AFL binary instrumentation

Overview

E9AFL --- Binary AFL

E9AFL inserts American Fuzzy Lop (AFL) instrumentation into x86_64 Linux binaries. This allows binaries to be fuzzed without the need for recompilation.

E9AFL uses E9Patch to insert the AFL instrumentation via static binary rewriting.

Building

To build E9AFL, simply run the build.sh script:

    $ ./build.sh

Usage

First, install afl-fuzz:

    $ sudo apt-get install afl

To use E9AFL, simply run the command:

    $ ./e9afl /path/to/binary

This will generate an AFL-instrumented binary.afl which can be used with afl-fuzz. See the example below.

Example

To fuzz the binutils readelf program:

    $ ./e9afl readelf
    $ mkdir -p input
    $ mkdir -p output
    $ head -n 1 `which ls` > input/exe
    $ afl-fuzz -i input/ -o output/ -- ./readelf.afl -a @@

If all goes well the output should look something like this:

AFL example

Troubleshooting

Some instrumented binaries may crash during AFL initialization:

    PROGRAM ABORT : Fork server crashed ...

This is often caused by an insufficient memory limit. See AFL's -m option for more information.

Bugs

Please report bugs here.

License

GLPv3

Comments
  • Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    $ afl-fuzz -m 850 -i input/ -o output/ -- ./test_binary.afl afl-fuzz 2.52b by [email protected] [+] You have 8 CPU cores and 2 runnable tasks (utilization: 25%). [+] Try parallel jobs - see /usr/share/doc/afl-doc/docs/parallel_fuzzing.txt. [] Checking CPU core loadout... [+] Found a free CPU core, binding to #0. [] Checking core_pattern... [] Checking CPU scaling governor... [] Setting up output directories... [+] Output directory exists but deemed OK to reuse. [] Deleting old session data... [+] Output dir cleanup successful. [] Scanning 'input/'... [+] No auto-generated dictionary tokens to reuse. [] Creating hard links for all input files... [] Validating target binary... [] Attempting dry run with 'id:000000,orig:exe'... [] Spinning up the fork server...

    [-] Whoops, the target binary crashed suddenly, before receiving any input from the fuzzer! There are several probable explanations:

    - The current memory limit (850 MB) is too restrictive, causing the
      target to hit an OOM condition in the dynamic linker. Try bumping up
      the limit with the -m setting in the command line. A simple way confirm
      this diagnosis would be:
    
      ( ulimit -Sv $[849 << 10]; /path/to/fuzzed_app )
    
      Tip: you can use http://jwilk.net/software/recidivm to quickly
      estimate the required amount of virtual memory for the binary.
    
    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.
    
    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <[email protected]> for troubleshooting tips.
    

    [-] PROGRAM ABORT : Fork server crashed with signal 11 Location : init_forkserver(), afl-fuzz.c:2201

    opened by rohith-krishnan 4
  • Fork server crashed with signal 11 while fuzz jhead

    Fork server crashed with signal 11 while fuzz jhead

    Hello, I used E9AFL to conduct experiments on jHEAD project:https://github.com/Matthias-Wandel/jhead。 I followed the normal procedure and encountered the following error:

    [email protected]:~/fuzz/e9afl-jhead# ./afl-fuzz -i in -o out -- ./jhead.afl @@
    afl-fuzz 2.57b by <[email protected]>
    [+] You have 16 CPU cores and 1 runnable tasks (utilization: 6%).
    [+] Try parallel jobs - see docs/parallel_fuzzing.txt.
    [*] Checking CPU core loadout...
    [+] Found a free CPU core, binding to #0.
    [*] Checking core_pattern...
    [*] Setting up output directories...
    [+] Output directory exists but deemed OK to reuse.
    [*] Deleting old session data...
    [+] Output dir cleanup successful.
    [*] Scanning 'in'...
    [+] No auto-generated dictionary tokens to reuse.
    [*] Creating hard links for all input files...
    [*] Validating target binary...
    [*] Attempting dry run with 'id:000000,orig:badyear.jpg'...
    [*] Spinning up the fork server...
    
