Alex A. NeatMonster

## frida-libjpeg.py
import frida, sys

images = {}

def on_message(message, data):
    global image
    if message['type'] == 'send':
        if message['payload'].startswith('['):
            message = message['payload']
            save = message[message.index(']')+1:]

## value-profiling.diff
diff -Naur a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
--- a/llvm_mode/afl-llvm-rt.o.c	2017-02-01 02:59:41.000000000 +0100
+++ b/llvm_mode/afl-llvm-rt.o.c	2017-06-29 15:55:53.052681442 +0200
@@ -304,3 +304,205 @@
   }

 }
+
+/* This function is called on every indirect call, but only if the binary has
+   been compiled with -fsanitize-coverage=trace-pc,indirect-calls. */

## test.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>

typedef void (*F)();

static F t[256];

## value-profiling.diff
diff -Naur a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
--- a/llvm_mode/afl-clang-fast.c	2017-01-25 03:51:26.000000000 +0100
+++ b/llvm_mode/afl-clang-fast.c	2017-06-21 16:35:01.203146919 +0200
@@ -120,7 +120,28 @@
      http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards */

 #ifdef USE_TRACE_PC
-  cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard";
+  u8 *trace_ind = "";
+  #ifdef USE_TRACE_IND

## GASimple.java
package fr.neatmonster.labs;

import java.awt.Color;
import java.awt.Dimension;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;

## Main.java
package fr.neatmonster.ga;

import java.awt.Color;
import java.awt.EventQueue;
import java.awt.Graphics;
import java.awt.GridLayout;
import java.awt.Polygon;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;

## GASimple.java
package fr.neatmonster.labs;

import java.awt.Color;
import java.awt.Graphics;
import java.awt.GridLayout;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;

## Main.java
package fr.neatmonster.utils;

import java.util.Comparator;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Random;
import java.util.UUID;

import fr.lightoner.java.CustomTreeMap;

## ValueSortedMap.java
package fr.neatmonster.utils;

import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;

public class ValueSortedMap<K extends Comparable<K>, V extends Comparable<V>>

## Plugin.java
package fr.neatmonster.plugin;

import java.util.Comparator;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Map.Entry;
import java.util.TreeMap;
import java.util.UUID;
	import frida, sys

	images = {}

	def on_message(message, data):
	global image
	if message['type'] == 'send':
	if message['payload'].startswith('['):
	message = message['payload']
	save = message[message.index(']')+1:]
	diff -Naur a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
	--- a/llvm_mode/afl-llvm-rt.o.c 2017-02-01 02:59:41.000000000 +0100
	+++ b/llvm_mode/afl-llvm-rt.o.c 2017-06-29 15:55:53.052681442 +0200
	@@ -304,3 +304,205 @@
	}

	}
	+
	+/* This function is called on every indirect call, but only if the binary has
	+ been compiled with -fsanitize-coverage=trace-pc,indirect-calls. */
	#include <stdio.h>
	#include <stdlib.h>
	#include <stdint.h>
	#include <string.h>
	#include <unistd.h>

	typedef void (*F)();

	static F t[256];
	diff -Naur a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
	--- a/llvm_mode/afl-clang-fast.c 2017-01-25 03:51:26.000000000 +0100
	+++ b/llvm_mode/afl-clang-fast.c 2017-06-21 16:35:01.203146919 +0200
	@@ -120,7 +120,28 @@
	http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards */

	#ifdef USE_TRACE_PC
	- cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard";
	+ u8 *trace_ind = "";
	+ #ifdef USE_TRACE_IND
	package fr.neatmonster.labs;

	import java.awt.Color;
	import java.awt.Dimension;
	import java.awt.Graphics;
	import java.awt.image.BufferedImage;
	import java.io.File;
	import java.io.IOException;
	import java.util.ArrayList;
	import java.util.Collections;
	package fr.neatmonster.ga;

	import java.awt.Color;
	import java.awt.EventQueue;
	import java.awt.Graphics;
	import java.awt.GridLayout;
	import java.awt.Polygon;
	import java.awt.image.BufferedImage;
	import java.io.File;
	import java.io.IOException;
	package fr.neatmonster.utils;

	import java.util.Comparator;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.Map.Entry;
	import java.util.Random;
	import java.util.UUID;

	import fr.lightoner.java.CustomTreeMap;
	package fr.neatmonster.utils;

	import java.util.Collection;
	import java.util.Comparator;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.Set;
	import java.util.TreeMap;

	public class ValueSortedMap<K extends Comparable<K>, V extends Comparable<V>>
	package fr.neatmonster.plugin;

	import java.util.Comparator;
	import java.util.HashMap;
	import java.util.LinkedList;
	import java.util.Map;
	import java.util.Map.Entry;
	import java.util.TreeMap;
	import java.util.UUID;