*/
#include "dr_api.h"
-#include "drmgr.h"
-#include "drwrap.h"
-#include "drx.h"
+//#include "drmgr.h"
+//#include "drwrap.h"
+//#include "drx.h"
#include "../common/utils.h"
#include <string.h>
#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include <sys/wait.h>
#include <sys/shm.h>
#include <unistd.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "afl-0.68b/config.h"
+
+//#define USE_FIFO_HACK
-#include "afl-0.40b/config.h"
typedef unsigned char u8;
typedef unsigned int u32;
-static u8 *afl_area_ptr = 0;
-static u32 afl_prev_loc = 0;
-static u32 afl_setup_failure = 0;
-static u32 afl_temp = 0;
-static u32 afl_fork_pid = 0;
+#ifdef X64
+typedef uint64_t native_word;
+#else
+typedef uint32_t native_word;
+#endif
+
+static u8* afl_area_ptr = 0;
+static native_word afl_prev_loc = 0;
+
+static u8 afl_setup_failure = 0;
+static native_word afl_temp = 0;
+static native_word afl_fork_pid = 0;
+
+static FILE *logfile;
+
+#define LOG(s) do { fprintf(logfile, s); fflush(logfile); } while(0)
+#define LOG1(s, a1) do { fprintf(logfile, s, a1); fflush(logfile); } while(0)
+
+int ctl_fd;
+int st_fd;
static void
event_exit(void)
{
- if (outf != STDERR)
- dr_close_file(outf);
- drx_exit();
- drwrap_exit();
- drmgr_exit();
-}
+ LOG("event_exit()\n");
+ fclose(logfile);
-static dr_emit_flags_t
-event_basic_block(void *drcontext, void *tag, instrlist_t *bb,
- bool for_trace, bool translating)
-{
- return DR_EMIT_DEFAULT;
+ //drx_exit();
+ //drwrap_exit();
+ //drmgr_exit();
}
static void afl_die()
{
+ LOG("afl_die()\n");
+ fclose(logfile);
exit(0);
}
-static void afl_store(u32 loc)
+static void afl_store(native_word loc)
{
/*
xorl __afl_prev_loc, %ecx ecx = loc ^ afl_prev_loc
xorl $" STRINGIFY(MAP_SIZE-1) ", __afl_prev_loc afl_prev_loc = afl_prev_loc ^ (MAP_SIZE - 1)
*/
- u32 index = loc;
+ native_word index = loc;
#ifndef COVERAGE_ONLY
index = afl_prev_loc ^ loc;
afl_prev_loc = loc ^ (MAP_SIZE - 1);
u8 *ptr = afl_area_ptr + index;
#ifdef COVERAGE_ONLY
- (*index) |= 1;
+ (*ptr) |= 1;
#else
- ++(*index);
+ ++(*ptr);
#endif
}
-
static void
-afl_maybe_log(u32 loc)
+afl_forkserver()
{
- if (afl_area_ptr == 0)
- afl_setup();
+ LOG("writing hello message to st pipe\n");
+ int n = write(st_fd, &afl_temp, 4);
+ LOG1("write returned %d\n", n);
+ if (n != 4) {
+ close(ctl_fd);
+ close(st_fd);
+ LOG("returning\n");
+ return;
+ }
- afl_store(loc);
+ while (1)
+ {
+ LOG("waiting for parent reading from ctl pipe\n");
+ n = read(ctl_fd, &afl_temp, 4);
+ LOG1("read returned %d\n", n);
+ if (n != 4)
+ afl_die();
+
+ LOG("forking\n");
+ afl_fork_pid = fork();
+ if (afl_fork_pid < 0)
+ afl_die();
+
+ if (afl_fork_pid != 0) // parent
+ {
+ LOG1("parent: writing PID %d to st pipe\n", (int)afl_fork_pid);
+ // write PID
+ n = write(st_fd, &afl_fork_pid, 4);
+ LOG1("write returned %d\n", n);
+
+ // wait for PID
+ LOG("parent: calling waitpid\n");
+ int err = waitpid(afl_fork_pid, (int*)&afl_temp, WUNTRACED);
+ if (err <= 0)
+ afl_die();
+
+ LOG("parent: writing wait status after waitpid\n");
+ // write wait status
+ write(st_fd, &afl_temp, 4);
+
+ // keep looping