    [-] Whoops, the target binary crashed suddenly, before receiving any input
        from the fuzzer! There are several probable explanations:
    
        - The current memory limit (50.0 MB) is too restrictive, causing the
          target to hit an OOM condition in the dynamic linker. Try bumping up
          the limit with the -m setting in the command line. A simple way confirm
          this diagnosis would be:
    
          ( ulimit -Sv $[49 << 10]; /path/to/fuzzed_app )
    
          Tip: you can use http://jwilk.net/software/recidivm to quickly
          estimate the required amount of virtual memory for the binary.
    
        - The binary is just buggy and explodes entirely on its own. If so, you
          need to fix the underlying problem or find a better replacement.
    
        - Less likely, there is a horrible bug in the fuzzer. If other options
          fail, poke <[email protected]> for troubleshooting tips.
    
    [-] PROGRAM ABORT : Fork server crashed with signal 11
             Location : init_forkserver(), afl-fuzz.c:2230
    
    [email protected]:~/fuzz/e9afl-jhead# ulimit -a
    core file size          (blocks, -c) 0
    data seg size           (kbytes, -d) unlimited
    scheduling priority             (-e) 0
    file size               (blocks, -f) unlimited
    pending signals                 (-i) 127896
    max locked memory       (kbytes, -l) 65536
    max memory size         (kbytes, -m) unlimited
    open files                      (-n) 1024
    pipe size            (512 bytes, -p) 8
    POSIX message queues     (bytes, -q) 819200
    real-time priority              (-r) 0
    stack size              (kbytes, -s) 8192
    cpu time               (seconds, -t) unlimited
    max user processes              (-u) 127896
    virtual memory          (kbytes, -v) unlimited
    file locks                      (-x) unlimited
    [email protected]:~/fuzz/e9afl-jhead# 
    
    
    opened by Sunxingzhezhexingsun 3
  • Build Failures

    Build Failures

    Hello,

    I would like to start using this program but ran into several build errors - would it be possible to publish a formal list of dependencies, if any?

    opened by mav8557 3
  • e9tool command failed with status (33792)

    e9tool command failed with status (33792)

    I got the following error when trying to input a binary named test. I'm on ParrotOS if that is relevant.

    $e9afl test "/usr/share/e9afl/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "test.afl" -M 'plugin("/usr/share/e9afl/e9AFLPlugin.so").match()' -P 'plugin("/usr/share/e9afl/e9AFLPlugin.so").patch()' -- "test" Illegal instruction error : e9tool command failed with status (33792)

    opened by FlorinelPetrean 2
  • Illegal instruction (core dumped)

    Illegal instruction (core dumped)

    When using e9afl to instrument mruby, the program reports an illegal instruction aborted.

    Invalid instructions at 0x7ffff7cbcd97
    

    After some digging, I found that the illegal instruction is incsspq in __longjmp (glibc/sysdeps/x86-64/longjmp.s)]. Using gdb for debugging, I found out that %fs:[0x48]=0 (feature_1 in tcbhead_t) in a normal program (not instrumented). However, in the instrumented program, %fs:[0x48]=0x4a1b, which leads to the execution of incsspq and leads to the illegal instruction problem (https://github.com/bminor/glibc/blob/ca4d3ea5130d66e66c5af14e958e99341bf20689/sysdeps/x86_64/__longjmp.S#L57-L58). According to the comments in glibc/sysdeps/x86-64/longjmp.s, this value of %fs:[0x48] marks the shadow stack as enabled. I have no idea why this happened, can you give me some insights?

