SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(libafl_frida): correctly calculate the coverage using DrCov (#1579)

Browse Source
This commit is contained in:
Abc Xyz 2023-10-01 16:11:46 +03:00 committed by GitHub
parent ee9eb3eef1
commit 5854fd0c5b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
libafl_frida/src/helper.rs
View File

@ -13,8 +13,6 @@ use capstone::{
}; };
#[cfg(unix)] #[cfg(unix)]
use frida_gum::instruction_writer::InstructionWriter; use frida_gum::instruction_writer::InstructionWriter;
#[cfg(unix)]
use frida_gum::CpuContext;
use frida_gum::{ use frida_gum::{
stalker::{StalkerIterator, StalkerOutput, Transformer}, stalker::{StalkerIterator, StalkerOutput, Transformer},
Gum, Module, ModuleDetails, ModuleMap, PageProtection, Gum, Module, ModuleDetails, ModuleMap, PageProtection,
@ -379,16 +377,6 @@ pub fn get_module_size(module_name: &str) -> usize {
code_size code_size
} }
#[cfg(target_arch = "aarch64")]
fn pc(context: &CpuContext) -> usize {
context.pc() as usize
}
#[cfg(all(target_arch = "x86_64", unix))]
fn pc(context: &CpuContext) -> usize {
context.rip() as usize
}
fn pathlist_contains_module<I, P>(list: I, module: &ModuleDetails) -> bool fn pathlist_contains_module<I, P>(list: I, module: &ModuleDetails) -> bool
where where
I: IntoIterator<Item = P>, I: IntoIterator<Item = P>,
@ -490,6 +478,8 @@ where
#[cfg(any(target_arch = "aarch64", all(target_arch = "x86_64", unix)))] capstone: &Capstone, #[cfg(any(target_arch = "aarch64", all(target_arch = "x86_64", unix)))] capstone: &Capstone,
) { ) {
let mut first = true; let mut first = true;
let mut basic_block_start = 0;
let mut basic_block_size = 0;
for instruction in basic_block { for instruction in basic_block {
let instr = instruction.instr(); let instr = instruction.instr();
#[cfg(unix)] #[cfg(unix)]
@ -511,16 +501,8 @@ where
} }
#[cfg(unix)] #[cfg(unix)]
if let Some(rt) = runtimes.match_first_type_mut::<DrCovRuntime>() { if let Some(_rt) = runtimes.match_first_type_mut::<DrCovRuntime>() {
instruction.put_callout(|context| { basic_block_start = address;
let real_address = rt.real_address_for_stalked(pc(&context));
//let (range, (id, name)) = helper.ranges.get_key_value(&real_address).unwrap();
//log::trace!("{}:0x{:016x}", name, real_address - range.start);
rt.drcov_basic_blocks.push(DrCovBasicBlock::new(
real_address,
real_address + instr_size,
));
});
} }
} }
@ -582,15 +564,22 @@ where
} }
#[cfg(unix)] #[cfg(unix)]
if let Some(rt) = runtimes.match_first_type_mut::<DrCovRuntime>() { if let Some(_rt) = runtimes.match_first_type_mut::<DrCovRuntime>() {
rt.add_stalked_address( basic_block_size += instr_size;
output.writer().pc() as usize - instr_size,
address as usize,
);
} }
} }
instruction.keep(); instruction.keep();
} }
#[cfg(unix)]
if basic_block_size != 0 {
if let Some(rt) = runtimes.borrow_mut().match_first_type_mut::<DrCovRuntime>() {
log::trace!("{basic_block_start:#016X}:{basic_block_size:X}");
rt.drcov_basic_blocks.push(DrCovBasicBlock::new(
basic_block_start as usize,
basic_block_start as usize + basic_block_size,
));
}
}
} }
/* /*