Fixes for frida windows

fuzzers/forkserver_libafl_cc/src/main.rs

@@ -21,7 +21,7 @@ use libafl::{
 use libafl_bolts::{
     rands::StdRand,
     shmem::{ShMem, ShMemProvider, UnixShMemProvider},
-    tuples::{tuple_list, Handler, MatchNameRef, Merge},
+    tuples::{tuple_list, Handled, MatchNameRef, Merge},
     AsSliceMut, Truncate,
 };
 use libafl_targets::EDGES_MAP_SIZE_IN_USE;
@@ -166,7 +166,7 @@ pub fn main() {
     // Create the executor for the forkserver
     let args = opt.arguments;
 
-    let observer_ref = edges_observer.handle();
+    let observer_handle = edges_observer.handle();
 
     let mut tokens = Tokens::new();
     let mut executor = ForkserverExecutor::builder()
@@ -182,7 +182,7 @@ pub fn main() {
         .unwrap();
 
     if let Some(dynamic_map_size) = executor.coverage_map_size() {
-        executor.observers_mut()[&observer_ref]
+        executor.observers_mut()[&observer_handle]
             .as_mut()
             .truncate(dynamic_map_size);
     }

fuzzers/forkserver_simple/src/main.rs

@@ -22,7 +22,7 @@ use libafl_bolts::{
     current_nanos,
     rands::StdRand,
     shmem::{ShMem, ShMemProvider, UnixShMemProvider},
-    tuples::{tuple_list, Handler, Merge},
+    tuples::{tuple_list, Handled, Merge},
     AsSliceMut, Truncate,
 };
 use nix::sys::signal::Signal;

fuzzers/frida_gdiplus/Makefile.toml

@@ -39,7 +39,7 @@ windows_alias = "fuzzer_windows"
 [tasks.fuzzer_windows]
 script_runner="@shell"
 script='''
-cargo build --profile ${PROFILE}
+cargo +nightly build --profile ${PROFILE}
 cp ./target/${PROFILE_DIR}/${FUZZER_NAME} .
 '''
 

fuzzers/frida_gdiplus/src/fuzzer.rs

@@ -41,7 +41,8 @@ use libafl_bolts::{
     tuples::{tuple_list, Merge},
     AsSlice,
 };
-
+use libafl_frida::asan::asan_rt::AsanRuntime;
+use libafl_frida::asan::errors::{AsanErrorsFeedback, AsanErrorsObserver};
 use libafl_frida::{
     asan::{
         asan_rt::AsanRuntime,
@@ -50,7 +51,8 @@ use libafl_frida::{
     cmplog_rt::CmpLogRuntime,
     coverage_rt::{CoverageRuntime, MAP_SIZE},
     executor::FridaInProcessExecutor,
-    helper::FridaInstrumentationHelper, hook_rt::HookRuntime,
+    helper::FridaInstrumentationHelper,
+    hook_rt::HookRuntime,
 };
 use libafl_targets::cmplog::CmpLogObserver;
 
@@ -101,9 +103,12 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 let coverage = CoverageRuntime::new();
                 let asan = AsanRuntime::new(&options);
                 let hooks = HookRuntime::new();
-
-                let mut frida_helper =
-                    FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan, hooks));
+
+                let mut frida_helper = FridaInstrumentationHelper::new(
+                    &gum,
+                    options,
+                    tuple_list!(coverage, asan, hooks),
+                );
                 //
                 // Create an observation channel using the coverage map
                 let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@@ -177,11 +182,9 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
 
-                let observers = tuple_list!(
-                    edges_observer,
-                    time_observer,
-                    asan_observer,
-                );
+
+                let observers = tuple_list!(edges_observer, time_observer, asan_observer);
+
 
                 // Create the executor for an in-process function with just one observer for edge coverage
                 let mut executor = FridaInProcessExecutor::new(
@@ -221,8 +224,11 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 let cmplog = CmpLogRuntime::new();
                 let hooks = HookRuntime::new();
 
-                let mut frida_helper =
-                    FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog, hooks));
+                let mut frida_helper = FridaInstrumentationHelper::new(
+                    &gum,
+                    options,
+                    tuple_list!(coverage, cmplog, hooks),
+                );
 
                 // Create an observation channel using the coverage map
                 let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@@ -294,11 +300,9 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
 
-                let observers = tuple_list!(
-                    edges_observer,
-                    time_observer,
-                    asan_observer
-                );
+
+                let observers = tuple_list!(edges_observer, time_observer, asan_observer);
+
 
                 // Create the executor for an in-process function with just one observer for edge coverage
                 let mut executor = FridaInProcessExecutor::new(
@@ -379,8 +383,8 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
 
                 let mut objective = feedback_or_fast!(
                     CrashFeedback::new(),
-                    // TimeoutFeedback::new(),
-                    feedback_and_fast!(ConstFeedback::from(false), AsanErrorsFeedback::new(&asan_observer))
+                    TimeoutFeedback::new(),
+                    AsanErrorsFeedback::new(&asan_observer)
                 );
 