    The following archive contains the normal and instrumented programs plus the input to reproduce this problem. mruby.zip

    [email protected]:e9afl$ ./e9afl mruby_trace                                                                                                                            
    "install/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "mruby_trace.afl" -M 'plugin("install/e9AFLPlugin.so").match()' -P 'plugin("install/e9AFLPlugin.so").patch()' --plugin="install/e9AFLPlugin.so":--counter=classic --plugin="install/e9AFLPlugin.so":-Oblock=default --plugin="/home/user/docker_share/tools/e9afl/install/e9AFLPlugin.so":-Oselect=default --plugin="install/e9AFLPlugin.so":--path='install' --option --log=false -- "mruby_trace"                                                                                                                                                                                                                     
    -----------------------------------------------                                                                                                                                                                                                          
    mode                  = Linux ELF executable                                                                                                                                                                                                             
    input_binary          = mruby_trace                                                                                                                                                          
    output_binary         = mruby_trace.afl                                                                                                                                                                                                                  
    num_patched           = 10015 / 10015 (100.00%)                                                                                                                                                                                                          
    num_patched_B1        = 8936 / 10015 (89.23%)                                                                                                                                                                                                            
    num_patched_B2        = 1078 / 10015 (10.76%)                                                                                                                                                                                                            
    num_patched_T1        = 1 / 10015 (0.01%)                                                                                                                                                                                                                
    num_patched_T2        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
    num_patched_T3        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
    num_virtual_mappings  = 373                                                                                                                                                                                                                              
    num_physical_mappings = 248 (66.49%)                                                                                                                                                                                                                     
    num_virtual_bytes     = 1527808                                                                                                                                                                                                                          
    num_physical_bytes    = 1015808 (66.49%)                                                                                                                                                                                                                 
    input_file_size       = 1738472                                                                                                                                                                                                                          
    output_file_size      = 3210016 (184.65%)                                                                                                                                                                                                                
    time_elapsed          = 346ms                                                                                                                                                                                                                            
    memory_used           = 28468KB
    
    pwndbg> p/x *(tcbhead_t*) $fs_base                                    │pwndbg> p/x *(tcbhead_t*) $fs_base                                   │·················································································································································
                                                                          │$2 = {                                                               │·················································································································································
    $2 = {                                                                │  tcb = 0x7ffff7c77740,                                              │·················································································································································
      tcb = 0x7ffff7c77740,                                               │  dtv = 0x7ffff7c780a0,                                              │·················································································································································
      dtv = 0x7ffff7c780a0,                                               │  self = 0x7ffff7c77740,                                             │·················································································································································
      self = 0x7ffff7c77740,                                              │  multiple_threads = 0x0,                                            │·················································································································································
      multiple_threads = 0x0,                                             │  gscope_flag = 0x0,                                                 │·················································································································································
      gscope_flag = 0x0,                                                  │  sysinfo = 0x0,                                                     │·················································································································································
      sysinfo = 0x0,                                                      │  stack_guard = 0x75556eb3f83c8600,                                  │·················································································································································
      stack_guard = 0x882e160064f5cc00,                                   │  pointer_guard = 0x48fa0123fae3d9a4,                                │·················································································································································
      pointer_guard = 0x7501990f9f69f8be,                                 │  vgetcpu_cache = {0x0, 0x0},                                        │·················································································································································
      vgetcpu_cache = {0x0, 0x0},                                         │  feature_1 = 0x4a1b,                                                │·················································································································································
      feature_1 = 0x0,                                                    │  __glibc_unused1 = 0x0,                                             │·················································································································································
      __glibc_unused1 = 0x0,                                              │  __private_tm = {0x0, 0x0, 0x0, 0x0},                               │·················································································································································
      __private_tm = {0x0, 0x0, 0x0, 0x0},                                │  __private_ss = 0x0,                                                │·················································································································································
      __private_ss = 0x0,                                                 │  ssp_base = 0x0,                                                    │·················································································································································
      ssp_base = 0x0,                                                     │  __glibc_unused2 = {{{                                              │·················································································································································
      __glibc_unused2 = {{{                                               │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
          }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
          }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
          }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }}, {{                                                         │·················································································································································
          }}, {{                                                          │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
          }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
          }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
            i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
          }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}
    
    opened by 0xdd96 1
  • Building issue in Ubuntu 20.10

    Building issue in Ubuntu 20.10

    Hey,

    I'm getting some errors while building e9afl on my Ubuntu 20.10 Here is the errors:

    $ ./build.sh
    ./build.sh: extracting e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip...
    Archive:  e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip
    7773cc7b3a5117144bde42649e535c01af832ecf
    replace e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile.zydis  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/README.md  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/build.sh  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9patch-programming-guide.md  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9tool-user-guide.md  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9compile.sh  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/args.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/counter.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/delay.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/hello.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/limit.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/nop.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/plugins/example.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/print.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/state.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/stdlib.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/trap.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9rbtree.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9cfg.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9csv.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9metadata.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9parser.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9plugin.h  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9tool.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9types.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9x86_64.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/Makefile  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/README.md  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/data.csv  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dl.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/inst.c  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/patch.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regtest.cpp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test.s  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test_libc.s  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.in  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.exp  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.exp  
     extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.in  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/Makefile  
      inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/stresstest.sh  
    ./build.sh: building e9patch...
    ./build.sh: building e9patch and e9tool...
    rm -rf src/e9patch/e9alloc.o src/e9patch/e9api.o src/e9patch/e9elf.o src/e9patch/e9emit.o src/e9patch/e9json.o src/e9patch/e9mapping.o src/e9patch/e9patch.o src/e9patch/e9optimize.o src/e9patch/e9tactics.o src/e9patch/e9trampoline.o src/e9patch/e9x86_64.o e9tool.o e9patch e9tool a.out \
            src/e9patch/e9loader.c e9loader.out e9loader.o e9loader.bin
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -I src/e9tool/ -I zydis/include/ -I zydis/dependencies/zycore/include/ -Wno-unused-function -c src/e9tool/e9tool.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -Wno-unused-function   -c -o src/e9patch/e9alloc.o src/e9patch/e9alloc.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9api.o src/e9patch/e9api.cpp
    g++ -std=c++11 -Wall -fno-stack-protector -fpie -Os -c \
            src/e9patch/e9loader.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9emit.o src/e9patch/e9emit.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9json.o src/e9patch/e9json.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9mapping.o src/e9patch/e9mapping.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9patch.o src/e9patch/e9patch.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9optimize.o src/e9patch/e9optimize.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9tactics.o src/e9patch/e9tactics.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9trampoline.o src/e9patch/e9trampoline.cpp
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9x86_64.o src/e9patch/e9x86_64.cpp
    g++ -nostdlib -o e9loader.out e9loader.o -Wl,--entry=_entry
    objcopy --dump-section .text=e9loader.bin e9loader.out
    xxd -i e9loader.bin > src/e9patch/e9loader.c
    g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9elf.o src/e9patch/e9elf.cpp
    In file included from src/e9patch/e9optimize.cpp:19:
    src/e9patch/e9patch.h:244:16: error: expected ‘)’ before ‘offset’
      244 |     Instr(off_t offset, intptr_t addr, size_t size, const uint8_t *original,
          |          ~     ^~~~~~~
          |                )
    src/e9patch/e9patch.h:206:18: warning: non-static const member ‘const size_t Instr::offset’ in class without a constructor [-Wuninitialized]
      206 |     const size_t offset:46;             // The instruction offset
          |                  ^~~~~~
    src/e9patch/e9patch.h:207:18: warning: non-static const member ‘const size_t Instr::size’ in class without a constructor [-Wuninitialized]
      207 |     const size_t size:4;                // The instruction size (bytes)
          |                  ^~~~
    src/e9patch/e9patch.h:208:18: warning: non-static const member ‘const size_t Instr::pcrel32_idx’ in class without a constructor [-Wuninitialized]
      208 |     const size_t pcrel32_idx:4;         // 32bit PC-relative imm idx (or 0)
          |                  ^~~~~~~~~~~
    src/e9patch/e9patch.h:209:18: warning: non-static const member ‘const size_t Instr::pcrel8_idx’ in class without a constructor [-Wuninitialized]
      209 |     const size_t pcrel8_idx:4;          // 8bit PC-relative imm idx (or 0)
          |                  ^~~~~~~~~~
    src/e9patch/e9patch.h:210:18: warning: non-static const member ‘const size_t Instr::pic’ in class without a constructor [-Wuninitialized]
      210 |     const size_t pic:1;                 // PIC? (stored here for convenience)
          |                  ^~~
    src/e9patch/e9patch.h:216:20: warning: non-static const member ‘const intptr_t Instr::addr’ in class without a constructor [-Wuninitialized]
      216 |     const intptr_t addr;                // The address of the instruction
          |                    ^~~~
    src/e9patch/e9patch.h:226:7: warning: non-static const member ‘const Instr::Original Instr::original’ in class without a constructor [-Wuninitialized]
      226 |     } original;
          |       ^~~~~~~~
    src/e9patch/e9patch.h:238:7: warning: non-static const member ‘const Instr::Patched Instr::patched’ in class without a constructor [-Wuninitialized]
      238 |     } patched;
          |       ^~~~~~~
    src/e9patch/e9patch.h:395:18: error: ‘off_t’ was not declared in this scope
      395 | typedef std::map<off_t, Instr *> InstrSet;
          |                  ^~~~~
    src/e9patch/e9patch.h:395:32: error: template argument 1 is invalid
      395 | typedef std::map<off_t, Instr *> InstrSet;
          |                                ^
    src/e9patch/e9patch.h:395:32: error: template argument 3 is invalid
    src/e9patch/e9patch.h:395:32: error: template argument 4 is invalid
    src/e9patch/e9patch.h:421:5: error: ‘off_t’ does not name a type
      421 |     off_t diff = 0;                     // Offset/address difference.
          |     ^~~~~
    src/e9patch/e9optimize.cpp: In function ‘void buildEntrySet(Binary*)’:
    src/e9patch/e9optimize.cpp:32:20: error: request for member ‘rbegin’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
       32 |     auto i = B->Is.rbegin();
          |                    ^~~~~~
    src/e9patch/e9optimize.cpp:33:20: error: request for member ‘rend’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
       33 |     if (i == B->Is.rend())
          |                    ^~~~
    src/e9patch/e9optimize.cpp:41:13: error: ‘J’ was not declared in this scope
       41 |             J = I;
          |             ^
    src/e9patch/e9optimize.cpp:46:13: error: ‘J’ was not declared in this scope
       46 |             J = nullptr;
          |             ^
    src/e9patch/e9optimize.cpp:47:13: error: ‘J’ was not declared in this scope
       47 |         if (J != nullptr && num <= option_Oprologue &&
          |             ^
    src/e9patch/e9optimize.cpp:57:13: error: ‘J’ was not declared in this scope
       57 |             J = nullptr;
          |             ^
    src/e9patch/e9optimize.cpp:60:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
       60 |     for (const auto &entry: B->Is)
          |                                ^~
          |                                std::begin
    In file included from /usr/include/c++/10/deque:68,
                     from src/e9patch/e9patch.h:29,
                     from src/e9patch/e9optimize.cpp:19:
    /usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
       90 |     begin(_Tp (&__arr)[_Nm]) noexcept
          |     ^~~~~
    src/e9patch/e9optimize.cpp:60:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
       60 |     for (const auto &entry: B->Is)
          |                                ^~
          |                                std::end
    In file included from /usr/include/c++/10/deque:68,
                     from src/e9patch/e9patch.h:29,
                     from src/e9patch/e9optimize.cpp:19:
    /usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
      100 |     end(_Tp (&__arr)[_Nm]) noexcept
          |     ^~~
    src/e9patch/e9optimize.cpp:104:9: error: ‘off_t’ was not declared in this scope
      104 |         off_t rel = 0;
          |         ^~~~~
    src/e9patch/e9optimize.cpp:109:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel8’?
      109 |             rel = (off_t)rel8;
          |             ^~~
          |             rel8
    src/e9patch/e9optimize.cpp:107:20: warning: unused variable ‘rel8’ [-Wunused-variable]
      107 |             int8_t rel8 = (int8_t)*(int8_t *)
          |                    ^~~~
    src/e9patch/e9optimize.cpp:122:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel32’?
      122 |             rel = (off_t)rel32;
          |             ^~~
          |             rel32
    src/e9patch/e9optimize.cpp:120:21: warning: unused variable ‘rel32’ [-Wunused-variable]
      120 |             int32_t rel32 = (int32_t)*(int32_t *)
          |                     ^~~~~
