AFLplusplus
diff --git a/‎frida_mode/GNUmakefile
Lines changed: 20 additions & 130 deletions b/‎frida_mode/GNUmakefile
Lines changed: 20 additions & 130 deletions
diff --git a/‎frida_mode/src/asan/asan.c
Lines changed: 0 additions & 27 deletions b/‎frida_mode/src/asan/asan.c
Lines changed: 0 additions & 27 deletions
diff --git a/‎frida_mode/src/js/api.js
Lines changed: 1 addition & 1 deletion b/‎frida_mode/src/js/api.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎frida_mode/src/lib/lib.c
Lines changed: 0 additions & 19 deletions b/‎frida_mode/src/lib/lib.c
Lines changed: 0 additions & 19 deletions
diff --git a/‎frida_mode/src/lib/lib_apple.c
Lines changed: 0 additions & 20 deletions b/‎frida_mode/src/lib/lib_apple.c
Lines changed: 0 additions & 20 deletions
diff --git a/‎frida_mode/src/module.c
Lines changed: 7 additions & 2 deletions b/‎frida_mode/src/module.c
Lines changed: 7 additions & 2 deletions
diff --git a/‎frida_mode/src/prefetch.c
Lines changed: 0 additions & 5 deletions b/‎frida_mode/src/prefetch.c
Lines changed: 0 additions & 5 deletions
diff --git a/‎frida_mode/src/ranges.c
Lines changed: 0 additions & 23 deletions b/‎frida_mode/src/ranges.c
Lines changed: 0 additions & 23 deletions
@@ -15,6 +15,7 @@ JS_OBJ:=$(BUILD_DIR)api.o
 SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c)
 OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src))))
 
+XTOOLS_HOST?=x86_64-linux-gnu
 TARGET_CC?=$(CC)
 TARGET_CXX?=$(CXX)
 HOST_CC?=$(CC)
@@ -186,39 +187,13 @@ ifndef OS
  $(error "Operating system unsupported")
 endif
 
-GUM_DEVKIT_VERSION=16.1.11
+GUM_DEVKIT_VERSION=17.0.7
 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz
 GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)"
 
-ifeq ($(OS),macos)
-	# Extract the major version
-	GUM_VERSION_MAJOR := $(shell echo "$(GUM_DEVKIT_VERSION)" | sed -E 's/\..*//')
-	# Extract the minor version (assumes format "MAJOR.MINOR[.PATCH...]")
-	GUM_VERSION_MINOR := $(shell echo "$(GUM_DEVKIT_VERSION)" | sed -E 's/^[^.]*\.//; s/\..*//')
-
-	# Evaluate the version condition in a separate shell call
-	IS_GUM_16_6_PLUS := $(shell \
-		if (( $(GUM_VERSION_MAJOR) > 16 || ( $(GUM_VERSION_MAJOR) == 16 && $(GUM_VERSION_MINOR) >= 6 ) )); then \
-			echo 1; \
-		fi)
-else
-	IS_GUM_16_6_PLUS := $(shell VERSION="$(GUM_DEVKIT_VERSION)"; \
-		MAJOR=$${VERSION%%.*}; \
-		MINOR=$${VERSION#*.}; MINOR=$${MINOR%%.*}; \
-		if [ $$MAJOR -gt 16 ] || { [ $$MAJOR -eq 16 ] && [ $$MINOR -ge 6 ]; }; then \
-			echo 1; \
-		fi)
-endif
-
-CFLAGS += $(if $(IS_GUM_16_6_PLUS),-DGUM_16_6_PLUS)
-
 GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME)
-ifdef FRIDA_SOURCE
-GUM_DEVIT_LIBRARY=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gumjs-1.0.a
-else
-GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gumjs.a
-endif
 GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gumjs.h
+GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gumjs.a
 
 FRIDA_DIR:=$(PWD)build/frida-source/
 FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile
@@ -252,13 +227,13 @@ BIN2C_SRC:=$(PWD)util/bin2c.c
 all: $(FRIDA_TRACE) $(FRIDA_TRACE_LIB
341A
) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(ADDR_BIN)
 