                 // If not restarting, create a State from scratch
@@ -423,11 +427,9 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
 
-                let observers = tuple_list!(
-                    edges_observer,
-                    time_observer,
-                    asan_observer
-                );
+
+
+                let observers = tuple_list!(edges_observer, time_observer);
 
                 // Create the executor for an in-process function with just one observer for edge coverage
                 let mut executor = FridaInProcessExecutor::new(
@@ -438,7 +440,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                         &mut fuzzer,
                         &mut state,
                         &mut mgr,
-                        options.timeout
+                        options.timeout,
                     )?,
                     &mut frida_helper,
                 );
@@ -455,7 +457,9 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
 
                 let mut stages = tuple_list!(StdMutationalStage::new(mutator));
 
-                fuzzer.fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr).unwrap();
+                fuzzer
+                    .fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr)
+                    .unwrap();
 
                 Ok(())
             })(state, mgr, core_id)

fuzzers/frida_libpng/Cargo.toml

@@ -29,7 +29,7 @@ reqwest = { version = "0.11.4", features = ["blocking"] }
 libafl = { path = "../../libafl/", features = [ "std", "llmp_compression",
     "llmp_bind_public", "frida_cli", "errors_backtrace" ] } #,  "llmp_small_maps", "llmp_debug"]}
 libafl_bolts = { path = "../../libafl_bolts/" }
-frida-gum = { version = "0.13.3", features = [ "auto-download", "event-sink", "invocation-listener"] }
+frida-gum = { path = "../../../frida-rust/frida-gum", features = [ "auto-download", "event-sink", "invocation-listener"] }
 libafl_frida = { path = "../../libafl_frida", features = ["cmplog"] }
 libafl_targets = { path = "../../libafl_targets", features = ["sancov_cmplog"] }
 libloading = "0.7"

fuzzers/frida_libpng/Makefile.toml

@@ -69,14 +69,14 @@ windows_alias = "fuzzer_windows"
 [tasks.fuzzer_unix]
 script_runner="@shell"
 script='''
-cargo build --profile ${PROFILE}
+cargo +nightly build --profile ${PROFILE}
 cp ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME} .
 '''
 
 [tasks.fuzzer_windows]
 script_runner="@shell"
 script='''
-cargo build --profile ${PROFILE}
+cargo +nightly build --profile ${PROFILE}
 cp ./target/${PROFILE_DIR}/${FUZZER_NAME} .
 '''
 

fuzzers/frida_libpng/src/fuzzer.rs

@@ -22,7 +22,6 @@ use libafl::{
     state::{HasCorpus, StdState},
     Error, HasMetadata,
 };
-#[cfg(unix)]
 use libafl::{feedback_and_fast, feedbacks::ConstFeedback};
 use libafl_bolts::{
     cli::{parse_args, FuzzerOptions},
@@ -31,7 +30,6 @@ use libafl_bolts::{
     tuples::{tuple_list, Merge},
     AsSlice,
 };
-#[cfg(unix)]
 use libafl_frida::asan::{
     asan_rt::AsanRuntime,
     errors::{AsanErrorsFeedback, AsanErrorsObserver},
@@ -94,15 +92,12 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 let gum = Gum::obtain();
 
                 let coverage = CoverageRuntime::new();
-                #[cfg(unix)]
+
                 let asan = AsanRuntime::new(options);
 
-                #[cfg(unix)]
                 let mut frida_helper =
                     FridaInstrumentationHelper::new(&gum, options, tuple_list!(asan, coverage));
-                #[cfg(windows)]
-                let mut frida_helper =
-                    FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage));
+
 
                 // Create an observation channel using the coverage map
                 let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
@@ -114,7 +109,6 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
 
                 // Create an observation channel to keep track of the execution time
                 let time_observer = TimeObserver::new("time");
-                #[cfg(unix)]
                 let asan_observer = AsanErrorsObserver::from_static_asan_errors();
 
                 // Feedback to rate the interestingness of an input
@@ -127,18 +121,13 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 );
 
                 // Feedbacks to recognize an input as solution
-                #[cfg(unix)]
                 let mut objective = feedback_or_fast!(
                     CrashFeedback::new(),
                     TimeoutFeedback::new(),
                     // true enables the AsanErrorFeedback
-                    feedback_and_fast!(
-                        ConstFeedback::from(true),
-                        AsanErrorsFeedback::new(&asan_observer)
-                    )
+                    AsanErrorsFeedback::new(&asan_observer)
                 );
-                #[cfg(windows)]
-                let mut objective = feedback_or_fast!(CrashFeedback::new(), TimeoutFeedback::new());
+
 
                 // If not restarting, create a State from scratch
                 let mut state = state.unwrap_or_else(|| {
@@ -180,10 +169,8 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
 
-                #[cfg(unix)]
                 let observers = tuple_list!(edges_observer, time_observer, asan_observer);
-                #[cfg(windows)]
-                let observers = tuple_list!(edges_observer, time_observer);
+
 
                 // Create the executor for an in-process function with just one observer for edge coverage
                 let mut executor = FridaInProcessExecutor::new(
@@ -235,7 +222,6 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
 
