WorksButNotTested
WorksButNotTested
I don’t think the problem is gdb related, just that using GDB to diagnose issues is problematic. So the shared object is being loaded with dlopen/dlclose multiple times? FRIDA mode...
You could try `LD_PRELOAD`ing the library into the process to avoid it being loaded/uloaded?
In theory, a program should be able to load and unload DSOs, FRIDA only encounters an issue when the same region of the address space is re-used for different purposes,...
Looks like FRIDA has written an instrumented block at 0x7ffff484ecbf. This starts with the instrumentation code generated here https://github.com/AFLplusplus/AFLplusplus/blob/497ff5ff7962ee492fef315227366d658c637ab2/frida_mode/src/instrument/instrument_x64.c#L83 to update the map. This is then followed by the original...
If you build with FRIDA_SOURCE=1 it will build the devkit from source. The blocks FRIDA allocates are done here. https://github.com/frida/frida-gum/blob/0ff142c1cd7dc52de7e3f7d7fe79b2a18d4dce13/gum/backend-arm64/gumstalker-arm64.c#L5662 That might give an idea whether it is going off...
That looks like the caching code. https://github.com/AFLplusplus/AFLplusplus/blob/2b8e528a3b5f44df590b8f727983d142857d0433/frida_mode/src/instrument/instrument_x64_cache.c#L18. Basically, whenever it encounters an indirect CALL or JMP, it emits code to lookup the address of the next instrumented block to branch...
@icytxw Did you find the solution?
Yeah. Let’s keep the ticket open. If I get some time next week, I’ll have a look at the instrumented code and see if I can figure out what’s up....
This branch also requires a modified qemu-libafl-bridge, here, so that may account for your build errors? https://github.com/WorksButNotTested/qemu-libafl-bridge/tree/asan However, in the interim, it seems that this commit has caused a regression...
It seems that mappings are omitted from the output. In particular if you enumerate them twice you seem to get different results. I put the details in the discord I...