mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-11 01:31:37 +00:00
van Hauser
GitHub
commit
86dae0b16a
@ -45,6 +45,11 @@ FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/
|
||||
FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so
|
||||
FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded
|
||||
|
||||
TARGET_CC?=$(CC)
|
||||
TARGET_CXX?=$(CXX)
|
||||
HOST_CC?=$(CC)
|
||||
HOST_CXX?=$(CXX)
|
||||
|
||||
ifndef ARCH
|
||||
|
||||
ARCH=$(shell uname -m)
|
||||
@ -99,6 +104,11 @@ ifneq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" ""
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq "$(ARCH)" "armhf"
|
||||
TARGET_CC:=arm-linux-gnueabihf-gcc
|
||||
TARGET_CXX:=arm-linux-gnueabihf-g++
|
||||
endif
|
||||
|
||||
ifndef OS
|
||||
$(error "Operating system unsupported")
|
||||
endif
|
||||
@ -188,7 +198,7 @@ $(GUM_DEVIT_HEADER): $(GUM_DEVKIT_TARBALL)
|
||||
|
||||
############################## AFL #############################################
|
||||
$(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC)
|
||||
$(CC) \
|
||||
$(TARGET_CC) \
|
||||
$(CFLAGS) \
|
||||
$(AFL_CFLAGS) \
|
||||
-I $(ROOT) \
|
||||
@ -197,7 +207,7 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC)
|
||||
-c $<
|
||||
|
||||
$(AFL_PERFORMANCE_OBJ): $(AFL_PERFORMANCE_SRC)
|
||||
$(CC) \
|
||||
$(TARGET_CC) \
|
||||
$(CFLAGS) \
|
||||
$(AFL_CFLAGS) \
|
||||
-I $(ROOT) \
|
||||
@ -208,13 +218,13 @@ $(AFL_PERFORMANCE_OBJ): $(AFL_PERFORMANCE_SRC)
|
||||
############################### JS #############################################
|
||||
|
||||
$(BIN2C): $(BIN2C_SRC)
|
||||
$(CC) -D_GNU_SOURCE -o $@ $<
|
||||
$(HOST_CC) -D_GNU_SOURCE -o $@ $<
|
||||
|
||||
$(JS_SRC): $(JS) $(BIN2C)| $(BUILD_DIR)
|
||||
cd $(JS_DIR) && $(BIN2C) api_js $(JS) $@
|
||||
|
||||
$(JS_OBJ): $(JS_SRC) GNUmakefile
|
||||
$(CC) \
|
||||
$(TARGET_CC) \
|
||||
$(CFLAGS) \
|
||||
-I $(ROOT)include \
|
||||
-I $(FRIDA_BUILD_DIR) \
|
||||
@ -226,7 +236,7 @@ $(JS_OBJ): $(JS_SRC) GNUmakefile
|
||||
|
||||
define BUILD_SOURCE
|
||||
$(2): $(1) $(INCLUDES) GNUmakefile | $(OBJ_DIR)
|
||||
$(CC) \
|
||||
$(TARGET_CC) \
|
||||
$(CFLAGS) \
|
||||
-I $(ROOT)include \
|
||||
-I $(FRIDA_BUILD_DIR) \
|
||||
@ -240,7 +250,7 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $(
|
||||
######################## AFL-FRIDA-TRACE #######################################
|
||||
|
||||
$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL_COMPILER_RT_OBJ) $(AFL_PERFORMANCE_OBJ) GNUmakefile | $(BUILD_DIR)
|
||||
$(CXX) \
|
||||
$(TARGET_CXX) \
|
||||
$(OBJS) \
|
||||
$(JS_OBJ) \
|
||||
$(GUM_DEVIT_LIBRARY) \
|
||||
@ -255,10 +265,10 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL
|
||||
############################# HOOK #############################################
|
||||
|
||||
$(AFLPP_FRIDA_DRIVER_HOOK_OBJ): $(AFLPP_FRIDA_DRIVER_HOOK_SRC) $(GUM_DEVIT_HEADER) | $(BUILD_DIR)
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@
|
||||
$(TARGET_CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@
|
||||
|
||||
$(AFLPP_QEMU_DRIVER_HOOK_OBJ): $(AFLPP_QEMU_DRIVER_HOOK_SRC) | $(BUILD_DIR)
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@
|
||||
$(TARGET_CC) $(CFLAGS) $(LDFLAGS) $< -o $@
|
||||
|
||||
hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ)
|
||||
|
||||
|
||||
@ -36,7 +36,8 @@ void instrument_coverage_optimize(const cs_insn * instr,
|
||||
void instrument_debug_config(void);
|
||||
void instrument_debug_init(void);
|
||||
void instrument_debug_start(uint64_t address, GumStalkerOutput *output);
|
||||
void instrument_debug_instruction(uint64_t address, uint16_t size);
|
||||
void instrument_debug_instruction(uint64_t address, uint16_t size,
|
||||
GumStalkerOutput *output);
|
||||
void instrument_debug_end(GumStalkerOutput *output);
|
||||
void instrument_flush(GumStalkerOutput *output);
|
||||
gpointer instrument_cur(GumStalkerOutput *output);
|
||||
|
||||
