ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

hidden -Y option for nyx, code format

Browse Source
This commit is contained in:
vanhauser-thc
2023-04-16 12:42:32 +02:00
parent 87b9dc4ba0
commit 56f7e3aa08
10 changed files with 245 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
afl-cmin
View File

@ -124,9 +124,9 @@ function usage() {
"AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the forkserver to come up\n" \
"AFL_KEEP_TRACES: leave the temporary <out_dir>/.traces directory\n" \
"AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)\n" \
"AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on termination\n" \
" (default: SIGTERM). If this is not set and AFL_KILL_SIGNAL is set,\n" \
" this will be set to the same value as AFL_KILL_SIGNAL.\n" \
"AFL_FORK_SERVER_KILL_SIGNAL: Signal delivered to fork server processes on\n" \
" termination (default: SIGTERM). If this is not set and AFL_KILL_SIGNAL is\n" \
" set, this will be set to the same value as AFL_KILL_SIGNAL.\n" \
"AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" \
"AFL_CMIN_ALLOW_ANY: write tuples for crashing inputs also\n" \
"AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH\n" \
@ -157,7 +157,7 @@ BEGIN {
# process options
Opterr = 1 # default is to diagnose
Optind = 1 # skip ARGV[0]
while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eACOQUX?")) != -1) {
while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eACOQUXY?")) != -1) {
if (_go_c == "i") {
if (!Optarg) usage()
if (in_dir) { print "Option "_go_c" is only allowed once" > "/dev/stderr"}
@ -219,7 +219,7 @@ BEGIN {
unicorn_mode = 1
continue
} else
if (_go_c == "X") {
if (_go_c == "X" || _go_c == "Y") {
if (nyx_mode) { print "Option "_go_c" is only allowed once" > "/dev/stderr"}
extra_par = extra_par " -X"
nyx_mode = 1

30
afl-cmin.bash
View File

@ -53,7 +53,7 @@ unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \
export AFL_QUIET=1
while getopts "+i:o:f:m:t:eOQUACh" opt; do
while getopts "+i:o:f:m:t:eOQUAChXY" opt; do
case "$opt" in
@ -94,6 +94,14 @@ while getopts "+i:o:f:m:t:eOQUACh" opt; do
EXTRA_PAR="$EXTRA_PAR -Q"
QEMU_MODE=1
;;
"Y")
EXTRA_PAR="$EXTRA_PAR -X"
NYX_MODE=1
;;
"X")
EXTRA_PAR="$EXTRA_PAR -X"
NYX_MODE=1
;;
"U")
EXTRA_PAR="$EXTRA_PAR -U"
UNICORN_MODE=1
@ -128,6 +136,7 @@ Execution control settings:
-O - use binary-only instrumentation (FRIDA mode)
-Q - use binary-only instrumentation (QEMU mode)
-U - use unicorn-based instrumentation (Unicorn mode)
-X - use Nyx mode
Minimization settings:
@ -206,17 +215,20 @@ if [ ! "$TIMEOUT" = "none" ]; then
fi
if [ ! -f "$TARGET_BIN" -o ! -x "$TARGET_BIN" ]; then
if [ "$NYX_MODE" = "" ]; then
if [ ! -f "$TARGET_BIN" -o ! -x "$TARGET_BIN" ]; then
TNEW="`which "$TARGET_BIN" 2>/dev/null`"
TNEW="`which "$TARGET_BIN" 2>/dev/null`"
if [ ! -f "$TNEW" -o ! -x "$TNEW" ]; then
echo "[-] Error: binary '$TARGET_BIN' not found or not executable." 1>&2
exit 1
fi
TARGET_BIN="$TNEW"
if [ ! -f "$TNEW" -o ! -x "$TNEW" ]; then
echo "[-] Error: binary '$TARGET_BIN' not found or not executable." 1>&2
exit 1
fi
TARGET_BIN="$TNEW"
fi
grep -aq AFL_DUMP_MAP_SIZE "./$TARGET_BIN" && {
@ -228,7 +240,7 @@ grep -aq AFL_DUMP_MAP_SIZE "./$TARGET_BIN" && {
}
}
if [ "$AFL_SKIP_BIN_CHECK" = "" -a "$QEMU_MODE" = "" -a "$FRIDA_MODE" = "" -a "$UNICORN_MODE" = "" ]; then
if [ "$AFL_SKIP_BIN_CHECK" = "" -a "$QEMU_MODE" = "" -a "$FRIDA_MODE" = "" -a "$UNICORN_MODE" = "" -a "$NYX_MODE" = "" ]; then
if ! grep -qF "__AFL_SHM_ID" "$TARGET_BIN"; then
echo "[-] Error: binary '$TARGET_BIN' doesn't appear to be instrumented." 1>&2

