Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shadow bit #455

Merged
merged 9 commits into from
Jan 13, 2022
Merged

Shadow bit #455

merged 9 commits into from
Jan 13, 2022

Conversation

tokatoka
Copy link
Member

@tokatoka tokatoka commented Jan 5, 2022

With this pr we try every possible shadow bit and make sure it is valid (by enumerating existing memory ranges and checking they don't collide)

@tokatoka
Copy link
Member Author

tokatoka commented Jan 5, 2022
edited

this pr waits for asan to be fixed

@tokatoka
Copy link
Member Author

tokatoka commented Jan 8, 2022

so the asan error I encountered is a x64 issue... this pr itself should be ok

@tokatoka tokatoka requested a review from s1341 January 8, 2022 05:34
@tokatoka
Copy link
Member Author

tokatoka commented Jan 8, 2022
edited

can you test this on aarch64 please? @s1341
because asan should be working for aarch64

@tokatoka tokatoka marked this pull request as ready for review January 8, 2022 05:35
s1341
s1341 reviewed Jan 9, 2022
View reviewed changes
libafl_frida/src/alloc.rs Outdated
// max(userspace address) this is usually 0x8_0000_0000_0000 - 1 on x64 linux.
let mut userspace_max: usize = 0;
// List up all occupied memory ranges
RangeDetails::enumerate_with_prot(PageProtection::Read, &mut |details| {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we assume that all relevant regions are READable?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no... 😄
I changed it to enumerate writable & executable regions

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

surely there is a better way than copy-pasting all that code?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean using PageProtection::ReadWriteExecute instead?
but that does not work.
I need to enumerate Readable ,Writable, and Executable one by one and put them into a single Vec

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So maybe do a nested for instead of copying the code three times?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah ok

s1341
s1341 reviewed Jan 13, 2022
View reviewed changes
libafl_frida/src/lib.rs Outdated Show resolved Hide resolved
@s1341
Copy link
Collaborator

s1341 commented Jan 13, 2022

awesome work. We'll merge once CI is green.

@domenukk domenukk merged commit b70833f into main Jan 13, 2022
@domenukk domenukk deleted the shadow_bit branch January 13, 2022 09:45
khang06 pushed a commit to khang06/LibAFL that referenced this pull request Oct 11, 2022
@tokatoka
Libafl_frida ASan shadow bit (AFLplusplus#455)
744043d 
* add

* debugging

* remove debug code

* fmt

* why

* writable or executable ranges

* for

* fmt

* fix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s1341 s1341 s1341 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tokatoka @s1341 @domenukk