SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert FridaInstrumentationHelper changes (#1062)

Browse Source 
* Revert "Send stability in calibration stage & FridaInstrumentationHelper retunrs Result<Self, Error> (#1056)"

This reverts commit 4d78878c02846b2c0a49686cd05cccadd2b0ac72.

* fux

* poc

* revert
This commit is contained in:
Dongjia "toka" Zhang 2023-02-13 10:02:26 +09:00 committed by GitHub
parent 4d78878c02
commit a74e5da268
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fuzzers/frida_gdiplus/src/fuzzer.rs
View File

@ -102,10 +102,10 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
#[cfg(unix)] #[cfg(unix)]
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan));
#[cfg(windows)] #[cfg(windows)]
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage));
// Create an observation channel using the coverage map // Create an observation channel using the coverage map
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@ -221,7 +221,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
let cmplog = CmpLogRuntime::new(); let cmplog = CmpLogRuntime::new();
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog));
// Create an observation channel using the coverage map // Create an observation channel using the coverage map
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@ -351,7 +351,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
let coverage = CoverageRuntime::new(); let coverage = CoverageRuntime::new();
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage));
// Create an observation channel using the coverage map // Create an observation channel using the coverage map
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(

8
fuzzers/frida_libpng/src/fuzzer.rs
View File

@ -99,10 +99,10 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
#[cfg(unix)] #[cfg(unix)]
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan));
#[cfg(windows)] #[cfg(windows)]
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage))?; FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage));
// Create an observation channel using the coverage map // Create an observation channel using the coverage map
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@ -219,7 +219,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
let cmplog = CmpLogRuntime::new(); let cmplog = CmpLogRuntime::new();
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog));
// Create an observation channel using the coverage map // Create an observation channel using the coverage map
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@ -349,7 +349,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
let coverage = CoverageRuntime::new(); let coverage = CoverageRuntime::new();
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?; FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage));
// Create an observation channel using the coverage map // Create an observation channel using the coverage map
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(

19
libafl_frida/src/helper.rs
View File

@ -165,7 +165,8 @@ where
{ {
/// Constructor function to create a new [`FridaInstrumentationHelper`], given a `module_name`. /// Constructor function to create a new [`FridaInstrumentationHelper`], given a `module_name`.
#[allow(clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
pub fn new(gum: &'a Gum, options: &'a FuzzerOptions, runtimes: RT) -> Result<Self, Error> { #[must_use]
pub fn new(gum: &'a Gum, options: &'a FuzzerOptions, runtimes: RT) -> Self {
// workaround frida's frida-gum-allocate-near bug: // workaround frida's frida-gum-allocate-near bug:
#[cfg(unix)] #[cfg(unix)]
unsafe { unsafe {
@ -178,8 +179,7 @@ where
-1, -1,
0, 0,
) )
.map_err(|_| Error::unknown("Failed to map dummy regions for frida workaround"))?; .expect("Failed to map dummy regions for frida workaround");
mmap( mmap(
None, None,
std::num::NonZeroUsize::new_unchecked(4 * 1024 * 1024), std::num::NonZeroUsize::new_unchecked(4 * 1024 * 1024),
@ -188,14 +188,14 @@ where
-1, -1,
0, 0,
) )
.map_err(|_| Error::unknown("Failed to map dummy regions for frida workaround"))?; .expect("Failed to map dummy regions for frida workaround");
} }
} }
let mut modules_to_instrument = vec![options let mut modules_to_instrument = vec![options
.harness .harness
.as_ref() .as_ref()
.ok_or_else(|| Error::unknown("No modueles to instrument"))? .unwrap()
.to_string_lossy() .to_string_lossy()
.to_string()]; .to_string()];
modules_to_instrument.append(&mut options.libs_to_instrument.clone()); modules_to_instrument.append(&mut options.libs_to_instrument.clone());
@ -209,14 +209,14 @@ where
.mode(arch::arm64::ArchMode::Arm) .mode(arch::arm64::ArchMode::Arm)
.detail(true) .detail(true)
.build() .build()
.map_err(|_| Error::unknown("Failed to create Capstone object"))?, .expect("Failed to create Capstone object"),
#[cfg(all(target_arch = "x86_64", unix))] #[cfg(all(target_arch = "x86_64", unix))]
capstone: Capstone::new() capstone: Capstone::new()
.x86() .x86()
.mode(arch::x86::ArchMode::Mode64) .mode(arch::x86::ArchMode::Mode64)
.detail(true) .detail(true)
.build() .build()
.map_err(|_| Error::unknown("Failed to create Capstone object"))?, .expect("Failed to create Capstone object"),
ranges: RangeMap::new(), ranges: RangeMap::new(),
module_map: ModuleMap::new_from_names(gum, &modules_to_instrument), module_map: ModuleMap::new_from_names(gum, &modules_to_instrument),
options, options,
@ -235,8 +235,7 @@ where
} }
if !options.dont_instrument.is_empty() { if !options.dont_instrument.is_empty() {
for (module_name, offset) in options.dont_instrument.clone() { for (module_name, offset) in options.dont_instrument.clone() {
let module_details = ModuleDetails::with_name(module_name.clone()) let module_details = ModuleDetails::with_name(module_name).unwrap();
.ok_or_else(|| Error::unknown("Module {module_name} not found"))?;
let lib_start = module_details.range().base_address().0 as usize; let lib_start = module_details.range().base_address().0 as usize;
// println!("removing address: {:#x}", lib_start + offset); // println!("removing address: {:#x}", lib_start + offset);
helper helper
@ -366,7 +365,7 @@ where
helper.transformer = Some(transformer); helper.transformer = Some(transformer);
Ok(helper) helper
} }
/// Return the runtime /// Return the runtime