4
include/common.h
View File

@ -149,8 +149,8 @@ void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle,
#ifdef __linux__
/* Nyx helper functions to create and remove tmp workdirs */
char* create_nyx_tmp_workdir(void);
void remove_nyx_tmp_workdir(afl_forkserver_t *fsrv, char* nyx_out_dir_path);
char *create_nyx_tmp_workdir(void);
void remove_nyx_tmp_workdir(afl_forkserver_t *fsrv, char *nyx_out_dir_path);
#endif
#endif

13
include/forkserver.h
View File

@ -52,20 +52,25 @@ typedef enum NyxReturnValue {
} NyxReturnValue;
typedef enum NyxProcessRole {
StandAlone,
Parent,
Child,
} NyxProcessRole;
typedef struct {
void *(*nyx_config_load)(const char *sharedir);
void (*nyx_config_set_workdir_path)(void *config, const char *workdir);
void (*nyx_config_set_input_buffer_size)(void *config, uint32_t input_buffer_size);
void (*nyx_config_set_input_buffer_write_protection)(void *config, bool input_buffer_write_protection);
void (*nyx_config_set_input_buffer_size)(void *config,
uint32_t input_buffer_size);
void (*nyx_config_set_input_buffer_write_protection)(
void *config, bool input_buffer_write_protection);
void (*nyx_config_set_hprintf_fd)(void *config, int32_t hprintf_fd);
void (*nyx_config_set_process_role)(void *config, enum NyxProcessRole role);
void (*nyx_config_set_reuse_snapshot_path)(void *config, const char *reuse_snapshot_path);
void (*nyx_config_set_reuse_snapshot_path)(void *config,
const char *reuse_snapshot_path);
void *(*nyx_new)(void *config, uint32_t worker_id);
void (*nyx_shutdown)(void *qemu_process);
@ -191,7 +196,7 @@ typedef struct afl_forkserver {
u32 nyx_bind_cpu_id; /* nyx runner cpu id */
char *nyx_aux_string;
bool nyx_use_tmp_workdir;
char *nyx_tmp_workdir_path;
char *nyx_tmp_workdir_path;
#endif
} afl_forkserver_t;

29
src/afl-analyze.c
View File

@ -815,7 +815,7 @@ int main(int argc, char **argv_orig, char **envp) {
afl_fsrv_init(&fsrv);
while ((opt = getopt(argc, argv, "+i:f:m:t:eAOQUWXh")) > 0) {
while ((opt = getopt(argc, argv, "+i:f:m:t:eAOQUWXYh")) > 0) {
switch (opt) {
@ -966,8 +966,9 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv.mem_limit = mem_limit;
break;
#ifdef __linux__
case 'Y': // fallthough
#ifdef __linux__
case 'X': /* NYX mode */
if (fsrv.nyx_mode) { FATAL("Multiple -X options not supported"); }
@ -977,11 +978,11 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv.nyx_standalone = true;
break;
#else
#else
case 'X':
FATAL("Nyx mode is only availabe on linux...");
break;
#endif
#endif
case 'h':
usage(argv[0]);
@ -1015,12 +1016,16 @@ int main(int argc, char **argv_orig, char **envp) {
set_up_environment(argv);
#ifdef __linux__
if(!fsrv.nyx_mode){
if (!fsrv.nyx_mode) {
fsrv.target_path = find_binary(argv[optind]);
}
else{
} else {
fsrv.target_path = ck_strdup(argv[optind]);
}
#else
fsrv.target_path = find_binary(argv[optind]);
#endif
@ -1048,6 +1053,7 @@ int main(int argc, char **argv_orig, char **envp) {
use_argv = get_cs_argv(argv[0], &target_path, argc - optind, argv + optind);
#ifdef __linux__
} else if (fsrv.nyx_mode) {
fsrv.nyx_id = 0;
@ -1055,7 +1061,9 @@ int main(int argc, char **argv_orig, char **envp) {
u8 *libnyx_binary = find_afl_binary(argv[0], "libnyx.so");
fsrv.nyx_handlers = afl_load_libnyx_plugin(libnyx_binary);
if (fsrv.nyx_handlers == NULL) {
FATAL("failed to initialize libnyx.so...");
}
fsrv.nyx_use_tmp_workdir = true;
@ -1090,9 +1098,7 @@ int main(int argc, char **argv_orig, char **envp) {
read_initial_file();
#ifdef __linux__
if(!fsrv.nyx_mode){
(void)check_binary_signatures(fsrv.target_path);
}
if (!fsrv.nyx_mode) { (void)check_binary_signatures(fsrv.target_path); }
#else
(void)check_binary_signatures(fsrv.target_path);
#endif
@ -1119,7 +1125,6 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("We're done here. Have a nice day!\n");
afl_shm_deinit(&shm);
afl_fsrv_deinit(&fsrv);
if (fsrv.target_path) { ck_free(fsrv.target_path); }