                 // Create an observation channel to keep track of the execution time
                 let time_observer = TimeObserver::new("time");
-                #[cfg(unix)]
                 let asan_observer = AsanErrorsObserver::from_static_asan_errors();
 
                 // Feedback to rate the interestingness of an input
@@ -247,17 +233,12 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                     TimeFeedback::new(&time_observer)
                 );
 
-                #[cfg(unix)]
                 let mut objective = feedback_or_fast!(
                     CrashFeedback::new(),
                     TimeoutFeedback::new(),
-                    feedback_and_fast!(
-                        ConstFeedback::from(false),
-                        AsanErrorsFeedback::new(&asan_observer)
-                    )
+                    AsanErrorsFeedback::new(&asan_observer)
                 );
-                #[cfg(windows)]
-                let mut objective = feedback_or_fast!(CrashFeedback::new(), TimeoutFeedback::new());
+
 
                 // If not restarting, create a State from scratch
                 let mut state = state.unwrap_or_else(|| {
@@ -299,10 +280,8 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
 
-                #[cfg(unix)]
+
                 let observers = tuple_list!(edges_observer, time_observer, asan_observer);
-                #[cfg(windows)]
-                let observers = tuple_list!(edges_observer, time_observer);
 
                 // Create the executor for an in-process function with just one observer for edge coverage
                 let mut executor = FridaInProcessExecutor::new(
@@ -368,7 +347,6 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
 
                 // Create an observation channel to keep track of the execution time
                 let time_observer = TimeObserver::new("time");
-                #[cfg(unix)]
                 let asan_observer = AsanErrorsObserver::from_static_asan_errors();
 
                 // Feedback to rate the interestingness of an input
@@ -380,17 +358,11 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                     TimeFeedback::new(&time_observer)
                 );
 
-                #[cfg(unix)]
                 let mut objective = feedback_or_fast!(
                     CrashFeedback::new(),
                     TimeoutFeedback::new(),
-                    feedback_and_fast!(
-                        ConstFeedback::from(false),
-                        AsanErrorsFeedback::new(&asan_observer)
-                    )
+                    AsanErrorsFeedback::new(&asan_observer)
                 );
-                #[cfg(windows)]
-                let mut objective = feedback_or_fast!(CrashFeedback::new(), TimeoutFeedback::new());
 
                 // If not restarting, create a State from scratch
                 let mut state = state.unwrap_or_else(|| {
@@ -432,10 +404,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
 
-                #[cfg(unix)]
                 let observers = tuple_list!(edges_observer, time_observer, asan_observer);
-                #[cfg(windows)]
-                let observers = tuple_list!(edges_observer, time_observer);
 
                 // Create the executor for an in-process function with just one observer for edge coverage
                 let mut executor = FridaInProcessExecutor::new(

fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -51,8 +51,8 @@ use libafl_qemu::{
     elf::EasyElf,
     filter_qemu_args,
     hooks::QemuHooks,
-    GuestReg, MmapPerms, Qemu, QemuExitReason, QemuExitReasonError, QemuForkExecutor,
-    QemuShutdownCause, Regs,
+    GuestReg, MmapPerms, Qemu, QemuExitError, QemuExitReason, QemuForkExecutor, QemuShutdownCause,
+    Regs,
 };
 #[cfg(unix)]
 use nix::unistd::dup;
@@ -328,7 +328,7 @@ fn fuzz(
                 Ok(QemuExitReason::End(QemuShutdownCause::HostSignal(Signal::SigInterrupt))) => {
                     process::exit(0)
                 }
-                Err(QemuExitReasonError::UnexpectedExit) => return ExitKind::Crash,
+                Err(QemuExitError::UnexpectedExit) => return ExitKind::Crash,
                 _ => panic!("Unexpected QEMU exit."),
             }
         }

fuzzers/fuzzbench_forkserver_cmplog/src/main.rs

@@ -37,7 +37,7 @@ use libafl_bolts::{
     ownedref::OwnedRefMut,
     rands::StdRand,
     shmem::{ShMem, ShMemProvider, UnixShMemProvider},
-    tuples::{tuple_list, Handler, Merge},
+    tuples::{tuple_list, Handled, Merge},
     AsSliceMut,
 };
 use libafl_targets::{

fuzzers/fuzzbench_qemu/src/fuzzer.rs

@@ -60,8 +60,8 @@ use libafl_qemu::{
     MmapPerms,
     Qemu,
     QemuExecutor,
+    QemuExitError,
     QemuExitReason,
-    QemuExitReasonError,
     QemuShutdownCause,
     Regs,
 };
@@ -350,7 +350,7 @@ fn fuzz(
                 Ok(QemuExitReason::End(QemuShutdownCause::HostSignal(Signal::SigInterrupt))) => {
                     process::exit(0)
                 }
-                Err(QemuExitReasonError::UnexpectedExit) => return ExitKind::Crash,
+                Err(QemuExitError::UnexpectedExit) => return ExitKind::Crash,
                 _ => panic!("Unexpected QEMU exit."),
             }
         }