ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-10 17:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix block ID handling

Browse Source
This commit is contained in:
Your Name 2021-11-10 18:05:29 +00:00
parent 533e979010
commit 7e1dba2e6b
4 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
frida_mode/include/util.h
View File

@ -12,6 +12,8 @@ guint64 util_read_address(char *key);
guint64 util_read_num(char *key);
gboolean util_output_enabled(void);
gsize util_rotate(gsize val, gsize shift, gsize size);
gsize util_log2(gsize val);
#define FOKF(x...) \
do { \

12
frida_mode/src/instrument/instrument.c
View File

@ -68,7 +68,8 @@ guint64 instrument_get_offset_hash(GumAddress current_rip) {
guint64 area_offset = hash64((unsigned char *)&current_rip,
sizeof(GumAddress), instrument_hash_seed);
return area_offset &= MAP_SIZE - 1;
gsize map_size_pow2 = util_log2(__afl_map_size);
return area_offset &= ((1 << map_size_pow2) - 1);
}
@ -134,8 +135,8 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context,
previous_rip = current_rip;
previous_end = current_end;
instrument_previous_pc = ((current_pc & (MAP_SIZE - 1) >> 1)) |
((current_pc & 0x1) << (MAP_SIZE_POW2 - 1));
gsize map_size_pow2 = util_log2(__afl_map_size);
instrument_previous_pc = util_rotate(current_pc, 1, map_size_pow2);
}
@ -303,7 +304,8 @@ void instrument_init(void) {
if (instrument_unique) {
int shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600);
int shm_id =
shmget(IPC_PRIVATE, __afl_map_size, IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); }
edges_notified = shmat(shm_id, NULL, 0);
@ -320,7 +322,7 @@ void instrument_init(void) {
}
/* Clear it, not sure it's necessary, just seems like good practice */
memset(edges_notified, '\0', MAP_SIZE);
memset(edges_notified, '\0', __afl_map_size);
}

7
frida_mode/src/instrument/instrument_x64.c
View File

@ -351,7 +351,8 @@ void instrument_coverage_optimize(const cs_insn * instr,
afl_log_code code = {0};
GumX86Writer *cw = output->writer.x86;
guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address));
guint64 area_offset_ror;
gsize map_size_pow2;
gsize area_offset_ror;
GumAddress code_addr = 0;
instrument_coverage_suppress_init();
@ -370,8 +371,8 @@ void instrument_coverage_optimize(const cs_insn * instr,
offsetof(afl_log_code, code.mov_eax_curr_loc_shr_1) +
sizeof(code.code.mov_eax_curr_loc_shr_1) - sizeof(guint32);
area_offset_ror = ((area_offset & (MAP_SIZE - 1) >> 1)) |
((area_offset & 0x1) << (MAP_SIZE_POW2 - 1));
map_size_pow2 = util_log2(__afl_map_size);
area_offset_ror = util_rotate(area_offset, 1, map_size_pow2);
*((guint32 *)&code.bytes[curr_loc_shr_1_offset]) = (guint32)(area_offset_ror);

21
frida_mode/src/util.c
View File

@ -80,3 +80,24 @@ gboolean util_output_enabled(void) {
}
gsize util_rotate(gsize val, gsize shift, gsize size) {
if (shift == 0) { return val; }
gsize result = ((val >> shift) | (val << (size - shift)));
result = result & ((1 << size) - 1);
return result;
}
gsize util_log2(gsize val) {
for (gsize i = 0; i < 64; i++) {
if (((gsize)1 << i) == val) { return i; }
}
FFATAL("Not a power of two");
}