AFL binary instrumentation

Related tags

Deep Learningbinaryinstrumentationfuzzingaflafl-fuzzbinary-rewritinge9patch
Overview

E9AFL --- Binary AFL

E9AFL inserts American Fuzzy Lop (AFL) instrumentation into x86_64 Linux binaries. This allows binaries to be fuzzed without the need for recompilation.

E9AFL uses E9Patch to insert the AFL instrumentation via static binary rewriting.

Building

To build E9AFL, simply run the build.sh script:

    $ ./build.sh

Usage

First, install afl-fuzz:

    $ sudo apt-get install afl

To use E9AFL, simply run the command:

    $ ./e9afl /path/to/binary

This will generate an AFL-instrumented binary.afl which can be used with afl-fuzz. See the example below.

Example

To fuzz the binutils readelf program:

    $ ./e9afl readelf
    $ mkdir -p input
    $ mkdir -p output
    $ head -n 1 `which ls` > input/exe
    $ afl-fuzz -i input/ -o output/ -- ./readelf.afl -a @@

If all goes well the output should look something like this:

AFL example

Troubleshooting

Some instrumented binaries may crash during AFL initialization:

    PROGRAM ABORT : Fork server crashed ...

This is often caused by an insufficient memory limit. See AFL's -m option for more information.

Bugs

Please report bugs here.

License

GLPv3

Comments
  • Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    Memory limit is too restrictive - every possible binaries showing same info.. looks like there is some other issue.

    $ afl-fuzz -m 850 -i input/ -o output/ -- ./test_binary.afl afl-fuzz 2.52b by [email protected] [+] You have 8 CPU cores and 2 runnable tasks (utilization: 25%). [+] Try parallel jobs - see /usr/share/doc/afl-doc/docs/parallel_fuzzing.txt. [] Checking CPU core loadout... [+] Found a free CPU core, binding to #0. [] Checking core_pattern... [] Checking CPU scaling governor... [] Setting up output directories... [+] Output directory exists but deemed OK to reuse. [] Deleting old session data... [+] Output dir cleanup successful. [] Scanning 'input/'... [+] No auto-generated dictionary tokens to reuse. [] Creating hard links for all input files... [] Validating target binary... [] Attempting dry run with 'id:000000,orig:exe'... [] Spinning up the fork server...

    [-] Whoops, the target binary crashed suddenly, before receiving any input from the fuzzer! There are several probable explanations:

    - The current memory limit (850 MB) is too restrictive, causing the
  target to hit an OOM condition in the dynamic linker. Try bumping up
  the limit with the -m setting in the command line. A simple way confirm
  this diagnosis would be:

  ( ulimit -Sv $[849 << 10]; /path/to/fuzzed_app )

  Tip: you can use http://jwilk.net/software/recidivm to quickly
  estimate the required amount of virtual memory for the binary.

- The binary is just buggy and explodes entirely on its own. If so, you
  need to fix the underlying problem or find a better replacement.

- Less likely, there is a horrible bug in the fuzzer. If other options
  fail, poke <[email protected]> for troubleshooting tips.

    [-] PROGRAM ABORT : Fork server crashed with signal 11 Location : init_forkserver(), afl-fuzz.c:2201

    opened by rohith-krishnan 4
  • Fork server crashed with signal 11 while fuzz jhead

    Fork server crashed with signal 11 while fuzz jhead

    Hello, I used E9AFL to conduct experiments on jHEAD project:https://github.com/Matthias-Wandel/jhead。 I followed the normal procedure and encountered the following error:

    [email protected]:~/fuzz/e9afl-jhead# ./afl-fuzz -i in -o out -- ./jhead.afl @@
afl-fuzz 2.57b by <[email protected]>
[+] You have 16 CPU cores and 1 runnable tasks (utilization: 6%).
[+] Try parallel jobs - see docs/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:badyear.jpg'...
[*] Spinning up the fork server...