    src/e9patch/e9optimize.cpp:124:67: error: ‘rel’ was not declared in this scope
      124 |         intptr_t target = (intptr_t)I->addr + (intptr_t)I->size + rel;
          |                                                                   ^~~
    src/e9patch/e9optimize.cpp: In function ‘Instr* findInstr(const Binary*, intptr_t)’:
    src/e9patch/e9optimize.cpp:200:5: error: ‘off_t’ was not declared in this scope
      200 |     off_t offset = addr - B->diff;
          |     ^~~~~
    src/e9patch/e9optimize.cpp:201:20: error: request for member ‘find’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
      201 |     auto i = B->Is.find(offset);
          |                    ^~~~
    src/e9patch/e9optimize.cpp:201:25: error: ‘offset’ was not declared in this scope; did you mean ‘offsetof’?
      201 |     auto i = B->Is.find(offset);
          |                         ^~~~~~
          |                         offsetof
    src/e9patch/e9optimize.cpp:202:20: error: request for member ‘end’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
      202 |     if (i == B->Is.end())
          |                    ^~~
    src/e9patch/e9optimize.cpp: In function ‘void optimizeAllJumps(Binary*)’:
    src/e9patch/e9optimize.cpp:279:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
      279 |     for (const auto &entry: B->Is)
          |                                ^~
          |                                std::begin
    In file included from /usr/include/c++/10/deque:68,
                     from src/e9patch/e9patch.h:29,
                     from src/e9patch/e9optimize.cpp:19:
    /usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
       90 |     begin(_Tp (&__arr)[_Nm]) noexcept
          |     ^~~~~
    src/e9patch/e9optimize.cpp:279:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
      279 |     for (const auto &entry: B->Is)
          |                                ^~
          |                                std::end
    In file included from /usr/include/c++/10/deque:68,
                     from src/e9patch/e9patch.h:29,
                     from src/e9patch/e9optimize.cpp:19:
    /usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
      100 |     end(_Tp (&__arr)[_Nm]) noexcept
          |     ^~~
    make: *** [<builtin>: src/e9patch/e9optimize.o] Error 1
    make: *** Waiting for unfinished jobs....
    src/e9patch/e9trampoline.cpp: In function ‘const Trampoline* expandMacro(const Binary*, const Metadata*, const char*)’:
    src/e9patch/e9trampoline.cpp:100:9: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
      100 |         ssize_t lo = 0, hi = (ssize_t)meta->num_entries-1;
          |         ^~~~~~~
          |         size_t
    src/e9patch/e9trampoline.cpp:101:16: error: ‘lo’ was not declared in this scope
      101 |         while (lo <= hi)
          |                ^~
    src/e9patch/e9trampoline.cpp:101:22: error: ‘hi’ was not declared in this scope
      101 |         while (lo <= hi)
          |                      ^~
    src/e9patch/e9trampoline.cpp:103:20: error: expected ‘;’ before ‘mid’
      103 |             ssize_t mid = (lo + hi) / 2;
          |                    ^~~~
          |                    ;
    src/e9patch/e9trampoline.cpp:104:50: error: ‘mid’ was not declared in this scope
      104 |             int cmp = strcmp(name, meta->entries[mid].name);
          |                                                  ^~~
    src/e9patch/e9tactics.cpp: In function ‘bool patch(Binary&, Instr*, const Trampoline*)’:
    src/e9patch/e9tactics.cpp:761:9: error: ‘printf’ was not declared in this scope
      761 |         printf("\33[31mX\33[0m");
          |         ^~~~~~
    src/e9patch/e9tactics.cpp:29:1: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
       28 | #include "e9trampoline.h"
      +++ |+#include <cstdio>
       29 | 
    src/e9patch/e9tactics.cpp:779:5: error: ‘printf’ was not declared in this scope
      779 |     printf("\33[32m.\33[0m");
          |     ^~~~~~
    src/e9patch/e9tactics.cpp:779:5: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
    make: *** [<builtin>: src/e9patch/e9tactics.o] Error 1
    src/e9patch/e9trampoline.cpp: In function ‘void buildBytes(const Binary*, const Trampoline*, const Instr*, int32_t, const LabelSet&, Buffer&)’:
    src/e9patch/e9trampoline.cpp:715:30: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
      715 |                             (ssize_t)INT32_MIN, INT32_MAX);
          |                              ^~~~~~~
          |                              size_t
    make: *** [<builtin>: src/e9patch/e9trampoline.o] Error 1
    ./build.sh: done...!
    ./build.sh: e9patch has been built...
    ./build.sh: building the e9afl plugin...
    g++ -std=c++11 -fPIC -shared -o e9AFLPlugin.so -O2 e9AFLPlugin.cpp -I .
    ./build.sh: building the e9afl runtime...
    gcc -fno-stack-protector -fpie -O2 -Wno-unused-function -mno-mmx -mno-sse -mno-avx -mno-avx2 -mno-avx512f -msoft-float -fno-tree-vectorize -fomit-frame-pointer -c -Wall -I e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/ ./afl-rt.c
    gcc afl-rt.o -o afl-rt -pie -nostdlib -Wl,-z -Wl,max-page-size=4096 -Wl,--export-dynamic -Wl,--entry=0x0 -Wl,--strip-all
    cp: cannot stat 'e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9patch': No such file or directory
    
