AFL binary instrumentation

Related tags

Deep Learning binary instrumentation fuzzing afl afl-fuzz binary-rewriting e9patch
Overview

E9AFL --- Binary AFL

E9AFL inserts American Fuzzy Lop (AFL) instrumentation into x86_64 Linux binaries. This allows binaries to be fuzzed without the need for recompilation.

E9AFL uses E9Patch to insert the AFL instrumentation via static binary rewriting.

Building

To build E9AFL, simply run the build.sh script:

    $ ./build.sh

Usage

First, install afl-fuzz:

    $ sudo apt-get install afl

To use E9AFL, simply run the command:

    $ ./e9afl /path/to/binary

This will generate an AFL-instrumented binary.afl which can be used with afl-fuzz. See the example below.

Example

To fuzz the binutils readelf program:

    $ ./e9afl readelf
    $ mkdir -p input
    $ mkdir -p output
    $ head -n 1 `which ls` > input/exe
    $ afl-fuzz -i input/ -o output/ -- ./readelf.afl -a @@

If all goes well the output should look something like this:

AFL example

Troubleshooting

Some instrumented binaries may crash during AFL initialization:

    PROGRAM ABORT : Fork server crashed ...

This is often caused by an insufficient memory limit. See AFL's -m option for more information.

Bugs

Please report bugs here.

License

GLPv3

Comments
  • Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    $ afl-fuzz -m 850 -i input/ -o output/ -- ./test_binary.afl afl-fuzz 2.52b by [email protected] [+] You have 8 CPU cores and 2 runnable tasks (utilization: 25%). [+] Try parallel jobs - see /usr/share/doc/afl-doc/docs/parallel_fuzzing.txt. [] Checking CPU core loadout... [+] Found a free CPU core, binding to #0. [] Checking core_pattern... [] Checking CPU scaling governor... [] Setting up output directories... [+] Output directory exists but deemed OK to reuse. [] Deleting old session data... [+] Output dir cleanup successful. [] Scanning 'input/'... [+] No auto-generated dictionary tokens to reuse. [] Creating hard links for all input files... [] Validating target binary... [] Attempting dry run with 'id:000000,orig:exe'... [] Spinning up the fork server...

    [-] Whoops, the target binary crashed suddenly, before receiving any input from the fuzzer! There are several probable explanations:

    - The current memory limit (850 MB) is too restrictive, causing the
  target to hit an OOM condition in the dynamic linker. Try bumping up
  the limit with the -m setting in the command line. A simple way confirm
  this diagnosis would be:

  ( ulimit -Sv $[849 << 10]; /path/to/fuzzed_app )

  Tip: you can use http://jwilk.net/software/recidivm to quickly
  estimate the required amount of virtual memory for the binary.

- The binary is just buggy and explodes entirely on its own. If so, you
  need to fix the underlying problem or find a better replacement.

- Less likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

    [-] PROGRAM ABORT : Fork server crashed with signal 11 Location : init_forkserver(), afl-fuzz.c:2201

    opened by rohith-krishnan 4
  • Fork server crashed with signal 11 while fuzz jhead

    Fork server crashed with signal 11 while fuzz jhead

    Hello, I used E9AFL to conduct experiments on jHEAD project:https://github.com/Matthias-Wandel/jhead。 I followed the normal procedure and encountered the following error:

    root@ubuntu-lzx:~/fuzz/e9afl-jhead# ./afl-fuzz -i in -o out -- ./jhead.afl @@
afl-fuzz 2.57b by <[email protected]>
[+] You have 16 CPU cores and 1 runnable tasks (utilization: 6%).
[+] Try parallel jobs - see docs/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:badyear.jpg'...
[*] Spinning up the fork server...

[-] Whoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The current memory limit (50.0 MB) is too restrictive, causing the
      target to hit an OOM condition in the dynamic linker. Try bumping up
      the limit with the -m setting in the command line. A simple way confirm
      this diagnosis would be:

      ( ulimit -Sv $[49 << 10]; /path/to/fuzzed_app )

      Tip: you can use http://jwilk.net/software/recidivm to quickly
      estimate the required amount of virtual memory for the binary.