[-] Whoops, the target binary crashed suddenly, before receiving any input
    from the fuzzer! There are several probable explanations:

    - The current memory limit (50.0 MB) is too restrictive, causing the
      target to hit an OOM condition in the dynamic linker. Try bumping up
      the limit with the -m setting in the command line. A simple way confirm
      this diagnosis would be:

      ( ulimit -Sv $[49 << 10]; /path/to/fuzzed_app )

      Tip: you can use http://jwilk.net/software/recidivm to quickly
      estimate the required amount of virtual memory for the binary.

    - The binary is just buggy and explodes entirely on its own. If so, you
      need to fix the underlying problem or find a better replacement.

    - Less likely, there is a horrible bug in the fuzzer. If other options
      fail, poke <[email protected]> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server crashed with signal 11
         Location : init_forkserver(), afl-fuzz.c:2230

[email protected]:~/fuzz/e9afl-jhead# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 127896
max locked memory       (kbytes, -l) 65536
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 127896
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[email protected]:~/fuzz/e9afl-jhead#
    opened by Sunxingzhezhexingsun 3
  • Build Failures

    Build Failures

    Hello,

    I would like to start using this program but ran into several build errors - would it be possible to publish a formal list of dependencies, if any?

    opened by mav8557 3
  • e9tool command failed with status (33792)

    e9tool command failed with status (33792)

    I got the following error when trying to input a binary named test. I'm on ParrotOS if that is relevant.

    $e9afl test "/usr/share/e9afl/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "test.afl" -M 'plugin("/usr/share/e9afl/e9AFLPlugin.so").match()' -P 'plugin("/usr/share/e9afl/e9AFLPlugin.so").patch()' -- "test" Illegal instruction error : e9tool command failed with status (33792)

    opened by FlorinelPetrean 2
  • Illegal instruction (core dumped)

    Illegal instruction (core dumped)

    When using e9afl to instrument mruby, the program reports an illegal instruction aborted.

    Invalid instructions at 0x7ffff7cbcd97

    After some digging, I found that the illegal instruction is incsspq in __longjmp (glibc/sysdeps/x86-64/longjmp.s)]. Using gdb for debugging, I found out that %fs:[0x48]=0 (feature_1 in tcbhead_t) in a normal program (not instrumented). However, in the instrumented program, %fs:[0x48]=0x4a1b, which leads to the execution of incsspq and leads to the illegal instruction problem (https://github.com/bminor/glibc/blob/ca4d3ea5130d66e66c5af14e958e99341bf20689/sysdeps/x86_64/__longjmp.S#L57-L58). According to the comments in glibc/sysdeps/x86-64/longjmp.s, this value of %fs:[0x48] marks the shadow stack as enabled. I have no idea why this happened, can you give me some insights?

    The following archive contains the normal and instrumented programs plus the input to reproduce this problem. mruby.zip

    [email protected]:e9afl$ ./e9afl mruby_trace                                                                                                                            
"install/e9tool" -E '".plt"' -E '".plt.got"' -O2 --option --mem-granularity=4096 -o "mruby_trace.afl" -M 'plugin("install/e9AFLPlugin.so").match()' -P 'plugin("install/e9AFLPlugin.so").patch()' --plugin="install/e9AFLPlugin.so":--counter=classic --plugin="install/e9AFLPlugin.so":-Oblock=default --plugin="/home/user/docker_share/tools/e9afl/install/e9AFLPlugin.so":-Oselect=default --plugin="install/e9AFLPlugin.so":--path='install' --option --log=false -- "mruby_trace"                                                                                                                                                                                                                     
-----------------------------------------------                                                                                                                                                                                                          
mode                  = Linux ELF executable                                                                                                                                                                                                             
input_binary          = mruby_trace                                                                                                                                                          
output_binary         = mruby_trace.afl                                                                                                                                                                                                                  
num_patched           = 10015 / 10015 (100.00%)                                                                                                                                                                                                          
num_patched_B1        = 8936 / 10015 (89.23%)                                                                                                                                                                                                            
num_patched_B2        = 1078 / 10015 (10.76%)                                                                                                                                                                                                            
num_patched_T1        = 1 / 10015 (0.01%)                                                                                                                                                                                                                
num_patched_T2        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
num_patched_T3        = 0 / 10015 (0.00%)                                                                                                                                                                                                                
num_virtual_mappings  = 373                                                                                                                                                                                                                              
num_physical_mappings = 248 (66.49%)                                                                                                                                                                                                                     
num_virtual_bytes     = 1527808                                                                                                                                                                                                                          
num_physical_bytes    = 1015808 (66.49%)                                                                                                                                                                                                                 
input_file_size       = 1738472                                                                                                                                                                                                                          
output_file_size      = 3210016 (184.65%)                                                                                                                                                                                                                
time_elapsed          = 346ms                                                                                                                                                                                                                            
memory_used           = 28468KB

