fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)

Overview

fpicker

Fpicker logo

fpicker is a Frida-based fuzzing suite that offers a variety of fuzzing modes for in-process fuzzing, such as an AFL++ mode or a passive tracing mode. It should run on all platforms that are supported by Frida.

Some background information and the thoughts and ideas behind fpicker can be found in a blogpost I wrote.

Fpicker is based on previous efforts on ToothPicker, which was developed during my master thesis. Most of fpicker was developed during working hours at my employer (ERNW).

Requirements and Installation

Required for running fpicker:

  • frida_compile to compile the harness script into one JS file
  • The frida-core-devkit for the respective platform found at Frida releases on GitHub
    • depending on the platform you want to target store the library as frida-core-ios.a, frida-core-macos.a, or frida-core-linux.a. Also, linux and macOS/iOS apparently have different header files. For macOS and iOS version 14.0.8 should be used as the built in compiler/linker has a bug where CModules cannot be properly linked.

Required only when running in AFL++ mode:

  • AFL++
    • on macOS:
      • Compile with CFLAGS="-DUSEMMAP=1".
    • on iOS:
      • Apply the aflpp-ios.patch. This changes the shared mem and out file mode to 666 instead of 600. Fpicker needs to be run as root on iOS. If the target is not running as root, it will not be able to read and write shared memory.
      • Compile with CFLAGS="-DUSEMMAP=1".

Building and Running

Fpicker can be built for macOS, iOS or Linux. The Makefile currently only supports building for iOS on macOS but it should be totally possible to build fpicker using an iOS toolchain on Linux.

Depending on the desired target run:

make fpicker-macos
make fpicker-ios
make fpicker-linux

to build fpicker.

Once fpicker is built, the fuzzing harness needs to be built next:

See the examples folder for different sample fuzzing cases. The general approach is as follows:

  • Create a custom harness for the target (e.g. examples/test/test.js) (see here for more information on harnesses)
  • Compile the custom harness using frida-compile frida-compile test.js -o harness.js

Now fpicker can start fuzzing. The exact command highly depends on the configuration and setup. In the following, a few example cases are given. These mostly correspond to the examples in the examples folder.

  • Run fpicker as AFL++ proxy attaching to a target process fuzzing a specific function in process:
afl-fuzz -i examples/test-network/in -o ./examples/test-network/out -- \\
    ./fpicker --fuzzer-mode afl -e attach -p test-network -f ./examples/test-network/harness.js
  • Run fpicker in standalone mode attaching to a server and running a client program to send the fuzzing input:
./fpicker --fuzzer-mode standalone -e attach -p server-process -f harness.js --input-mode cmd \\
    --command "./client-send @@" -i indir -o outdir
  • Run fpicker in standalone mode attaching to a server, fuzzing in-process with a custom mutator cmd:
./fpicker --fuzzer-mode active --communication-mode shm -e attach -p server-process -f harness.js \\ 
    -i indir -o outdir --standalone-mutator cmd --mutator-command "radamsa"
  • Run fpicker in passive mode attaching to a server collecting coverage and payloads:
./fpicker --fuzzer-mode passive --communication-mode send -e attach -p server-process -o outdir -f harness.js

Creating a Fuzzing Harness

Each target requires its own fuzzing harness. The most important part of this harness is defining the entry function of Frida's Stalker, which effectively determines at which point the instrumentation is inserted. In the in-process mode this is simple. The function would usually be the one that is called on each fuzzing iteration. However, it could also be a different one.

A minimalist harness implementation (in command mode) could be this:

// Import the fuzzer base class
const Fuzzer = require("harness/fuzzer.js");

// The custom fuzzer needs to subclass the Fuzzer class to work properly
class TestFuzzer extends Fuzzer.Fuzzer {
    constructor() {
        // The constructor needs to specify the address of the targeted function and a NativeFunction
        // object that can later be called by the fuzzer.

        const FUZZ_FUNCTION_ADDR = Module.getExportByName(null, "FUZZ_FUNCTION");
        const FUZZ_FUNCTION = new NativeFunction(
            FUZZ_FUNCTION_ADDR,
            "void", ["pointer", "int64"], {
        });

        super("test", FUZZ_FUNCTION_ADDR, FUZZ_FUNCTION);
    }
}

const f = new TestFuzzer();
exports.fuzzer = f;

This harness configures the instrumentation to follow the function FUZZ_FUNCTION. The instrumentation will start when this function is entered and stops when the function returns. This function should be chosen carefully as it is expensive and the more (potentially unimportant) parts of the process are instrumented, the slower the fuzzer gets. Of course, this is a consideration between speed and intended coverage. Additionally, the fuzzer currently only supports functions that are only entered once during one fuzzing iteration, i.e., the function should not be called more than once during one fuzz case, otherwise the coverage information might become unreliable.

