SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

frida: bump version (#2640)

Browse Source 
* frida: bump version

* frida_windows: fix
This commit is contained in:
s1341 2024-10-30 13:31:40 +02:00 committed by GitHub
parent 83c87acd5b
commit af06d75d3e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 17 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/binary_only/frida_executable_libpng/Cargo.toml
View File

@ -25,7 +25,7 @@ libafl = { path = "../../../libafl", features = [
"frida_cli", "frida_cli",
] } #, "llmp_small_maps", "llmp_debug"]} ] } #, "llmp_small_maps", "llmp_debug"]}
libafl_bolts = { path = "../../../libafl_bolts" } libafl_bolts = { path = "../../../libafl_bolts" }
frida-gum = { version = "0.14.2", features = [ frida-gum = { version = "0.15.1", features = [
"auto-download", "auto-download",
"event-sink", "event-sink",
"invocation-listener", "invocation-listener",

2
fuzzers/binary_only/frida_libpng/Cargo.toml
View File

@ -26,7 +26,7 @@ libafl = { path = "../../../libafl", features = [
"errors_backtrace", "errors_backtrace",
] } #, "llmp_small_maps", "llmp_debug"]} ] } #, "llmp_small_maps", "llmp_debug"]}
libafl_bolts = { path = "../../../libafl_bolts" } libafl_bolts = { path = "../../../libafl_bolts" }
frida-gum = { version = "0.14.2", features = [ frida-gum = { version = "0.15.1", features = [
"auto-download", "auto-download",
"event-sink", "event-sink",
"invocation-listener", "invocation-listener",

2
fuzzers/binary_only/frida_windows_gdiplus/Cargo.toml
View File

@ -23,7 +23,7 @@ libafl = { path = "../../../libafl", features = [
"errors_backtrace", "errors_backtrace",
] } #, "llmp_small_maps", "llmp_debug"]} ] } #, "llmp_small_maps", "llmp_debug"]}
libafl_bolts = { path = "../../../libafl_bolts" } libafl_bolts = { path = "../../../libafl_bolts" }
frida-gum = { version = "0.14.2", features = [ frida-gum = { version = "0.15.1", features = [
"auto-download", "auto-download",
"event-sink", "event-sink",
"invocation-listener", "invocation-listener",

4
libafl_frida/Cargo.toml
View File

@ -66,11 +66,11 @@ nix = { workspace = true, default-features = true, features = ["mman"] }
libc = { workspace = true } libc = { workspace = true }
hashbrown = { workspace = true, default-features = true } hashbrown = { workspace = true, default-features = true }
rangemap = { workspace = true } rangemap = { workspace = true }
frida-gum-sys = { version = "0.14.2", features = [ frida-gum-sys = { version = "0.15.1", features = [
"event-sink", "event-sink",
"invocation-listener", "invocation-listener",
] } ] }
frida-gum = { version = "0.14.2", features = [ frida-gum = { version = "0.15.1", features = [
"event-sink", "event-sink",
"invocation-listener", "invocation-listener",
"module-names", "module-names",

13
libafl_frida/src/asan/asan_rt.rs
View File

@ -476,13 +476,14 @@ impl AsanRuntime {
#[allow(clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
pub fn register_hooks(&mut self, gum: &Gum) { pub fn register_hooks(&mut self, gum: &Gum) {
let mut interceptor = Interceptor::obtain(gum); let mut interceptor = Interceptor::obtain(gum);
let module = Module::obtain(gum);
macro_rules! hook_func { macro_rules! hook_func {
//No library case //No library case
($name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => { ($name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => {
paste::paste! { paste::paste! {
log::trace!("Hooking {}", stringify!($name)); log::trace!("Hooking {}", stringify!($name));
let target_function = frida_gum::Module::find_export_by_name(None, stringify!($name)).expect("Failed to find function"); let target_function = module.find_export_by_name(None, stringify!($name)).expect("Failed to find function");
static [<$name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new(); static [<$name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
@ -522,7 +523,7 @@ impl AsanRuntime {
paste::paste! { paste::paste! {
log::trace!("Hooking {}:{}", $lib, stringify!($name)); log::trace!("Hooking {}:{}", $lib, stringify!($name));
let target_function = frida_gum::Module::find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function"); let target_function = module.find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function");
static [<$lib_ident:snake:upper _ $name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new(); static [<$lib_ident:snake:upper _ $name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
@ -564,7 +565,7 @@ impl AsanRuntime {
($name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => { ($name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => {
paste::paste! { paste::paste! {
log::trace!("Hooking {}", stringify!($name)); log::trace!("Hooking {}", stringify!($name));
let target_function = frida_gum::Module::find_export_by_name(None, stringify!($name)).expect("Failed to find function"); let target_function = module.find_export_by_name(None, stringify!($name)).expect("Failed to find function");
static [<$name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new(); static [<$name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
@ -604,7 +605,7 @@ impl AsanRuntime {
($lib:literal, $lib_ident:ident, $name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => { ($lib:literal, $lib_ident:ident, $name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => {
paste::paste! { paste::paste! {
log::trace!("Hooking {}:{}", $lib, stringify!($name)); log::trace!("Hooking {}:{}", $lib, stringify!($name));
let target_function = frida_gum::Module::find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function"); let target_function = module.find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function");
static [<$lib_ident:snake:upper _ $name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new(); static [<$lib_ident:snake:upper _ $name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
@ -693,7 +694,7 @@ impl AsanRuntime {
macro_rules! hook_heap_windows { macro_rules! hook_heap_windows {
($libname:literal, $lib_ident:ident) => { ($libname:literal, $lib_ident:ident) => {
log::info!("Hooking allocator functions in {}", $libname); log::info!("Hooking allocator functions in {}", $libname);
for export in Module::enumerate_exports($libname) { for export in module.enumerate_exports($libname) {
// log::trace!("- {}", export.name); // log::trace!("- {}", export.name);
match &export.name[..] { match &export.name[..] {
"NtGdiCreateCompatibleDC" => { "NtGdiCreateCompatibleDC" => {
@ -919,7 +920,7 @@ impl AsanRuntime {
macro_rules! hook_cpp { macro_rules! hook_cpp {
($libname:literal, $lib_ident:ident) => { ($libname:literal, $lib_ident:ident) => {
log::info!("Hooking c++ functions in {}", $libname); log::info!("Hooking c++ functions in {}", $libname);
for export in Module::enumerate_exports($libname) { for export in module.enumerate_exports($libname) {
match &export.name[..] { match &export.name[..] {
"_Znam" => { "_Znam" => {
hook_func!($libname, $lib_ident, _Znam, (size: usize), *mut c_void); hook_func!($libname, $lib_ident, _Znam, (size: usize), *mut c_void);

