add Nyx support in various tools (like afl-cmin)

author: Sergej Schumilo <sergej@schumilo.de> 2023-04-14 02:25:33 +0200
committer: Sergej Schumilo <sergej@schumilo.de> 2023-04-14 02:25:33 +0200
commit: eefd98f3741b5feca32c75b34a8d7b33e34044d0 (patch)
tree: a2a158ba4f9e7ea5439fd9ef47a5073de45b65a5 /src/afl-showmap.c
parent: 824385f52ce3133ecd033e587aa1a3b324adf76c (diff)
download: AFLplusplus-eefd98f3741b5feca32c75b34a8d7b33e34044d0.tar.gz
1 files changed, 96 insertions, 3 deletions
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 29abeb13..3ddebaad 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -434,6 +434,20 @@ static u32 read_file(u8 *in_file) {
 
 }
 
+#ifdef __linux__
+/* Execute the target application with an empty input (in Nyx mode). */
+static void showmap_run_target_nyx_mode(afl_forkserver_t *fsrv) {
+
+  afl_fsrv_write_to_testcase(fsrv, NULL, 0);
+
+  if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon) ==
+      FSRV_RUN_ERROR) {
+
+    FATAL("Error running target in Nyx mode");
+  }
+}
+#endif
+
 /* Execute target application. */
 
 static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
@@ -797,6 +811,7 @@ static void usage(u8 *argv0) {
       "  -W         - use qemu-based instrumentation with Wine (Wine mode)\n"
       "               (Not necessary, here for consistency with other afl-* "
       "tools)\n"
+      "  -X         - use Nyx mode\n"
 #endif
       "\n"
       "Other settings:\n"
@@ -875,7 +890,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
   if (getenv("AFL_QUIET") != NULL) { be_quiet = true; }
 
-  while ((opt = getopt(argc, argv, "+i:o:f:m:t:AeqCZOH:QUWbcrsh")) > 0) {
+  while ((opt = getopt(argc, argv, "+i:o:f:m:t:AeqCZOH:QUWbcrshX")) > 0) {
 
     switch (opt) {
 
@@ -1063,6 +1078,22 @@ int main(int argc, char **argv_orig, char **envp) {
 
         break;
 
+  #ifdef __linux__
+      case 'X':                                                 /* NYX mode */
+
+        if (fsrv->nyx_mode) { FATAL("Multiple -X options not supported"); }
+
+        fsrv->nyx_mode = 1;
+        fsrv->nyx_parent = true;
+        fsrv->nyx_standalone = true;
+
+        break;
+  #else
+      case 'X':
+        FATAL("Nyx mode is only availabe on linux...");
+        break;
+  #endif
+
       case 'b':
 
         /* Secret undocumented mode. Writes output in raw binary format
@@ -1134,7 +1165,17 @@ int main(int argc, char **argv_orig, char **envp) {
 
   set_up_environment(fsrv, argv);
 
+#ifdef __linux__
+  if(!fsrv->nyx_mode){
+    fsrv->target_path = find_binary(argv[optind]);
+  }
+  else{
+    fsrv->target_path = ck_strdup(argv[optind]);
+  }
+#else
   fsrv->target_path = find_binary(argv[optind]);
+#endif
+
   fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
 
   if (!quiet_mode) {
@@ -1190,6 +1231,26 @@ int main(int argc, char **argv_orig, char **envp) {
     use_argv =
         get_cs_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind);
 
+#ifdef __linux__
+  } else if (fsrv->nyx_mode) {
+
+    use_argv = ck_alloc(sizeof(char *) * (1));
+    use_argv[0] = argv[0];
+    
+    fsrv->nyx_id = 0;
+
+    u8 *libnyx_binary = find_afl_binary(use_argv[0], "libnyx.so");
+    fsrv->nyx_handlers = afl_load_libnyx_plugin(libnyx_binary);
+    if (fsrv->nyx_handlers == NULL) {
+
+      FATAL("failed to initialize libnyx.so...");
+
+    }
+
+    fsrv->out_dir_path = create_nyx_tmp_workdir();
+    fsrv->nyx_bind_cpu_id = 0;
+#endif
+
   } else {
 
     use_argv = argv + optind;
@@ -1226,7 +1287,13 @@ int main(int argc, char **argv_orig, char **envp) {
 
   }
 
+#ifdef __linux__
+  if(!fsrv->nyx_mode && in_dir){
+    (void)check_binary_signatures(fsrv->target_path);
+  }
+#else
   if (in_dir) { (void)check_binary_signatures(fsrv->target_path); }
+#endif
 
   shm_fuzz = ck_alloc(sizeof(sharedmem_t));
 
@@ -1247,7 +1314,13 @@ int main(int argc, char **argv_orig, char **envp) {
   fsrv->shmem_fuzz = map + sizeof(u32);
 
   configure_afl_kill_signals(
-      fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode) ? SIGKILL : SIGTERM);
+      fsrv, NULL, NULL, (fsrv->qemu_mode || unicorn_mode 
+  #ifdef __linux__
+        || fsrv->nyx_mode
+  #endif
+        )
+            ? SIGKILL
+            : SIGTERM);
 
   if (!fsrv->cs_mode && !fsrv->qemu_mode && !unicorn_mode) {
 
@@ -1370,6 +1443,12 @@ int main(int argc, char **argv_orig, char **envp) {
 
     if (execute_testcases(in_dir) == 0) {
 
+#ifdef __linux__
+    if (fsrv->nyx_mode) {
+      remove_nyx_tmp_workdir(fsrv->out_dir_path);
+      fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner);
+    }
+#endif
       FATAL("could not read input testcases from %s", in_dir);
 
     }
@@ -1390,7 +1469,15 @@ int main(int argc, char **argv_orig, char **envp) {
     if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
       shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
 
-    showmap_run_target(fsrv, use_argv);
+#ifdef __linux__
+    if(!fsrv->nyx_mode){
+#endif
+      showmap_run_target(fsrv, use_argv);
+#ifdef __linux__
+    } else {
+      showmap_run_target_nyx_mode(fsrv);
+    }
+#endif
     tcnt = write_results_to_file(fsrv, out_file);
     if (!quiet_mode) {
 
@@ -1441,6 +1528,12 @@ int main(int argc, char **argv_orig, char **envp) {
 
   if (fsrv->target_path) { ck_free(fsrv->target_path); }
 
+#ifdef __linux__
+  if (fsrv->nyx_mode) {
+    remove_nyx_tmp_workdir(fsrv->out_dir_path);
+  }
+#endif
+
   afl_fsrv_deinit(fsrv);
 
   if (stdin_file) { ck_free(stdin_file); }
author	Sergej Schumilo <sergej@schumilo.de>	2023-04-14 02:25:33 +0200
committer	Sergej Schumilo <sergej@schumilo.de>	2023-04-14 02:25:33 +0200
commit	eefd98f3741b5feca32c75b34a8d7b33e34044d0 (patch)
tree	a2a158ba4f9e7ea5439fd9ef47a5073de45b65a5 /src/afl-showmap.c
parent	824385f52ce3133ecd033e587aa1a3b324adf76c (diff)
download	AFLplusplus-eefd98f3741b5feca32c75b34a8d7b33e34044d0.tar.gz