Allow the FridaInProcessExecutor to attach Stalker on specific thread (#1256)

* feat: support specify thread id for frida stalker

* fix: thread_id type

* fix: use official repo for frida-gum

* Merged

* Added back missing bolts

---------

Co-authored-by: Dominik Maier <domenukk@gmail.com>

libafl_frida/Cargo.toml

@@ -9,7 +9,13 @@ readme = "../README.md"
 license = "MIT OR Apache-2.0"
 keywords = ["fuzzing", "frida", "instrumentation"]
 edition = "2021"
-categories = ["development-tools::testing", "emulators", "embedded", "os", "no-std"]
+categories = [
+    "development-tools::testing",
+    "emulators",
+    "embedded",
+    "os",
+    "no-std"
+]
 
 [features]
 default = ["serdeany_autoreg"]
@@ -20,22 +26,45 @@ serdeany_autoreg = ["libafl_bolts/serdeany_autoreg"]
 cc = { version = "1.0", features = ["parallel"] }
 
 [dependencies]
-libafl = { path = "../libafl", default-features = false, version = "0.10.1", features = ["std", "derive", "frida_cli"] }
+libafl = { path = "../libafl", default-features = false, version = "0.10.1", features = [
-libafl_bolts = { path = "../libafl_bolts", version = "0.10.1", default-features = false, features = ["std", "derive", "frida_cli"] }
+    "std",
-libafl_targets = { path = "../libafl_targets", version = "0.10.1", features = ["std", "sancov_cmplog"] }
+    "derive",
+    "frida_cli",
+] }
+libafl_bolts = { path = "../libafl_bolts", version = "0.10.1", default-features = false, features = [
+    "std",
+    "derive",
+    "frida_cli"
+] }
+libafl_targets = { path = "../libafl_targets", version = "0.10.1", features = [
+    "std",
+    "sancov_cmplog",
+] }
 
 nix = "0.26"
 libc = "0.2"
 hashbrown = "0.14"
 rangemap = "1.3"
-frida-gum-sys = { version = "0.8.1", features = [ "auto-download", "event-sink", "invocation-listener"] }
+frida-gum-sys = { version = "0.8.1", features = [
-frida-gum = { version = "0.13.2", features = [ "auto-download", "event-sink", "invocation-listener", "module-names"] }
+    "auto-download",
+    "event-sink",
+    "invocation-listener",
+] }
+frida-gum = { version = "0.13.2", features = [
+    "auto-download",
+    "event-sink",
+    "invocation-listener",
+    "module-names",
+] }
 dynasmrt = "2"
 capstone = "0.11.0"
 color-backtrace = { version = "0.5", features = ["resolve-modules"] }
 termcolor = "1.1.3"
 serde = "1.0"
-backtrace = { version = "0.3", default-features = false, features = ["std", "serde"] }
+backtrace = { version = "0.3", default-features = false, features = [
+    "std",
+    "serde",
+] }
 num-traits = "0.2"
 ahash = "0.8"
 paste = "1.0"

libafl_frida/src/executor.rs

@@ -34,6 +34,8 @@ where
     'a: 'b,
 {
     base: InProcessExecutor<'a, H, OT, S>,
+    // thread_id for the Stalker
+    thread_id: usize,
     /// Frida's dynamic rewriting engine
     stalker: Stalker<'a>,
     /// User provided callback for instrumentation
@@ -85,7 +87,8 @@ where
             } else {
                 self.followed = true;
                 let transformer = self.helper.transformer();
-                self.stalker.follow_me::<NoneEventSink>(transformer, None);
+                self.stalker
+                    .follow::<NoneEventSink>(self.thread_id, transformer, None);
             }
         }
         let res = self.base.run_target(fuzzer, state, mgr, input);
@@ -154,6 +157,7 @@ where
     pub fn new(
         gum: &'a Gum,
         base: InProcessExecutor<'a, H, OT, S>,
+        thread_id: usize,
         helper: &'c mut FridaInstrumentationHelper<'b, RT>,
     ) -> Self {
         let mut stalker = Stalker::new(gum);
@@ -187,6 +191,7 @@ where
 
         Self {
             base,
+            thread_id,
             stalker,
             helper,
             followed: false,