AFL binary instrumentation

Related tags

Deep Learningbinaryinstrumentationfuzzingaflafl-fuzzbinary-rewritinge9patch
Overview

E9AFL --- Binary AFL

E9AFL inserts American Fuzzy Lop (AFL) instrumentation into x86_64 Linux binaries. This allows binaries to be fuzzed without the need for recompilation.

E9AFL uses E9Patch to insert the AFL instrumentation via static binary rewriting.

Building

To build E9AFL, simply run the build.sh script:

    $ ./build.sh

Usage

First, install afl-fuzz:

    $ sudo apt-get install afl

To use E9AFL, simply run the command:

    $ ./e9afl /path/to/binary

This will generate an AFL-instrumented binary.afl which can be used with afl-fuzz. See the example below.

Example

To fuzz the binutils readelf program:

    $ ./e9afl readelf
    $ mkdir -p input
    $ mkdir -p output
    $ head -n 1 `which ls` > input/exe
    $ afl-fuzz -i input/ -o output/ -- ./readelf.afl -a @@

If all goes well the output should look something like this:

AFL example

Troubleshooting

Some instrumented binaries may crash during AFL initialization:

    PROGRAM ABORT : Fork server crashed ...

This is often caused by an insufficient memory limit. See AFL's -m option for more information.

Bugs

Please report bugs here.

License

GLPv3

Comments
  • Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    $ afl-fuzz -m 850 -i input/ -o output/ -- ./test_binary.afl afl-fuzz 2.52b by [email protected] [+] You have 8 CPU cores and 2 runnable tasks (utilization: 25%). [+] Try parallel jobs - see /usr/share/doc/afl-doc/docs/parallel_fuzzing.txt. [] Checking CPU core loadout... [+] Found a free CPU core, binding to #0. [] Checking core_pattern... [] Checking CPU scaling governor... [] Setting up output directories... [+] Output directory exists but deemed OK to reuse. [] Deleting old session data... [+] Output dir cleanup successful. [] Scanning 'input/'... [+] No auto-generated dictionary tokens to reuse. [] Creating hard links for all input files... [] Validating target binary... [] Attempting dry run with 'id:000000,orig:exe'... [] Spinning up the fork server...

    [-] Whoops, the target binary crashed suddenly, before receiving any input from the fuzzer! There are several probable explanations:

    - The current memory limit (850 MB) is too restrictive, causing the
  target to hit an OOM condition in the dynamic linker. Try bumping up
  the limit with the -m setting in the command line. A simple way confirm
  this diagnosis would be:

  ( ulimit -Sv $[849 << 10]; /path/to/fuzzed_app )

  Tip: you can use http://jwilk.net/software/recidivm to quickly
  estimate the required amount of virtual memory for the binary.

- The binary is just buggy and explodes entirely on its own. If so, you
  need to fix the underlying problem or find a better replacement.

- Less likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

    [-] PROGRAM ABORT : Fork server crashed with signal 11 Location : init_forkserver(), afl-fuzz.c:2201

    opened by rohith-krishnan 4
  • Fork server crashed with signal 11 while fuzz jhead

    Fork server crashed with signal 11 while fuzz jhead

    Hello, I used E9AFL to conduct experiments on jHEAD project:https://github.com/Matthias-Wandel/jhead。 I followed the normal procedure and encountered the following error:

    [email protected]:~/fuzz/e9afl-jhead# ./afl-fuzz -i in -o out -- ./jhead.afl @@
afl-fuzz 2.57b by <[email protected]>
[+] You have 16 CPU cores and 1 runnable tasks (utilization: 6%).
[+] Try parallel jobs - see docs/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:badyear.jpg'...
[*] Spinning up the fork server...

[-] Whoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The current memory limit (50.0 MB) is too restrictive, causing the
      target to hit an OOM condition in the dynamic linker. Try bumping up
      the limit with the -m setting in the command line. A simple way confirm
      this diagnosis would be:

      ( ulimit -Sv $[49 << 10]; /path/to/fuzzed_app )

      Tip: you can use http://jwilk.net/software/recidivm to quickly
      estimate the required amount of virtual memory for the binary.