26
src/afl-common.c
View File

@ -1365,36 +1365,46 @@ s32 create_file(u8 *fn) {
* etc.). This helper function basically creates both a path to a tmp workdir
* and the workdir itself. If the environment variable TMPDIR is set, we use
* that as the base directory, otherwise we use /tmp. */
char* create_nyx_tmp_workdir(void) {
char *create_nyx_tmp_workdir(void) {
char *tmpdir = getenv("TMPDIR");
if (!tmpdir) { tmpdir = "/tmp"; }
char* nyx_out_dir_path = alloc_printf("%s/.nyx_tmp_%d/", tmpdir, (u32)getpid());
char *nyx_out_dir_path =
alloc_printf("%s/.nyx_tmp_%d/", tmpdir, (u32)getpid());
if (mkdir(nyx_out_dir_path, 0700)) {
PFATAL("Unable to create nyx workdir");
}
if (mkdir(nyx_out_dir_path, 0700)) { PFATAL("Unable to create nyx workdir"); }
return nyx_out_dir_path;
}
/* Vice versa, we remove the tmp workdir for nyx with this helper function. */
void remove_nyx_tmp_workdir(afl_forkserver_t *fsrv, char* nyx_out_dir_path) {
char* workdir_path = alloc_printf("%s/workdir", nyx_out_dir_path);
void remove_nyx_tmp_workdir(afl_forkserver_t *fsrv, char *nyx_out_dir_path) {
char *workdir_path = alloc_printf("%s/workdir", nyx_out_dir_path);
if (access(workdir_path, R_OK) == 0) {
if(fsrv->nyx_handlers->nyx_remove_work_dir(workdir_path) != true) {
if (fsrv->nyx_handlers->nyx_remove_work_dir(workdir_path) != true) {
WARNF("Unable to remove nyx workdir (%s)", workdir_path);
}
}
if (rmdir(nyx_out_dir_path)) {
WARNF("Unable to remove nyx workdir (%s)", nyx_out_dir_path);
}
ck_free(workdir_path);
ck_free(nyx_out_dir_path);
}
#endif

