LibAFL Frida asan_rt and hook_rt fixes for frida_windows #2095
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
s1341
approved these changes
May 2, 2024
| @@ -451,9 +462,16 @@ mod tests { | |||
| ); | |||
|
|
|||
| { | |||
|
|
|||
| #[cfg(target_os = "linux")] | |||
There was a problem hiding this comment.
Why do we need the libloading::os::unix::Symbol?
There was a problem hiding this comment.
We need to use the unix version of it specifically because we need to use RTLD_NOW when opening the library. Without RTLD_NOW, it will not resolve the symbols in the lib for you.
This is problematic mainly because of the plt handler. Because the symbol still needs to be resolved, when the hook is checked in the callout it will not detect anything to hook (Because it's still pointed to the PLT resolver stub). This will cause the tests to fail. So, using RTLD_NOW is a quick fix for this.
|
don't |
|
Can you change the panics please? |
|
can you merge from main yourself? else it won't trigger ci i guess |
mineo333
force-pushed
the
frida_windows_aarch64
branch
from
37b4f9c to
b47b053
Compare
|
Ok. I'm going to merge this into my branch, and then CI will run. |
domenukk
added a commit
that referenced
this pull request
May 14, 2024
* WIP: windows frida * frida-windows: fix hooks not present on windows * windows: allow building using cargo xwin * frida-windows: fmrt * frida-windows: cleanup and allow asan/drcov on windows * frida-windows: fmt * frida-windows: fix clippy * frida-windows: handle unknown exceptions gracefully * frida-windows: rework shadow mapping algo * frida-windows: add hook functions * frida-windows: hook functions; fix stack register * minibsod: enable for windows * check_shadow: fix edge casees * asan_rt: rework and add hooks for windows * inprocess: add minibsod on windows * Fix warnings * minibsod: disable test on windows * WIP: HookRuntime * Cleanup after merge * Bump frida-gum version * Fix conflict marker; update frida * Make winsafe windows-specific * Fmt * Format * Better detection of clang++ (using cc) * Make AsanErrors crate public so we can use it in tests * Add helper to get immediate of operand * Use HookRuntime to hook asan functions Tests now passing * fmt * Implement recurisve jmp resolve * Fix reversed logic * windows_hooks: Don't die if functions are already replaced * Allow utils to work on windows * Enable allocator hooking on windows * Warnings; add trace to free * Make ASAN tests run windows (with cargo xwin compilation) * Fmt * clang-format * clang-format * Add more tests * Fix partial range access bug in unpoisoning/shadow_check * Merge main * Fix check_shadow and implement unit tests * Fix hooking and PC retrieval * WIP: Working gdiplus fuzzing with frida-ASAN, no false positives * LibAFL Frida asan_rt and hook_rt fixes for frida_windows (#2095) * Introduce aarch64 * MacOS fix - MemoryAreas is broken on MacOS and just loops * Introduce working aarch64 ASAN check * Implement large blob * Fix hook_rt for arm64 * Fix poison/unpoison * Fix shadow check * Update x86-64 * Fix aarch64 unused import * Remove extraneous println statement * merge main * Fixes * alloc: add tests, pass the tests * HookRuntime before AsanRuntime, and don't Asan if Hooked * hook_rt: Fixes * Frida windows check shadow fix (#2159) * Fix check_shadow and add additional tests * add some additional documentation * Revert to Interceptor based hooks * fixes * format * Get rid of hook_rt; fixes * clang-format * clang-format * Fix with_threshold * fixes * fix build.rs * fmt * Fix offset to RDI on stack * Fix clippy * Fix build.rs * clippy * hook MapViewOfFile * fmt * fix * clippy * clippy * Missing brace * fix * Clippy * fomrrat * fix i64 cast * clippy exclude * too many lines * Undo merge fails * fmt * move debug print * Fix some frida things * Remove unused frida_to_cs fn for aarch64 * name * Don't touch libafl_qemu --------- Co-authored-by: Dongjia "toka" Zhang <[email protected]> Co-authored-by: Sharad Khanna <[email protected]> Co-authored-by: Dominik Maier <[email protected]> Co-authored-by: Dominik Maier <[email protected]>