 32:
-	CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all
+	XTOOLS_HOST=i686-linux-gnu CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all
 
 arm:
-	CFLAGS="-marm" LDFLAGS="-marm" ARCH="armhf" TARGET_CC=arm-linux-gnueabihf-gcc TARGET_CXX=arm-linux-gnueabihf-g++ make all
+	XTOOLS_HOST=arm-linux-gnueabihf CFLAGS="-marm" LDFLAGS="-marm" ARCH="armhf" TARGET_CC=arm-linux-gnueabihf-gcc TARGET_CXX=arm-linux-gnueabihf-g++ make all
 
 arm64:
-	ARCH="arm64" TARGET_CC=aarch64-linux-gnu-gcc TARGET_CXX=aarch64-linux-gnu-g++ make all
+	XTOOLS_HOST=aarch64-linux-gnu ARCH="arm64" TARGET_CC=aarch64-linux-gnu-gcc TARGET_CXX=aarch64-linux-gnu-g++ make all
 
 $(BUILD_DIR):
 	mkdir -p $(BUILD_DIR)
@@ -271,114 +246,29 @@ $(OBJ_DIR): | $(BUILD_DIR)
 $(FRIDA_BUILD_DIR): | $(BUILD_DIR)
 	mkdir -p $@
 
+#TODO Set architecture
 ifdef FRIDA_SOURCE
 $(FRIDA_MAKEFILE): | $(BUILD_DIR)
-	git clone --recursive https://github.com/frida/frida.git $(FRIDA_DIR)
+	git clone https://github.com/frida/frida-gum.git $(FRIDA_DIR)
+	cd $(FRIDA_DIR) && \
+	./configure \
+		--host=$(XTOOLS_HOST) \
+		--enable-tests \
+		--enable-gumpp \
+		--enable-gumjs \
+		--with-devkits=gum,gumjs
 
 .PHONY: $(GUM_DEVIT_LIBRARY)
 
-$(GUM_DEVIT_LIBRARY): $(FRIDA_MAKEFILE)
-	cd $(FRIDA_DIR) && make gum-$(OS)$(GUM_ARCH) FRIDA_V8=disabled
-
-$(GUM_DEVIT_HEADER): $(FRIDA_MAKEFILE) | $(FRIDA_BUILD_DIR)
-	echo "#include <stdio.h>" > $@
-	echo "#include <unistd.h>" >> $@
-	echo "#include <gum/gumreturnaddress.h>" >> $@
-	echo "#include <gum/gumbacktracer.h>" >> $@
-	echo "#include <gum/gumsymbolutil.h>" >> $@
-	echo "#include <gum/gumstalker.h>" >> $@
-	echo "#include <gum/gumlibc.h>" >> $@
-	echo "#include <gumjs/gumscriptbackend.h>" >> $@
-
-ifeq "$(OS)" "macos"
-
-CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \
-	    -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
-
-TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libiconv.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libv8-8.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgmodule-2.0.a \
-
-else ifeq "$(ARCH)" "arm64"
-
-CFLAGS+=-I $(FRIDA_DIR)build/$(OS)-$(ARCH)/include/frida-1.0 \
-	    -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
+$(GUM_DEVIT_LIBRARY): $(FRIDA_MAKEFILE) | $(FRIDA_BUILD_DIR)
+	echo $(GUM_DEVIT_LIBRARY) $(FRIDA_MAKEFILE) $(FRIDA_BUILD_DIR)
+	cd $(FRIDA_DIR) && make FRIDA_V8=disabled
+	cp $(FRIDA_DIR)build/bindings/gumjs/devkit/frida-gumjs.h $(GUM_DEVIT_HEADER)
+	cp $(FRIDA_DIR)build/bindings/gumjs/devkit/libfrida-gumjs.a $(GUM_DEVIT_LIBRARY)
 