155
src/afl-forkserver.c
View File

@ -50,7 +50,7 @@
#include <sys/stat.h>
#ifdef __linux__
#include <dlfcn.h>
#include <dlfcn.h>
/* function to load nyx_helper function from libnyx.so */
@ -66,22 +66,32 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
plugin->nyx_config_load = dlsym(handle, "nyx_config_load");
if (plugin->nyx_config_load == NULL) { goto fail; }
plugin->nyx_config_set_workdir_path = dlsym(handle, "nyx_config_set_workdir_path");
plugin->nyx_config_set_workdir_path =
dlsym(handle, "nyx_config_set_workdir_path");
if (plugin->nyx_config_set_workdir_path == NULL) { goto fail; }
plugin->nyx_config_set_input_buffer_size = dlsym(handle, "nyx_config_set_input_buffer_size");
plugin->nyx_config_set_input_buffer_size =
dlsym(handle, "nyx_config_set_input_buffer_size");
if (plugin->nyx_config_set_input_buffer_size == NULL) { goto fail; }
plugin->nyx_config_set_input_buffer_write_protection = dlsym(handle, "nyx_config_set_input_buffer_write_protection");
if (plugin->nyx_config_set_input_buffer_write_protection == NULL) { goto fail; }
plugin->nyx_config_set_input_buffer_write_protection =
dlsym(handle, "nyx_config_set_input_buffer_write_protection");
if (plugin->nyx_config_set_input_buffer_write_protection == NULL) {
plugin->nyx_config_set_hprintf_fd = dlsym(handle, "nyx_config_set_hprintf_fd");
goto fail;
}
plugin->nyx_config_set_hprintf_fd =
dlsym(handle, "nyx_config_set_hprintf_fd");
if (plugin->nyx_config_set_hprintf_fd == NULL) { goto fail; }
plugin->nyx_config_set_process_role = dlsym(handle, "nyx_config_set_process_role");
plugin->nyx_config_set_process_role =
dlsym(handle, "nyx_config_set_process_role");
if (plugin->nyx_config_set_process_role == NULL) { goto fail; }
plugin->nyx_config_set_reuse_snapshot_path = dlsym(handle, "nyx_config_set_reuse_snapshot_path");
plugin->nyx_config_set_reuse_snapshot_path =
dlsym(handle, "nyx_config_set_reuse_snapshot_path");
if (plugin->nyx_config_set_reuse_snapshot_path == NULL) { goto fail; }
plugin->nyx_new = dlsym(handle, "nyx_new");
@ -119,7 +129,6 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
plugin->nyx_remove_work_dir = dlsym(handle, "nyx_remove_work_dir");
if (plugin->nyx_remove_work_dir == NULL) { goto fail; }
OKF("libnyx plugin is ready!");
return plugin;
@ -131,33 +140,40 @@ fail:
}
void afl_nyx_runner_kill(afl_forkserver_t *fsrv){
void afl_nyx_runner_kill(afl_forkserver_t *fsrv) {
if (fsrv->nyx_mode) {
if (fsrv->nyx_aux_string){
ck_free(fsrv->nyx_aux_string);
}
if (fsrv->nyx_aux_string) { ck_free(fsrv->nyx_aux_string); }
/* check if we actually got a valid nyx runner */
if (fsrv->nyx_runner) {
fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner);
}
/* if we have use a tmp work dir we need to remove it */
if (fsrv->nyx_use_tmp_workdir && fsrv->nyx_tmp_workdir_path) {
remove_nyx_tmp_workdir(fsrv, fsrv->nyx_tmp_workdir_path);
}
}
}
/* Wrapper for FATAL() that kills the nyx runner (and removes all created tmp
* files) before exiting. Used before "afl_fsrv_killall()" is registered as
* an atexit() handler. */
#define NYX_PRE_FATAL(fsrv, x...) \
do { \
afl_nyx_runner_kill(fsrv); \
FATAL(x); \
} while (0)
/* Wrapper for FATAL() that kills the nyx runner (and removes all created tmp
* files) before exiting. Used before "afl_fsrv_killall()" is registered as
* an atexit() handler. */
#define NYX_PRE_FATAL(fsrv, x...) \
do { \
\
afl_nyx_runner_kill(fsrv); \
FATAL(x); \
\
} while (0)
#endif
@ -511,70 +527,116 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
if (!be_quiet) { ACTF("Spinning up the NYX backend..."); }
if (fsrv->nyx_use_tmp_workdir){
if (fsrv->nyx_use_tmp_workdir) {
fsrv->nyx_tmp_workdir_path = create_nyx_tmp_workdir();
fsrv->out_dir_path = fsrv->nyx_tmp_workdir_path;
} else {
if (fsrv->out_dir_path == NULL) { NYX_PRE_FATAL(fsrv, "Nyx workdir path not found..."); }
if (fsrv->out_dir_path == NULL) {
NYX_PRE_FATAL(fsrv, "Nyx workdir path not found...");
}
}
/* libnyx expects an absolute path */
char* outdir_path_absolute = realpath(fsrv->out_dir_path, NULL);
if (outdir_path_absolute == NULL) { NYX_PRE_FATAL(fsrv, "Nyx workdir path cannot be resolved ..."); }
char *outdir_path_absolute = realpath(fsrv->out_dir_path, NULL);
if (outdir_path_absolute == NULL) {