When the in-process mode is used, another function is required in the fuzzer script. The fuzz method. It will get called on each iteration. It will be called with two parameters, a pointer to a buffer and the length of the buffer. Our exemplary target function takes two parameters, a pointer to a buffer and its length. Thus, we can just pass the parameters were getting in the fuzz method.

fuzz(payload, len) {
    this.target_function(payload, parseInt(len));
}

In passive mode, a callback needs to be specified that processes the required data. The fuzzer expects to receive a payload buffer and its length. Depending on the target function that is fuzzed, this data needs to be extracted. In the following example, we again have a function that has two parameters: a pointer to a buffer and its length. The args parameter contains all potential parameters the target function receives, so the length parameter (which is the second one in our case) can be accessed with args[1]. We then read the buffer as Uint8Array and send it back to the fuzzer using the sendPassiveCorpus method.

passiveCallback(args) {
    const len = args[1];
    const data = new Uint8Array(Memory.readByteArray(args[0], parseInt(len)));

    // this encodes the data and sends it back to the fuzzer
    this.sendPassiveCorpus(data, len);
}

In case the target needs some sort of preparation before the fuzzer can start, fpicker provides a prepare method that is called during the initialization of the fuzzer. Preparation could be the establishment of state, e.g., by instantiating an object. Such a preparation function could look like the following:

prepare() {
  // the object can be attached to the fuzzer instance so that it can be used within the
  // fuzz() method later on.
  this.required_object = call_native_function_that_creates_object();
}

Modes and Configuration

pficker offers a large set of modes and configurations that are explained in the following. Most of these modes can be combined in different ways. At the end of this section is a table that shows which options can be combined and what their implementation status is.

Fuzzer Mode

Fpicker has three different fuzzing modes: AFL++ Mode, Standalone Active Mode and Standalone Passive Mode:

  • AFL++ Mode: In AFL++ mode, fpicker acts as a proxy between AFL++ and the target process. Using Frida's instrumentation capabilities, AFL's coverage bitmap is populated while the target is fuzzed with input data generated by AFL++.

  • Standalone Active Mode: In standalone active mode, the fuzzer uses Frida's Stalker call summaries to gather coverage in form of basic blocks that are executed during an iteration. This is nothing new and has been implemented in various forms before. However, in combination with some of the other fuzzer settings this can have various benefits. It is also a good alternative if AFL++ is not applicable or desired in a given environment or case.

  • Standalone Passive Mode: Passive mode is less of a fuzzer and more of a tracer. Essentially, it does the same as standalone active mode. However, it does not send its own inputs. It just attaches to a certain function and collects coverage. Once new coverage is observed, both the coverage and the input is stored.

Input Mode

While fpicker is largely designed as an in-process fuzzer, it also supports fuzzing via an external command. For this fpicker offers two input modes.

  • Input Mode In-Process: In in-process input mode, the harness directly calls a specified function in the target process. The fuzzer sends the payload to the harness and the harness prepares the payload in such a way that it can call the targeted function.

  • Input Mode CMD: In command input mode, the payload is redirected to an external command. This is useful it is too complex to prepare the parameters other other state when directly calling the target function. The coverage collection still needs to be attached to a certain function. Maybe there is a client that can be supplied with a payload which then triggers the target function.

Communication Mode

Communication mode determines how the injected harness communicates with the fuzzer. This largely depends on the target application. Frida offers an API to send and receive messages from the injected agent script. This type of communication is quite costly. One of the factors is that the transported message needs to be encoded in JSON. So sending binary data is straight-forward. Therefore, fpicker offers a second communicateion mode over shared memory. However, this only works if it is possible to establish shared memory between the fuzzer and the target application, which means that this mode cannot be used when the target is attached to the fuzzer host via USB. In CMD input mode, the communication mode only refers to how the coverage information is communicated back to the fuzzer, not how the payload is sent, as this is deferred to an external command.

  • Communication Mode Send: In send communication mode the payload is sent by using Frida's RPC calling mechanism. This lets the fuzzer execute a JavaScript function within the injected harness script. This function inside the harness can then do all the necessary preparations to call the target function. Once the target function is returned from, coverage collection will stop and the harness can signal the fuzzer that the iteration is finished. This is done by sending the coverage information back to the fuzzer using Frida's send API.

  • Communication Mode SHM: In SHM communication mode the fuzzer and the harness script communicate via shared memory and semaphores. A buffer in shared memory is used to send the payload and receive the coverage information. Instead of sending and receiving, the two components use waiting and posting to the semaphore. Depending on the system and the target, this introduces quite some perfomance gains. Especially, because the binary payload is written to memory once and does not have to be encoded and decoded or copied into other memory locations. Unfortunately, this mode sometimes leads to a low stability when running with AFL++. Not sure why, yet.

Exec Mode

Exec mode can be either spawn or attach. This is pretty self-explanatory. fpicker can either attach to a runnning process or spawn a process. One thing that is a major difference between the two modes is that, should the attached target crash, fpicker will not try to respawn.

Standalone Mutator

In standalone mode fpicker offers three different input mutation strategies. Nicely put, input mutation certainly has lots of room for improvement.

  • Standalone Mutator NULL: This mutator does not mutate the payload and just returns a copy of the same payload. Mostly for testing purposes. Otherwise not really useful.

  • Standalone Mutator Rand: A very bad random mutator. All it does is randomly replace values at random locations in the original payload. It does not change the payload length.

  • Standalone Mutator Custom: This mutator can call an external command to mutate payloads. It writes the payload to stdin and receives the mutated payload from stdout. Due to its shallow implementation it has quite a performance impact.

Issues
  • failed on linux

    failed on linux

    Hi, I tested this on ubuntu18.04, but got follow error message:

    $ afl-fuzz -i examples/test/in -o ./examples/test/out --      ./fpicker --fuzzer-mode afl -e attach -p test -f ./examples/test/harness.js
    afl-fuzz++3.12a based on afl by Michal Zalewski and a large online community
    [+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
    [+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
    [+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
    [+] No -M/-S set, autoconfiguring for "-S default"
    [*] Getting to work...
    [+] Using exponential power schedule (FAST)
    [+] Enabled testcache with 50 MB
    [*] Checking core_pattern...
    [!] WARNING: Could not check CPU scaling governor
    [+] You have 4 CPU cores and 3 runnable tasks (utilization: 75%).
    [+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.md.
    [*] Setting up output directories...
    [+] Output directory exists but deemed OK to reuse.
    [*] Deleting old session data...
    [+] Output dir cleanup successful.
    [*] Checking CPU core loadout...
    [+] Found a free CPU core, try binding to #0.
    [*] Scanning 'examples/test/in'...
    [+] Loaded a total of 2 seeds.
    [*] Creating hard links for all input files...
    [*] Validating target binary...
    [*] Spinning up the fork server...
    