    pwndbg> p/x *(tcbhead_t*) $fs_base                                    │pwndbg> p/x *(tcbhead_t*) $fs_base                                   │·················································································································································
                                                                      │$2 = {                                                               │·················································································································································
$2 = {                                                                │  tcb = 0x7ffff7c77740,                                              │·················································································································································
  tcb = 0x7ffff7c77740,                                               │  dtv = 0x7ffff7c780a0,                                              │·················································································································································
  dtv = 0x7ffff7c780a0,                                               │  self = 0x7ffff7c77740,                                             │·················································································································································
  self = 0x7ffff7c77740,                                              │  multiple_threads = 0x0,                                            │·················································································································································
  multiple_threads = 0x0,                                             │  gscope_flag = 0x0,                                                 │·················································································································································
  gscope_flag = 0x0,                                                  │  sysinfo = 0x0,                                                     │·················································································································································
  sysinfo = 0x0,                                                      │  stack_guard = 0x75556eb3f83c8600,                                  │·················································································································································
  stack_guard = 0x882e160064f5cc00,                                   │  pointer_guard = 0x48fa0123fae3d9a4,                                │·················································································································································
  pointer_guard = 0x7501990f9f69f8be,                                 │  vgetcpu_cache = {0x0, 0x0},                                        │·················································································································································
  vgetcpu_cache = {0x0, 0x0},                                         │  feature_1 = 0x4a1b,                                                │·················································································································································
  feature_1 = 0x0,                                                    │  __glibc_unused1 = 0x0,                                             │·················································································································································
  __glibc_unused1 = 0x0,                                              │  __private_tm = {0x0, 0x0, 0x0, 0x0},                               │·················································································································································
  __private_tm = {0x0, 0x0, 0x0, 0x0},                                │  __private_ss = 0x0,                                                │·················································································································································
  __private_ss = 0x0,                                                 │  ssp_base = 0x0,                                                    │·················································································································································
  ssp_base = 0x0,                                                     │  __glibc_unused2 = {{{                                              │·················································································································································
  __glibc_unused2 = {{{                                               │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }}, {{                                                         │·················································································································································
      }}, {{                                                          │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}                                     │·················································································································································
        i = {0x0, 0x0, 0x0, 0x0}                                      │      }, {                                                           │·················································································································································
      }, {                                                            │        i = {0x0, 0x0, 0x0, 0x0}
    opened by 0xdd96 1
  • Building issue in Ubuntu 20.10

    Building issue in Ubuntu 20.10

    Hey,

    I'm getting some errors while building e9afl on my Ubuntu 20.10 Here is the errors:

    $ ./build.sh
./build.sh: extracting e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip...
Archive:  e9patch-7773cc7b3a5117144bde42649e535c01af832ecf.zip
7773cc7b3a5117144bde42649e535c01af832ecf
replace e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/LICENSE  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/Makefile.zydis  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/README.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/build.sh  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9patch-programming-guide.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/doc/e9tool-user-guide.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9compile.sh  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/args.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/counter.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/delay.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/hello.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/limit.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/nop.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/plugins/example.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/print.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/state.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/stdlib.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/trap.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9alloc.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9api.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9elf.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9emit.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9json.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9loader.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9mapping.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9optimize.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9patch.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9rbtree.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9tactics.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9trampoline.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9patch/e9x86_64.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9cfg.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9csv.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9frontend.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9metadata.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9parser.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9plugin.h  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9tool.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9types.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/src/e9tool/e9x86_64.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/14.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/15.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/17_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/18.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/README.md  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/after.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/asm_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cfg_pie.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cmp_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_0.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/cond_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_0.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/condjump_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/control.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/csv.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/data.csv  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dl.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/dst_zero.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_10.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_11.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_12.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_13.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_5.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_6.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_7.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_8.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/example_9.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/exit.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/false.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/imm_by_ptr.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/inst.c  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_notake.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jmp_take.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/jump_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/libdl_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/memory_5.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/mnemonic.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_2.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_3.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_4.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/naked_bug.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/next.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_0.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_3.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/optimize_s.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/passthru.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/patch.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_intel.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/print_pie.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rax_by_ptr.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/read_write.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/reads_rflags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regs_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/regtest.cpp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_rsp_rflags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rip_to_rsp.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/rotate.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/size_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/skip.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/src_dst.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sse.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/stack_overflow.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/static_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/string_1.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/sum.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/swap_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/syscall.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/target.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test.s  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/test_libc.s  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trap.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/trunc32.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/types.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/write_bug.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/xmm.in  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.exp  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.exp  
