Merge pull request #1164 from WorksButNotTested/fix

Fix

frida_mode/GNUmakefile

@@ -103,7 +103,7 @@ ifndef OS
  $(error "Operating system unsupported")
 endif
 
-GUM_DEVKIT_VERSION=15.1.10
+GUM_DEVKIT_VERSION=15.1.11
 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz
 GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)"
 

frida_mode/include/asan.h

@@ -9,6 +9,7 @@ void asan_config(void);
 void asan_init(void);
 void asan_arch_init(void);
 void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator);
+void asan_exclude_module_by_symbol(gchar *symbol_name);
 
 #endif
 

frida_mode/src/asan/asan.c

@@ -1,6 +1,7 @@
 #include "frida-gumjs.h"
 
 #include "asan.h"
+#include "ranges.h"
 #include "util.h"
 
 static gboolean asan_enabled = FALSE;
@@ -32,3 +33,34 @@ void asan_init(void) {
 
 }
 
+gboolean asan_exclude_range(const GumRangeDetails *details,
+                            gpointer               user_data) {
+
+  UNUSED_PARAMETER(user_data);
+
+  FOKF("Exclude ASAN: 0x%016lx-0x%016lx", details->range->base_address,
+       details->range->base_address + details->range->size);
+
+  ranges_add_exclude((GumMemoryRange *)details->range);
+
+}
+
+static gboolean asan_exclude_module(const GumModuleDetails *details,
+                                    gpointer                user_data) {
+
+  gchar *    symbol_name = (gchar *)user_data;
+  GumAddress address;
+
+  address = gum_module_find_export_by_name(details->name, symbol_name);
+  if (address == 0) { return TRUE; }
+
+  gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, asan_exclude_range, NULL);
+
+}
+
+void asan_exclude_module_by_symbol(gchar *symbol_name) {
+
+  gum_process_enumerate_modules(asan_exclude_module, "__asan_loadN");
+
+}
+

frida_mode/src/asan/asan_arm64.c

@@ -88,6 +88,8 @@ void asan_arch_init(void) {
 
   }
 
+  asan_exclude_module_by_symbol("__asan_loadN");
+
 }
 
 #endif

frida_mode/src/asan/asan_x64.c

@@ -85,6 +85,8 @@ void asan_arch_init(void) {
 
   }
 
+  asan_exclude_module_by_symbol("__asan_loadN");
+
 }
 
 #endif

frida_mode/src/asan/asan_x86.c

@@ -85,6 +85,8 @@ void asan_arch_init(void) {
 
   }
 
+  asan_exclude_module_by_symbol("__asan_loadN");
+
 }
 
 #endif

frida_mode/src/cmplog/cmplog.c

@@ -33,8 +33,22 @@ static gboolean cmplog_range(const GumRangeDetails *details,
 
 static gint cmplog_sort(gconstpointer a, gconstpointer b) {
 
-  return ((GumMemoryRange *)b)->base_address -
-         ((GumMemoryRange *)a)->base_address;
+  GumMemoryRange *ra = (GumMemoryRange *)a;
+  GumMemoryRange *rb = (GumMemoryRange *)b;
+
+  if (ra->base_address < rb->base_address) {
+
+    return -1;
+
+  } else if (ra->base_address > rb->base_address) {
+
+    return 1;
+
+  } else {
+
+    return 0;
+
+  }
 
 }
 

frida_mode/src/js/js_api.c

@@ -11,6 +11,10 @@
 #include "stats.h"
 #include "util.h"
 
+typedef uint8_t u8;
+
+extern void __afl_set_persistent_mode(u8 mode);
+
 __attribute__((visibility("default"))) void js_api_done() {
 
   js_done = TRUE;
@@ -47,13 +51,7 @@ __attribute__((visibility("default"))) void js_api_set_persistent_address(
 
   persistent_start = GPOINTER_TO_SIZE(address);
 
-  if (getenv("__AFL_PERSISTENT") == NULL) {
-
-    FATAL(
-        "You must set __AFL_PERSISTENT manually if using persistent mode "
-        "configured using JS");
-
-  }
+  __afl_set_persistent_mode(1);
 
 }
 

frida_mode/src/ranges.c

@@ -166,8 +166,22 @@ static void convert_token(gchar *token, GumMemoryRange *range) {
 
 gint range_sort(gconstpointer a, gconstpointer b) {
 
-  return ((GumMemoryRange *)a)->base_address -
-         ((GumMemoryRange *)b)->base_address;
+  GumMemoryRange *ra = (GumMemoryRange *)a;
+  GumMemoryRange *rb = (GumMemoryRange *)b;
+
+  if (ra->base_address < rb->base_address) {
+
+    return -1;
+
+  } else if (ra->base_address > rb->base_address) {
+
+    return 1;
+
+  } else {
+
+    return 0;
+
+  }
 
 }
 
@@ -249,7 +263,7 @@ static void check_for_overlaps(GArray *array) {
     GumAddress      curr_limit = curr->base_address + curr->size;
     if (prev_limit > curr->base_address) {
 
-      FFATAL("OVerlapping ranges 0x%016" G_GINT64_MODIFIER
+      FFATAL("Overlapping ranges 0x%016" G_GINT64_MODIFIER
              "x-0x%016" G_GINT64_MODIFIER "x 0x%016" G_GINT64_MODIFIER
              "x-0x%016" G_GINT64_MODIFIER "x",
              prev->base_address, prev_limit, curr->base_address, curr_limit);

frida_mode/src/stalker.c

@@ -111,10 +111,23 @@ void stalker_init(void) {
   }
 
 #endif
-
   if (stalker_ic_entries == 0) { stalker_ic_entries = 32; }
 
-  if (stalker_adjacent_blocks == 0) { stalker_adjacent_blocks = 32; }
+  if (instrument_coverage_filename == NULL) {
+
+    if (stalker_adjacent_blocks == 0) { stalker_adjacent_blocks = 32; }
+
+  } else {
+
+    if (stalker_adjacent_blocks != 0) {
+
+      FFATAL(
+          "AFL_FRIDA_STALKER_ADJACENT_BLOCKS and AFL_FRIDA_INST_COVERAGE_FILE "
+          "are incompatible");
+
+    }
+
+  }
 
 #if defined(__x86_64__) || defined(__i386__)
   stalker = g_object_new(GUM_TYPE_STALKER, "ic-entries", stalker_ic_entries,

frida_mode/test/png/persistent/hook/GNUmakefile

@@ -144,7 +144,6 @@ frida_entry_slow: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $
 
 frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR)
 	AFL_PRELOAD=$(AFL_PRELOAD) \
-	__AFL_PERSISTENT=1 \
 	AFL_FRIDA_JS_SCRIPT=load.js \
 	$(ROOT)afl-fuzz \
 		-D \

instrumentation/afl-compiler-rt.o.c

@@ -1904,8 +1904,7 @@ void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u64 len) {
   if (unlikely(!len)) return;
   int l = MIN(31, len);
 
-  if ((l = area_is_valid(ptr1, l)) <= 0 ||
-      (l = area_is_valid(ptr2, l)) <= 0)
+  if ((l = area_is_valid(ptr1, l)) <= 0 || (l = area_is_valid(ptr2, l)) <= 0)
     return;
 
   // fprintf(stderr, "RTN2 %u\n", l);
@@ -2247,5 +2246,11 @@ void __afl_coverage_interesting(u8 val, u32 id) {
 
 }
 
+void __afl_set_persistent_mode(u8 mode) {
+
+  is_persistent = mode;
+
+}
+
 #undef write_error