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <[email protected]> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server crashed with signal 11
         Location : init_forkserver(), afl-fuzz.c:2230

[email protected]:~/fuzz/e9afl-jhead# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 127896
max locked memory       (kbytes, -l) 65536
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 127896
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[email protected]:~/fuzz/e9afl-jhead#
    opened by Sunxingzhezhexingsun 3
  • Build Failures

    Build Failures

    Hello,

    I would like to start using this program but ran into several build errors - would it be possible to publish a formal list of dependencies, if any?

    opened by mav8557 3
  • e9tool command failed with status (33792)

    e9tool command failed with status (33792)

    I got the following error when trying to input a binary named test. I'm on ParrotOS if that is relevant.

    $e9afl test "/usr/share/e9afl/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "test.afl" -M 'plugin("/usr/share/e9afl/e9AFLPlugin.so").match()' -P 'plugin("/usr/share/e9afl/e9AFLPlugin.so").patch()' -- "test" Illegal instruction error : e9tool command failed with status (33792)

    opened by FlorinelPetrean 2
  • Illegal instruction (core dumped)

    Illegal instruction (core dumped)

    When using e9afl to instrument mruby, the program reports an illegal instruction aborted.

    Invalid instructions at 0x7ffff7cbcd97

    After some digging, I found that the illegal instruction is incsspq in __longjmp (glibc/sysdeps/x86-64/longjmp.s)]. Using gdb for debugging, I found out that %fs:[0x48]=0 (feature_1 in tcbhead_t) in a normal program (not instrumented). However, in the instrumented program, %fs:[0x48]=0x4a1b, which leads to the execution of incsspq and leads to the illegal instruction problem (https://github.com/bminor/glibc/blob/ca4d3ea5130d66e66c5af14e958e99341bf20689/sysdeps/x86_64/__longjmp.S#L57-L58). According to the comments in glibc/sysdeps/x86-64/longjmp.s, this value of %fs:[0x48] marks the shadow stack as enabled. I have no idea why this happened, can you give me some insights?

    The following archive contains the normal and instrumented programs plus the input to reproduce this problem. mruby.zip

    [email protected]:e9afl$ ./e9afl mruby_trace                                                                                                                            
"install/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "mruby_trace.afl" -M 'plugin("install/e9AFLPlugin.so").match()' -P 'plugin("install/e9AFLPlugin.so").patch()' --plugin="install/e9AFLPlugin.so":--counter=classic --plugin="install/e9AFLPlugin.so":-Oblock=default --plugin="/home/user/docker_share/tools/e9afl/install/e9AFLPlugin.so":-Oselect=default --plugin="install/e9AFLPlugin.so":--path='install' --option --log=false -- "mruby_trace"                                                                                                                                                                                                                     
-----------------------------------------------                                                                                                                                                                                                          
mode                  = Linux ELF executable                                                                                                                                                                                                             
input_binary          = mruby_trace                                                                                                                                                          
output_binary         = mruby_trace.afl                                                                                                                                                                                                                  
num_patched           = 10015 / 10015 (100.00%)                                                                                                                                                                                                          
num_patched_B1        = 8936 / 10015 (89.23%)                                                                                                                                                                                                            
num_patched_B2        = 1078 / 10015 (10.76%)                                                                                                                                                                                                            
num_patched_T1        = 1 / 10015 (0.01%)                                                                                                                                                                                                                
num_patched_T2        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
num_patched_T3        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
num_virtual_mappings  = 373                                                                                                                                                                                                                              
num_physical_mappings = 248 (66.49%)                                                                                                                                                                                                                     
num_virtual_bytes     = 1527808                                                                                                                                                                                                                          
num_physical_bytes    = 1015808 (66.49%)                                                                                                                                                                                                                 
input_file_size       = 1738472                                                                                                                                                                                                                          
output_file_size      = 3210016 (184.65%)                                                                                                                                                                                                                
time_elapsed          = 346ms                                                                                                                                                                                                                            
memory_used           = 28468KB

    pwndbg> p/x *(tcbhead_t*) $fs_base                                    │pwndbg> p/x *(tcbhead_t*) $fs_base                                   │·················································································································································
                                                                      │$2 = {                                                               │·················································································································································
$2 = {                                                                │  tcb = 0x7ffff7c77740,                                              │·················································································································································
  tcb = 0x7ffff7c77740,                                               │  dtv = 0x7ffff7c780a0,                                              │·················································································································································
  dtv = 0x7ffff7c780a0,                                               │  self = 0x7ffff7c77740,                                             │·················································································································································
  self = 0x7ffff7c77740,                                              │  multiple_threads = 0x0,                                            │·················································································································································
  multiple_threads = 0x0,                                             │  gscope_flag = 0x0,                                                 │·················································································································································
  gscope_flag = 0x0,                                                  │  sysinfo = 0x0,                                                     │·················································································································································
  sysinfo = 0x0,                                                      │  stack_guard = 0x75556eb3f83c8600,                                  │·················································································································································
  stack_guard = 0x882e160064f5cc00,                                   │  pointer_guard = 0x48fa0123fae3d9a4,                                │·················································································································································
  pointer_guard = 0x7501990f9f69f8be,                                 │  vgetcpu_cache = {0x0, 0x0},                                        │·················································································································································
  vgetcpu_cache = {0x0, 0x0},                                         │  feature_1 = 0x4a1b,                                                │·················································································································································
  feature_1 = 0x0,                                                    │  __glibc_unused1 = 0x0,                                             │·················································································································································
  __glibc_unused1 = 0x0,                                              │  __private_tm = {0x0, 0x0, 0x0, 0x0},                               │·················································································································································
  __private_tm = {0x0, 0x0, 0x0, 0x0},                                │  __private_ss = 0x0,                                                │·················································································································································
  __private_ss = 0x0,                                                 │  ssp_base = 0x0,                                                    │·················································································································································
  ssp_base = 0x0,                                                     │  __glibc_unused2 = {{{                                              │·················································································································································
  __glibc_unused2 = {{{                                               │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }}, {{                                                         │·················································································································································
      }}, {{                                                          │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}
    opened by 0xdd96 1
  • Building issue in Ubuntu 20.10

    Building issue in Ubuntu 20.10

    Hey,

    I'm getting some errors while building e9afl on my Ubuntu 20.10 Here is the errors:

    $ ./build.sh
./build.sh: extracting e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip...
Archive:  e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip
7773cc7b3a5117144bde42649e535c01af832ecf
replace e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile.zydis  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/README.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/build.sh  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9patch-programming-guide.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9tool-user-guide.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9compile.sh  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/args.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/counter.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/delay.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/hello.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/limit.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/nop.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/plugins/example.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/print.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/state.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/stdlib.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/trap.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9rbtree.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9cfg.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9csv.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9metadata.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9parser.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9plugin.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9tool.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9types.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9x86_64.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/README.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/data.csv  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dl.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/inst.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/patch.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regtest.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test.s  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test_libc.s  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/stresstest.sh  
./build.sh: building e9patch...
./build.sh: building e9patch and e9tool...
rm -rf src/e9patch/e9alloc.o src/e9patch/e9api.o src/e9patch/e9elf.o src/e9patch/e9emit.o src/e9patch/e9json.o src/e9patch/e9mapping.o src/e9patch/e9patch.o src/e9patch/e9optimize.o src/e9patch/e9tactics.o src/e9patch/e9trampoline.o src/e9patch/e9x86_64.o e9tool.o e9patch e9tool a.out \
        src/e9patch/e9loader.c e9loader.out e9loader.o e9loader.bin
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -I src/e9tool/ -I zydis/include/ -I zydis/dependencies/zycore/include/ -Wno-unused-function -c src/e9tool/e9tool.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -Wno-unused-function   -c -o src/e9patch/e9alloc.o src/e9patch/e9alloc.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9api.o src/e9patch/e9api.cpp
g++ -std=c++11 -Wall -fno-stack-protector -fpie -Os -c \
        src/e9patch/e9loader.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9emit.o src/e9patch/e9emit.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9json.o src/e9patch/e9json.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9mapping.o src/e9patch/e9mapping.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9patch.o src/e9patch/e9patch.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9optimize.o src/e9patch/e9optimize.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9tactics.o src/e9patch/e9tactics.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9trampoline.o src/e9patch/e9trampoline.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9x86_64.o src/e9patch/e9x86_64.cpp
g++ -nostdlib -o e9loader.out e9loader.o -Wl,--entry=_entry
objcopy --dump-section .text=e9loader.bin e9loader.out
xxd -i e9loader.bin > src/e9patch/e9loader.c
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9elf.o src/e9patch/e9elf.cpp
In file included from src/e9patch/e9optimize.cpp:19:
src/e9patch/e9patch.h:244:16: error: expected ‘)’ before ‘offset’
  244 |     Instr(off_t offset, intptr_t addr, size_t size, const uint8_t *original,
      |          ~     ^~~~~~~
      |                )
src/e9patch/e9patch.h:206:18: warning: non-static const member ‘const size_t Instr::offset’ in class without a constructor [-Wuninitialized]
  206 |     const size_t offset:46;             // The instruction offset
      |                  ^~~~~~
src/e9patch/e9patch.h:207:18: warning: non-static const member ‘const size_t Instr::size’ in class without a constructor [-Wuninitialized]
  207 |     const size_t size:4;                // The instruction size (bytes)
      |                  ^~~~
src/e9patch/e9patch.h:208:18: warning: non-static const member ‘const size_t Instr::pcrel32_idx’ in class without a constructor [-Wuninitialized]
  208 |     const size_t pcrel32_idx:4;         // 32bit PC-relative imm idx (or 0)
      |                  ^~~~~~~~~~~
src/e9patch/e9patch.h:209:18: warning: non-static const member ‘const size_t Instr::pcrel8_idx’ in class without a constructor [-Wuninitialized]
  209 |     const size_t pcrel8_idx:4;          // 8bit PC-relative imm idx (or 0)
      |                  ^~~~~~~~~~
src/e9patch/e9patch.h:210:18: warning: non-static const member ‘const size_t Instr::pic’ in class without a constructor [-Wuninitialized]
  210 |     const size_t pic:1;                 // PIC? (stored here for convenience)
      |                  ^~~
src/e9patch/e9patch.h:216:20: warning: non-static const member ‘const intptr_t Instr::addr’ in class without a constructor [-Wuninitialized]
  216 |     const intptr_t addr;                // The address of the instruction
      |                    ^~~~
src/e9patch/e9patch.h:226:7: warning: non-static const member ‘const Instr::Original Instr::original’ in class without a constructor [-Wuninitialized]
  226 |     } original;
      |       ^~~~~~~~
src/e9patch/e9patch.h:238:7: warning: non-static const member ‘const Instr::Patched Instr::patched’ in class without a constructor [-Wuninitialized]
  238 |     } patched;
      |       ^~~~~~~
src/e9patch/e9patch.h:395:18: error: ‘off_t’ was not declared in this scope
  395 | typedef std::map<off_t, Instr *> InstrSet;
      |                  ^~~~~
src/e9patch/e9patch.h:395:32: error: template argument 1 is invalid
  395 | typedef std::map<off_t, Instr *> InstrSet;
      |                                ^
src/e9patch/e9patch.h:395:32: error: template argument 3 is invalid
src/e9patch/e9patch.h:395:32: error: template argument 4 is invalid
src/e9patch/e9patch.h:421:5: error: ‘off_t’ does not name a type
  421 |     off_t diff = 0;                     // Offset/address difference.
      |     ^~~~~