 extracting: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/regtest/zero_flags_2.in  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/Makefile  
  inflating: e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/test/stresstest/stresstest.sh  
./build.sh: building e9patch...
./build.sh: building e9patch and e9tool...
rm -rf src/e9patch/e9alloc.o src/e9patch/e9api.o src/e9patch/e9elf.o src/e9patch/e9emit.o src/e9patch/e9json.o src/e9patch/e9mapping.o src/e9patch/e9patch.o src/e9patch/e9optimize.o src/e9patch/e9tactics.o src/e9patch/e9trampoline.o src/e9patch/e9x86_64.o e9tool.o e9patch e9tool a.out \
        src/e9patch/e9loader.c e9loader.out e9loader.o e9loader.bin
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -I src/e9tool/ -I zydis/include/ -I zydis/dependencies/zycore/include/ -Wno-unused-function -c src/e9tool/e9tool.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG -Wno-unused-function   -c -o src/e9patch/e9alloc.o src/e9patch/e9alloc.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9api.o src/e9patch/e9api.cpp
g++ -std=c++11 -Wall -fno-stack-protector -fpie -Os -c \
        src/e9patch/e9loader.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9emit.o src/e9patch/e9emit.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9json.o src/e9patch/e9json.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9mapping.o src/e9patch/e9mapping.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9patch.o src/e9patch/e9patch.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9optimize.o src/e9patch/e9optimize.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9tactics.o src/e9patch/e9tactics.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9trampoline.o src/e9patch/e9trampoline.cpp
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9x86_64.o src/e9patch/e9x86_64.cpp
g++ -nostdlib -o e9loader.out e9loader.o -Wl,--entry=_entry
objcopy --dump-section .text=e9loader.bin e9loader.out
xxd -i e9loader.bin > src/e9patch/e9loader.c
g++ -std=c++11 -Wall -Wno-reorder -fPIC -pie -O2 -D NDEBUG   -c -o src/e9patch/e9elf.o src/e9patch/e9elf.cpp
In file included from src/e9patch/e9optimize.cpp:19:
src/e9patch/e9patch.h:244:16: error: expected ‘)’ before ‘offset’
  244 |     Instr(off_t offset, intptr_t addr, size_t size, const uint8_t *original,
      |          ~     ^~~~~~~
      |                )
src/e9patch/e9patch.h:206:18: warning: non-static const member ‘const size_t Instr::offset’ in class without a constructor [-Wuninitialized]
  206 |     const size_t offset:46;             // The instruction offset
      |                  ^~~~~~
src/e9patch/e9patch.h:207:18: warning: non-static const member ‘const size_t Instr::size’ in class without a constructor [-Wuninitialized]
  207 |     const size_t size:4;                // The instruction size (bytes)
      |                  ^~~~
src/e9patch/e9patch.h:208:18: warning: non-static const member ‘const size_t Instr::pcrel32_idx’ in class without a constructor [-Wuninitialized]
  208 |     const size_t pcrel32_idx:4;         // 32bit PC-relative imm idx (or 0)
      |                  ^~~~~~~~~~~
src/e9patch/e9patch.h:209:18: warning: non-static const member ‘const size_t Instr::pcrel8_idx’ in class without a constructor [-Wuninitialized]
  209 |     const size_t pcrel8_idx:4;          // 8bit PC-relative imm idx (or 0)
      |                  ^~~~~~~~~~
src/e9patch/e9patch.h:210:18: warning: non-static const member ‘const size_t Instr::pic’ in class without a constructor [-Wuninitialized]
  210 |     const size_t pic:1;                 // PIC? (stored here for convenience)
      |                  ^~~
src/e9patch/e9patch.h:216:20: warning: non-static const member ‘const intptr_t Instr::addr’ in class without a constructor [-Wuninitialized]
  216 |     const intptr_t addr;                // The address of the instruction
      |                    ^~~~
src/e9patch/e9patch.h:226:7: warning: non-static const member ‘const Instr::Original Instr::original’ in class without a constructor [-Wuninitialized]
  226 |     } original;
      |       ^~~~~~~~
src/e9patch/e9patch.h:238:7: warning: non-static const member ‘const Instr::Patched Instr::patched’ in class without a constructor [-Wuninitialized]
  238 |     } patched;
      |       ^~~~~~~
src/e9patch/e9patch.h:395:18: error: ‘off_t’ was not declared in this scope
  395 | typedef std::map<off_t, Instr *> InstrSet;
      |                  ^~~~~
src/e9patch/e9patch.h:395:32: error: template argument 1 is invalid
  395 | typedef std::map<off_t, Instr *> InstrSet;
      |                                ^
src/e9patch/e9patch.h:395:32: error: template argument 3 is invalid
src/e9patch/e9patch.h:395:32: error: template argument 4 is invalid
src/e9patch/e9patch.h:421:5: error: ‘off_t’ does not name a type
  421 |     off_t diff = 0;                     // Offset/address difference.
      |     ^~~~~
src/e9patch/e9optimize.cpp: In function ‘void buildEntrySet(Binary*)’:
src/e9patch/e9optimize.cpp:32:20: error: request for member ‘rbegin’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
   32 |     auto i = B->Is.rbegin();
      |                    ^~~~~~
src/e9patch/e9optimize.cpp:33:20: error: request for member ‘rend’ in ‘B->Binary::Is’, which is of non-class type ‘InstrSet’ {aka ‘int’}
   33 |     if (i == B->Is.rend())
      |                    ^~~~
src/e9patch/e9optimize.cpp:41:13: error: ‘J’ was not declared in this scope
   41 |             J = I;
      |             ^
src/e9patch/e9optimize.cpp:46:13: error: ‘J’ was not declared in this scope
   46 |             J = nullptr;
      |             ^
src/e9patch/e9optimize.cpp:47:13: error: ‘J’ was not declared in this scope
   47 |         if (J != nullptr && num <= option_Oprologue &&
      |             ^