+ }
+ else // child
+ {
+ LOG("child: closing descriptors");
+ close(ctl_fd);
+ close(st_fd);
+ break;
+ // will return to afl_setup -> afl_maybe_log and store the current location
+ }
+ }
}
-static void afl_setup()
+
+static void
+afl_setup()
{
+ LOG1("Calling getenv(\"%s\")\n", SHM_ENV_VAR);
char *s = getenv(SHM_ENV_VAR);
+ LOG1("Returned value=\"%s\"\n", s);
if (!s)
{
+ LOG("Exiting.\n");
afl_setup_failure = 1;
return;
}
int shm_id = atoi(s);
+ LOG1("Calling shmat(%d, 0, 0)\n", shm_id);
void *result = shmat(shm_id, 0, 0);
+ LOG1("Returned value=%p\n", result);
if (result == (void *)-1)
{
+ LOG("Exiting.\n");
afl_setup_failure = 1;
return;
}
afl_area_ptr = result;
+ LOG("Starting forkserver.\n");
afl_forkserver();
}
-static void afl_forkserver()
+static void
+afl_maybe_log(native_word loc)
{
- write(FORKSRV_FD+1, &afl_temp, 4);
- while (1)
+ if (afl_area_ptr == 0)
{
- int n = read(FORKSRV_FD, &afl_temp, 4);
- if (n != 4)
- afl_die();
+ LOG("afl_area_ptr is null, calling afl_setup()\n");
+ afl_setup();
+ }
- afl_fork_pid = fork();
- if (afl_fork_pid 0)
- afl_die();
+ afl_store(loc);
+}
- if (afl_fork_pid != 0) // parent
- {
- write(FORKSRV_FD+1, &afl_fork_pid, 4);
- int err = waitpid(afl_fork_pid, &afl_temp, WUNTRACED);
- if (err <= 0)
- afl_die();
- write(FORKSRV_FD+1, &afl_temp, 4);
- // will loop indefinitely
- }
- else // child
- {
- close(FORKSRV_FD);
- close(FORKSRV_FD+1);
- break;
- // will return to afl_setup -> afl_maybe_log and store the current location
- }
- }
+static dr_emit_flags_t
+event_basic_block(void *drcontext, void *tag, instrlist_t *bb,
+ bool for_trace, bool translating)
+{
+ instr_t *instr = instrlist_first(bb);
+ native_word random_id = random() % MAP_SIZE;
+ dr_insert_clean_call(drcontext, bb, instr, afl_maybe_log, false, 1, OPND_CREATE_INTPTR(random_id));
+ return DR_EMIT_DEFAULT;
}
DR_EXPORT void
dr_init(client_id_t id)
{
- module_data_t *exe;
- IF_DEBUG(bool ok;)
-
dr_set_client_name("DrAFL", "https://code.google.com/p/american-fuzzy-lop/");
- IF_DEBUG(ok = )
- drmgr_init();
- ASSERT(ok, "drmgr failed to initialize");
- IF_DEBUG(ok = )
- drwrap_init();
- ASSERT(ok, "drwrap failed to initialize");
- IF_DEBUG(ok = )
- drx_init();
- ASSERT(ok, "drx failed to initialize");
+ dr_register_exit_event(event_exit);
+ dr_register_bb_event(event_basic_block);
- dr_register_exit_event(event_exit);
-#ifdef UNIX
- dr_register_fork_init_event(event_fork);
-#endif
- drmgr_register_module_load_event(event_module_load);
- drmgr_register_module_unload_event(event_module_unload);
+//#ifdef UNIX
+// dr_register_fork_init_event(event_fork);
+//#endif
+// drmgr_register_module_load_event(event_module_load);
+// drmgr_register_module_unload_event(event_module_unload);
-#ifdef WINDOWS
- dr_enable_console_printing();
+ logfile = fopen("/tmp/afl.txt", "w");
+ LOG("log file created in dr_init()\n");
+
+
+#ifdef USE_FIFO_HACK
+ ctl_fd = open("/tmp/afl-control", O_RDONLY);
+ st_fd = open("/tmp/afl-status", O_WRONLY);
+#else
+ ctl_fd = FORKSRV_FD;
+ st_fd = FORKSRV_FD + 1;
#endif
- open_log_file();
+
}
projects / drafl.git / commitdiff