mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-17 04:18:06 +00:00
add Nyx support in various tools (like afl-cmin)
This commit is contained in:
Sergej Schumilo
@ -434,6 +434,20 @@ static u32 read_file(u8 *in_file) {
|
||||
|
||||
}
|
||||
|
||||
#ifdef __linux__
|
||||
/* Execute the target application with an empty input (in Nyx mode). */
|
||||
static void showmap_run_target_nyx_mode(afl_forkserver_t *fsrv) {
|
||||
|
||||
afl_fsrv_write_to_testcase(fsrv, NULL, 0);
|
||||
|
||||
if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon) ==
|
||||
FSRV_RUN_ERROR) {
|
||||
|
||||
FATAL("Error running target in Nyx mode");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Execute target application. */
|
||||
|
||||
static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
|
||||
@ -797,6 +811,7 @@ static void usage(u8 *argv0) {
|
||||
" -W - use qemu-based instrumentation with Wine (Wine mode)\n"
|
||||
" (Not necessary, here for consistency with other afl-* "
|
||||
"tools)\n"
|
||||
" -X - use Nyx mode\n"
|
||||
#endif
|
||||
"\n"
|
||||
"Other settings:\n"
|
||||
@ -875,7 +890,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
if (getenv("AFL_QUIET") != NULL) { be_quiet = true; }
|
||||
|
||||
while ((opt = getopt(argc, argv, "+i:o:f:m:t:AeqCZOH:QUWbcrsh")) > 0) {
|
||||
while ((opt = getopt(argc, argv, "+i:o:f:m:t:AeqCZOH:QUWbcrshX")) > 0) {
|
||||
|
||||
switch (opt) {
|
||||
|
||||
@ -1063,6 +1078,22 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
break;
|
||||
|
||||
#ifdef __linux__
|
||||
case 'X': /* NYX mode */
|
||||
|
||||
if (fsrv->nyx_mode) { FATAL("Multiple -X options not supported"); }
|
||||
|
||||
fsrv->nyx_mode = 1;
|
||||
fsrv->nyx_parent = true;
|
||||
fsrv->nyx_standalone = true;
|
||||
|
||||
break;
|
||||
#else
|
||||
case 'X':
|
||||
FATAL("Nyx mode is only availabe on linux...");
|
||||
break;
|
||||
#endif
|
||||
|
||||
case 'b':
|
||||
|
||||
/* Secret undocumented mode. Writes output in raw binary format
|
||||
@ -1134,7 +1165,17 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
set_up_environment(fsrv, argv);
|
||||
|
||||
#ifdef __linux__
|
||||
if(!fsrv->nyx_mode){
|
||||
fsrv->target_path = find_binary(argv[optind]);
|
||||
}
|
||||
else{
|
||||
fsrv->target_path = ck_strdup(argv[optind]);
|
||||
}
|
||||
#else
|
||||
fsrv->target_path = find_binary(argv[optind]);
|
||||
#endif
|
||||
|
||||
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
|
||||
|
||||
if (!quiet_mode) {
|
||||
@ -1190,6 +1231,26 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
use_argv =
|
||||
get_cs_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind);
|
||||
|
||||
#ifdef __linux__
|
||||
} else if (fsrv->nyx_mode) {
|
||||
|
||||
use_argv = ck_alloc(sizeof(char *) * (1));
|
||||
use_argv[0] = argv[0];
|
||||
|
||||
fsrv->nyx_id = 0;
|
||||
|
||||
u8 *libnyx_binary = find_afl_binary(use_argv[0], "libnyx.so");
|
||||
fsrv->nyx_handlers = afl_load_libnyx_plugin(libnyx_binary);
|
||||
if (fsrv->nyx_handlers == NULL) {
|
||||
|
||||
FATAL("failed to initialize libnyx.so...");
|
||||
|
||||
}
|
||||
|
||||
fsrv->out_dir_path = create_nyx_tmp_workdir();
|
||||
fsrv->nyx_bind_cpu_id = 0;
|
||||
#endif
|
||||
|
||||
} else {
|
||||
|
||||
use_argv = argv + optind;
|
||||
@ -1226,7 +1287,13 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
}
|
||||
|
||||
#ifdef __linux__
|
||||
if(!fsrv->nyx_mode && in_dir){
|
||||
(void)check_binary_signatures(fsrv->target_path);
|
||||
}
|
||||
#else
|
||||
if (in_dir) { (void)check_binary_signatures(fsrv->target_path); }
|
||||
#endif
|
||||
|
||||
shm_fuzz = ck_alloc(sizeof(sharedmem_t));
|
||||
|
||||
@ -1247,7 +1314,13 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
fsrv->shmem_fuzz = map + sizeof(u32);
|
||||
|
||||
configure_afl_kill_signals(
|
||||
fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM);
|
||||
fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode
|
||||
#ifdef __linux__
|
||||
|| fsrv->nyx_mode
|
||||
#endif
|
||||
)
|
||||
? SIGKILL
|
||||
: SIGTERM);
|
||||
|
||||
if (!fsrv->cs_mode && !fsrv->qemu_mode && !unicorn_mode) {
|
||||
|
||||
@ -1370,6 +1443,12 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
if (execute_testcases(in_dir) == 0) {
|
||||
|
||||
#ifdef __linux__
|
||||
if (fsrv->nyx_mode) {
|
||||
remove_nyx_tmp_workdir(fsrv->out_dir_path);
|
||||
fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner);
|
||||
}
|
||||
#endif
|
||||
FATAL("could not read input testcases from %s", in_dir);
|
||||
|
||||
}
|
||||
@ -1390,7 +1469,15 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
|
||||
shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
|
||||
|
||||
showmap_run_target(fsrv, use_argv);
|
||||
#ifdef __linux__
|
||||
if(!fsrv->nyx_mode){
|
||||
#endif
|
||||
showmap_run_target(fsrv, use_argv);
|
||||
#ifdef __linux__
|
||||
} else {
|
||||
showmap_run_target_nyx_mode(fsrv);
|
||||
}
|
||||
#endif
|
||||
tcnt = write_results_to_file(fsrv, out_file);
|
||||
if (!quiet_mode) {
|
||||
|
||||
@ -1441,6 +1528,12 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
if (fsrv->target_path) { ck_free(fsrv->target_path); }
|
||||
|
||||
#ifdef __linux__
|
||||
if (fsrv->nyx_mode) {
|
||||
remove_nyx_tmp_workdir(fsrv->out_dir_path);
|
||||
}
|
||||
#endif
|
||||
|
||||
afl_fsrv_deinit(fsrv);
|
||||
|
||||
if (stdin_file) { ck_free(stdin_file); }
|
||||
|
||||
Reference in New Issue
Block a user