src/e9patch/e9optimize.cpp:57:13: error: ‘J’ was not declared in this scope
   57 |             J = nullptr;
      |             ^
src/e9patch/e9optimize.cpp:60:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
   60 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::begin
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
   90 |     begin(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~~~
src/e9patch/e9optimize.cpp:60:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
   60 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::end
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
  100 |     end(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~
src/e9patch/e9optimize.cpp:104:9: error: ‘off_t’ was not declared in this scope
  104 |         off_t rel = 0;
      |         ^~~~~
src/e9patch/e9optimize.cpp:109:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel8’?
  109 |             rel = (off_t)rel8;
      |             ^~~
      |             rel8
src/e9patch/e9optimize.cpp:107:20: warning: unused variable ‘rel8’ [-Wunused-variable]
  107 |             int8_t rel8 = (int8_t)*(int8_t *)
      |                    ^~~~
src/e9patch/e9optimize.cpp:122:13: error: ‘rel’ was not declared in this scope; did you mean ‘rel32’?
  122 |             rel = (off_t)rel32;
      |             ^~~
      |             rel32
src/e9patch/e9optimize.cpp:120:21: warning: unused variable ‘rel32’ [-Wunused-variable]
  120 |             int32_t rel32 = (int32_t)*(int32_t *)
      |                     ^~~~~
src/e9patch/e9optimize.cpp:124:67: error: ‘rel’ was not declared in this scope
  124 |         intptr_t target = (intptr_t)I->addr + (intptr_t)I->size + rel;
      |                                                                   ^~~
src/e9patch/e9optimize.cpp: In function ‘Instr* findInstr(const Binary*, intptr_t)’:
src/e9patch/e9optimize.cpp:200:5: error: ‘off_t’ was not declared in this scope
  200 |     off_t offset = addr - B->diff;
      |     ^~~~~
src/e9patch/e9optimize.cpp:201:20: error: request for member ‘find’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
  201 |     auto i = B->Is.find(offset);
      |                    ^~~~
src/e9patch/e9optimize.cpp:201:25: error: ‘offset’ was not declared in this scope; did you mean ‘offsetof’?
  201 |     auto i = B->Is.find(offset);
      |                         ^~~~~~
      |                         offsetof
src/e9patch/e9optimize.cpp:202:20: error: request for member ‘end’ in ‘B->Binary::Is’, which is of non-class type ‘const InstrSet’ {aka ‘const int’}
  202 |     if (i == B->Is.end())
      |                    ^~~
src/e9patch/e9optimize.cpp: In function ‘void optimizeAllJumps(Binary*)’:
src/e9patch/e9optimize.cpp:279:32: error: ‘begin’ was not declared in this scope; did you mean ‘std::begin’?
  279 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::begin
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:90:5: note: ‘std::begin’ declared here
   90 |     begin(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~~~
src/e9patch/e9optimize.cpp:279:32: error: ‘end’ was not declared in this scope; did you mean ‘std::end’?
  279 |     for (const auto &entry: B->Is)
      |                                ^~
      |                                std::end
In file included from /usr/include/c++/10/deque:68,
                 from src/e9patch/e9patch.h:29,
                 from src/e9patch/e9optimize.cpp:19:
/usr/include/c++/10/bits/range_access.h:100:5: note: ‘std::end’ declared here
  100 |     end(_Tp (&__arr)[_Nm]) noexcept
      |     ^~~
make: *** [<builtin>: src/e9patch/e9optimize.o] Error 1
make: *** Waiting for unfinished jobs....
src/e9patch/e9trampoline.cpp: In function ‘const Trampoline* expandMacro(const Binary*, const Metadata*, const char*)’:
src/e9patch/e9trampoline.cpp:100:9: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
  100 |         ssize_t lo = 0, hi = (ssize_t)meta->num_entries-1;
      |         ^~~~~~~
      |         size_t
src/e9patch/e9trampoline.cpp:101:16: error: ‘lo’ was not declared in this scope
  101 |         while (lo <= hi)
      |                ^~
src/e9patch/e9trampoline.cpp:101:22: error: ‘hi’ was not declared in this scope
  101 |         while (lo <= hi)
      |                      ^~
src/e9patch/e9trampoline.cpp:103:20: error: expected ‘;’ before ‘mid’
  103 |             ssize_t mid = (lo + hi) / 2;
      |                    ^~~~
      |                    ;
src/e9patch/e9trampoline.cpp:104:50: error: ‘mid’ was not declared in this scope
  104 |             int cmp = strcmp(name, meta->entries[mid].name);
      |                                                  ^~~
src/e9patch/e9tactics.cpp: In function ‘bool patch(Binary&, Instr*, const Trampoline*)’:
src/e9patch/e9tactics.cpp:761:9: error: ‘printf’ was not declared in this scope
  761 |         printf("\33[31mX\33[0m");
      |         ^~~~~~
src/e9patch/e9tactics.cpp:29:1: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
   28 | #include "e9trampoline.h"
  +++ |+#include <cstdio>
   29 | 
src/e9patch/e9tactics.cpp:779:5: error: ‘printf’ was not declared in this scope
  779 |     printf("\33[32m.\33[0m");
      |     ^~~~~~
src/e9patch/e9tactics.cpp:779:5: note: ‘printf’ is defined in header ‘<cstdio>’; did you forget to ‘#include <cstdio>’?
make: *** [<builtin>: src/e9patch/e9tactics.o] Error 1
src/e9patch/e9trampoline.cpp: In function ‘void buildBytes(const Binary*, const Trampoline*, const Instr*, int32_t, const LabelSet&, Buffer&)’:
src/e9patch/e9trampoline.cpp:715:30: error: ‘ssize_t’ was not declared in this scope; did you mean ‘size_t’?
  715 |                             (ssize_t)INT32_MIN, INT32_MAX);
      |                              ^~~~~~~
      |                              size_t
make: *** [<builtin>: src/e9patch/e9trampoline.o] Error 1
./build.sh: done...!
./build.sh: e9patch has been built...
./build.sh: building the e9afl plugin...
g++ -std=c++11 -fPIC -shared -o e9AFLPlugin.so -O2 e9AFLPlugin.cpp -I .
./build.sh: building the e9afl runtime...
gcc -fno-stack-protector -fpie -O2 -Wno-unused-function -mno-mmx -mno-sse -mno-avx -mno-avx2 -mno-avx512f -msoft-float -fno-tree-vectorize -fomit-frame-pointer -c -Wall -I e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/examples/ ./afl-rt.c
gcc afl-rt.o -o afl-rt -pie -nostdlib -Wl,-z -Wl,max-page-size=4096 -Wl,--export-dynamic -Wl,--entry=0x0 -Wl,--strip-all
cp: cannot stat 'e9patch-7773cc7b3a5117144bde42649e535c01af832ecf/e9patch': No such file or directory
    opened by pventuzelo 1
  • Support AFL++