    
    opened by pventuzelo 1
  • Support AFL++

    Support AFL++

    Currently this project only supports the original AFL. It'd be nice to also support AFL++.

    ~~The AFL++ interface is differerent meaning that the current instrumented binaries are not compatible.~~

    It seems that E9AFL instrumented binaries are mostly compatible with AFL++. The main exception is the AFL_MAP_SIZE option. The current version will crash if AFL_MAP_SIZE < 0x10000.

    opened by GJDuck 0
Releases(v0.8.0)
GB-CosFace: Rethinking Softmax-based Face Recognition from the Perspective of Open Set Classification

GB-CosFace: Rethinking Softmax-based Face Recognition from the Perspective of Open Set Classification This is the official pytorch implementation of t

Alibaba Cloud 5 Nov 14, 2022
Gin provides a lightweight configuration framework for Python

Gin Config Authors: Dan Holtmann-Rice, Sergio Guadarrama, Nathan Silberman Contributors: Oscar Ramirez, Marek Fiser Gin provides a lightweight configu

Google 1.7k Jan 03, 2023
Experiments and code to generate the GINC small-scale in-context learning dataset from "An Explanation for In-context Learning as Implicit Bayesian Inference"

GINC small-scale in-context learning dataset GINC (Generative In-Context learning Dataset) is a small-scale synthetic dataset for studying in-context

P-Lambda 29 Dec 19, 2022
Stream images from a connected camera over MQTT, view using Streamlit, record to file and sqlite

mqtt-camera-streamer Summary: Publish frames from a connected camera or MJPEG/RTSP stream to an MQTT topic, and view the feed in a browser on another

Robin Cole 183 Dec 16, 2022
PGPortfolio: Policy Gradient Portfolio, the source code of "A Deep Reinforcement Learning Framework for the Financial Portfolio Management Problem"(https://arxiv.org/pdf/1706.10059.pdf).