src/e9patch/e9optimize.cpp: In function ‘void buildEntrySet(Binary*)’:
src/e9patch/e9optimize.cpp:32:20: error: request for member ‘rbegin’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
   32 |     auto i = B->Is.rbegin();
      |                    ^~~~~~
src/e9patch/e9optimize.cpp:33:20: error: request for member ‘rend’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
   33 |     if (i == B->Is.rend())
      |                    ^~~~
src/e9patch/e9optimize.cpp:41:13: error: ‘J’ was not declared in this scope
   41 |             J = I;
      |             ^
src/e9patch/e9optimize.cpp:46:13: error: ‘J’ was not declared in this scope
   46 |             J = nullptr;
      |             ^
src/e9patch/e9optimize.cpp:47:13: error: ‘J’ was not declared in this scope
   47 |         if (J != nullptr && num <= option_Oprologue &&
      |             ^
src/e9patch/e9optimize.cpp:57:13: error: ‘J’ was not declared in this scope
   57 |             J = nullptr;
      |             ^
src/e9patch/e9optimize.cpp:60:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
   60 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::begin
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
   90 |     begin(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~~~
src/e9patch/e9optimize.cpp:60:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
   60 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::end
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
  100 |     end(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~
src/e9patch/e9optimize.cpp:104:9: error: ‘off_t’ was not declared in this scope
  104 |         off_t rel = 0;
      |         ^~~~~
src/e9patch/e9optimize.cpp:109:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel8’?
  109 |             rel = (off_t)rel8;
      |             ^~~
      |             rel8
src/e9patch/e9optimize.cpp:107:20: warning: unused variable ‘rel8’ [-Wunused-variable]
  107 |             int8_t rel8 = (int8_t)*(int8_t *)
      |                    ^~~~
src/e9patch/e9optimize.cpp:122:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel32’?
  122 |             rel = (off_t)rel32;
      |             ^~~
      |             rel32
src/e9patch/e9optimize.cpp:120:21: warning: unused variable ‘rel32’ [-Wunused-variable]
  120 |             int32_t rel32 = (int32_t)*(int32_t *)
      |                     ^~~~~
src/e9patch/e9optimize.cpp:124:67: error: ‘rel’ was not declared in this scope
  124 |         intptr_t target = (intptr_t)I->addr + (intptr_t)I->size + rel;
      |                                                                   ^~~
src/e9patch/e9optimize.cpp: In function ‘Instr* findInstr(const Binary*, intptr_t)’:
src/e9patch/e9optimize.cpp:200:5: error: ‘off_t’ was not declared in this scope
  200 |     off_t offset = addr - B->diff;
      |     ^~~~~
src/e9patch/e9optimize.cpp:201:20: error: request for member ‘find’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
  201 |     auto i = B->Is.find(offset);
      |                    ^~~~
src/e9patch/e9optimize.cpp:201:25: error: ‘offset’ was not declared in this scope; did you mean ‘offsetof’?
  201 |     auto i = B->Is.find(offset);
      |                         ^~~~~~
      |                         offsetof
src/e9patch/e9optimize.cpp:202:20: error: request for member ‘end’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
  202 |     if (i == B->Is.end())
      |                    ^~~
src/e9patch/e9optimize.cpp: In function ‘void optimizeAllJumps(Binary*)’:
src/e9patch/e9optimize.cpp:279:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
  279 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::begin
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
   90 |     begin(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~~~
src/e9patch/e9optimize.cpp:279:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
  279 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::end
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
  100 |     end(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~
make: *** [<builtin>: src/e9patch/e9optimize.o] Error 1
make: *** Waiting for unfinished jobs....
src/e9patch/e9trampoline.cpp: In function ‘const Trampoline* expandMacro(const Binary*, const Metadata*, const char*)’:
src/e9patch/e9trampoline.cpp:100:9: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
  100 |         ssize_t lo = 0, hi = (ssize_t)meta->num_entries-1;
      |         ^~~~~~~
      |         size_t
src/e9patch/e9trampoline.cpp:101:16: error: ‘lo’ was not declared in this scope
  101 |         while (lo <= hi)
      |                ^~
src/e9patch/e9trampoline.cpp:101:22: error: ‘hi’ was not declared in this scope
  101 |         while (lo <= hi)
      |                      ^~
src/e9patch/e9trampoline.cpp:103:20: error: expected ‘;’ before ‘mid’
  103 |             ssize_t mid = (lo + hi) / 2;
      |                    ^~~~
      |                    ;
src/e9patch/e9trampoline.cpp:104:50: error: ‘mid’ was not declared in this scope
  104 |             int cmp = strcmp(name, meta->entries[mid].name);
      |                                                  ^~~
src/e9patch/e9tactics.cpp: In function ‘bool patch(Binary&, Instr*, const Trampoline*)’:
src/e9patch/e9tactics.cpp:761:9: error: ‘printf’ was not declared in this scope
  761 |         printf("\33[31mX\33[0m");
      |         ^~~~~~
src/e9patch/e9tactics.cpp:29:1: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
   28 | #include "e9trampoline.h"
  +++ |+#include <cstdio>
   29 | 
src/e9patch/e9tactics.cpp:779:5: error: ‘printf’ was not declared in this scope
  779 |     printf("\33[32m.\33[0m");
      |     ^~~~~~
src/e9patch/e9tactics.cpp:779:5: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
make: *** [<builtin>: src/e9patch/e9tactics.o] Error 1
src/e9patch/e9trampoline.cpp: In function ‘void buildBytes(const Binary*, const Trampoline*, const Instr*, int32_t, const LabelSet&, Buffer&)’:
src/e9patch/e9trampoline.cpp:715:30: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
  715 |                             (ssize_t)INT32_MIN, INT32_MAX);
      |                              ^~~~~~~
      |                              size_t
make: *** [<builtin>: src/e9patch/e9trampoline.o] Error 1
./build.sh: done...!
./build.sh: e9patch has been built...
./build.sh: building the e9afl plugin...
g++ -std=c++11 -fPIC -shared -o e9AFLPlugin.so -O2 e9AFLPlugin.cpp -I .
./build.sh: building the e9afl runtime...
gcc -fno-stack-protector -fpie -O2 -Wno-unused-function -mno-mmx -mno-sse -mno-avx -mno-avx2 -mno-avx512f -msoft-float -fno-tree-vectorize -fomit-frame-pointer -c -Wall -I e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/ ./afl-rt.c
gcc afl-rt.o -o afl-rt -pie -nostdlib -Wl,-z -Wl,max-page-size=4096 -Wl,--export-dynamic -Wl,--entry=0x0 -Wl,--strip-all
cp: cannot stat 'e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9patch': No such file or directory
    opened by pventuzelo 1
  • Support AFL++