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <[email protected]> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server crashed with signal 11
         Location : init_forkserver(), afl-fuzz.c:2230

root@ubuntu-lzx:~/fuzz/e9afl-jhead# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 127896
max locked memory       (kbytes, -l) 65536
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 127896
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
root@ubuntu-lzx:~/fuzz/e9afl-jhead#
    opened by Sunxingzhezhexingsun 3
  • Build Failures

    Build Failures

    Hello,

    I would like to start using this program but ran into several build errors - would it be possible to publish a formal list of dependencies, if any?

    opened by mav8557 3
  • e9tool command failed with status (33792)

    e9tool command failed with status (33792)

    I got the following error when trying to input a binary named test. I'm on ParrotOS if that is relevant.

    $e9afl test "/usr/share/e9afl/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "test.afl" -M 'plugin("/usr/share/e9afl/e9AFLPlugin.so").match()' -P 'plugin("/usr/share/e9afl/e9AFLPlugin.so").patch()' -- "test" Illegal instruction error : e9tool command failed with status (33792)

    opened by FlorinelPetrean 2
  • Illegal instruction (core dumped)

    Illegal instruction (core dumped)

    When using e9afl to instrument mruby, the program reports an illegal instruction aborted.

    Invalid instructions at 0x7ffff7cbcd97

    After some digging, I found that the illegal instruction is incsspq in __longjmp (glibc/sysdeps/x86-64/longjmp.s)]. Using gdb for debugging, I found out that %fs:[0x48]=0 (feature_1 in tcbhead_t) in a normal program (not instrumented). However, in the instrumented program, %fs:[0x48]=0x4a1b, which leads to the execution of incsspq and leads to the illegal instruction problem (https://github.com/bminor/glibc/blob/ca4d3ea5130d66e66c5af14e958e99341bf20689/sysdeps/x86_64/__longjmp.S#L57-L58). According to the comments in glibc/sysdeps/x86-64/longjmp.s, this value of %fs:[0x48] marks the shadow stack as enabled. I have no idea why this happened, can you give me some insights?

    The following archive contains the normal and instrumented programs plus the input to reproduce this problem. mruby.zip

    user@c3ae4d510abb:e9afl$ ./e9afl mruby_trace                                                                                                                            
"install/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "mruby_trace.afl" -M 'plugin("install/e9AFLPlugin.so").match()' -P 'plugin("install/e9AFLPlugin.so").patch()' --plugin="install/e9AFLPlugin.so":--counter=classic --plugin="install/e9AFLPlugin.so":-Oblock=default --plugin="/home/user/docker_share/tools/e9afl/install/e9AFLPlugin.so":-Oselect=default --plugin="install/e9AFLPlugin.so":--path='install' --option --log=false -- "mruby_trace"                                                                                                                                                                                                                     
-----------------------------------------------                                                                                                                                                                                                          
mode                  = Linux ELF executable                                                                                                                                                                                                             
input_binary          = mruby_trace                                                                                                                                                          
output_binary         = mruby_trace.afl                                                                                                                                                                                                                  
num_patched           = 10015 / 10015 (100.00%)                                                                                                                                                                                                          
num_patched_B1        = 8936 / 10015 (89.23%)                                                                                                                                                                                                            
num_patched_B2        = 1078 / 10015 (10.76%)                                                                                                                                                                                                            
num_patched_T1        = 1 / 10015 (0.01%)                                                                                                                                                                                                                
num_patched_T2        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
num_patched_T3        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
num_virtual_mappings  = 373                                                                                                                                                                                                                              
num_physical_mappings = 248 (66.49%)                                                                                                                                                                                                                     
num_virtual_bytes     = 1527808                                                                                                                                                                                                                          
num_physical_bytes    = 1015808 (66.49%)                                                                                                                                                                                                                 
input_file_size       = 1738472                                                                                                                                                                                                                          
output_file_size      = 3210016 (184.65%)                                                                                                                                                                                                                
time_elapsed          = 346ms                                                                                                                                                                                                                            
memory_used           = 28468KB

