
gpointer user_data) {
|
gpointer user_data) {
|
||||||
@ -484,8 +408,6 @@ int main() {
|
|||||||
gum_stalker_transformer_make_from_callback(instr_basic_block,
|
gum_stalker_transformer_make_from_callback(instr_basic_block,
|
||||||
&instr_range, NULL);
|
&instr_range, NULL);
|
||||||
|
|
||||||
GumEventSink *event_sink = gum_fake_event_sink_new();
|
|
||||||
|
|
||||||
// to ensure that the signatures are not optimized out
|
// to ensure that the signatures are not optimized out
|
||||||
memcpy(__afl_area_ptr, (void *)AFL_PERSISTENT, sizeof(AFL_PERSISTENT) + 1);
|
memcpy(__afl_area_ptr, (void *)AFL_PERSISTENT, sizeof(AFL_PERSISTENT) + 1);
|
||||||
memcpy(__afl_area_ptr + 32, (void *)AFL_DEFER_FORKSVR,
|
memcpy(__afl_area_ptr + 32, (void *)AFL_DEFER_FORKSVR,
|
||||||
@ -497,7 +419,7 @@ int main() {
|
|||||||
// - put that here
|
// - put that here
|
||||||
//
|
//
|
||||||
|
|
||||||
gum_stalker_follow_me(stalker, transformer, event_sink);
|
gum_stalker_follow_me(stalker, transformer, NULL);
|
||||||
|
|
||||||
while (__afl_persistent_loop(UINT32_MAX) != 0) {
|
while (__afl_persistent_loop(UINT32_MAX) != 0) {
|
||||||
|
|
||||||
@ -533,7 +455,6 @@ int main() {
|
|||||||
|
|
||||||
g_object_unref(stalker);
|
g_object_unref(stalker);
|
||||||
g_object_unref(transformer);
|
g_object_unref(transformer);
|
||||||
g_object_unref(event_sink);
|
|
||||||
gum_deinit_embedded();
|
gum_deinit_embedded();
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Reference in New Issue
Block a user