diff --git a/Makefile b/Makefile index a6154561d6..42c6d7374c 100644 --- a/Makefile +++ b/Makefile @@ -228,11 +228,12 @@ all_done: test_build .NOTPARALLEL: clean clean: - rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test .test1 .test2 test-instr .test-instr0 .test-instr1 qemu_mode/qemu-3.1.1.tar.xz afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-gcc-rt.o afl-g++-fast *.so unicorn_mode/24f55a7973278f20f0de21b904851d99d4716263.tar.gz *.8 + rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 qemu_mode/qemu-3.1.1.tar.xz afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-gcc-rt.o afl-g++-fast *.so unicorn_mode/24f55a7973278f20f0de21b904851d99d4716263.tar.gz *.8 rm -rf out_dir qemu_mode/qemu-3.1.1 unicorn_mode/unicorn $(MAKE) -C llvm_mode clean $(MAKE) -C libdislocator clean $(MAKE) -C libtokencap clean + $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean distrib: all diff --git a/afl-wine-trace b/afl-wine-trace index fa552051f3..f8284d7ef6 100755 --- a/afl-wine-trace +++ b/afl-wine-trace @@ -18,13 +18,19 @@ os.environ["WINELOADERNOEXEC"] = "1" pe = pefile.PE(sys.argv[1]) -os.environ["AFL_ENTRYPOINT"] = "0x%x" % (pe.OPTIONAL_HEADER.ImageBase + pe.OPTIONAL_HEADER.AddressOfEntryPoint) +if "AFL_ENTRYPOINT" not in os.environ: + os.environ["AFL_ENTRYPOINT"] = "0x%x" % (pe.OPTIONAL_HEADER.ImageBase + pe.OPTIONAL_HEADER.AddressOfEntryPoint) if not os.getenv("AFL_INST_LIBS"): if "AFL_CODE_START" not in os.environ: os.environ["AFL_CODE_START"] = "0x%x" % (pe.OPTIONAL_HEADER.ImageBase + pe.OPTIONAL_HEADER.BaseOfCode) if "AFL_CODE_END" not in os.environ: os.environ["AFL_CODE_END"] = "0x%x" % (pe.OPTIONAL_HEADER.ImageBase + pe.OPTIONAL_HEADER.BaseOfCode + pe.OPTIONAL_HEADER.SizeOfCode) +if pe.FILE_HEADER.Machine == pefile.MACHINE_TYPE["IMAGE_FILE_MACHINE_AMD64"] or pe.FILE_HEADER.Machine == pefile.MACHINE_TYPE["IMAGE_FILE_MACHINE_IA64"]: + os.environ["LD_PRELOAD"] = os.path.join(my_dir, "qemu_mode/unsigaction/unsigaction64.so") +else: + os.environ["LD_PRELOAD"] = os.path.join(my_dir, "qemu_mode/unsigaction/unsigaction32.so") + if os.getenv("WINECOV_QEMU_PATH"): qemu_path = os.getenv("WINECOV_QEMU_PATH") elif os.path.exists(os.path.join(my_dir, "afl-qemu-trace")): @@ -36,7 +42,7 @@ else: elif pe.FILE_HEADER.Machine == pefile.MACHINE_TYPE["IMAGE_FILE_MACHINE_I386"]: qemu_path += "i386" else: - print ("[afl-wine-trace] unsupported architecture\n") + print ("[wine-cov] unsuppoted architecture\n") exit(1) qemu_path = shutil.which(qemu_path) @@ -49,7 +55,7 @@ else: elif pe.FILE_HEADER.Machine == pefile.MACHINE_TYPE["IMAGE_FILE_MACHINE_I386"]: pass else: - print ("[wine-cov] unsuppoted architecture\n") + print ("[afl-wine-trace] unsopported architecture\n") exit(1) os.execve(qemu_path, [qemu_path, wine_path] + sys.argv[1:], os.environ) diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index 2d35505eb4..96aba898ad 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -83,7 +83,7 @@ CXX = $(LLVM_BINDIR)/clang++ ifeq "$(shell test -e $(CC) || echo 1 )" "1" # llvm-config --bindir is not providing a valid path, so ... - ifeq "$(shell test -e "$(BIN_DIR)/clang" && echo 1)" "1" + ifeq "$(shell test -e '$(BIN_DIR)/clang' && echo 1)" "1" # we found one in the local install directory, lets use these CC = $(BIN_DIR)/clang CXX = $(BIN_DIR)/clang++ diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 0ca3f49483..02379eb265 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -212,6 +212,8 @@ fi echo "[+] Building libcompcov ..." make -C libcompcov +echo "[+] Building unsigaction ..." +make -C unsigaction echo "[+] libcompcov ready" echo "[+] All done for qemu_mode, enjoy!" diff --git a/qemu_mode/libcompcov/compcovtest b/qemu_mode/libcompcov/compcovtest deleted file mode 100755 index 0bb68d60c4..0000000000 Binary files a/qemu_mode/libcompcov/compcovtest and /dev/null differ diff --git a/qemu_mode/unsigaction/Makefile b/qemu_mode/unsigaction/Makefile new file mode 100644 index 0000000000..9aa96330a4 --- /dev/null +++ b/qemu_mode/unsigaction/Makefile @@ -0,0 +1,34 @@ +# +# american fuzzy lop - unsigaction +# -------------------------------- +# +# Written by Andrea Fioraldi +# +# Copyright 2019 Andrea Fioraldi. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# + +ifndef AFL_NO_X86 + +all: lib_i386 lib_amd64 + +lib_i386: + $(CC) -m32 -fPIC -shared unsigaction.c -o unsigaction32.so + +lib_amd64: + $(CC) -fPIC -shared unsigaction.c -o unsigaction64.so + +clean: + rm -f unsigaction32.so unsigaction64.so + +else + +all: + @echo "[!] Note: skipping compilation of unsigaction (AFL_NO_X86 set)." + +endif diff --git a/qemu_mode/unsigaction/README.md b/qemu_mode/unsigaction/README.md new file mode 100644 index 0000000000..0f3707fdb5 --- /dev/null +++ b/qemu_mode/unsigaction/README.md @@ -0,0 +1,7 @@ +# unsigation + +This library disable sigaction when preloaded. + +Mainly needed by Wine mode but can be used as a separate tool. + +A similar solution can be found in is [preeny](https://github.com/zardus/preeny). diff --git a/qemu_mode/unsigaction/unsigaction.c b/qemu_mode/unsigaction/unsigaction.c new file mode 100644 index 0000000000..004084f92d --- /dev/null +++ b/qemu_mode/unsigaction/unsigaction.c @@ -0,0 +1,3 @@ +int sigaction(int signum, void *act, void *oldact) { + return 0; +}