    pwndbg> p/x *(tcbhead_t*) $fs_base                                    │pwndbg> p/x *(tcbhead_t*) $fs_base                                   │·················································································································································
                                                                      │$2 = {                                                               │·················································································································································
$2 = {                                                                │  tcb = 0x7ffff7c77740,                                              │·················································································································································
  tcb = 0x7ffff7c77740,                                               │  dtv = 0x7ffff7c780a0,                                              │·················································································································································
  dtv = 0x7ffff7c780a0,                                               │  self = 0x7ffff7c77740,                                             │·················································································································································
  self = 0x7ffff7c77740,                                              │  multiple_threads = 0x0,                                            │·················································································································································
  multiple_threads = 0x0,                                             │  gscope_flag = 0x0,                                                 │·················································································································································
  gscope_flag = 0x0,                                                  │  sysinfo = 0x0,                                                     │·················································································································································
  sysinfo = 0x0,                                                      │  stack_guard = 0x75556eb3f83c8600,                                  │·················································································································································
  stack_guard = 0x882e160064f5cc00,                                   │  pointer_guard = 0x48fa0123fae3d9a4,                                │·················································································································································
  pointer_guard = 0x7501990f9f69f8be,                                 │  vgetcpu_cache = {0x0, 0x0},                                        │·················································································································································
  vgetcpu_cache = {0x0, 0x0},                                         │  feature_1 = 0x4a1b,                                                │·················································································································································
  feature_1 = 0x0,                                                    │  __glibc_unused1 = 0x0,                                             │·················································································································································
  __glibc_unused1 = 0x0,                                              │  __private_tm = {0x0, 0x0, 0x0, 0x0},                               │·················································································································································
  __private_tm = {0x0, 0x0, 0x0, 0x0},                                │  __private_ss = 0x0,                                                │·················································································································································
  __private_ss = 0x0,                                                 │  ssp_base = 0x0,                                                    │·················································································································································
  ssp_base = 0x0,                                                     │  __glibc_unused2 = {{{                                              │·················································································································································
  __glibc_unused2 = {{{                                               │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }}, {{                                                         │·················································································································································
      }}, {{                                                          │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}
    opened by 0xdd96 1
  • Building issue in Ubuntu 20.10

    Building issue in Ubuntu 20.10

    Hey,

    I'm getting some errors while building e9afl on my Ubuntu 20.10 Here is the errors:

    $ ./build.sh
./build.sh: extracting e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip...
Archive:  e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip
7773cc7b3a5117144bde42649e535c01af832ecf
replace e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile.zydis  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/README.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/build.sh  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9patch-programming-guide.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9tool-user-guide.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9compile.sh  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/args.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/counter.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/delay.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/hello.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/limit.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/nop.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/plugins/example.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/print.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/state.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/stdlib.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/trap.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9rbtree.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9cfg.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9csv.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9metadata.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9parser.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9plugin.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9tool.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9types.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9x86_64.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/README.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/data.csv  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dl.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/inst.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/patch.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regtest.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test.s  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test_libc.s  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/stresstest.sh  
./build.sh: building e9patch...
./build.sh: building e9patch and e9tool...
rm -rf src/e9patch/e9alloc.o src/e9patch/e9api.o src/e9patch/e9elf.o src/e9patch/e9emit.o src/e9patch/e9json.o src/e9patch/e9mapping.o src/e9patch/e9patch.o src/e9patch/e9optimize.o src/e9patch/e9tactics.o src/e9patch/e9trampoline.o src/e9patch/e9x86_64.o e9tool.o e9patch e9tool a.out \
        src/e9patch/e9loader.c e9loader.out e9loader.o e9loader.bin
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -I src/e9tool/ -I zydis/include/ -I zydis/dependencies/zycore/include/ -Wno-unused-function -c src/e9tool/e9tool.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -Wno-unused-function   -c -o src/e9patch/e9alloc.o src/e9patch/e9alloc.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9api.o src/e9patch/e9api.cpp
g++ -std=c++11 -Wall -fno-stack-protector -fpie -Os -c \
        src/e9patch/e9loader.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9emit.o src/e9patch/e9emit.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9json.o src/e9patch/e9json.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9mapping.o src/e9patch/e9mapping.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9patch.o src/e9patch/e9patch.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9optimize.o src/e9patch/e9optimize.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9tactics.o src/e9patch/e9tactics.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9trampoline.o src/e9patch/e9trampoline.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9x86_64.o src/e9patch/e9x86_64.cpp
g++ -nostdlib -o e9loader.out e9loader.o -Wl,--entry=_entry
objcopy --dump-section .text=e9loader.bin e9loader.out
xxd -i e9loader.bin > src/e9patch/e9loader.c
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9elf.o src/e9patch/e9elf.cpp
In file included from src/e9patch/e9optimize.cpp:19:
src/e9patch/e9patch.h:244:16: error: expected ‘)’ before ‘offset’
  244 |     Instr(off_t offset, intptr_t addr, size_t size, const uint8_t *original,
      |          ~     ^~~~~~~
      |                )
src/e9patch/e9patch.h:206:18: warning: non-static const member ‘const size_t Instr::offset’ in class without a constructor [-Wuninitialized]
  206 |     const size_t offset:46;             // The instruction offset
