ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Nyx mode

Browse Source
This commit is contained in:
Sergej Schumilo
2021-12-28 15:51:43 +01:00
parent f9d4dcdd85
commit 41291d8c72
11 changed files with 471 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/afl-fuzz-init.c
View File

@ -411,7 +411,11 @@ void bind_to_free_cpu(afl_state_t *afl) {
OKF("Found a free CPU core, try binding to #%u.", i);
if (bind_cpu(afl, i)) {
#ifdef __linux__
if(afl->fsrv.nyx_mode){
afl->fsrv.nyx_bind_cpu_id = i;
}
#endif
/* Success :) */
break;
@ -1090,6 +1094,11 @@ void perform_dry_run(afl_state_t *afl) {
FATAL("Unable to execute target application ('%s')", afl->argv[0]);
case FSRV_RUN_NOINST:
#ifdef __linux__
if(afl->fsrv.nyx_mode && afl->fsrv.nyx_runner != NULL){
afl->fsrv.nyx_handlers->nyx_shutdown(afl->fsrv.nyx_runner);
}
#endif
FATAL("No instrumentation detected");
case FSRV_RUN_NOBITS:
@ -2443,6 +2452,11 @@ void fix_up_sync(afl_state_t *afl) {
x = alloc_printf("%s/%s", afl->out_dir, afl->sync_id);
#ifdef __linux__
if(afl->fsrv.nyx_mode){
afl->fsrv.out_dir_path = afl->out_dir;
}
#endif
afl->sync_dir = afl->out_dir;
afl->out_dir = x;
@ -2580,6 +2594,19 @@ void check_binary(afl_state_t *afl, u8 *fname) {
if (strchr(fname, '/') || !(env_path = getenv("PATH"))) {
afl->fsrv.target_path = ck_strdup(fname);
#ifdef __linux__
if(afl->fsrv.nyx_mode){
/* check if target_path is a nyx sharedir */
if (stat(afl->fsrv.target_path, &st) || S_ISDIR(st.st_mode)){
char* tmp = alloc_printf("%s/config.ron", afl->fsrv.target_path);
if (stat(tmp, &st) || S_ISREG(st.st_mode)){
free(tmp);
return;
}
}
FATAL("Directory '%s' not found or is not a nyx share directory", afl->fsrv.target_path);
}
#endif
if (stat(afl->fsrv.target_path, &st) || !S_ISREG(st.st_mode) ||
!(st.st_mode & 0111) || (f_len = st.st_size) < 4) {
@ -2719,6 +2746,9 @@ void check_binary(afl_state_t *afl, u8 *fname) {
#endif /* ^!__APPLE__ */
if (!afl->fsrv.qemu_mode && !afl->fsrv.frida_mode && !afl->unicorn_mode &&
#ifdef __linux__
!afl->fsrv.nyx_mode &&
#endif
!afl->fsrv.cs_mode && !afl->non_instrumented_mode &&
!memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {