gjduck / e9afl Goto Github PK
View Code? Open in Web Editor NEWAFL binary instrumentation
License: GNU General Public License v3.0
e9afl's People
Contributors
Stargazers
Watchers
Forkers
rmallof baptistapedro pventuzelo blockspacer asdyxcyxc gavz crackercat infernalheaven team-firebugs shadowce ppddxx0409 p1umer clayne dd11112222 microsvuln yuntongzhang makingw alwentiu 00mjk jackery001 sundogs8603 sh4m2hwz yeshuiboe9afl's Issues
e9tool command failed with status (33792)
I got the following error when trying to input a binary named test. I'm on ParrotOS if that is relevant.
$e9afl test
"/usr/share/e9afl/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "test.afl" -M 'plugin("/usr/share/e9afl/e9AFLPlugin.so").match()' -P 'plugin("/usr/share/e9afl/e9AFLPlugin.so").patch()' -- "test"
Illegal instruction
error : e9tool command failed with status (33792)
Building issue in Ubuntu 20.10
Hey,
I'm getting some errors while building e9afl on my Ubuntu 20.10
Here is the errors:
$ ./build.sh
./build.sh: extracting e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip...
Archive: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip
7773cc7b3a5117144bde42649e535c01af832ecf
replace e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile.zydis
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/README.md
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/build.sh
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9patch-programming-guide.md
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9tool-user-guide.md
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9compile.sh
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/args.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/counter.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/delay.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/hello.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/limit.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/nop.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/plugins/example.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/print.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/state.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/stdlib.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/trap.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9rbtree.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9cfg.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9csv.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9metadata.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9parser.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9plugin.h
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9tool.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9types.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9x86_64.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/Makefile
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/README.md
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/data.csv
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dl.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/inst.c
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/patch.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regtest.cpp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test.s
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test_libc.s
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.in
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.exp
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.exp
extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.in
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/Makefile
inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/stresstest.sh
./build.sh: building e9patch...
./build.sh: building e9patch and e9tool...
rm -rf src/e9patch/e9alloc.o src/e9patch/e9api.o src/e9patch/e9elf.o src/e9patch/e9emit.o src/e9patch/e9json.o src/e9patch/e9mapping.o src/e9patch/e9patch.o src/e9patch/e9optimize.o src/e9patch/e9tactics.o src/e9patch/e9trampoline.o src/e9patch/e9x86_64.o e9tool.o e9patch e9tool a.out \
src/e9patch/e9loader.c e9loader.out e9loader.o e9loader.bin
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -I src/e9tool/ -I zydis/include/ -I zydis/dependencies/zycore/include/ -Wno-unused-function -c src/e9tool/e9tool.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -Wno-unused-function -c -o src/e9patch/e9alloc.o src/e9patch/e9alloc.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9api.o src/e9patch/e9api.cpp
g++ -std=c++11 -Wall -fno-stack-protector -fpie -Os -c \
src/e9patch/e9loader.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9emit.o src/e9patch/e9emit.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9json.o src/e9patch/e9json.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9mapping.o src/e9patch/e9mapping.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9patch.o src/e9patch/e9patch.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9optimize.o src/e9patch/e9optimize.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9tactics.o src/e9patch/e9tactics.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9trampoline.o src/e9patch/e9trampoline.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9x86_64.o src/e9patch/e9x86_64.cpp
g++ -nostdlib -o e9loader.out e9loader.o -Wl,--entry=_entry
objcopy --dump-section .text=e9loader.bin e9loader.out
xxd -i e9loader.bin > src/e9patch/e9loader.c
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -c -o src/e9patch/e9elf.o src/e9patch/e9elf.cpp
In file included from src/e9patch/e9optimize.cpp:19:
src/e9patch/e9patch.h:244:16: error: expected ‘)’ before ‘offset’
244 | Instr(off_t offset, intptr_t addr, size_t size, const uint8_t *original,
| ~ ^~~~~~~
| )
src/e9patch/e9patch.h:206:18: warning: non-static const member ‘const size_t Instr::offset’ in class without a constructor [-Wuninitialized]
206 | const size_t offset:46; // The instruction offset
| ^~~~~~
src/e9patch/e9patch.h:207:18: warning: non-static const member ‘const size_t Instr::size’ in class without a constructor [-Wuninitialized]
207 | const size_t size:4; // The instruction size (bytes)
| ^~~~
src/e9patch/e9patch.h:208:18: warning: non-static const member ‘const size_t Instr::pcrel32_idx’ in class without a constructor [-Wuninitialized]
208 | const size_t pcrel32_idx:4; // 32bit PC-relative imm idx (or 0)
| ^~~~~~~~~~~
src/e9patch/e9patch.h:209:18: warning: non-static const member ‘const size_t Instr::pcrel8_idx’ in class without a constructor [-Wuninitialized]
209 | const size_t pcrel8_idx:4; // 8bit PC-relative imm idx (or 0)
| ^~~~~~~~~~
src/e9patch/e9patch.h:210:18: warning: non-static const member ‘const size_t Instr::pic’ in class without a constructor [-Wuninitialized]
210 | const size_t pic:1; // PIC? (stored here for convenience)
| ^~~
src/e9patch/e9patch.h:216:20: warning: non-static const member ‘const intptr_t Instr::addr’ in class without a constructor [-Wuninitialized]
216 | const intptr_t addr; // The address of the instruction
| ^~~~
src/e9patch/e9patch.h:226:7: warning: non-static const member ‘const Instr::Original Instr::original’ in class without a constructor [-Wuninitialized]
226 | } original;
| ^~~~~~~~
src/e9patch/e9patch.h:238:7: warning: non-static const member ‘const Instr::Patched Instr::patched’ in class without a constructor [-Wuninitialized]
238 | } patched;
| ^~~~~~~
src/e9patch/e9patch.h:395:18: error: ‘off_t’ was not declared in this scope
395 | typedef std::map<off_t, Instr *> InstrSet;
| ^~~~~
src/e9patch/e9patch.h:395:32: error: template argument 1 is invalid
395 | typedef std::map<off_t, Instr *> InstrSet;
| ^
src/e9patch/e9patch.h:395:32: error: template argument 3 is invalid
src/e9patch/e9patch.h:395:32: error: template argument 4 is invalid
src/e9patch/e9patch.h:421:5: error: ‘off_t’ does not name a type
421 | off_t diff = 0; // Offset/address difference.
| ^~~~~
src/e9patch/e9optimize.cpp: In function ‘void buildEntrySet(Binary*)’:
src/e9patch/e9optimize.cpp:32:20: error: request for member ‘rbegin’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
32 | auto i = B->Is.rbegin();
| ^~~~~~
src/e9patch/e9optimize.cpp:33:20: error: request for member ‘rend’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
33 | if (i == B->Is.rend())
| ^~~~
src/e9patch/e9optimize.cpp:41:13: error: ‘J’ was not declared in this scope
41 | J = I;
| ^
src/e9patch/e9optimize.cpp:46:13: error: ‘J’ was not declared in this scope
46 | J = nullptr;
| ^
src/e9patch/e9optimize.cpp:47:13: error: ‘J’ was not declared in this scope
47 | if (J != nullptr && num <= option_Oprologue &&
| ^
src/e9patch/e9optimize.cpp:57:13: error: ‘J’ was not declared in this scope
57 | J = nullptr;
| ^
src/e9patch/e9optimize.cpp:60:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
60 | for (const auto &entry: B->Is)
| ^~
| std::begin
In file included from /usr/include/c++/10/deque:68,
from src/e9patch/e9patch.h:29,
from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
90 | begin(_Tp (&__arr)[_Nm]) noexcept
| ^~~~~
src/e9patch/e9optimize.cpp:60:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
60 | for (const auto &entry: B->Is)
| ^~
| std::end
In file included from /usr/include/c++/10/deque:68,
from src/e9patch/e9patch.h:29,
from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
100 | end(_Tp (&__arr)[_Nm]) noexcept
| ^~~
src/e9patch/e9optimize.cpp:104:9: error: ‘off_t’ was not declared in this scope
104 | off_t rel = 0;
| ^~~~~
src/e9patch/e9optimize.cpp:109:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel8’?
109 | rel = (off_t)rel8;
| ^~~
| rel8
src/e9patch/e9optimize.cpp:107:20: warning: unused variable ‘rel8’ [-Wunused-variable]
107 | int8_t rel8 = (int8_t)*(int8_t *)
| ^~~~
src/e9patch/e9optimize.cpp:122:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel32’?
122 | rel = (off_t)rel32;
| ^~~
| rel32
src/e9patch/e9optimize.cpp:120:21: warning: unused variable ‘rel32’ [-Wunused-variable]
120 | int32_t rel32 = (int32_t)*(int32_t *)
| ^~~~~
src/e9patch/e9optimize.cpp:124:67: error: ‘rel’ was not declared in this scope
124 | intptr_t target = (intptr_t)I->addr + (intptr_t)I->size + rel;
| ^~~
src/e9patch/e9optimize.cpp: In function ‘Instr* findInstr(const Binary*, intptr_t)’:
src/e9patch/e9optimize.cpp:200:5: error: ‘off_t’ was not declared in this scope
200 | off_t offset = addr - B->diff;
| ^~~~~
src/e9patch/e9optimize.cpp:201:20: error: request for member ‘find’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
201 | auto i = B->Is.find(offset);
| ^~~~
src/e9patch/e9optimize.cpp:201:25: error: ‘offset’ was not declared in this scope; did you mean ‘offsetof’?
201 | auto i = B->Is.find(offset);
| ^~~~~~
| offsetof
src/e9patch/e9optimize.cpp:202:20: error: request for member ‘end’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
202 | if (i == B->Is.end())
| ^~~
src/e9patch/e9optimize.cpp: In function ‘void optimizeAllJumps(Binary*)’:
src/e9patch/e9optimize.cpp:279:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
279 | for (const auto &entry: B->Is)
| ^~
| std::begin
In file included from /usr/include/c++/10/deque:68,
from src/e9patch/e9patch.h:29,
from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
90 | begin(_Tp (&__arr)[_Nm]) noexcept
| ^~~~~
src/e9patch/e9optimize.cpp:279:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
279 | for (const auto &entry: B->Is)
| ^~
| std::end
In file included from /usr/include/c++/10/deque:68,
from src/e9patch/e9patch.h:29,
from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
100 | end(_Tp (&__arr)[_Nm]) noexcept
| ^~~
make: *** [<builtin>: src/e9patch/e9optimize.o] Error 1
make: *** Waiting for unfinished jobs....
src/e9patch/e9trampoline.cpp: In function ‘const Trampoline* expandMacro(const Binary*, const Metadata*, const char*)’:
src/e9patch/e9trampoline.cpp:100:9: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
100 | ssize_t lo = 0, hi = (ssize_t)meta->num_entries-1;
| ^~~~~~~
| size_t
src/e9patch/e9trampoline.cpp:101:16: error: ‘lo’ was not declared in this scope
101 | while (lo <= hi)
| ^~
src/e9patch/e9trampoline.cpp:101:22: error: ‘hi’ was not declared in this scope
101 | while (lo <= hi)
| ^~
src/e9patch/e9trampoline.cpp:103:20: error: expected ‘;’ before ‘mid’
103 | ssize_t mid = (lo + hi) / 2;
| ^~~~
| ;
src/e9patch/e9trampoline.cpp:104:50: error: ‘mid’ was not declared in this scope
104 | int cmp = strcmp(name, meta->entries[mid].name);
| ^~~
src/e9patch/e9tactics.cpp: In function ‘bool patch(Binary&, Instr*, const Trampoline*)’:
src/e9patch/e9tactics.cpp:761:9: error: ‘printf’ was not declared in this scope
761 | printf("\33[31mX\33[0m");
| ^~~~~~
src/e9patch/e9tactics.cpp:29:1: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
28 | #include "e9trampoline.h"
+++ |+#include <cstdio>
29 |
src/e9patch/e9tactics.cpp:779:5: error: ‘printf’ was not declared in this scope
779 | printf("\33[32m.\33[0m");
| ^~~~~~
src/e9patch/e9tactics.cpp:779:5: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
make: *** [<builtin>: src/e9patch/e9tactics.o] Error 1
src/e9patch/e9trampoline.cpp: In function ‘void buildBytes(const Binary*, const Trampoline*, const Instr*, int32_t, const LabelSet&, Buffer&)’:
src/e9patch/e9trampoline.cpp:715:30: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
715 | (ssize_t)INT32_MIN, INT32_MAX);
| ^~~~~~~
| size_t
make: *** [<builtin>: src/e9patch/e9trampoline.o] Error 1
./build.sh: done...!
./build.sh: e9patch has been built...
./build.sh: building the e9afl plugin...
g++ -std=c++11 -fPIC -shared -o e9AFLPlugin.so -O2 e9AFLPlugin.cpp -I .
./build.sh: building the e9afl runtime...
gcc -fno-stack-protector -fpie -O2 -Wno-unused-function -mno-mmx -mno-sse -mno-avx -mno-avx2 -mno-avx512f -msoft-float -fno-tree-vectorize -fomit-frame-pointer -c -Wall -I e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/ ./afl-rt.c
gcc afl-rt.o -o afl-rt -pie -nostdlib -Wl,-z -Wl,max-page-size=4096 -Wl,--export-dynamic -Wl,--entry=0x0 -Wl,--strip-all
cp: cannot stat 'e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9patch': No such file or directory
Support AFL++
Currently this project only supports the original AFL. It'd be nice to also support AFL++.
The AFL++ interface is differerent meaning that the current instrumented binaries are not compatible.
It seems that E9AFL instrumented binaries are mostly compatible with AFL++. The main exception is the AFL_MAP_SIZE option. The current version will crash if AFL_MAP_SIZE < 0x10000.
Build Failures
Hello,
I would like to start using this program but ran into several build errors - would it be possible to publish a formal list of dependencies, if any?
Illegal instruction (core dumped)
When using e9afl to instrument mruby, the program reports an illegal instruction aborted.
Invalid instructions at 0x7ffff7cbcd97
After some digging, I found that the illegal instruction is incsspq in __longjmp (glibc/sysdeps/x86-64/longjmp.s)]. Using gdb for debugging, I found out that %fs:[0x48]=0 (feature_1 in tcbhead_t) in a normal program (not instrumented). However, in the instrumented program, %fs:[0x48]=0x4a1b, which leads to the execution of incsspq and leads to the illegal instruction problem (https://github.com/bminor/glibc/blob/ca4d3ea5130d66e66c5af14e958e99341bf20689/sysdeps/x86_64/__longjmp.S#L57-L58). According to the comments in glibc/sysdeps/x86-64/longjmp.s, this value of %fs:[0x48] marks the shadow stack as enabled. I have no idea why this happened, can you give me some insights?
The following archive contains the normal and instrumented programs plus the input to reproduce this problem.
mruby.zip
user@c3ae4d510abb:e9afl$ ./e9afl mruby_trace
"install/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "mruby_trace.afl" -M 'plugin("install/e9AFLPlugin.so").match()' -P 'plugin("install/e9AFLPlugin.so").patch()' --plugin="install/e9AFLPlugin.so":--counter=classic --plugin="install/e9AFLPlugin.so":-Oblock=default --plugin="/home/user/docker_share/tools/e9afl/install/e9AFLPlugin.so":-Oselect=default --plugin="install/e9AFLPlugin.so":--path='install' --option --log=false -- "mruby_trace"
-----------------------------------------------
mode = Linux ELF executable
input_binary = mruby_trace
output_binary = mruby_trace.afl
num_patched = 10015 / 10015 (100.00%)
num_patched_B1 = 8936 / 10015 (89.23%)
num_patched_B2 = 1078 / 10015 (10.76%)
num_patched_T1 = 1 / 10015 (0.01%)
num_patched_T2 = 0 / 10015 (0.00%)
num_patched_T3 = 0 / 10015 (0.00%)
num_virtual_mappings = 373
num_physical_mappings = 248 (66.49%)
num_virtual_bytes = 1527808
num_physical_bytes = 1015808 (66.49%)
input_file_size = 1738472
output_file_size = 3210016 (184.65%)
time_elapsed = 346ms
memory_used = 28468KB
pwndbg> p/x *(tcbhead_t*) $fs_base │pwndbg> p/x *(tcbhead_t*) $fs_base │·················································································································································
│$2 = { │·················································································································································
$2 = { │ tcb = 0x7ffff7c77740, │·················································································································································
tcb = 0x7ffff7c77740, │ dtv = 0x7ffff7c780a0, │·················································································································································
dtv = 0x7ffff7c780a0, │ self = 0x7ffff7c77740, │·················································································································································
self = 0x7ffff7c77740, │ multiple_threads = 0x0, │·················································································································································
multiple_threads = 0x0, │ gscope_flag = 0x0, │·················································································································································
gscope_flag = 0x0, │ sysinfo = 0x0, │·················································································································································
sysinfo = 0x0, │ stack_guard = 0x75556eb3f83c8600, │·················································································································································
stack_guard = 0x882e160064f5cc00, │ pointer_guard = 0x48fa0123fae3d9a4, │·················································································································································
pointer_guard = 0x7501990f9f69f8be, │ vgetcpu_cache = {0x0, 0x0}, │·················································································································································
vgetcpu_cache = {0x0, 0x0}, │ feature_1 = 0x4a1b, │·················································································································································
feature_1 = 0x0, │ __glibc_unused1 = 0x0, │·················································································································································
__glibc_unused1 = 0x0, │ __private_tm = {0x0, 0x0, 0x0, 0x0}, │·················································································································································
__private_tm = {0x0, 0x0, 0x0, 0x0}, │ __private_ss = 0x0, │·················································································································································
__private_ss = 0x0, │ ssp_base = 0x0, │·················································································································································
ssp_base = 0x0, │ __glibc_unused2 = {{{ │·················································································································································
__glibc_unused2 = {{{ │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }, { │·················································································································································
}, { │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }, { │·················································································································································
}, { │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }, { │·················································································································································
}, { │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }}, {{ │·················································································································································
}}, {{ │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }, { │·················································································································································
}, { │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }, { │·················································································································································
}, { │ i = {0x0, 0x0, 0x0, 0x0} │·················································································································································
i = {0x0, 0x0, 0x0, 0x0} │ }, { │·················································································································································
}, { │ i = {0x0, 0x0, 0x0, 0x0}
Fork server crashed with signal 11 while fuzz jhead
Hello, I used E9AFL to conduct experiments on jHEAD project:https://github.com/Matthias-Wandel/jhead。
I followed the normal procedure and encountered the following error:
root@ubuntu-lzx:~/fuzz/e9afl-jhead# ./afl-fuzz -i in -o out -- ./jhead.afl @@
afl-fuzz 2.57b by <[email protected]>
[+] You have 16 CPU cores and 1 runnable tasks (utilization: 6%).
[+] Try parallel jobs - see docs/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:badyear.jpg'...
[*] Spinning up the fork server...
[-] Whoops, the target binary crashed suddenly, before receiving any input
from the fuzzer! There are several probable explanations:
- The current memory limit (50.0 MB) is too restrictive, causing the
target to hit an OOM condition in the dynamic linker. Try bumping up
the limit with the -m setting in the command line. A simple way confirm
this diagnosis would be:
( ulimit -Sv $[49 << 10]; /path/to/fuzzed_app )
Tip: you can use http://jwilk.net/software/recidivm to quickly
estimate the required amount of virtual memory for the binary.
- The binary is just buggy and explodes entirely on its own. If so, you
need to fix the underlying problem or find a better replacement.
- Less likely, there is a horrible bug in the fuzzer. If other options
fail, poke <[email protected]> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server crashed with signal 11
Location : init_forkserver(), afl-fuzz.c:2230
root@ubuntu-lzx:~/fuzz/e9afl-jhead# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 127896
max locked memory (kbytes, -l) 65536
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 127896
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
root@ubuntu-lzx:~/fuzz/e9afl-jhead#
[Feature Request] Is there any plan to increase the closed source sanatize check?
Is there any plan to increase the closed source sanatize check? it will be very attractive to me
Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.
$ afl-fuzz -m 850 -i input/ -o output/ -- ./test_binary.afl
afl-fuzz 2.52b by [email protected]
[+] You have 8 CPU cores and 2 runnable tasks (utilization: 25%).
[+] Try parallel jobs - see /usr/share/doc/afl-doc/docs/parallel_fuzzing.txt.
[] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[] Checking core_pattern...
[] Checking CPU scaling governor...
[] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[] Deleting old session data...
[+] Output dir cleanup successful.
[] Scanning 'input/'...
[+] No auto-generated dictionary tokens to reuse.
[] Creating hard links for all input files...
[] Validating target binary...
[] Attempting dry run with 'id:000000,orig:exe'...
[] Spinning up the fork server...
[-] Whoops, the target binary crashed suddenly, before receiving any input
from the fuzzer! There are several probable explanations:
- The current memory limit (850 MB) is too restrictive, causing the
target to hit an OOM condition in the dynamic linker. Try bumping up
the limit with the -m setting in the command line. A simple way confirm
this diagnosis would be:
( ulimit -Sv $[849 << 10]; /path/to/fuzzed_app )
Tip: you can use http://jwilk.net/software/recidivm to quickly
estimate the required amount of virtual memory for the binary.
- The binary is just buggy and explodes entirely on its own. If so, you
need to fix the underlying problem or find a better replacement.
- Less likely, there is a horrible bug in the fuzzer. If other options
fail, poke <[email protected]> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server crashed with signal 11
Location : init_forkserver(), afl-fuzz.c:2201
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.