      |                  ^~~~~~
src/e9patch/e9patch.h:207:18: warning: non-static const member ‘const size_t Instr::size’ in class without a constructor [-Wuninitialized]
  207 |     const size_t size:4;                // The instruction size (bytes)
      |                  ^~~~
src/e9patch/e9patch.h:208:18: warning: non-static const member ‘const size_t Instr::pcrel32_idx’ in class without a constructor [-Wuninitialized]
  208 |     const size_t pcrel32_idx:4;         // 32bit PC-relative imm idx (or 0)
      |                  ^~~~~~~~~~~
src/e9patch/e9patch.h:209:18: warning: non-static const member ‘const size_t Instr::pcrel8_idx’ in class without a constructor [-Wuninitialized]
  209 |     const size_t pcrel8_idx:4;          // 8bit PC-relative imm idx (or 0)
      |                  ^~~~~~~~~~
src/e9patch/e9patch.h:210:18: warning: non-static const member ‘const size_t Instr::pic’ in class without a constructor [-Wuninitialized]
  210 |     const size_t pic:1;                 // PIC? (stored here for convenience)
      |                  ^~~
src/e9patch/e9patch.h:216:20: warning: non-static const member ‘const intptr_t Instr::addr’ in class without a constructor [-Wuninitialized]
  216 |     const intptr_t addr;                // The address of the instruction
      |                    ^~~~
src/e9patch/e9patch.h:226:7: warning: non-static const member ‘const Instr::Original Instr::original’ in class without a constructor [-Wuninitialized]
  226 |     } original;
      |       ^~~~~~~~
src/e9patch/e9patch.h:238:7: warning: non-static const member ‘const Instr::Patched Instr::patched’ in class without a constructor [-Wuninitialized]
  238 |     } patched;
      |       ^~~~~~~
src/e9patch/e9patch.h:395:18: error: ‘off_t’ was not declared in this scope
  395 | typedef std::map<off_t, Instr *> InstrSet;
      |                  ^~~~~
src/e9patch/e9patch.h:395:32: error: template argument 1 is invalid
  395 | typedef std::map<off_t, Instr *> InstrSet;
      |                                ^
src/e9patch/e9patch.h:395:32: error: template argument 3 is invalid
src/e9patch/e9patch.h:395:32: error: template argument 4 is invalid
src/e9patch/e9patch.h:421:5: error: ‘off_t’ does not name a type
  421 |     off_t diff = 0;                     // Offset/address difference.
      |     ^~~~~
src/e9patch/e9optimize.cpp: In function ‘void buildEntrySet(Binary*)’:
src/e9patch/e9optimize.cpp:32:20: error: request for member ‘rbegin’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
   32 |     auto i = B->Is.rbegin();
      |                    ^~~~~~
src/e9patch/e9optimize.cpp:33:20: error: request for member ‘rend’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
   33 |     if (i == B->Is.rend())
      |                    ^~~~
src/e9patch/e9optimize.cpp:41:13: error: ‘J’ was not declared in this scope
   41 |             J = I;
      |             ^
src/e9patch/e9optimize.cpp:46:13: error: ‘J’ was not declared in this scope
   46 |             J = nullptr;
      |             ^
src/e9patch/e9optimize.cpp:47:13: error: ‘J’ was not declared in this scope
   47 |         if (J != nullptr && num <= option_Oprologue &&
      |             ^
src/e9patch/e9optimize.cpp:57:13: error: ‘J’ was not declared in this scope
   57 |             J = nullptr;
      |             ^
src/e9patch/e9optimize.cpp:60:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
   60 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::begin
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
   90 |     begin(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~~~
src/e9patch/e9optimize.cpp:60:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
   60 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::end
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
  100 |     end(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~
src/e9patch/e9optimize.cpp:104:9: error: ‘off_t’ was not declared in this scope
  104 |         off_t rel = 0;
      |         ^~~~~
src/e9patch/e9optimize.cpp:109:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel8’?
  109 |             rel = (off_t)rel8;
      |             ^~~
      |             rel8
src/e9patch/e9optimize.cpp:107:20: warning: unused variable ‘rel8’ [-Wunused-variable]
  107 |             int8_t rel8 = (int8_t)*(int8_t *)
      |                    ^~~~
src/e9patch/e9optimize.cpp:122:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel32’?
  122 |             rel = (off_t)rel32;
      |             ^~~
      |             rel32
src/e9patch/e9optimize.cpp:120:21: warning: unused variable ‘rel32’ [-Wunused-variable]
  120 |             int32_t rel32 = (int32_t)*(int32_t *)