    Support AFL++

    Currently this project only supports the original AFL. It'd be nice to also support AFL++.

    ~~The AFL++ interface is differerent meaning that the current instrumented binaries are not compatible.~~

    It seems that E9AFL instrumented binaries are mostly compatible with AFL++. The main exception is the AFL_MAP_SIZE option. The current version will crash if AFL_MAP_SIZE < 0x10000.

    opened by GJDuck 0
Releases(v0.8.0)
Owner
GitHub Repository
Location-Sensitive Visual Recognition with Cross-IOU Loss

The trained models are temporarily unavailable, but you can train the code using reasonable computational resource. Location-Sensitive Visual Recognit

Kaiwen Duan 146 Dec 25, 2022
YoloAll is a collection of yolo all versions. you you use YoloAll to test yolov3/yolov5/yolox/yolo_fastest

官方讨论群 QQ群:552703875 微信群:15158106211(先加作者微信,再邀请入群) YoloAll项目简介 YoloAll是一个将当前主流Yolo版本集成到同一个UI界面下的推理预测工具。可以迅速切换不同的yolo版本,并且可以针对图片,视频,摄像头码流进行实时推理,可以很方便,直观

DL-Practise 244 Jan 01, 2023
Kaggle: Cell Instance Segmentation

Kaggle: Cell Instance Segmentation The goal of this challenge is to detect cells in microscope images. with simple view on how many cels have been ann

Jirka Borovec 9 Aug 12, 2022
ManiSkill-Learn is a framework for training agents on SAPIEN Open-Source Manipulation Skill Challenge (ManiSkill Challenge), a large-scale learning-from-demonstrations benchmark for object manipulation.

ManiSkill-Learn ManiSkill-Learn is a framework for training agents on SAPIEN Open-Source Manipulation Skill Challenge, a large-scale learning-from-dem

Hao Su's Lab, UCSD 48 Dec 30, 2022
Fast Scattering Transform with CuPy/PyTorch

Announcement 11/18 This package is no longer supported. We have now released kymatio: http://www.kymat.io/ , https://github.com/kymatio/kymatio which

Edouard Oyallon 289 Dec 07, 2022
Codes and Data Processing Files for our paper.