    [-] Hmm, looks like the target binary terminated before we could complete a
    handshake with the injected code.
    Most likely the target has a huge coverage map, retry with setting the
    environment variable AFL_MAP_SIZE=8000000
    Otherwise there is a horrible bug in the fuzzer.
    Poke <[email protected]> for troubleshooting tips.
    
    [-] PROGRAM ABORT : Fork server handshake failed
             Location : afl_fsrv_start(), src/afl-forkserver.c:972
    
    
    opened by b1tg 4
  • Adding support to remote/network devices on fpicker

    Adding support to remote/network devices on fpicker

    In order to fuzz on a remote device (running 'frida-server') I added support using the Frida core options.

    Added details to README.

    I just noticed some additional 'diff', because my editor is removing trailing white spaces from edited files.

    opened by diogopim 3
  • stability issue

    stability issue

    ensure that you reset prev_loc to zero for every fuzz attempt, as otherwise the first edge ID calculated is always different, resulting in "new paths" being found that are not.

    opened by vanhauser-thc 3
  • Error: compilation failed: module.c:45: error: field not found: undefined

    Error: compilation failed: module.c:45: error: field not found: undefined"

    Hello. I'm having an issue with running fpicker.

    Here's my command: fpicker --fuzzer-mode active -e attach -p <target_process> -D remote -o ./out -i ./in -f harness.js

    I'm running on a X86_64 Host but my target application is a 32bit binary running in a chroot. I also have Frida-Server-x86 running in that chroot to facilitate the remote connection.

    Here's my harness:

    const Fuzzer = require("./harness/fuzzer.js");
    
    class TestFuzzer extends Fuzzer.Fuzzer {
        constructor() {
          
            const fn_addr = Module.getExportByName("libtarget.so.0.1.0","target_function");
            const fn = new NativeFunction(
                fn_addr,
                "bool", ["pointer", "size_t"], {
            });
    
            super("target", fn_addr, fn);
        }
        fuzz(payload, len) {
            this.target_function(payload, parseInt(len));
        }
    }
    
    const f = new TestFuzzer();
    exports.fuzzer = f;
    
    

    Here's the output of when I run fpicker:

    $ fpicker --fuzzer-mode active -e attach -p target -D remote -o ./out -i ./in -f harness.js
           __       _      _                     
          / _|     (_)    | |                    
         | |_ _ __  _  ___| | _____ _ __         
         |  _| '_ \| |/ __| |/ / _ \ '__|      
         | | | |_) | | (__|   <  __/ |           
         |_| | .__/|_|\___|_|\_\___|_|        
             | |                                 
             |_|        Frida-Based Fuzzing Suite
    - - - - - - - - - - - - - - - - - - - - - - -
    
    Running fpicker using the following configuration:
    - fuzzer-mode: 			FUZZER_MODE_STANDALONE_ACTIVE
    - coverage_mode: 		COVERAGE_MODE_STALKER_SUMMARY
    - standalone_mutator: 		STANDALONE_MUTATOR_NULL
    - communication_mode: 		COMMUNICATION_MODE_SEND
    - input_mode: 			INPUT_MODE_IN_PROCESS
    - exec_mode: 			EXEC_MODE_ATTACH
    - device_type: 			DEVICE_REMOTE
    - process_name: 		target
    - command: 			(null)
    - fuzzer_timeout: 		500
    - fuzzer_sleep: 		100
    - verbose: 			false
    - agent_script: 		harness.js
    - corpus_dir: 			./in
    - out_dir: 			./out
    - metrics: enabled
    
    [*] Found 2 Frida devices.
    [*] Found desired Frida device: Local Socket(1)
    [*] Trying to attach to process target
    [*] Found process targetwith PID 69823
    [*] Attached to process target on frida device Local Socket
    [*] Agent script created
    [->] error: {"type":"error","description":"Error: compilation failed: module.c:45: error: field not found: undefined","stack":"Error: compilation failed: module.c:45: error: field not found: undefined\n    at <anonymous> (harness/stalker-instrumentation.js:64)\n    at call (native)\n    at o (../../../../../../../usr/local/lib/node_modules/frida-compile/node_modules/browser-pack/_prelude.js:1)\n    at <anonymous> (../../../../../../../usr/local/lib/node_modules/frida-compile/node_modules/browser-pack/_prelude.js:1)\n    at Fuzzer (harness/fuzzer.js:10)\n    at TestFuzzer (target-fuzzer.js:25)\n    at <anonymous> (target-fuzzer.js:46)\n    at call (native)\n    at o (../../../../../../../usr/local/lib/node_modules/frida-compile/node_modules/browser-pack/_prelude.js:1)\n    at r (../../../../../../../usr/local/lib/node_modules/frida-compile/node_modules/browser-pack/_prelude.js:1)\n    at <eval> (/harness.js:527)","fileName":"harness/stalker-instrumentation.js","lineNumber":64,"columnNumber":1}
    [*] Agent script loaded
    ^C
    

    Frida-server is not outputting anything while running in verbose mode.