NYX_PRE_FATAL(fsrv, "Nyx workdir path cannot be resolved ...");
}
char *workdir_path = alloc_printf("%s/workdir", outdir_path_absolute);
if (fsrv->nyx_id == 0xFFFFFFFF) {NYX_PRE_FATAL(fsrv, "Nyx ID is not set..."); }
if (fsrv->nyx_id == 0xFFFFFFFF) {
NYX_PRE_FATAL(fsrv, "Nyx ID is not set...");
if (fsrv->nyx_bind_cpu_id == 0xFFFFFFFF) {
NYX_PRE_FATAL(fsrv, "Nyx CPU ID is not set...");
}
void* nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path);
if (fsrv->nyx_bind_cpu_id == 0xFFFFFFFF) {
NYX_PRE_FATAL(fsrv, "Nyx CPU ID is not set...");
}
void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path);
fsrv->nyx_handlers->nyx_config_set_workdir_path(nyx_config, workdir_path);
fsrv->nyx_handlers->nyx_config_set_input_buffer_size(nyx_config, MAX_FILE);
fsrv->nyx_handlers->nyx_config_set_input_buffer_write_protection(nyx_config, true);
fsrv->nyx_handlers->nyx_config_set_input_buffer_write_protection(nyx_config,
true);
if (fsrv->nyx_standalone) {
fsrv->nyx_handlers->nyx_config_set_process_role(nyx_config, StandAlone);
} else {
if (fsrv->nyx_parent) {
fsrv->nyx_handlers->nyx_config_set_process_role(nyx_config, Parent);
} else {
fsrv->nyx_handlers->nyx_config_set_process_role(nyx_config, Child);
}
}
if (getenv("NYX_REUSE_SNAPSHOT") != NULL){
if (getenv("NYX_REUSE_SNAPSHOT") != NULL) {
if (access(getenv("NYX_REUSE_SNAPSHOT"), F_OK) == -1) {
NYX_PRE_FATAL(fsrv, "NYX_REUSE_SNAPSHOT path does not exist");
}
/* stupid sanity check to avoid passing an empty or invalid snapshot directory */
char* snapshot_file_path = alloc_printf("%s/global.state", getenv("NYX_REUSE_SNAPSHOT"));
/* stupid sanity check to avoid passing an empty or invalid snapshot
* directory */
char *snapshot_file_path =
alloc_printf("%s/global.state", getenv("NYX_REUSE_SNAPSHOT"));
if (access(snapshot_file_path, R_OK) == -1) {
NYX_PRE_FATAL(fsrv, "NYX_REUSE_SNAPSHOT path does not contain a valid Nyx snapshot");
NYX_PRE_FATAL(
fsrv,
"NYX_REUSE_SNAPSHOT path does not contain a valid Nyx snapshot");
}
ck_free(snapshot_file_path);
/* another sanity check to avoid passing a snapshot directory that is
* located in the current workdir (the workdir will be wiped by libnyx on startup) */
char* workdir_snapshot_path = alloc_printf("%s/workdir/snapshot", outdir_path_absolute);
char* reuse_snapshot_path_real = realpath(getenv("NYX_REUSE_SNAPSHOT"), NULL);
* located in the current workdir (the workdir will be wiped by libnyx on
* startup) */
char *workdir_snapshot_path =
alloc_printf("%s/workdir/snapshot", outdir_path_absolute);
char *reuse_snapshot_path_real =
realpath(getenv("NYX_REUSE_SNAPSHOT"), NULL);
if (strcmp(workdir_snapshot_path, reuse_snapshot_path_real) == 0) {
NYX_PRE_FATAL(fsrv,
"NYX_REUSE_SNAPSHOT path is located in current workdir "
"(use another output directory)");
if (strcmp(workdir_snapshot_path, reuse_snapshot_path_real) == 0){
NYX_PRE_FATAL(fsrv, "NYX_REUSE_SNAPSHOT path is located in current workdir (use another output directory)");
}
ck_free(reuse_snapshot_path_real);
ck_free(workdir_snapshot_path);
fsrv->nyx_handlers->nyx_config_set_reuse_snapshot_path(nyx_config, getenv("NYX_REUSE_SNAPSHOT"));
fsrv->nyx_handlers->nyx_config_set_reuse_snapshot_path(
nyx_config, getenv("NYX_REUSE_SNAPSHOT"));
}
fsrv->nyx_runner = fsrv->nyx_handlers->nyx_new(nyx_config, fsrv->nyx_bind_cpu_id);
fsrv->nyx_runner =
fsrv->nyx_handlers->nyx_new(nyx_config, fsrv->nyx_bind_cpu_id);
ck_free(workdir_path);
ck_free(outdir_path_absolute);
@ -621,7 +683,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
/* autodict in Nyx mode */
if (!ignore_autodict) {
char* x = alloc_printf("%s/workdir/dump/afl_autodict.txt", fsrv->out_dir_path);
char *x =
alloc_printf("%s/workdir/dump/afl_autodict.txt", fsrv->out_dir_path);
int nyx_autodict_fd = open(x, O_RDONLY);
ck_free(x);
@ -634,8 +697,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
u8 *dict = ck_alloc(f_len);
if (dict == NULL) {
NYX_PRE_FATAL(fsrv, "Could not allocate %u bytes of autodictionary memory",
f_len);
NYX_PRE_FATAL(
fsrv, "Could not allocate %u bytes of autodictionary memory",
f_len);
}
@ -652,7 +716,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
} else {
NYX_PRE_FATAL(fsrv,
NYX_PRE_FATAL(
fsrv,
"Reading autodictionary fail at position %u with %u bytes "
"left.",
offset, len);

