Added representative fuzzbench test and test for libxml (#893)
* Added representative fuzzbench test and test for libxml
* Added support for building FRIDA from source with FRIDA_SOURCE=1
Co-authored-by: Your Name <you@example.com>
diff --git a/.gitmodules b/.gitmodules
index c787ec0..0b8ccd9 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,7 @@
[submodule "qemu_mode/qemuafl"]
path = qemu_mode/qemuafl
url = https://github.com/AFLplusplus/qemuafl
+[submodule "frida_mode/frida"]
+ path = frida_mode/frida
+ url = https://github.com/WorksButNotTested/frida.git
+ branch = x64_stalker_fix
diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile
index d2f5ba4..8199b33 100644
--- a/frida_mode/GNUmakefile
+++ b/frida_mode/GNUmakefile
@@ -5,6 +5,7 @@
INCLUDES:=$(wildcard $(INC_DIR)*.h)
BUILD_DIR:=$(PWD)build/
OBJ_DIR:=$(BUILD_DIR)obj/
+
SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c)
OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src))))
CFLAGS+=-fPIC \
@@ -62,17 +63,24 @@
GUM_DEVKIT_VERSION=14.2.17
GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz
GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)"
+
GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME)
GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a
GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h
+FRIDA_DIR:=$(PWD)frida/
+FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile
+FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gum-1.0.a
+FRIDA_GUM_DEVKIT_DIR:=$(FRIDA_DIR)build/gum-devkit/
+FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gum.h
+FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME)
+
AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c
AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o
-
.PHONY: all clean format
-############################# FRIDA ############################################
+############################## ALL #############################################
all: $(FRIDA_TRACE)
make -C $(ROOT)
@@ -83,11 +91,32 @@
$(OBJ_DIR): | $(BUILD_DIR)
mkdir -p $@
+############################# FRIDA ############################################
+
+$(FRIDA_MAKEFILE):
+ git submodule update --init --recursive $(FRIDA_DIR)
+
+$(FRIDA_GUM): $(FRIDA_MAKEFILE)
+ cd $(FRIDA_DIR) && make gum-linux-$(ARCH)
+
+$(FRIDA_GUM_DEVKIT_HEADER): $(FRIDA_GUM)
+ $(FRIDA_DIR)releng/devkit.py frida-gum linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/
+
+$(FRIDA_GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_HEADER)
+ cd $(FRIDA_GUM_DEVKIT_DIR) && tar cJvf $(FRIDA_GUM_DEVKIT_TARBALL) .
+
+############################# DEVKIT ###########################################
+
$(FRIDA_BUILD_DIR): | $(BUILD_DIR)
mkdir -p $@
+ifdef FRIDA_SOURCE
+$(GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_TARBALL)| $(FRIDA_BUILD_DIR)
+ cp -v $< $@
+else
$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR)
wget -O $@ $(GUM_DEVKIT_URL)
+endif
$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL)
tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR)
@@ -95,6 +124,7 @@
$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL)
tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR)
+############################## AFL #############################################
$(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC)
$(CC) \
$(CFLAGS) \
@@ -104,6 +134,7 @@
-o $@ \
-c $<
+############################# SOURCE ###########################################
define BUILD_SOURCE
$(2): $(1) GNUmakefile | $(OBJ_DIR)
@@ -118,6 +149,8 @@
$(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src))))))
+######################## AFL-FRIDA-TRACE #######################################
+
$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR)
$(CC) \
-o $@ \
diff --git a/frida_mode/frida b/frida_mode/frida
new file mode 160000
index 0000000..59457cf
--- /dev/null
+++ b/frida_mode/frida
@@ -0,0 +1 @@
+Subproject commit 59457cf83f8411c62988f93da1dfe8b04e228249
diff --git a/frida_mode/test/exe/GNUmakefile b/frida_mode/test/exe/GNUmakefile
index 7719ad2..c543cca 100644
--- a/frida_mode/test/exe/GNUmakefile
+++ b/frida_mode/test/exe/GNUmakefile
@@ -40,7 +40,7 @@
-- \
$(TESTINSTBIN) @@
-frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE)
+frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE)
$(ROOT)afl-fuzz \
-D \
-O \
diff --git a/frida_mode/test/fuzzbench/GNUmakefile b/frida_mode/test/fuzzbench/GNUmakefile
new file mode 100644
index 0000000..38d8b91
--- /dev/null
+++ b/frida_mode/test/fuzzbench/GNUmakefile
@@ -0,0 +1,61 @@
+PWD:=$(shell pwd)/
+ROOT:=$(shell realpath $(PWD)../../..)/
+SRC_DIR:=$(PWD)src/
+BUILD_DIR:=$(PWD)build/
+
+FUZZBENCH_DATA_DIR:=$(BUILD_DIR)in/
+R2_DICT:=$(BUILD_DIR)fuzz-target.dict
+R2_DICT_URL:=https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/regexp.dict
+
+FRIDA_OUT:=$(BUILD_DIR)frida-out
+
+ASSETS_DIR:=$(BUILD_DIR)assets/
+ASSETS_SRC:=$(ROOT)frida_mode/build/afl-frida-trace.so \
+ $(R2_DICT) \
+ fuzzer \
+ $(SRC_DIR)run.sh
+
+ASSETS_DEST:=$(foreach asset,$(ASSETS_SRC),$(ASSETS_DIR)$(notdir $(asset)))
+
+.PHONY: all clean frida
+
+all: $(FUZZBENCH_DATA_DIR)
+ make -C $(ROOT)frida_mode/
+
+$(BUILD_DIR):
+ mkdir -p $@
+
+$(ASSETS_DIR): | $(BUILD_DIR)
+ mkdir -p $@
+
+$(R2_DICT): | $(BUILD_DIR)
+ wget -qO $@ $(R2_DICT_URL)
+
+$(FUZZBENCH_DATA_DIR): $(R2_DICT)
+ mkdir -p $@
+ split -l 1 -d -a 4 $(R2_DICT) $(FUZZBENCH_DATA_DIR)file
+
+define COPY_ASSET
+$(2): $(1) GNUmakefile | $(ASSETS_DIR)
+ cp -v $(1) $(2)
+endef
+
+$(foreach asset,$(ASSETS_SRC),$(eval $(call COPY_ASSET,$(asset),$(ASSETS_DIR)$(notdir $(asset)))))
+
+clean:
+ rm -rf $(BUILD_DIR)
+
+frida: | $(FUZZBENCH_DATA_DIR)
+ AFL_QEMU_DRIVER_NO_HOOK=1 \
+ AFL_FRIDA_PERSISTENT_CNT=1000000 \
+ AFL_FRIDA_PERSISTENT_ADDR=0x55555599f6c0 \
+ $(ROOT)afl-fuzz \
+ -O \
+ -i $(FUZZBENCH_DATA_DIR) \
+ -o $(FRIDA_OUT) \
+ -- \
+ $(PWD)fuzzer
+
+docker: $(ASSETS_DEST)
+ docker build -t fuzzbench-frida-mode -f $(SRC_DIR)Dockerfile $(PWD)
+ docker run --rm -ti fuzzbench-frida-mode /run.sh
\ No newline at end of file
diff --git a/frida_mode/test/fuzzbench/Makefile b/frida_mode/test/fuzzbench/Makefile
new file mode 100644
index 0000000..e71185c
--- /dev/null
+++ b/frida_mode/test/fuzzbench/Makefile
@@ -0,0 +1,12 @@
+all:
+ @echo trying to use GNU make...
+ @gmake all || echo please install GNUmake
+
+clean:
+ @gmake clean
+
+frida:
+ @gmake frida
+
+docker:
+ @gmake docker
\ No newline at end of file
diff --git a/frida_mode/test/fuzzbench/fuzzer b/frida_mode/test/fuzzbench/fuzzer
new file mode 100755
index 0000000..5e8b7f7
--- /dev/null
+++ b/frida_mode/test/fuzzbench/fuzzer
Binary files differ
diff --git a/frida_mode/test/fuzzbench/src/Dockerfile b/frida_mode/test/fuzzbench/src/Dockerfile
new file mode 100644
index 0000000..b64ce68
--- /dev/null
+++ b/frida_mode/test/fuzzbench/src/Dockerfile
@@ -0,0 +1,36 @@
+FROM gcr.io/fuzzbench/base-image
+
+RUN apt-get update && \
+ apt-get install -y wget libstdc++-5-dev libtool-bin automake flex bison \
+ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \
+ git clang
+
+# Download afl++
+RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
+ cd /afl && git checkout dev
+
+# Build afl++ without Python support as we don't need it.
+# Set AFL_NO_X86 to skip flaky tests.
+RUN cd /afl && \
+ unset CFLAGS && unset CXXFLAGS && \
+ AFL_NO_X86=1 CC=clang PYTHON_INCLUDE=/ make && \
+ make -C utils/aflpp_driver
+
+# This makes interactive docker runs painless:
+ENV AFL_SKIP_CPUFREQ=1
+ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
+ENV AFL_TESTCACHE_SIZE=2
+
+RUN mkdir /frida-mode
+WORKDIR /frida-mode
+RUN cp /afl/afl-fuzz .
+COPY build/assets/afl-frida-trace.so .
+COPY build/assets/fuzz-target.dict .
+COPY build/assets/fuzzer .
+
+RUN mkdir /frida-mode/in
+RUN split -l 1 -d -a 4 fuzz-target.dict /frida-mode/in/
+
+WORKDIR /
+COPY build/assets/run.sh .
+RUN chmod +x /run.sh
diff --git a/frida_mode/test/fuzzbench/src/run.sh b/frida_mode/test/fuzzbench/src/run.sh
new file mode 100644
index 0000000..9a66b0f
--- /dev/null
+++ b/frida_mode/test/fuzzbench/src/run.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+AFL_QEMU_DRIVER_NO_HOOK=1 \
+AFL_FRIDA_PERSISTENT_CNT=1000000 \
+AFL_FRIDA_PERSISTENT_ADDR=0x55555599f6c0 \
+/frida-mode/afl-fuzz \
+ -O \
+ -i /frida-mode/in \
+ -o /frida-mode/out \
+ -- \
+ /frida-mode/fuzzer
\ No newline at end of file
diff --git a/frida_mode/test/libxml/GNUmakefile b/frida_mode/test/libxml/GNUmakefile
new file mode 100644
index 0000000..652223e
--- /dev/null
+++ b/frida_mode/test/libxml/GNUmakefile
@@ -0,0 +1,13 @@
+PWD:=$(shell pwd)/
+ROOT:=$(shell realpath $(PWD)../../..)/
+
+.PHONY: all frida
+
+all:
+ make -C $(ROOT)frida_mode/
+
+frida:
+ LD_PRELOAD=$(ROOT)frida_mode/build/afl-frida-trace.so ./xml
+
+debug:
+ gdb --ex 'set environment LD_PRELOAD=$(ROOT)frida_mode/build/afl-frida-trace.so' --args ./xml
\ No newline at end of file
diff --git a/frida_mode/test/libxml/Makefile b/frida_mode/test/libxml/Makefile
new file mode 100644
index 0000000..258e9de
--- /dev/null
+++ b/frida_mode/test/libxml/Makefile
@@ -0,0 +1,12 @@
+all:
+ @echo trying to use GNU make...
+ @gmake all || echo please install GNUmake
+
+clean:
+ @gmake clean
+
+frida:
+ @gmake frida
+
+debug:
+ @gmake debug
\ No newline at end of file
diff --git a/frida_mode/test/libxml/xml b/frida_mode/test/libxml/xml
new file mode 100755
index 0000000..fb5c7c7
--- /dev/null
+++ b/frida_mode/test/libxml/xml
Binary files differ
diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile
index 9aa24ee..4addbad 100644
--- a/frida_mode/test/testinstr/GNUmakefile
+++ b/frida_mode/test/testinstr/GNUmakefile
@@ -40,7 +40,7 @@
-- \
$(TESTINSTBIN) @@
-frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE)
+frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE)
$(ROOT)afl-fuzz \
-D \
-O \