      |                     ^~~~~
src/e9patch/e9optimize.cpp:124:67: error: ‘rel’ was not declared in this scope
  124 |         intptr_t target = (intptr_t)I->addr + (intptr_t)I->size + rel;
      |                                                                   ^~~
src/e9patch/e9optimize.cpp: In function ‘Instr* findInstr(const Binary*, intptr_t)’:
src/e9patch/e9optimize.cpp:200:5: error: ‘off_t’ was not declared in this scope
  200 |     off_t offset = addr - B->diff;
      |     ^~~~~
src/e9patch/e9optimize.cpp:201:20: error: request for member ‘find’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
  201 |     auto i = B->Is.find(offset);
      |                    ^~~~
src/e9patch/e9optimize.cpp:201:25: error: ‘offset’ was not declared in this scope; did you mean ‘offsetof’?
  201 |     auto i = B->Is.find(offset);
      |                         ^~~~~~
      |                         offsetof
src/e9patch/e9optimize.cpp:202:20: error: request for member ‘end’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
  202 |     if (i == B->Is.end())
      |                    ^~~
src/e9patch/e9optimize.cpp: In function ‘void optimizeAllJumps(Binary*)’:
src/e9patch/e9optimize.cpp:279:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
  279 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::begin
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
   90 |     begin(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~~~
src/e9patch/e9optimize.cpp:279:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
  279 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::end
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
  100 |     end(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~
make: *** [<builtin>: src/e9patch/e9optimize.o] Error 1
make: *** Waiting for unfinished jobs....
src/e9patch/e9trampoline.cpp: In function ‘const Trampoline* expandMacro(const Binary*, const Metadata*, const char*)’:
src/e9patch/e9trampoline.cpp:100:9: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
  100 |         ssize_t lo = 0, hi = (ssize_t)meta->num_entries-1;
      |         ^~~~~~~
      |         size_t
src/e9patch/e9trampoline.cpp:101:16: error: ‘lo’ was not declared in this scope
  101 |         while (lo <= hi)
      |                ^~
src/e9patch/e9trampoline.cpp:101:22: error: ‘hi’ was not declared in this scope
  101 |         while (lo <= hi)
      |                      ^~
src/e9patch/e9trampoline.cpp:103:20: error: expected ‘;’ before ‘mid’
  103 |             ssize_t mid = (lo + hi) / 2;
      |                    ^~~~
      |                    ;
src/e9patch/e9trampoline.cpp:104:50: error: ‘mid’ was not declared in this scope
  104 |             int cmp = strcmp(name, meta->entries[mid].name);
      |                                                  ^~~
src/e9patch/e9tactics.cpp: In function ‘bool patch(Binary&, Instr*, const Trampoline*)’:
src/e9patch/e9tactics.cpp:761:9: error: ‘printf’ was not declared in this scope
  761 |         printf("\33[31mX\33[0m");
      |         ^~~~~~
src/e9patch/e9tactics.cpp:29:1: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
   28 | #include "e9trampoline.h"
  +++ |+#include <cstdio>
   29 | 
src/e9patch/e9tactics.cpp:779:5: error: ‘printf’ was not declared in this scope
  779 |     printf("\33[32m.\33[0m");
      |     ^~~~~~
src/e9patch/e9tactics.cpp:779:5: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
make: *** [<builtin>: src/e9patch/e9tactics.o] Error 1
src/e9patch/e9trampoline.cpp: In function ‘void buildBytes(const Binary*, const Trampoline*, const Instr*, int32_t, const LabelSet&, Buffer&)’:
src/e9patch/e9trampoline.cpp:715:30: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
  715 |                             (ssize_t)INT32_MIN, INT32_MAX);
      |                              ^~~~~~~
      |                              size_t
make: *** [<builtin>: src/e9patch/e9trampoline.o] Error 1
./build.sh: done...!
./build.sh: e9patch has been built...
./build.sh: building the e9afl plugin...
g++ -std=c++11 -fPIC -shared -o e9AFLPlugin.so -O2 e9AFLPlugin.cpp -I .
./build.sh: building the e9afl runtime...
gcc -fno-stack-protector -fpie -O2 -Wno-unused-function -mno-mmx -mno-sse -mno-avx -mno-avx2 -mno-avx512f -msoft-float -fno-tree-vectorize -fomit-frame-pointer -c -Wall -I e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/ ./afl-rt.c
gcc afl-rt.o -o afl-rt -pie -nostdlib -Wl,-z -Wl,max-page-size=4096 -Wl,--export-dynamic -Wl,--entry=0x0 -Wl,--strip-all
cp: cannot stat 'e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9patch': No such file or directory
    opened by pventuzelo 1
  • Support AFL++