    Any Help would be appreciated.

    opened by afterthought325 2
  • Fields explanation

    Fields explanation

    Can you briefly explain the fields meaning?

    [t=1619610289] [BBs=1567] [seed=795] [fc=1591] [fcps=13] [cur_loop=105957] [mut_avg=2] [cov_avg=59723] [corpus=2]

    Also how a "healthy" fuzzing output should look like?

    I assume corpus increasing etc?

    Thanks,

    opened by marcinguy 2
  • Standalone mode works but AFL++ does not

    Standalone mode works but AFL++ does not

    Using the same harness and process in Standalone mode works but AFL++ mode does not.

    Do I do something wrong? How can I debug it? Fix it?

    [+] Loaded environment variable AFL_DEBUG with value 1
    [+] Loaded environment variable AFL_DEBUG with value 1
    afl-fuzz++3.13a based on afl by Michal Zalewski and a large online community
    [+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
    [+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
    [+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
    [+] No -M/-S set, autoconfiguring for "-S default"
    [*] Getting to work...
    [+] Using exponential power schedule (FAST)
    [+] Enabled testcache with 50 MB
    [*] Checking core_pattern...
    [*] Checking CPU scaling governor...
    [+] You have 4 CPU cores and 11 runnable tasks (utilization: 275%).
    [!] WARNING: System under apparent load, performance may be spotty.
    [*] Setting up output directories...
    [+] Output directory exists but deemed OK to reuse.
    [*] Deleting old session data...
    [+] Output dir cleanup successful.
    [*] Checking CPU core loadout...
    [+] Found a free CPU core, try binding to #0.
    [*] Scanning 'examples/test-network/in'...
    [+] Loaded a total of 2 seeds.
    [*] Creating hard links for all input files...
    [*] Validating target binary...
    [*] Spinning up the fork server...
    
    [-] Hmm, looks like the target binary terminated before we could complete a
    handshake with the injected code. You can try the following:
    
        - The target binary crashes because necessary runtime conditions it needs
          are not met. Try to:
          1. Run again with AFL_DEBUG=1 set and check the output of the target
             binary for clues.
          2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
             generated core dump.
    
        - Possibly the target requires a huge coverage map and has CTORS.
          Retry with setting AFL_MAP_SIZE=10000000.
    
    Otherwise there is a horrible bug in the fuzzer.
    Poke <[email protected]> for troubleshooting tips.
    
    [-] PROGRAM ABORT : Fork server handshake failed
             Location : afl_fsrv_start(), src/afl-forkserver.c:1029
    

    Here in standalone mode

    
           __       _      _                     
          / _|     (_)    | |                    
         | |_ _ __  _  ___| | _____ _ __         
         |  _| '_ \| |/ __| |/ / _ \ '__|      
         | | | |_) | | (__|   <  __/ |           
         |_| | .__/|_|\___|_|\_\___|_|        
             | |                                 
             |_|        Frida-Based Fuzzing Suite
    - - - - - - - - - - - - - - - - - - - - - - -
    
    Running fpicker using the following configuration:
    - fuzzer-mode: 			FUZZER_MODE_STANDALONE_ACTIVE
    - coverage_mode: 		COVERAGE_MODE_STALKER_SUMMARY
    - standalone_mutator: 		STANDALONE_MUTATOR_NULL
    - communication_mode: 		COMMUNICATION_MODE_SEND
    - input_mode: 			INPUT_MODE_IN_PROCESS
    - exec_mode: 			EXEC_MODE_ATTACH
    - device_type: 			DEVICE_REMOTE
    - process_name: 		stagefright
    - command: 			(null)
    - fuzzer_timeout: 		500
    - fuzzer_sleep: 		100
    - verbose: 			false
    - agent_script: 		fuzzer-agent.js
    - corpus_dir: 			examples/test/in/
    - out_dir: 			examples/test/out/
    - metrics: enabled
    
    [*] Found 3 Frida devices.
    [*] Found desired Frida device: Local Socket(1)
    [*] Trying to attach to process stagefright
    [*] Found process stagefright with PID 26487
    [*] Attached to process stagefright on frida device Local Socket
    [*] Agent script created
    [*] Agent script loaded
    [*] Slept a bit to give the agent script some time.
    [*] MODULE=/data/local/tmp/stagefright, start=0x5b822941a000, end=0x5b822942f000
    [*] Harness preparation done
    [*] Fuzzer is ready.
    [*] Getting corpus coverage (0)
    
    opened by marcinguy 2
  • Not tracking edge coverage properly

    Not tracking edge coverage properly

    This line does not update prev_cov in the user_data struct so prev_cov is always 0 and AFL bits are computed only on the target address: https://github.com/ttdennis/fpicker/blob/main/harness/stalker-instrumentation.js#L62

    It probably should be ud->prev_loc = cur_loc >> 1;

    opened by hgarrereyn 1
  • Use CFLAGS=

    Use CFLAGS="-DUSEMMAP=1" parameter to compile afl++ seems to make an error

    Hello, I encountered a link error with 3.14a on MacOS.