Code Scripts and Processing Files for EEG Sleep Staging Paper 1. Folder Tree ./src_preprocess (data preprocessing files for SHHS and Sleep EDF) sleepE

Chaoqi Yang 18 Dec 12, 2022
Codes for building and training the neural network model described in Domain-informed neural networks for interaction localization within astroparticle experiments.

Domain-informed Neural Networks Codes for building and training the neural network model described in Domain-informed neural networks for interaction

DIDACTS 0 Dec 13, 2021
Code and data (Incidents Dataset) for ECCV 2020 Paper "Detecting natural disasters, damage, and incidents in the wild".

Incidents Dataset See the following pages for more details: Project page: IncidentsDataset.csail.mit.edu. ECCV 2020 Paper "Detecting natural disasters

Ethan Weber 67 Dec 27, 2022
PyTorch Implementation of Fully Convolutional Networks. (Training code to reproduce the original result is available.)

pytorch-fcn PyTorch implementation of Fully Convolutional Networks. Requirements pytorch = 0.2.0 torchvision = 0.1.8 fcn = 6.1.5 Pillow scipy tqdm

Kentaro Wada 1.6k Jan 07, 2023
Code for the paper "Reinforced Active Learning for Image Segmentation"

Reinforced Active Learning for Image Segmentation (RALIS) Code for the paper Reinforced Active Learning for Image Segmentation Dependencies python 3.6

Arantxa Casanova 79 Dec 19, 2022
Context-Aware Image Matting for Simultaneous Foreground and Alpha Estimation

Context-Aware Image Matting for Simultaneous Foreground and Alpha Estimation This is the inference codes of Context-Aware Image Matting for Simultaneo

Qiqi Hou 125 Oct 22, 2022
Official PyTorch Implementation of Hypercorrelation Squeeze for Few-Shot Segmentation, arXiv 2021

Hypercorrelation Squeeze for Few-Shot Segmentation This is the implementation of the paper "Hypercorrelation Squeeze for Few-Shot Segmentation" by Juh

Juhong Min 165 Dec 28, 2022
Toontown: Galaxy, a new Toontown game based on Disney's Toontown Online

Toontown: Galaxy The official archive repo for Toontown: Galaxy, a new Toontown

1 Feb 15, 2022
This program will stylize your photos with fast neural style transfer.

Neural Style Transfer (NST) Using TensorFlow Demo TensorFlow TensorFlow is an end-to-end open source platform for machine learning. It has a comprehen

Ismail Boularbah 1 Aug 08, 2022
PyTorch implementation of Higher Order Recurrent Space-Time Transformer

Higher Order Recurrent Space-Time Transformer (HORST) This is the official PyTorch implementation of Higher Order Recurrent Space-Time Transformer. Th

13 Oct 18, 2022
YKKDetector For Python

YKKDetector OpenCVを利用した機械学習データをもとに、VRChatのスクリーンショットなどからYKKさん(もとい「幽狐族のお姉様」)を検出できるソフトウェアです。 マニュアル こちらから実行環境のセットアップから解説する詳細なマニュアルをご覧いただけます。 ライセンス 本ソフトウェア

あんふぃとらいと 5 Dec 07, 2021
3D-aware GANs based on NeRF (arXiv).

CIPS-3D This repository will contain the code of the paper, CIPS-3D: A 3D-Aware Generator of GANs Based on Conditionally-Independent Pixel Synthesis.

Peterou 563 Dec 31, 2022
GazeScroller - Using Facial Movements to perform Hands-free Gesture on the system

GazeScroller Using Facial Movements to perform Hands-free Gesture on the system

2 Jan 05, 2022
Human annotated noisy labels for CIFAR-10 and CIFAR-100.

Dataloader for CIFAR-N CIFAR-10N noise_label = torch.load('./data/CIFAR-10_human.pt') clean_label = noise_label['clean_label'] worst_label = noise_lab

<a href=[email protected]"> 117 Nov 30, 2022
Code for the submitted paper Surrogate-based cross-correlation for particle image velocimetry

Surrogate-based cross-correlation (SBCC) This repository contains code for the submitted paper Surrogate-based cross-correlation for particle image ve

5 Jun 30, 2022