riesentoaster
pushed a commit
to riesentoaster/LibAFL
that referenced
this pull request
May 24, 2024
* WIP: windows frida * frida-windows: fix hooks not present on windows * windows: allow building using cargo xwin * frida-windows: fmrt * frida-windows: cleanup and allow asan/drcov on windows * frida-windows: fmt * frida-windows: fix clippy * frida-windows: handle unknown exceptions gracefully * frida-windows: rework shadow mapping algo * frida-windows: add hook functions * frida-windows: hook functions; fix stack register * minibsod: enable for windows * check_shadow: fix edge casees * asan_rt: rework and add hooks for windows * inprocess: add minibsod on windows * Fix warnings * minibsod: disable test on windows * WIP: HookRuntime * Cleanup after merge * Bump frida-gum version * Fix conflict marker; update frida * Make winsafe windows-specific * Fmt * Format * Better detection of clang++ (using cc) * Make AsanErrors crate public so we can use it in tests * Add helper to get immediate of operand * Use HookRuntime to hook asan functions Tests now passing * fmt * Implement recurisve jmp resolve * Fix reversed logic * windows_hooks: Don't die if functions are already replaced * Allow utils to work on windows * Enable allocator hooking on windows * Warnings; add trace to free * Make ASAN tests run windows (with cargo xwin compilation) * Fmt * clang-format * clang-format * Add more tests * Fix partial range access bug in unpoisoning/shadow_check * Merge main * Fix check_shadow and implement unit tests * Fix hooking and PC retrieval * WIP: Working gdiplus fuzzing with frida-ASAN, no false positives * LibAFL Frida asan_rt and hook_rt fixes for frida_windows (AFLplusplus#2095) * Introduce aarch64 * MacOS fix - MemoryAreas is broken on MacOS and just loops * Introduce working aarch64 ASAN check * Implement large blob * Fix hook_rt for arm64 * Fix poison/unpoison * Fix shadow check * Update x86-64 * Fix aarch64 unused import * Remove extraneous println statement * merge main * Fixes * alloc: add tests, pass the tests * HookRuntime before AsanRuntime, and don't Asan if Hooked * hook_rt: Fixes * Frida windows check shadow fix (AFLplusplus#2159) * Fix check_shadow and add additional tests * add some additional documentation * Revert to Interceptor based hooks * fixes * format * Get rid of hook_rt; fixes * clang-format * clang-format * Fix with_threshold * fixes * fix build.rs * fmt * Fix offset to RDI on stack * Fix clippy * Fix build.rs * clippy * hook MapViewOfFile * fmt * fix * clippy * clippy * Missing brace * fix * Clippy * fomrrat * fix i64 cast * clippy exclude * too many lines * Undo merge fails * fmt * move debug print * Fix some frida things * Remove unused frida_to_cs fn for aarch64 * name * Don't touch libafl_qemu --------- Co-authored-by: Dongjia "toka" Zhang <[email protected]> Co-authored-by: Sharad Khanna <[email protected]> Co-authored-by: Dominik Maier <[email protected]> Co-authored-by: Dominik Maier <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements various fixes for libafl_frida including fixing the poison/unpoison routine, fixing the ASAN checks on both x86 and aarch64, and redesigning hook_rt for x86 and aarch64. The new design is checks for hooked addresses dynamically instead of statically.
For indirect branches (i.e., loads from memory/branches to registers), it gets the address and checks if it is hooked. If it is hooked, then run the routine and chaining return. If it is not hooked, then go to the kept next instruction.
For direct branches, the hook is checked at block compilation.
Other fixes include moving away from mmap_rs as its broken on darwin as well as fixing the function hooking macro.
This patch is dependent on: frida/frida-rust#132 and frida/frida-gum#777