    Compiler Environment:

    1. MacOS Big Sur 11.3.1
    2. llvm 12
    3. python3.9

    Environment variable:

    export LDFLAGS="-L/usr/local/opt/llvm/lib -Wl,-rpath,/usr/local/opt/llvm/lib"
    export PATH="/usr/local/opt/llvm/bin:$PATH"
    export CPPFLAGS="-I/usr/local/opt/llvm/include"
    

    If I execute the make distrib command, it can compile normally. If I execute theCFLAGS="-DUSEMMAP=1" make distrib command when compiling afl++, the compilation will pass, but the link will report an error:

    [*] Testing the CC wrapper and instrumentation output...
    unset AFL_USE_ASAN AFL_USE_MSAN AFL_INST_RATIO; ASAN_OPTIONS=detect_leaks=0 AFL_QUIET=1 AFL_PATH=. AFL_LLVM_LAF_ALL=1 ./afl-cc -DUSEMMAP=1 -g -Wno-pointer-sign -Wno-variadic-macros -Wall -Wextra -Wpointer-arith -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wall -g -Wno-cast-qual -Wno-variadic-macros -Wno-pointer-sign -I ./include/ -I ./instrumentation/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DLLVM_BINDIR=\"/usr/local/Cellar/llvm/12.0.0_1/bin\" -DVERSION=\"++3.14a\" -DLLVM_LIBDIR=\"/usr/local/Cellar/llvm/12.0.0_1/lib\" -DLLVM_VERSION=\"12.0.0\" -Wno-deprecated -DAFL_CLANG_FLTO=\"-flto=full\" -DAFL_REAL_LD=\"/usr/local/Cellar/llvm/12.0.0_1/bin/ld.lld\" -DAFL_CLANG_LDPATH=\"\" -DAFL_CLANG_FUSELD=\"1\" -DCLANG_BIN=\"/usr/local/Cellar/llvm/12.0.0_1/bin/clang\" -DCLANGPP_BIN=\"/usr/local/Cellar/llvm/12.0.0_1/bin/clang++\" -DUSE_BINDIR=1 -Wno-unused-function -fdebug-prefix-map="/Users/cqy/AFLplusplus=llvm_mode" -I/usr/local/opt/llvm/include ./test-instr.c -o test-instr -L/usr/local/opt/llvm/lib -Wl,-rpath,/usr/local/opt/llvm/lib
    ld: library not found for -lrt
    clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
    make[1]: *** [test_build] Error 1
    make: [llvm] Error 2 (ignored)
    /Library/Developer/CommandLineTools/usr/bin/make -f GNUmakefile.gcc_plugin
    [+] shmat seems to be working.
    [*] Checking for working 'gcc'...
    [*] Checking for gcc plugin development header files...
    [-] Oops, can't find gcc header files. Be sure to install 'gcc-X-plugin-dev'.
    make[1]: *** [test_deps] Error 1
    make: [gcc_plugin] Error 2 (ignored)
    [*] Testing the CC wrapper afl-cc and its instrumentation output...
    afl-cc ++3.14a by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: LLVM-PCGUARD
    SanitizerCoveragePCGUARD++3.14a
    [+] Instrumented 11 locations with no collisions (non-hardened mode).
    ld: library not found for -lrt
    clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
    Oops, afl-cc failed
    make: *** [test_build] Error 1
    
    

    I want to ask, have you encountered this situation?

    opened by QingyangChen 1
  • Network device fuzzing with afl++ mode

    Network device fuzzing with afl++ mode

    Hi,

    So I have to put the Frida Server on the mobile, do port forwarding and then run fpicker

    Assuming I have test-network binary on the phone

    This is what I should run:

    afl-fuzz -i examples/test-network/in -o ./examples/test-network/out -- \\
        ./fpicker --fuzzer-mode afl -e attach -p test-network -D remote -f ./examples/test-network/harness.js
    

    Thanks,

    opened by marcinguy 1
  • fpicker -> emulated android

    fpicker -> emulated android

    What could be the problem with segmentation fault at the target process search stage? Frida can attach to this process in emulator without faults (frida_device_enumerate_processes_sync() returns NULL)

    opened by nukce 1
  • Error while cross compiling for Android

    Error while cross compiling for Android

    I'm getting this error while cross compiling fpicker for Android (x86_64 CPU architecture):

    ld: error: unable to find library -lresolv
    ld: error: unable to find library -lrt
    clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
    make: *** [Makefile:11: fpicker-linux] Error 1
    

    I tested with NDK r22 and r23 but i get the same error.

    opened by Alireza-Razavi 0
  • Make Issue :@

    Make Issue :@

    Kindly provide clear instructions and commands always.

    ┌──(kali㉿kali)-[~/AFL++/AFLplusplus/fpicker-main] └─$ make fpicker-linux cc -fPIC -m64 -ffunction-sections -fdata-sections -Wall -Wno-format -Os -pipe -g3 fpicker.c fp_communication.c fp_standalone_mode.c fp_afl_mode.c -o fpicker -L. -lfrida-core-linux -ldl -lm -lresolv -lrt -Wl,--export-dynamic -Wl,--gc-sections,-z,noexecstack -pthread In file included from fpicker.c:1: fpicker.h:2:14: fatal error: frida-core-linux.h: No such file or directory 2 | #include "frida-core-linux.h" | ^~~~~~~~~~~~~~~~~~~~ compilation terminated. In file included from fp_communication.c:1: fpicker.h:2:14: fatal error: frida-core-linux.h: No such file or directory 2 | #include "frida-core-linux.h" | ^~~~~~~~~~~~~~~~~~~~ compilation terminated. In file included from fp_standalone_mode.c:1: fpicker.h:2:14: fatal error: frida-core-linux.h: No such file or directory 2 | #include "frida-core-linux.h" | ^~~~~~~~~~~~~~~~~~~~ compilation terminated. In file included from fp_afl_mode.c:1: fpicker.h:2:14: fatal error: frida-core-linux.h: No such file or directory 2 | #include "frida-core-linux.h" | ^~~~~~~~~~~~~~~~~~~~

    opened by bitstream111 1
  • Errors and exceptions with more and bigger file in seeds