@ -193,7 +193,20 @@ static void instrument_basic_block(GumStalkerIterator *iterator,
|
||||
instrument_debug_start(instr->address, output);
|
||||
instrument_coverage_start(instr->address);
|
||||
|
||||
#if defined(__arm__)
|
||||
if (output->encoding == GUM_INSTRUCTION_SPECIAL) {
|
||||
|
||||
prefetch_write(GSIZE_TO_POINTER(instr->address + 1));
|
||||
|
||||
} else {
|
||||
|
||||
prefetch_write(GSIZE_TO_POINTER(instr->address));
|
||||
|
||||
}
|
||||
|
||||
#else
|
||||
prefetch_write(GSIZE_TO_POINTER(instr->address));
|
||||
#endif
|
||||
|
||||
if (likely(!excluded)) {
|
||||
|
||||
@ -213,7 +226,7 @@ static void instrument_basic_block(GumStalkerIterator *iterator,
|
||||
|
||||
}
|
||||
|
||||
instrument_debug_instruction(instr->address, instr->size);
|
||||
instrument_debug_instruction(instr->address, instr->size, output);
|
||||
|
||||
if (likely(!excluded)) {
|
||||
|
||||
|
||||
@ -28,7 +28,15 @@ void instrument_coverage_optimize_init(void) {
|
||||
|
||||
void instrument_flush(GumStalkerOutput *output) {
|
||||
|
||||
gum_arm_writer_flush(output->writer.arm);
|
||||
if (output->encoding == GUM_INSTRUCTION_SPECIAL) {
|
||||
|
||||
gum_thumb_writer_flush(output->writer.thumb);
|
||||
|
||||
} else {
|
||||
|
||||
gum_arm_writer_flush(output->writer.arm);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -32,18 +32,27 @@ static void instrument_debug(char *format, ...) {
|
||||
|
||||
}
|
||||
|
||||
static void instrument_disasm(guint8 *start, guint8 *end) {
|
||||
static void instrument_disasm(guint8 *start, guint8 *end,
|
||||
GumStalkerOutput *output) {
|
||||
|
||||
csh capstone;
|
||||
cs_err err;
|
||||
cs_mode mode;
|
||||
uint16_t size;
|
||||
cs_insn *insn;
|
||||
size_t count = 0;
|
||||
size_t i;
|
||||
uint16_t len;
|
||||
|
||||
mode = GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN;
|
||||
|
||||
#if defined(__arm__)
|
||||
if (output->encoding == GUM_INSTRUCTION_SPECIAL) { mode |= CS_MODE_THUMB; }
|
||||
#endif
|
||||
|
||||
err = cs_open(GUM_DEFAULT_CS_ARCH,
|
||||
GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN, &capstone);
|
||||
CS_MODE_THUMB | GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN,
|
||||
&capstone);
|
||||
g_assert(err == CS_ERR_OK);
|
||||
|
||||
size = GPOINTER_TO_SIZE(end) - GPOINTER_TO_SIZE(start);
|
||||
@ -121,11 +130,12 @@ void instrument_debug_start(uint64_t address, GumStalkerOutput *output) {
|
||||
|
||||
}
|
||||
|
||||
void instrument_debug_instruction(uint64_t address, uint16_t size) {
|
||||
void instrument_debug_instruction(uint64_t address, uint16_t size,
|
||||
GumStalkerOutput *output) {
|
||||
|
||||
if (likely(debugging_fd < 0)) { return; }
|
||||
uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address);
|
||||
instrument_disasm(start, start + size);
|
||||
instrument_disasm(start, start + size, output);
|
||||
|
||||
}
|
||||
|
||||
@ -136,7 +146,7 @@ void instrument_debug_end(GumStalkerOutput *output) {
|
||||
|
||||
instrument_debug("\nGenerated block %p-%p\n", instrument_gen_start,
|
||||
instrument_gen_end);
|
||||
instrument_disasm(instrument_gen_start, instrument_gen_end);
|
||||
instrument_disasm(instrument_gen_start, instrument_gen_end, output);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -219,6 +219,8 @@ __attribute__((visibility("default"))) void afl_frida_start(void) {
|
||||
|
||||
static int on_main(int argc, char **argv, char **envp) {
|
||||
|
||||
int ret;
|
||||
|
||||
on_main_os(argc, argv, envp);
|
||||
|
||||
intercept_unhook_self();
|
||||
@ -227,14 +229,16 @@ static int on_main(int argc, char **argv, char **envp) {
|
||||
|
||||
if (js_main_hook != NULL) {
|
||||
|
||||
return js_main_hook(argc, argv, envp);
|
||||
ret = js_main_hook(argc, argv, envp);
|
||||
|
||||
} else {
|
||||
|
||||
return main_fn(argc, argv, envp);
|
||||
ret = main_fn(argc, argv, envp);
|
||||
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
#if defined(EMBEDDED)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user