    Support AFL++

    Currently this project only supports the original AFL. It'd be nice to also support AFL++.

    ~~The AFL++ interface is differerent meaning that the current instrumented binaries are not compatible.~~

    It seems that E9AFL instrumented binaries are mostly compatible with AFL++. The main exception is the AFL_MAP_SIZE option. The current version will crash if AFL_MAP_SIZE < 0x10000.

    opened by GJDuck 0
Releases(v0.8.0)
Owner
null
GitHub
InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing

InsTrim The paper: InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing Build Prerequisite llvm-8.0-dev clang-8.0 cmake >= 3.2 Make git cl

null 75 Dec 23, 2022
An AFL implementation with UnTracer (our coverage-guided tracer)

UnTracer-AFL This repository contains an implementation of our prototype coverage-guided tracing framework UnTracer in the popular coverage-guided fuz

null 113 Dec 17, 2022
FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware.

FIRM-AFL FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware. FIRM-AFL addresses two fundamental problems in IoT fuzzing. First, it

null 356 Dec 23, 2022
Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

Security in Telecommunications 283 Dec 26, 2022
Driller: augmenting AFL with symbolic execution!

Driller Driller is an implementation of the driller paper. This implementation was built on top of AFL with angr being used as a symbolic tracer. Dril

Shellphish 791 Jan 6, 2023
FairFuzz: AFL extension targeting rare branches

FairFuzz An AFL extension to increase code coverage by targeting rare branches. FairFuzz has a particular advantage on programs with highly nested str

Caroline Lemieux 222 Nov 16, 2022
IJON is an annotation mechanism that analysts can use to guide fuzzers such as AFL.

IJON SPACE EXPLORER IJON is an annotation mechanism that analysts can use to guide fuzzers such as AFL. Using only a small (usually one line) annotati

Chair for Sys­tems Se­cu­ri­ty 146 Dec 16, 2022
Directed Greybox Fuzzing with AFL

AFLGo: Directed Greybox Fuzzing AFLGo is an extension of American Fuzzy Lop (AFL). Given a set of target locations (e.g., folder/file.c:582), AFLGo ge

null 380 Nov 24, 2022
MOpt-AFL provided by the paper "MOPT: Optimized Mutation Scheduling for Fuzzers"

MOpt-AFL 1. Description MOpt-AFL is a AFL-based fuzzer that utilizes a customized Particle Swarm Optimization (PSO) algorithm to find the optimal sele

null 172 Dec 18, 2022
AFLFast (extends AFL with Power Schedules)

AFLFast Power schedules implemented by Marcel Böhme <[email protected]>. AFLFast is an extension of AFL which is written and maintained by Michal

Marcel Böhme 380 Jan 3, 2023
This project is the official implementation of our accepted ICLR 2021 paper BiPointNet: Binary Neural Network for Point Clouds.

BiPointNet: Binary Neural Network for Point Clouds Created by Haotong Qin, Zhongang Cai, Mingyuan Zhang, Yifu Ding, Haiyu Zhao, Shuai Yi, Xianglong Li

Haotong Qin 59 Dec 17, 2022
[CVPRW 21] "BNN - BN = ? Training Binary Neural Networks without Batch Normalization", Tianlong Chen, Zhenyu Zhang, Xu Ouyang, Zechun Liu, Zhiqiang Shen, Zhangyang Wang

BNN - BN = ? Training Binary Neural Networks without Batch Normalization Codes for this paper BNN - BN = ? Training Binary Neural Networks without Bat

VITA 40 Dec 30, 2022
Pytorch reimplement of the paper "A Novel Cascade Binary Tagging Framework for Relational Triple Extraction" ACL2020. The original code is written in keras.

CasRel-pytorch-reimplement Pytorch reimplement of the paper "A Novel Cascade Binary Tagging Framework for Relational Triple Extraction" ACL2020. The o

longlongman 170 Dec 1, 2022
Binary Passage Retriever (BPR) - an efficient passage retriever for open-domain question answering

BPR Binary Passage Retriever (BPR) is an efficient neural retrieval model for open-domain question answering. BPR integrates a learning-to-hash techni

Studio Ousia 147 Dec 7, 2022
Extract MNIST handwritten digits dataset binary file into bmp images

MNIST-dataset-extractor Extract MNIST handwritten digits dataset binary file into bmp images More info at http://yann.lecun.com/exdb/mnist/ Dependenci

Omar Mostafa 6 May 24, 2021
Binary Stochastic Neurons in PyTorch

Binary Stochastic Neurons in PyTorch http://r2rt.com/binary-stochastic-neurons-in-tensorflow.html https://github.com/pytorch/examples/tree/master/mnis

Onur Kaplan 54 Nov 21, 2022
AntiFuzz: Impeding Fuzzing Audits of Binary Executables

AntiFuzz: Impeding Fuzzing Audits of Binary Executables Get the paper here: https://www.usenix.org/system/files/sec19-guler.pdf Usage: The python scri

Chair for Sys­tems Se­cu­ri­ty 88 Dec 21, 2022
Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

gts3.org (SSLab@Gatech) 55 Oct 25, 2022
Deep Halftoning with Reversible Binary Pattern

Deep Halftoning with Reversible Binary Pattern ICCV Paper | Project Website | BibTex Overview Existing halftoning algorithms usually drop colors and f

Menghan Xia 17 Nov 22, 2022