54
src/afl-showmap.c
View File

@ -444,8 +444,11 @@ static void showmap_run_target_nyx_mode(afl_forkserver_t *fsrv) {
FSRV_RUN_ERROR) {
FATAL("Error running target in Nyx mode");
}
}
#endif
/* Execute target application. */
@ -890,7 +893,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (getenv("AFL_QUIET") != NULL) { be_quiet = true; }
while ((opt = getopt(argc, argv, "+i:o:f:m:t:AeqCZOH:QUWbcrshX")) > 0) {
while ((opt = getopt(argc, argv, "+i:o:f:m:t:AeqCZOH:QUWbcrshXY")) > 0) {
switch (opt) {
@ -1078,7 +1081,8 @@ int main(int argc, char **argv_orig, char **envp) {
break;
#ifdef __linux__
case 'Y': // fallthough
#ifdef __linux__
case 'X': /* NYX mode */
if (fsrv->nyx_mode) { FATAL("Multiple -X options not supported"); }
@ -1088,11 +1092,11 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv->nyx_standalone = true;
break;
#else
#else
case 'X':
FATAL("Nyx mode is only availabe on linux...");
break;
#endif
#endif
case 'b':
@ -1166,12 +1170,16 @@ int main(int argc, char **argv_orig, char **envp) {
set_up_environment(fsrv, argv);
#ifdef __linux__
if(!fsrv->nyx_mode){
if (!fsrv->nyx_mode) {
fsrv->target_path = find_binary(argv[optind]);
}
else{
} else {
fsrv->target_path = ck_strdup(argv[optind]);
}
#else
fsrv->target_path = find_binary(argv[optind]);
#endif
@ -1232,11 +1240,12 @@ int main(int argc, char **argv_orig, char **envp) {
get_cs_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind);
#ifdef __linux__
} else if (fsrv->nyx_mode) {
use_argv = ck_alloc(sizeof(char *) * (1));
use_argv[0] = argv[0];
fsrv->nyx_id = 0;
u8 *libnyx_binary = find_afl_binary(use_argv[0], "libnyx.so");
@ -1288,9 +1297,12 @@ int main(int argc, char **argv_orig, char **envp) {
}
#ifdef __linux__
if(!fsrv->nyx_mode && in_dir){
if (!fsrv->nyx_mode && in_dir) {
(void)check_binary_signatures(fsrv->target_path);
}
#else
if (in_dir) { (void)check_binary_signatures(fsrv->target_path); }
#endif
@ -1313,14 +1325,14 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv->shmem_fuzz_len = (u32 *)map;
fsrv->shmem_fuzz = map + sizeof(u32);
configure_afl_kill_signals(
fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode
#ifdef __linux__
|| fsrv->nyx_mode
#endif
)
? SIGKILL
: SIGTERM);
configure_afl_kill_signals(fsrv, NULL, NULL,
(fsrv->qemu_mode || unicorn_mode
#ifdef __linux__
|| fsrv->nyx_mode
#endif
)
? SIGKILL
: SIGTERM);
if (!fsrv->cs_mode && !fsrv->qemu_mode && !unicorn_mode) {
@ -1464,13 +1476,18 @@ int main(int argc, char **argv_orig, char **envp) {
shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
#ifdef __linux__
if(!fsrv->nyx_mode){
if (!fsrv->nyx_mode) {
#endif
showmap_run_target(fsrv, use_argv);
#ifdef __linux__
} else {
showmap_run_target_nyx_mode(fsrv);
}
#endif
tcnt = write_results_to_file(fsrv, out_file);
if (!quiet_mode) {
@ -1522,7 +1539,6 @@ int main(int argc, char **argv_orig, char **envp) {
if (fsrv->target_path) { ck_free(fsrv->target_path); }
afl_fsrv_deinit(fsrv);
if (stdin_file) { ck_free(stdin_file); }

