AFLplusplus
libafl-frida stalker miss many blocks?
I try to fuzz android library based libafl-frida. I write a harness library which uses dlopen to load the target library.
When fuzzing, I use frida to hook one of the functions in target library, and it was hit.
However, I print all block addresses in stalker transformer , the addresses in that function are not found.
I try to use javascript interface of stalker based frida-server, and everything seems good. I guessed it's the problem of frida-gum of rust. Anyone encounters the same problem?
I test it in samsung phone, the target library needed some libs of the samsung phone.
And I found it's not the problem of libafl. The problem is the achievement of frida stalker exclude function (frida-gum), I didn't know the reason why the stalker exclude works fail on my target, and i solved it by commenting on it, and this problem also exists in afl++ frida mode.
thanks for the info so you mean these lines?
for range in ranges.gaps(&(0..usize::MAX)) {
println!("excluding range: {:x}-{:x}", range.start, range.end);
stalker.exclude(&MemoryRange::new(
NativePointer(range.start as *mut c_void),
range.end - range.start,
));
}
thanks for the info so you mean these lines?
for range in ranges.gaps(&(0..usize::MAX)) { println!("excluding range: {:x}-{:x}", range.start, range.end); stalker.exclude(&MemoryRange::new( NativePointer(range.start as *mut c_void), range.end - range.start, )); }
Sure, I comment stalker.exclude
This is the result of leaving out some -l arguments. There must be a clear line of execution from every function you want stalked back to the entry point. This is is because of how frida-stalker works.