This is the original implementation of our paper, A Deep Reinforcement Learning Framework for the Financial Portfolio Management Problem (arXiv:1706.1

Zhengyao Jiang 1.5k Dec 29, 2022
Neural Module Network for VQA in Pytorch

Neural Module Network (NMN) for VQA in Pytorch Note: This is NOT an official repository for Neural Module Networks. NMN is a network that is assembled

Harsh Trivedi 111 Nov 24, 2022
TransGAN: Two Transformers Can Make One Strong GAN

[Preprint] "TransGAN: Two Transformers Can Make One Strong GAN", Yifan Jiang, Shiyu Chang, Zhangyang Wang

VITA 1.5k Jan 07, 2023
A Unified Framework and Analysis for Structured Knowledge Grounding

UnifiedSKG 📚 : Unifying and Multi-Tasking Structured Knowledge Grounding with Text-to-Text Language Models Code for paper UnifiedSKG: Unifying and Mu

HKU NLP Group 370 Dec 21, 2022
JAXMAPP: JAX-based Library for Multi-Agent Path Planning in Continuous Spaces

JAXMAPP: JAX-based Library for Multi-Agent Path Planning in Continuous Spaces JAXMAPP is a JAX-based library for multi-agent path planning (MAPP) in c

OMRON SINIC X 24 Dec 28, 2022
a grammar based feedback fuzzer

Nautilus NOTE: THIS IS AN OUTDATE REPOSITORY, THE CURRENT RELEASE IS AVAILABLE HERE. THIS REPO ONLY SERVES AS A REFERENCE FOR THE PAPER Nautilus is a

Chair for Sys­tems Se­cu­ri­ty 158 Dec 28, 2022
Official PyTorch Implementation of paper "NeLF: Neural Light-transport Field for Single Portrait View Synthesis and Relighting", EGSR 2021.

NeLF: Neural Light-transport Field for Single Portrait View Synthesis and Relighting Official PyTorch Implementation of paper "NeLF: Neural Light-tran

Ken Lin 38 Dec 26, 2022
Industrial knn-based anomaly detection for images. Visit streamlit link to check out the demo.

Industrial KNN-based Anomaly Detection ⭐ Now has streamlit support! ⭐ Run $ streamlit run streamlit_app.py This repo aims to reproduce the results of

aventau 102 Dec 26, 2022
HMLLDB is a collection of LLDB commands to assist in the debugging of iOS apps.

HMLLDB is a collection of LLDB commands to assist in the debugging of iOS apps. 中文介绍 Features Non-intrusive. Your iOS project does not need to be modi

mao2020 47 Oct 22, 2022
Implementation of paper "DeepTag: A General Framework for Fiducial Marker Design and Detection"

Implementation of paper DeepTag: A General Framework for Fiducial Marker Design and Detection. Project page: https://herohuyongtao.github.io/research/

Yongtao Hu 46 Dec 12, 2022
PFENet: Prior Guided Feature Enrichment Network for Few-shot Segmentation (TPAMI).

PFENet This is the implementation of our paper PFENet: Prior Guided Feature Enrichment Network for Few-shot Segmentation that has been accepted to IEE

DV Lab 230 Dec 31, 2022
Deep Learning GPU Training System

DIGITS DIGITS (the Deep Learning GPU Training System) is a webapp for training deep learning models. The currently supported frameworks are: Caffe, To

NVIDIA Corporation 4.1k Jan 03, 2023
Code for "Adversarial Attack Generation Empowered by Min-Max Optimization", NeurIPS 2021

Min-Max Adversarial Attacks [Paper] [arXiv] [Video] [Slide] Adversarial Attack Generation Empowered by Min-Max Optimization Jingkang Wang, Tianyun Zha

Jingkang Wang 12 Nov 23, 2022
🛠️ SLAMcore SLAM Utilities

slamcore_utils Description This repo contains the slamcore-setup-dataset script. It can be used for installing a sample dataset for offline testing an

SLAMcore 7 Aug 04, 2022
PyTorch code for 'Efficient Single Image Super-Resolution Using Dual Path Connections with Multiple Scale Learning'

Efficient Single Image Super-Resolution Using Dual Path Connections with Multiple Scale Learning This repository is for EMSRDPN introduced in the foll

7 Feb 10, 2022
This repository contains all source code, pre-trained models related to the paper "An Empirical Study on GANs with Margin Cosine Loss and Relativistic Discriminator"

An Empirical Study on GANs with Margin Cosine Loss and Relativistic Discriminator This is a Pytorch implementation for the paper "An Empirical Study o

Cuong Nguyen 3 Nov 15, 2021