 ifeq "$(OS)" "android"
 CFLAGS += -static-libstdc++
 endif
-else
-CFLAGS+=-I $(FRIDA_DIR)build/$(OS)-$(ARCH)/include/frida-1.0 \
-	    -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
-
-endif
-
-TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libunwind.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libdwarf.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libelf.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \
-
-CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \
-	    -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/
-
-ifeq "$(OS)" "android"
- CFLAGS += -static-libstdc++
-endif
-
-TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libtcc.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libjson-glib-1.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libquickjs.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libcapstone.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libunwind.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libffi.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libdwarf.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libelf.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgio-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libgobject-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libglib-2.0.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \
-			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \
-
 
 else
 $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR)
 
@@ -27,7 +27,6 @@ void asan_init(void) {
 
 }
 
-#ifdef GUM_16_6_PLUS
 static gboolean asan_exclude_module(GumModule *module, gpointer user_data) {
 
   gchar                *symbol_name = (gchar *)user_data;
@@ -47,32 +46,6 @@ static gboolean asan_exclude_module(GumModule *module, gpointer user_data) {
 
 }
 
-#else
-static gboolean asan_exclude_module(const GumModuleDetails *details,
-                                    gpointer                user_data) {
-
-  gchar     *symbol_name = (gchar *)user_data;
-  GumAddress address;
-
-  address = gum_module_find_export_by_name(details->name, symbol_name);
-  if (address == 0) { return TRUE; }
-
-  /* If the reported address of the symbol is outside of the range of the module
-   * then ignore it */
-  if (address < details->range->base_address) { return TRUE; }
-  if (address > (details->range->base_address + details->range->size)) {
-
-    return TRUE;
-
-  }
-
-  ranges_add_exclude((GumMemoryRange *)details->range);
-  return FALSE;
-
-}
-
-#endif
-
 void asan_exclude_module_by_symbol(gchar *symbol_name) {
 
   gum_process_enumerate_modules(asan_exclude_module, symbol_name);
 
@@ -382,5 +382,5 @@ Afl.jsApiSetTraceable = Afl.jsApiGetFunction("js_api_set_traceable", "void", [])
 Afl.jsApiSetVerbose = Afl.jsApiGetFunction("js_api_set_verbose", "void", []);
 Afl.jsApiWrite = new NativeFunction(
 /* tslint:disable-next-line:no-null-keyword */
-Module.getExportByName(null, "write"), "int", ["int", "pointer", "int"]);
+Module.getGlobalExportByName("write"), "int", ["int", "pointer", "int"]);
 Afl.jsApiIjonSet = Afl.jsApiGetFunction("js_api_ijon_set", "void", ["uint32"]);
@@ -39,7 +39,6 @@ typedef struct {
 static guint64 text_base = 0;
 static guint64 text_limit = 0;
 
-  #ifdef GUM_16_6_PLUS
 static gboolean lib_find_exe(GumModule *module, gpointer user_data) {
 
   lib_details_t        *lib_details = (lib_details_t *)user_data;
@@ -57,24 +56,6 @@ static gboolean lib_find_exe(GumModule *module, gpointer user_data) {
 
 }
 
-  #else
-static gboolean lib_find_exe(const GumModuleDetails *details,
-                             gpointer                user_data) {
-
-  lib_details_t *lib_details = (lib_details_t *)user_data;
-
-  strncpy(lib_details->name, details->name, PATH_MAX);
-  strncpy(lib_details->path, details->path, PATH_MAX);
-  lib_details->name[PATH_MAX] = '\0';
-  lib_details->path[PATH_MAX] = '\0';
-  lib_details->base_address = details->range->base_address;
-  lib_details->size = details->range->size;
-  return FALSE;
-
-}
-
-  #endif
-
 static void lib_validate_hdr(Elf_Ehdr *hdr) {
 
   if (hdr->e_ident[0] != ELFMAG0) FFATAL("Invalid e_ident[0]");
 