27
src/afl-tmin.c
View File

@ -846,7 +846,7 @@ int main(int argc, char **argv_orig, char **envp) {
SAYF(cCYA "afl-tmin" VERSION cRST " by Michal Zalewski\n");
while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeAOQUWXHh")) > 0) {
while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeAOQUWXYHh")) > 0) {
switch (opt) {
@ -1004,7 +1004,8 @@ int main(int argc, char **argv_orig, char **envp) {
break;
#ifdef __linux__
case 'Y': // fallthough
#ifdef __linux__
case 'X': /* NYX mode */
if (fsrv->nyx_mode) { FATAL("Multiple -X options not supported"); }
@ -1014,11 +1015,11 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv->nyx_standalone = true;
break;
#else
#else
case 'X':
FATAL("Nyx mode is only availabe on linux...");
break;
#endif
#endif
case 'H': /* Hang Mode */
@ -1086,12 +1087,16 @@ int main(int argc, char **argv_orig, char **envp) {
set_up_environment(fsrv, argv);
#ifdef __linux__
if(!fsrv->nyx_mode){
if (!fsrv->nyx_mode) {
fsrv->target_path = find_binary(argv[optind]);
}
else{
} else {
fsrv->target_path = ck_strdup(argv[optind]);
}
#else
fsrv->target_path = find_binary(argv[optind]);
#endif
@ -1120,6 +1125,7 @@ int main(int argc, char **argv_orig, char **envp) {
get_cs_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind);
#ifdef __linux__
} else if (fsrv->nyx_mode) {
fsrv->nyx_id = 0;
@ -1127,7 +1133,9 @@ int main(int argc, char **argv_orig, char **envp) {
u8 *libnyx_binary = find_afl_binary(argv[0], "libnyx.so");
fsrv->nyx_handlers = afl_load_libnyx_plugin(libnyx_binary);
if (fsrv->nyx_handlers == NULL) {
FATAL("failed to initialize libnyx.so...");
}
fsrv->nyx_use_tmp_workdir = true;
@ -1207,9 +1215,7 @@ int main(int argc, char **argv_orig, char **envp) {
read_initial_file();
#ifdef __linux__
if(!fsrv->nyx_mode){
(void)check_binary_signatures(fsrv->target_path);
}
if (!fsrv->nyx_mode) { (void)check_binary_signatures(fsrv->target_path); }
#else
(void)check_binary_signatures(fsrv->target_path);
#endif
@ -1316,7 +1322,6 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("We're done here. Have a nice day!\n");
remove_shm = 0;
afl_shm_deinit(&shm);
if (fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz);

23
utils/aflpp_driver/aflpp_driver.c
View File

@ -78,10 +78,10 @@ extern unsigned int __afl_map_size;
on the other hand this is what Google needs to make LLVMFuzzerRunDriver()
work. Choose your poison Google! */
/*__attribute__((weak))*/ int LLVMFuzzerTestOneInput(const uint8_t *Data,
size_t Size);
__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
__attribute__((weak)) int LLVMFuzzerRunDriver(
int *argc, char ***argv, int (*callback)(const uint8_t *data, size_t size));
size_t Size);
__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
__attribute__((weak)) int LLVMFuzzerRunDriver(
int *argc, char ***argv, int (*callback)(const uint8_t *data, size_t size));
// Default nop ASan hooks for manual poisoning when not linking the ASan
// runtime
@ -268,15 +268,16 @@ static int ExecuteFilesOnyByOne(int argc, char **argv,
__attribute__((weak)) int main(int argc, char **argv) {
// Enable if LLVMFuzzerTestOneInput() has the weak attribute
/*
if (!LLVMFuzzerTestOneInput) {
// Enable if LLVMFuzzerTestOneInput() has the weak attribute
/*
if (!LLVMFuzzerTestOneInput) {
fprintf(stderr, "Error: function LLVMFuzzerTestOneInput() not found!\n");
abort();
fprintf(stderr, "Error: function LLVMFuzzerTestOneInput() not found!\n");
abort();
}
*/
}
*/
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
printf(