    Errors and exceptions with more and bigger file in seeds

    Somehow when I run the fuzzer with one file in seed (input directory) with this size

    -rw-r--r-- 1 root root 1267 Apr 28 13:42 small_movie.mp4

    It works rather smoothly:

          __       _      _                     
          / _|     (_)    | |                    
         | |_ _ __  _  ___| | _____ _ __         
         |  _| '_ \| |/ __| |/ / _ \ '__|      
         | | | |_) | | (__|   <  __/ |           
         |_| | .__/|_|\___|_|\_\___|_|        
             | |                                 
             |_|        Frida-Based Fuzzing Suite
    - - - - - - - - - - - - - - - - - - - - - - -
    
    Running fpicker using the following configuration:
    - fuzzer-mode: 			FUZZER_MODE_STANDALONE_ACTIVE
    - coverage_mode: 		COVERAGE_MODE_STALKER_SUMMARY
    - standalone_mutator: 		STANDALONE_MUTATOR_NULL
    - communication_mode: 		COMMUNICATION_MODE_SEND
    - input_mode: 			INPUT_MODE_IN_PROCESS
    - exec_mode: 			EXEC_MODE_ATTACH
    - device_type: 			DEVICE_REMOTE
    - process_name: 		stagefright
    - command: 			(null)
    - fuzzer_timeout: 		500
    - fuzzer_sleep: 		100
    - verbose: 			false
    - agent_script: 		fuzzer-agent.js
    - corpus_dir: 			examples/test/in/
    - out_dir: 			examples/test/out/
    - metrics: enabled
    
    [*] Found 3 Frida devices.
    [*] Found desired Frida device: Local Socket(1)
    [*] Trying to attach to process stagefright
    [!] Unable to find stagefright PID, retrying.
    [!] Unable to find stagefright PID, retrying.
    [*] Found process stagefright with PID 6721
    [*] Attached to process stagefright on frida device Local Socket
    [*] Agent script created
    [*] Agent script loaded
    [*] Slept a bit to give the agent script some time.
    [*] MODULE=/data/local/tmp/stagefright, start=0x5dd6381f8000, end=0x5dd638228000
    [*] Harness preparation done
    [*] Fuzzer is ready.
    [*] Getting corpus coverage (small_movie.mp4)
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for payload small_movie.mp4 (probably due to crash)
    [*] Using 1 input files covering a total of 0 basic blocks
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610172] [BBs=0] [seed=0] [fc=1] [fcps=1] [cur_loop=81031] [mut_avg=2] [cov_avg=158824] [corpus=1]
    [!] New coverage found, nice!
    [*] Added new file small_movie.mp4 to corpus
    [t=1619610172] [BBs=1567] [seed=1] [fc=3] [fcps=3] [cur_loop=108254] [mut_avg=2] [cov_avg=86993] [corpus=2]
    [t=1619610172] [BBs=1567] [seed=2] [fc=5] [fcps=5] [cur_loop=143084] [mut_avg=2] [cov_avg=79711] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=3] [fc=7] [fcps=7] [cur_loop=133520] [mut_avg=2] [cov_avg=68858] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=4] [fc=9] [fcps=9] [cur_loop=140593] [mut_avg=2] [cov_avg=68610] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=5] [fc=11] [fcps=11] [cur_loop=122006] [mut_avg=2] [cov_avg=59444] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=6] [fc=13] [fcps=13] [cur_loop=134830] [mut_avg=3] [cov_avg=60178] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=7] [fc=15] [fcps=15] [cur_loop=134421] [mut_avg=2] [cov_avg=60759] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=8] [fc=17] [fcps=17] [cur_loop=121575] [mut_avg=2] [cov_avg=57927] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=9] [fc=19] [fcps=19] [cur_loop=127596] [mut_avg=2] [cov_avg=58070] [corpus=2]
    [t=1619610173] [BBs=1567] [seed=10] [fc=21] [fcps=21] [cur_loop=137293] [mut_avg=2] [cov_avg=58728] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=11] [fc=23] [fcps=23] [cur_loop=134883] [mut_avg=2] [cov_avg=57410] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=12] [fc=25] [fcps=25] [cur_loop=142315] [mut_avg=2] [cov_avg=58299] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=13] [fc=27] [fcps=27] [cur_loop=121059] [mut_avg=2] [cov_avg=58060] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=14] [fc=29] [fcps=29] [cur_loop=130966] [mut_avg=2] [cov_avg=58199] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=15] [fc=31] [fcps=15] [cur_loop=109512] [mut_avg=2] [cov_avg=57834] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=16] [fc=33] [fcps=16] [cur_loop=136583] [mut_avg=2] [cov_avg=58313] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=17] [fc=35] [fcps=17] [cur_loop=125231] [mut_avg=2] [cov_avg=58416] [corpus=2]
    [t=1619610174] [BBs=1567] [seed=18] [fc=37] [fcps=18] [cur_loop=121583] [mut_avg=2] [cov_avg=58386] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=19] [fc=39] [fcps=19] [cur_loop=131471] [mut_avg=3] [cov_avg=57334] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=20] [fc=41] [fcps=20] [cur_loop=125470] [mut_avg=3] [cov_avg=57349] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=21] [fc=43] [fcps=21] [cur_loop=133559] [mut_avg=3] [cov_avg=57482] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=22] [fc=45] [fcps=22] [cur_loop=116070] [mut_avg=2] [cov_avg=57400] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=23] [fc=47] [fcps=15] [cur_loop=134269] [mut_avg=2] [cov_avg=57699] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=24] [fc=49] [fcps=16] [cur_loop=140688] [mut_avg=2] [cov_avg=57972] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=25] [fc=51] [fcps=17] [cur_loop=125048] [mut_avg=2] [cov_avg=57277] [corpus=2]
    [t=1619610175] [BBs=1567] [seed=26] [fc=53] [fcps=17] [cur_loop=107827] [mut_avg=2] [cov_avg=57008] [corpus=2]
    [t=1619610176] [BBs=1567] [seed=27] [fc=55] [fcps=18] [cur_loop=129959] [mut_avg=2] [cov_avg=57212] [corpus=2]
    

