Cmplog instrumentation (#382)

* add support for cbz/tbz * remove unecessary print * implemented support for tbz * add support for tbnz * fix an error in the emitted code for both tbz/tbnz * add support for cbnz * fix error in logic * add special handling to "subs" * add restoration for X5 for tbz/tbnz * add "adds" support * add special handling for different opcodes * add support for cbz/tbz * remove unecessary print * implemented support for tbz * add support for tbnz * fix an error in the emitted code for both tbz/tbnz * add support for cbnz * fix error in logic * add special handling to "subs" * add restoration for X5 for tbz/tbnz * add "adds" support * add special handling for different opcodes * add adcs to cmplog commands * get rid of irrelevant allocations * add flag restoration to cmplog instrumentation emitted code * add restoration for x24 * save and restore all registers
2021-11-17 19:22:37 +02:00 · 2021-11-17 19:22:37 +02:00 · 751330e8ee
commit 751330e8ee
parent e978b4f281
2 changed files with 20 additions and 5 deletions
--- a/libafl_frida/src/cmplog_rt.rs
+++ b/libafl_frida/src/cmplog_rt.rs
@ -52,15 +52,31 @@ impl CmpLogRuntime {
                ; stp x10, x11, [sp, #-0x10]!
                ; stp x12, x13, [sp, #-0x10]!
                ; stp x14, x15, [sp, #-0x10]!
-                ; stp x29, x30, [sp, #-0x10]!
-              // jump to rust based population of the lists
+                ; stp x16, x17, [sp, #-0x10]!
+                ; stp x18, x19, [sp, #-0x10]!
+                ; stp x20, x21, [sp, #-0x10]!
+                ; stp x22, x23, [sp, #-0x10]!
+                ; stp x24, x25, [sp, #-0x10]!
+                ; stp x26, x27, [sp, #-0x10]!
+                ; stp x28, x29, [sp, #-0x10]!
+                ; stp x30, xzr, [sp, #-0x10]!
+                ; .dword 0xd53b4218u32 as i32 // mrs x24, nzcv
+                // jump to rust based population of the lists
                ; mov x2, x0
                ; adr x3, >done
                ; ldr x4, >populate_lists
                ; ldr x0, >self_addr
                ; blr x4
                // restore the reg state before returning to the caller
-                ; ldp x29, x30, [sp], #0x10
+                ; .dword 0xd51b4218u32 as i32 // msr nzcv, x24
+                ; ldp x30, xzr, [sp], #0x10
+                ; ldp x28, x29, [sp], #0x10
+                ; ldp x26, x27, [sp], #0x10
+                ; ldp x24, x25, [sp], #0x10
+                ; ldp x22, x23, [sp], #0x10
+                ; ldp x20, x21, [sp], #0x10
+                ; ldp x18, x19, [sp], #0x10
+                ; ldp x16, x17, [sp], #0x10
                ; ldp x14, x15, [sp], #0x10
                ; ldp x12, x13, [sp], #0x10
                ; ldp x10, x11, [sp], #0x10
--- a/libafl_frida/src/helper.rs
+++ b/libafl_frida/src/helper.rs
@ -64,13 +64,12 @@ enum CmplogOperandType {
    Mem(capstone::RegId, capstone::RegId, i32, u32),
 }

-#[cfg(all(feature = "cmplog", target_arch = "aarch64"))]
 enum SpecialCmpLogCase {
    Tbz,
    Tbnz,
 }

-#[cfg(target_vendor = "apple")]
+#[cfg(any(target_vendor = "apple"))]
 const ANONYMOUS_FLAG: MapFlags = MapFlags::MAP_ANON;
 #[cfg(not(any(target_vendor = "apple", target_os = "windows")))]
 const ANONYMOUS_FLAG: MapFlags = MapFlags::MAP_ANONYMOUS;