2
libafl_frida/src/executor.rs
View File

@ -187,7 +187,7 @@ where
// Include the current module (the fuzzer) in stalked ranges. We clone the ranges so that // Include the current module (the fuzzer) in stalked ranges. We clone the ranges so that
// we don't add it to the INSTRUMENTED ranges. // we don't add it to the INSTRUMENTED ranges.
let mut ranges = helper.ranges().clone(); let mut ranges = helper.ranges().clone();
for module in frida_gum::Module::enumerate_modules() { for module in frida_gum::Module::obtain(gum).enumerate_modules() {
if module.base_address < Self::new as usize if module.base_address < Self::new as usize
&& (Self::new as usize) < module.base_address + module.size && (Self::new as usize) < module.base_address + module.size
{ {

15
libafl_frida/src/helper.rs
View File

@ -10,7 +10,7 @@ use std::{
use frida_gum::{ use frida_gum::{
instruction_writer::InstructionWriter, instruction_writer::InstructionWriter,
stalker::{StalkerIterator, StalkerOutput, Transformer}, stalker::{StalkerIterator, StalkerOutput, Transformer},
Backend, Gum, Module, ModuleDetails, ModuleMap, PageProtection, Script, Backend, Gum, ModuleDetails, ModuleMap, Script,
}; };
use frida_gum_sys::gchar; use frida_gum_sys::gchar;
use libafl::{ use libafl::{
@ -415,19 +415,6 @@ pub unsafe extern "C" fn test_function(message: *const gchar) {
} }
} }
/// Helper function to get the size of a module's CODE section from frida
#[must_use]
pub fn get_module_size(module_name: &str) -> usize {
let mut code_size = 0;
let code_size_ref = &mut code_size;
Module::enumerate_ranges(module_name, PageProtection::ReadExecute, move |details| {
*code_size_ref = details.memory_range().size();
true
});
code_size
}
fn pathlist_contains_module<I, P>(list: I, module: &ModuleDetails) -> bool fn pathlist_contains_module<I, P>(list: I, module: &ModuleDetails) -> bool
where where
I: IntoIterator<Item = P>, I: IntoIterator<Item = P>,

5
libafl_frida/src/windows_hooks.rs
View File

@ -21,15 +21,16 @@ unsafe extern "C" fn unhandled_exception_filter_detour(
} }
/// Initialize the hooks /// Initialize the hooks
pub fn initialize(gum: &Gum) { pub fn initialize(gum: &Gum) {
let module = Module::obtain(gum);
let is_processor_feature_present = let is_processor_feature_present =
Module::find_export_by_name(Some("kernel32.dll"), "IsProcessorFeaturePresent"); module.find_export_by_name(Some("kernel32.dll"), "IsProcessorFeaturePresent");
let is_processor_feature_present = is_processor_feature_present.unwrap(); let is_processor_feature_present = is_processor_feature_present.unwrap();
assert!( assert!(
!is_processor_feature_present.is_null(), !is_processor_feature_present.is_null(),
"IsProcessorFeaturePresent not found" "IsProcessorFeaturePresent not found"
); );
let unhandled_exception_filter = let unhandled_exception_filter =
Module::find_export_by_name(Some("kernel32.dll"), "UnhandledExceptionFilter"); module.find_export_by_name(Some("kernel32.dll"), "UnhandledExceptionFilter");
let unhandled_exception_filter = unhandled_exception_filter.unwrap(); let unhandled_exception_filter = unhandled_exception_filter.unwrap();
assert!( assert!(
!unhandled_exception_filter.is_null(), !unhandled_exception_filter.is_null(),