    With more files or bigger file, it fuzzes I see it in the process output but get those:

           __       _      _                     
          / _|     (_)    | |                    
         | |_ _ __  _  ___| | _____ _ __         
         |  _| '_ \| |/ __| |/ / _ \ '__|      
         | | | |_) | | (__|   <  __/ |           
         |_| | .__/|_|\___|_|\_\___|_|        
             | |                                 
             |_|        Frida-Based Fuzzing Suite
    - - - - - - - - - - - - - - - - - - - - - - -
    
    Running fpicker using the following configuration:
    - fuzzer-mode: 			FUZZER_MODE_STANDALONE_ACTIVE
    - coverage_mode: 		COVERAGE_MODE_STALKER_SUMMARY
    - standalone_mutator: 		STANDALONE_MUTATOR_NULL
    - communication_mode: 		COMMUNICATION_MODE_SEND
    - input_mode: 			INPUT_MODE_IN_PROCESS
    - exec_mode: 			EXEC_MODE_ATTACH
    - device_type: 			DEVICE_REMOTE
    - process_name: 		stagefright
    - command: 			(null)
    - fuzzer_timeout: 		500
    - fuzzer_sleep: 		100
    - verbose: 			false
    - agent_script: 		fuzzer-agent.js
    - corpus_dir: 			examples/test/in/
    - out_dir: 			examples/test/out/
    - metrics: enabled
    
    [*] Found 3 Frida devices.
    [*] Found desired Frida device: Local Socket(1)
    [*] Trying to attach to process stagefright
    [*] Found process stagefright with PID 6721
    [*] Attached to process stagefright on frida device Local Socket
    [*] Agent script created
    [*] Agent script loaded
    [*] Slept a bit to give the agent script some time.
    [*] MODULE=/data/local/tmp/stagefright, start=0x5dd6381f8000, end=0x5dd638228000
    [*] Harness preparation done
    [*] Fuzzer is ready.
    [*] Getting corpus coverage (hevc-crash-poc.mp4)
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for payload hevc-crash-poc.mp4 (probably due to crash)
    [*] Getting corpus coverage (small_movie.mp4)
    [->] error_send_message: {"type":"send","payload":["frida:rpc",2,"error","access violation accessing 0x0","Error","Error: access violation accessing 0x0\n    at fuzz (test-fuzzer.js:38)\n    at fuzzInternal (../../harness/fuzzer.js:273)\n    at fuzz (../../harness/fuzzer.js:103)\n    at apply (native)\n    at <anonymous> (frida/runtime/message-dispatcher.js:13)\n    at c (frida/runtime/message-dispatcher.js:23)",{"message":"access violation accessing 0x0","type":"access-violation","address":"0x0","memory":{"operation":"execute","address":"0x0"},"context":{"pc":"0x0","sp":"0x7baf5aafc780","rax":"0x7baf4514b4de","rcx":"0x0","rdx":"0x2","rbx":"0x7bafdf5c12c8","rsp":"0x7baf5aafc780","rbp":"0x0","rsi":"0x1","rdi":"0x0","r8":"0x7baf1a067a10","r9":"0x0","r10":"0x18b813780000000","r11":"0x246","r12":"0x7bafdf7253a0","r13":"0x1","r14":"0x7baf5aafca90","r15":"0x2","rip":"0x0"},"nativeContext":"0x0","fileName":"test-fuzzer.js","lineNumber":38}]}
    [!] Error getting coverage for payload small_movie.mp4 (probably due to crash)
    [*] Using 2 input files covering a total of 0 basic blocks
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610851] [BBs=0] [seed=0] [fc=2] [fcps=2] [cur_loop=125670] [mut_avg=5] [cov_avg=103289] [corpus=2]
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610851] [BBs=0] [seed=1] [fc=4] [fcps=4] [cur_loop=129653] [mut_avg=4] [cov_avg=82736] [corpus=2]
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610851] [BBs=0] [seed=2] [fc=6] [fcps=6] [cur_loop=135099] [mut_avg=3] [cov_avg=75664] [corpus=2]
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610851] [BBs=0] [seed=3] [fc=8] [fcps=8] [cur_loop=135543] [mut_avg=3] [cov_avg=72405] [corpus=2]
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610851] [BBs=0] [seed=4] [fc=10] [fcps=10] [cur_loop=136007] [mut_avg=4] [cov_avg=70405] [corpus=2]
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610852] [BBs=0] [seed=5] [fc=12] [fcps=12] [cur_loop=131615] [mut_avg=4] [cov_avg=68903] [corpus=2]
    [->] error: {"type":"error","description":"SyntaxError: unexpected end of string","stack":"SyntaxError: unexpected end of string\n    at <input>:1\n    at parse (native)\n    at c (frida/runtime/message-dispatcher.js:6)","fileName":"frida/runtime/message-dispatcher.js","lineNumber":6,"columnNumber":1}
    [!] Error getting coverage for mutated corpus hevc-crash-poc.mp4
    [!] fuzz_iteration_in_process_send exec_finished timeout
    [!] Error getting coverage for mutated corpus small_movie.mp4
    [t=1619610852] [BBs=0] [seed=6] [fc=14] [fcps=14] [cur_loop=135562] [mut_avg=3] [cov_avg=68022] [corpus=2]
    

    Any ideas how to debug/fix it?

