mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 11:08:06 +00:00
test support for forced persistent mode
This commit is contained in:
vanhauser-thc
@ -162,6 +162,7 @@ typedef struct afl_forkserver {
|
|||||||
void (*add_extra_func)(void *afl_ptr, u8 *mem, u32 len);
|
void (*add_extra_func)(void *afl_ptr, u8 *mem, u32 len);
|
||||||
|
|
||||||
u8 kill_signal;
|
u8 kill_signal;
|
||||||
|
u8 persistent_mode;
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
nyx_plugin_handler_t *nyx_handlers;
|
nyx_plugin_handler_t *nyx_handlers;
|
||||||
|
|||||||
@ -59,7 +59,11 @@ static list_t fsrv_list = {.element_prealloc_count = 0};
|
|||||||
|
|
||||||
static void fsrv_exec_child(afl_forkserver_t *fsrv, char **argv) {
|
static void fsrv_exec_child(afl_forkserver_t *fsrv, char **argv) {
|
||||||
|
|
||||||
if (fsrv->qemu_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); }
|
if (fsrv->qemu_mode || fsrv->frida_mode || fsrv->cs_mode) {
|
||||||
|
|
||||||
|
setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
execv(fsrv->target_path, argv);
|
execv(fsrv->target_path, argv);
|
||||||
|
|
||||||
@ -281,13 +285,13 @@ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) {
|
|||||||
sigaction(SIGPIPE, &sa, NULL);
|
sigaction(SIGPIPE, &sa, NULL);
|
||||||
|
|
||||||
signal(SIGCHLD, old_sigchld_handler);
|
signal(SIGCHLD, old_sigchld_handler);
|
||||||
|
|
||||||
// FORKSRV_FD is for communication with AFL, we don't need it in the
|
// FORKSRV_FD is for communication with AFL, we don't need it in the
|
||||||
// child.
|
// child
|
||||||
close(FORKSRV_FD);
|
close(FORKSRV_FD);
|
||||||
close(FORKSRV_FD + 1);
|
close(FORKSRV_FD + 1);
|
||||||
|
|
||||||
// TODO: exec...
|
// finally: exec...
|
||||||
|
|
||||||
execv(fsrv->target_path, argv);
|
execv(fsrv->target_path, argv);
|
||||||
|
|
||||||
/* Use a distinctive bitmap signature to tell the parent about execv()
|
/* Use a distinctive bitmap signature to tell the parent about execv()
|
||||||
@ -567,6 +571,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!be_quiet) { ACTF("Using AFL++ faux forkserver..."); }
|
||||||
fsrv->init_child_func = afl_fauxsrv_execv;
|
fsrv->init_child_func = afl_fauxsrv_execv;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2818,7 +2818,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
|
|||||||
OKF(cPIN "Persistent mode binary detected.");
|
OKF(cPIN "Persistent mode binary detected.");
|
||||||
setenv(PERSIST_ENV_VAR, "1", 1);
|
setenv(PERSIST_ENV_VAR, "1", 1);
|
||||||
afl->persistent_mode = 1;
|
afl->persistent_mode = 1;
|
||||||
|
afl->fsrv.persistent_mode = 1;
|
||||||
afl->shmem_testcase_mode = 1;
|
afl->shmem_testcase_mode = 1;
|
||||||
|
|
||||||
} else if (getenv("AFL_PERSISTENT")) {
|
} else if (getenv("AFL_PERSISTENT")) {
|
||||||
@ -2830,7 +2830,6 @@ void check_binary(afl_state_t *afl, u8 *fname) {
|
|||||||
OKF("FRIDA Persistent mode configuration options detected.");
|
OKF("FRIDA Persistent mode configuration options detected.");
|
||||||
setenv(PERSIST_ENV_VAR, "1", 1);
|
setenv(PERSIST_ENV_VAR, "1", 1);
|
||||||
afl->persistent_mode = 1;
|
afl->persistent_mode = 1;
|
||||||
|
|
||||||
afl->shmem_testcase_mode = 1;
|
afl->shmem_testcase_mode = 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -198,7 +198,7 @@ static void usage(u8 *argv0, int more_help) {
|
|||||||
" -I command - execute this command/script when a new crash is "
|
" -I command - execute this command/script when a new crash is "
|
||||||
"found\n"
|
"found\n"
|
||||||
//" -B bitmap.txt - mutate a specific test case, use the
|
//" -B bitmap.txt - mutate a specific test case, use the
|
||||||
//out/default/fuzz_bitmap file\n"
|
// out/default/fuzz_bitmap file\n"
|
||||||
" -C - crash exploration mode (the peruvian rabbit thing)\n"
|
" -C - crash exploration mode (the peruvian rabbit thing)\n"
|
||||||
" -b cpu_id - bind the fuzzing process to the specified CPU core "
|
" -b cpu_id - bind the fuzzing process to the specified CPU core "
|
||||||
"(0-...)\n"
|
"(0-...)\n"
|
||||||
@ -1897,6 +1897,17 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
|
|
||||||
check_binary(afl, argv[optind]);
|
check_binary(afl, argv[optind]);
|
||||||
|
|
||||||
|
if (getenv(PERSIST_ENV_VAR) && !afl->persistent_mode) {
|
||||||
|
|
||||||
|
WARNF(
|
||||||
|
"Persistent mode environment variable detected, forcing persitent "
|
||||||
|
"mode!");
|
||||||
|
afl->persistent_mode = 1;
|
||||||
|
afl->fsrv.persistent_mode = 1;
|
||||||
|
afl->shmem_testcase_mode = 1;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef AFL_PERSISTENT_RECORD
|
#ifdef AFL_PERSISTENT_RECORD
|
||||||
if (unlikely(afl->fsrv.persistent_record)) {
|
if (unlikely(afl->fsrv.persistent_record)) {
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user