ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for FRIDA mode

Browse Source
This commit is contained in:
Your Name
2021-03-18 09:11:00 +00:00
parent 7dc4847869
commit e1384b5086
22 changed files with 1668 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/afl-analyze.c
View File

@ -83,6 +83,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */
child_timed_out; /* Child timed out? */
static u8 *target_path;
static u8 frida_mode;
static u8 qemu_mode;
static u32 map_size = MAP_SIZE;
@ -717,9 +718,11 @@ static void handle_stop_sig(int sig) {
/* Do basic preparations - persistent fds, filenames, etc. */
static void set_up_environment(void) {
static void set_up_environment(char **argv) {
u8 *x;
u8 * x;
char *afl_preload;
char *frida_afl_preload = NULL;
dev_null_fd = open("/dev/null", O_RDWR);
if (dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); }
@ -824,6 +827,26 @@ static void set_up_environment(void) {
/* afl-qemu-trace takes care of converting AFL_PRELOAD. */
} else if (frida_mode) {
afl_preload = getenv("AFL_PRELOAD");
u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
if (afl_preload) {
frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary);
} else {
frida_afl_preload = alloc_printf("%s", frida_binary);
}
ck_free(frida_binary);
OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload);
setenv("LD_PRELOAD", frida_afl_preload, 1);
setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1);
} else {
setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1);
@ -831,8 +854,18 @@ static void set_up_environment(void) {
}
} else if (frida_mode) {
u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
setenv("LD_PRELOAD", frida_binary, 1);
setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1);
OKF("Frida Mode setting LD_PRELOAD %s", frida_binary);
ck_free(frida_binary);
}
if (frida_afl_preload) { ck_free(frida_afl_preload); }
}
/* Setup signal handlers, duh. */
@ -872,6 +905,7 @@ static void usage(u8 *argv0) {
" -f file - input file read by the tested program (stdin)\n"
" -t msec - timeout for each run (%u ms)\n"
" -m megs - memory limit for child process (%u MB)\n"
" -O - use binary-only instrumentation (FRIDA mode)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine "
@ -914,7 +948,7 @@ int main(int argc, char **argv_orig, char **envp) {
SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n");
while ((opt = getopt(argc, argv, "+i:f:m:t:eQUWh")) > 0) {
while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) {
switch (opt) {
@ -1008,6 +1042,14 @@ int main(int argc, char **argv_orig, char **envp) {
break;
case 'O': /* FRIDA mode */
if (frida_mode) { FATAL("Multiple -O options not supported"); }
frida_mode = 1;
break;
case 'Q':
if (qemu_mode) { FATAL("Multiple -Q options not supported"); }
@ -1062,7 +1104,7 @@ int main(int argc, char **argv_orig, char **envp) {
atexit(at_exit_handler);
setup_signal_handlers();
set_up_environment();
set_up_environment(argv);
target_path = find_binary(argv[optind]);
detect_file_args(argv + optind, prog_in, &use_stdin);