    Thanks,

    opened by marcinguy 7
  • Fuzzing in afl++ mode on android device

    Fuzzing in afl++ mode on android device

    Hi!

    Read the doc, but could not figure it out.

    Have a binary with a function (that takes buffer and lenght) on Android device.

    Can I fuzz it with fpicker?

    Wanted to use afl++ mode on it.

    I saw fuzzing on network device, but how to fuzz on an Android mobile?

    Or I should somehow install ssh on the mobile?

    Maybe I am missing something.

    Thanks,

    opened by marcinguy 26
Owner
Dennis Heinze
Dennis Heinze
Isaac ROS common utilities and scripts for use in conjunction with the Isaac ROS suite of packages.

Isaac ROS Common Isaac ROS common utilities and scripts for use in conjunction with the Isaac ROS suite of packages. Docker Scripts run_dev.sh creates

NVIDIA Isaac ROS 40 Jun 10, 2022
Rich text library supporting customizable Markdown formatting

Rich text library supporting customizable Markdown formatting

Brace Yourself Games 76 Jun 12, 2022
A shebang-friendly script for "interpreting" single C99, C11, and C++ files, including rcfile support.

c99sh Basic Idea Control Files Shebang Tricks C++ C11 Credits Basic Idea A shebang-friendly script for "interpreting" single C99, C11, and C++ files,

Rhys Ulerich 100 Jun 9, 2022
Sqrt OS is a simulation of an OS scheduler and memory manager using different scheduling algorithms including Highest Priority First (non-preemptive), Shortest Remaining Time Next, and Round Robin.

A CPU scheduler determines an order for the execution of its scheduled processes; it decides which process will run according to a certain data structure that keeps track of the processes in the system and their status. A process, upon creation, has one of the three states: Running, Ready, Blocked (doing I/O, using other resources than CPU or waiting on unavailable resource).

Abdallah Hemdan 18 Apr 15, 2022
Extended Process List (Search functionality)

Extended Process List (ps with search) (64-bit only) Added search functionality for process listing. Credits to @odzhan, Alfie Champion (@ajpc500), Sy

snoom 26 May 7, 2022
Beacon Object File (BOF) for remote process injection via thread hijacking

cThreadHijack ___________.__ .______ ___ .__ __ __ ___\__ ___/| |_________ ____ _____

Connor McGarr 137 Jun 15, 2022
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process

Outflank B.V. 236 Jun 15, 2022
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

NoPatchGuardCallback x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code Read: https://www.godeye.club/2021/05/22/00

Kento Oki 116 Jun 15, 2022
Analyze patches in a process for investigation or repairment purposes.

HookHunter Analyze patches in a process for investigation or repairment purposes. Details HookHunter is a multi-purpose Windows tool that can search a

null 175 Jun 20, 2022
C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector C/C++ Windows Process Injector for Educational Purposes. What does this software do? This is a simple process injector that uses the C

Berat Çağrı Eroğlu 8 May 3, 2022
CacheLib is a C++ library providing in-process high performance caching mechanism.

Pluggable in-process caching engine to build and scale high performance services

Facebook 677 Jun 27, 2022
Section Mapping Process Injection (secinject): Cobalt Strike BOF

Section Mapping Process Injection (secinject): Cobalt Strike BOF Beacon Object File (BOF) that leverages Native APIs to achieve process injection thro

null 69 Jun 23, 2022
This is a experimental tool to hide process in FreeBSD

FreeBSD process hiding This is a experimental tool to hide process in FreeBSD. Requirements clang pkg install clang kernel modules git clone --depth=

Gabriel M. Dutra 4 Oct 18, 2021
WAFer is a C language-based software platform for scalable server-side and networking applications. Think node.js for C programmers.

WAFer WAFer is a C language-based ultra-light scalable server-side web applications framework. Think node.js for C programmers. Because it's written i

Riolet Corporation 692 Jun 3, 2022
Library for writing text-based user interfaces

IMPORTANT This library is no longer maintained. It's pretty small if you have a big project that relies on it, just maintain it yourself. Or look for

null 1.9k Jun 18, 2022
Fast comparison-based sort algorithm

nanosort Algorithm nanosort aims to be a fast comparison-based sorting algorithm, tuned for POD types of reasonably small sizes. nanosort implements a

Arseny Kapoulkine 36 May 24, 2022
Applications based on Wi-Fi CSI (Channel state information), such as indoor positioning, human detection

ESP-CSI The main purpose of this project is to show the use of ESP-WIFI-CSI. The human body detection algorithm is still being optimized. You can get

Espressif Systems 123 Jun 15, 2022
The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Microsoft 6.9k Jun 22, 2022
runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is based on the code from https://github.com/Kdr0x/Kd_Shellcode_Loader by Gary "kd" Contreras.

runsc This code is based on the code from https://github.com/Kdr0x/Kd_Shellcode_Loader by Gary "kd" Contreras and contains additional functionality. T

null 23 Jun 15, 2022