    Support AFL++

    Currently this project only supports the original AFL. It'd be nice to also support AFL++.

    ~~The AFL++ interface is differerent meaning that the current instrumented binaries are not compatible.~~

    It seems that E9AFL instrumented binaries are mostly compatible with AFL++. The main exception is the AFL_MAP_SIZE option. The current version will crash if AFL_MAP_SIZE < 0x10000.

    opened by GJDuck 0
Releases(v0.8.0)
Owner
GitHub Repository
Uncertainty-aware Semantic Segmentation of LiDAR Point Clouds for Autonomous Driving

SalsaNext: Fast, Uncertainty-aware Semantic Segmentation of LiDAR Point Clouds for Autonomous Driving Abstract In this paper, we introduce SalsaNext f

308 Jan 04, 2023
CBKH: The Cornell Biomedical Knowledge Hub

Cornell Biomedical Knowledge Hub (CBKH) CBKG integrates data from 18 publicly available biomedical databases. The current version of CBKG contains a t

44 Dec 21, 2022
TensorFlow-LiveLessons - "Deep Learning with TensorFlow" LiveLessons

TensorFlow-LiveLessons Note that the second edition of this video series is now available here. The second edition contains all of the content from th

Deep Learning Study Group 830 Jan 03, 2023
(ImageNet pretrained models) The official pytorch implemention of the TPAMI paper "Res2Net: A New Multi-scale Backbone Architecture"

Res2Net The official pytorch implemention of the paper "Res2Net: A New Multi-scale Backbone Architecture" Our paper is accepted by IEEE Transactions o

Res2Net Applications 928 Dec 29, 2022
Count GitHub Stars ⭐

Count GitHub Stars per Day ⭐ Track GitHub stars per day over a date range to measure the open-source popularity of different repositories. Requirement

Ultralytics 20 Nov 20, 2022
Anomaly detection analysis and labeling tool, specifically for multiple time series (one time series per category)

taganomaly Anomaly detection labeling tool, specifically for multiple time series (one time series per category). Taganomaly is a tool for creating la

Microsoft 272 Dec 17, 2022
NCVX (NonConVeX): A User-Friendly and Scalable Package for Nonconvex Optimization in Machine Learning.