@@ -12,7 +12,6 @@ extern void        gum_darwin_enumerate_modules(mach_port_t        task,
 static guint64 text_base = 0;
 static guint64 text_limit = 0;
 
-  #ifdef GUM_16_6_PLUS
 static gboolean lib_get_main_module(GumModule *module, gpointer user_data) {
 
   GumDarwinModule     **ret = (GumDarwinModule **)user_data;
@@ -30,25 +29,6 @@ static gboolean lib_get_main_module(GumModule *module, gpointer user_data) {
 
 }
 
-  #else
-static gboolean lib_get_main_module(const GumModuleDetails *details,
-                                    gpointer                user_data) {
-
-  GumDarwinModule **ret = (GumDarwinModule **)user_data;
-  GumDarwinModule  *module = gum_darwin_module_new_from_memory(
-      details->path, mach_task_self(), details->range->base_address,
-      GUM_DARWIN_MODULE_FLAGS_NONE, NULL);
-
-  FVERBOSE("Found main module: %s", module->name);
-
-  *ret = module;
-
-  return FALSE;
-
-}
-
-  #endif
-
 gboolean lib_get_text_section(const GumDarwinSectionDetails *details,
                               gpointer                       user_data) {
 
 
@@ -46,6 +46,7 @@ gboolean found_range(const GumRangeDetails *details, gpointer user_data) {
 static int on_dlclose(void *handle) {
 
   GArray          *ranges = NULL;
+  GumModule       *module = NULL;
   struct link_map *lm = NULL;
   gum_range_t     *range = NULL;
   GumAddress       base;
@@ -61,8 +62,12 @@ static int on_dlclose(void *handle) {
   FVERBOSE("on_dlclose: %s", lm->l_name);
 
   ranges = g_array_new(FALSE, TRUE, sizeof(gum_range_t));
-  gum_module_enumerate_ranges(lm->l_name, GUM_PAGE_EXECUTE, found_range,
-                              ranges);
+
+  module = gum_process_find_module_by_name(lm->l_name);
+
+  if (module == NULL) { FATAL("Failed to find module: %s", lm->l_name); }
+
+  gum_module_enumerate_ranges(module, GUM_PAGE_EXECUTE, found_range, ranges);
 
   int ret = dlclose(handle);
   if (ret != 0) {
 
@@ -263,13 +263,8 @@ static int prefetch_on_fork(void) {
 
 static void prefetch_hook_fork(void) {
 
-#ifdef GUM_16_6_PLUS
   void *fork_addr =
       GSIZE_TO_POINTER(gum_module_find_global_export_by_name("fork"));
-#else
-  void *fork_addr =
-      GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork"));
-#endif
   intercept_hook(fork_addr, prefetch_on_fork, NULL);
 
 }
 
@@ -116,7 +116,6 @@ static void convert_address_token(gchar *token, GumMemoryRange *range) {
 
 }
 
-#ifdef GUM_16_6_PLUS
 static gboolean convert_name_token_for_module(GumModule *module,
                                               gpointer   user_data) {
 
@@ -138,28 +137,6 @@ static gboolean convert_name_token_for_module(GumModule *module,
 
 }
 
-#else
-static gboolean convert_name_token_for_module(const GumModuleDetails *details,
-                                              gpointer user_data) {
-
-  convert_name_ctx_t *ctx = (convert_name_ctx_t *)user_data;
-  if (details->path == NULL) { return true; };
-
-  if (!g_str_has_suffix(details->path, ctx->suffix)) { return true; };
-
-  FVERBOSE("Found module - prefix: %s, 0x%016" G_GINT64_MODIFIER
-           "x-0x%016" G_GINT64_MODIFIER "x %s",
-           ctx->suffix, details->range->base_address,
-           details->range->base_address + details->range->size, details->path);
-
-  *ctx->range = *details->range;
-  ctx->done = true;
-  return false;
-
-}
-
-#endif
-
 static void convert_name_token(gchar *token, GumMemoryRange *range) {
 
   gchar             *suffix = g_strconcat("/", token, NULL);