WorksButNotTested

No worries. Easy to get distracted with other work. That would be great. Thanks.

That's no worries. Just keep me posted how you get on!

Superseded by https://github.com/frida/frida-gum/pull/704

I can only help with the last point I’m afraid. Here’s my implementation for AFL_FRIDA_PERSISTENT_RET. https://github.com/AFLplusplus/AFLplusplus/blob/d1e1bbc713b22d620956143634ecdf97223aa59f/frida_mode/src/persistent/persistent_x64.c#L321 This file has the inline assembly generation code to support persistent mode. The epilogue...

Take a quick look at the Linux exception handling support. I’d guess the approach would be pretty similar. https://github.com/frida/frida-gum/blob/187492a38f0a2ecef3915765a2917e53b0a6e303/gum/backend-x86/gumstalker-x86.c#L876 Rather than modifying the stack itself, it’s likely to be a...

Exception handling in Linux is explained in excruciating detail here. https://monkeywritescode.blogspot.com/p/c-exceptions-under-hood.html It’s a very comprehensive and thorough explanation.

I would test playing around with excluded ranges. Try including everything and see if it works. Then try excluding everything. I suspect the issue might relate to an exception occurring...

Maybe the same reason as for AFL++? https://github.com/AFLplusplus/AFLplusplus/blob/340647c5f1dda67957cf9f85b2af9e9ef7fb28af/frida_mode/src/instrument/instrument.c#L175

If we tell FRIDA stalker to exclude a range, then when we call a function in it, it will push a return address onto the stack to jump back to...

I would make it the default to skip telling FRIDA to exclude ranges for all platforms and architectures except for Linux on x86/64. But I would make it configurable so...