The source code is temporariy removed, as we are solving potential copyright and license issues with GRANSO (http://www.timmitchell.com/software/GRANS

SUN Group @ UMN 28 Aug 03, 2022
A Physics-based Noise Formation Model for Extreme Low-light Raw Denoising (CVPR 2020 Oral & TPAMI 2021)

ELD The implementation of CVPR 2020 (Oral) paper "A Physics-based Noise Formation Model for Extreme Low-light Raw Denoising" and its journal (TPAMI) v

Kaixuan Wei 359 Jan 01, 2023
A Number Recognition algorithm

Paddle-VisualAttention Results_Compared SVHN Dataset Methods Steps GPU Batch Size Learning Rate Patience Decay Step Decay Rate Training Speed (FPS) Ac

1 Nov 12, 2021
DFM: A Performance Baseline for Deep Feature Matching

DFM: A Performance Baseline for Deep Feature Matching Python (Pytorch) and Matlab (MatConvNet) implementations of our paper DFM: A Performance Baselin

143 Jan 02, 2023
Pytorch implementation of Depth-conditioned Dynamic Message Propagation forMonocular 3D Object Detection

DDMP-3D Pytorch implementation of Depth-conditioned Dynamic Message Propagation forMonocular 3D Object Detection, a paper on CVPR2021. Instroduction T

Li Wang 32 Nov 09, 2022
NER for Indian languages

CL-NERIL: A Cross-Lingual Model for NER in Indian Languages Code for the paper - https://arxiv.org/abs/2111.11815 Setup Setup a virtual environment Th

Akshara P 0 Nov 24, 2021
領域を指定し、キーを入力することで画像を保存するツールです。クラス分類用のデータセット作成を想定しています。

image-capture-class-annotation 領域を指定し、キーを入力することで画像を保存するツールです。 クラス分類用のデータセット作成を想定しています。 Requirement OpenCV 3.4.2 or later Usage 実行方法は以下です。 起動後はマウスクリック4

KazuhitoTakahashi 5 May 28, 2021
Python3 / PyTorch implementation of the following paper: Fine-grained Semantics-aware Representation Enhancement for Self-supervisedMonocular Depth Estimation. ICCV 2021 (oral)

FSRE-Depth This is a Python3 / PyTorch implementation of FSRE-Depth, as described in the following paper: Fine-grained Semantics-aware Representation

77 Dec 28, 2022
A best practice for tensorflow project template architecture.

A best practice for tensorflow project template architecture.

Mahmoud Gamal Salem 3.6k Dec 22, 2022
SLIDE : In Defense of Smart Algorithms over Hardware Acceleration for Large-Scale Deep Learning Systems

The SLIDE package contains the source code for reproducing the main experiments in this paper. Dataset The Datasets can be downloaded in Amazon-

Intel Labs 72 Dec 16, 2022
This is a student data management application developed in Python and TKinter. It utilizes the TKinter pillow library to include images to buttons. I've separated TKinter elements into their own individual classes. The user can change the smilely face color for each button individually or by entire row.

Smiley Face Cube Display Table of Contents Project Description Getting Started Prerequisites Installation & Deployment Additional Documentation Projec

Yohan (John) Cho 0 Aug 04, 2021
Modular Probabilistic Programming on MXNet

MXFusion | | | | Tutorials | Documentation | Contribution Guide MXFusion is a modular deep probabilistic programming library. With MXFusion Modules yo

Amazon 100 Dec 10, 2022
Hand Gesture Volume Control | Open CV | Computer Vision

Gesture Volume Control Hand Gesture Volume Control | Open CV | Computer Vision Use gesture control to change the volume of a computer. First we look i

Jhenil Parihar 3 Jun 15, 2022
Scale-aware Automatic Augmentation for Object Detection (CVPR 2021)

SA-AutoAug Scale-aware Automatic Augmentation for Object Detection Yukang Chen, Yanwei Li, Tao Kong, Lu Qi, Ruihang Chu, Lei Li, Jiaya Jia [Paper] [Bi

DV Lab 182 Dec 29, 2022