SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add cmplog_runtime as feature

Browse Source
This commit is contained in:
Omree 2021-06-09 12:01:39 +03:00
parent 5de4c9305e
commit 6f98bbe6cf
4 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/frida_libpng/Cargo.toml
View File

@ -24,7 +24,7 @@ which = "4.1"
libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public" ] } #, "llmp_small_maps", "llmp_debug"]}
capstone = "0.8.0"
frida-gum = { version = "0.5.2", features = [ "auto-download", "backtrace", "event-sink", "invocation-listener"] }
libafl_frida = { path = "../../libafl_frida", version = "0.3.2" }
libafl_frida = { path = "../../libafl_frida", version = "0.3.2", features = ["cmplog_runtime"] }
libafl_targets = { path = "../../libafl_targets", version = "0.3.2" , features = ["sancov_cmplog"] }
lazy_static = "1.4.0"
libc = "0.2"

5
libafl_frida/Cargo.toml
View File

@ -10,6 +10,11 @@ license = "MIT OR Apache-2.0"
keywords = ["fuzzing", "frida", "instrumentation"]
edition = "2018"
[features]
default = []
cmplog_runtime = []
[build-dependencies]
cc = { version = "1.0", features = ["parallel"] }

16
libafl_frida/src/helper.rs
View File

@ -33,8 +33,12 @@ use rangemap::RangeMap;
use nix::sys::mman::{mmap, MapFlags, ProtFlags};
use crate::{asan_rt::AsanRuntime, cmplog_rt::CmpLogRuntime, FridaOptions};
use crate::{asan_rt::AsanRuntime, FridaOptions};
#[cfg(feature = "cmplog_runtime")]
use crate::cmplog_rt::CmpLogRuntime;
#[cfg(feature = "cmplog_runtime")]
enum CmplogOperandType {
Regid(capstone::RegId),
Imm(u64),
@ -85,6 +89,7 @@ pub struct FridaInstrumentationHelper<'a> {
#[cfg(target_arch = "aarch64")]
capstone: Capstone,
asan_runtime: AsanRuntime,
#[cfg(all(feature = "cmplog_runtime"))]
cmplog_runtime: CmpLogRuntime,
ranges: RangeMap<usize, (u16, String)>,
module_map: ModuleMap,
@ -271,6 +276,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
.build()
.expect("Failed to create Capstone object"),
asan_runtime: AsanRuntime::new(options.clone()),
#[cfg(all(feature = "cmplog_runtime"))]
cmplog_runtime: CmpLogRuntime::new(),
ranges: RangeMap::new(),
module_map: ModuleMap::new_from_names(modules_to_instrument),
@ -348,11 +354,10 @@ impl<'a> FridaInstrumentationHelper<'a> {
);
}
}
if helper.options().cmplog_enabled() {
#[cfg(not(target_arch = "aarch64"))]
todo!("Implement cmplog for non-aarch64 targets");
#[cfg(target_arch = "aarch64")]
#[cfg(all(feature = "cmplog_runtime", target_arch = "aarch64"))]
// check if this instruction is a compare instruction and if so save the registers values
if let Ok((op1, op2)) =
helper.is_interesting_cmplog_instruction(address, instr)
@ -377,6 +382,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
if helper.options().asan_enabled() || helper.options().drcov_enabled() {
helper.asan_runtime.init(gum, modules_to_instrument);
}
#[cfg(all(feature = "cmplog_runtime"))]
if helper.options.cmplog_enabled() {
helper.cmplog_runtime.init();
}
@ -395,7 +401,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
Aarch64Register::from_u32(regint as u32).unwrap()
}
#[cfg(target_arch = "aarch64")]
#[cfg(all(feature = "cmplog_runtime", target_arch = "aarch64"))]
#[inline]
fn emit_comparison_handling(
&self,
@ -1027,7 +1033,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
Err(())
}
#[cfg(target_arch = "aarch64")]
#[cfg(all(feature = "cmplog_runtime", target_arch = "aarch64"))]
#[inline]
fn is_interesting_cmplog_instruction(
&self,

1
libafl_frida/src/lib.rs
View File

@ -10,6 +10,7 @@ pub mod asan_errors;
/// The frida address sanitizer runtime
pub mod asan_rt;
#[cfg(all(feature = "cmplog_runtime"))]
/// The frida cmplog runtime
pub mod cmplog_rt;