frida: bump version (#2640)

* frida: bump version

* frida_windows: fix

Author: s1341

fuzzers/binary_only/frida_executable_libpng/Cargo.toml

@@ -25,7 +25,7 @@ libafl = { path = "../../../libafl", features = [
   "frida_cli",
 ] } #,  "llmp_small_maps", "llmp_debug"]}
 libafl_bolts = { path = "../../../libafl_bolts" }
-frida-gum = { version = "0.14.2", features = [
+frida-gum = { version = "0.15.1", features = [
   "auto-download",
   "event-sink",
   "invocation-listener",

fuzzers/binary_only/frida_libpng/Cargo.toml

@@ -26,7 +26,7 @@ libafl = { path = "../../../libafl", features = [
   "errors_backtrace",
 ] } #,  "llmp_small_maps", "llmp_debug"]}
 libafl_bolts = { path = "../../../libafl_bolts" }
-frida-gum = { version = "0.14.2", features = [
+frida-gum = { version = "0.15.1", features = [
   "auto-download",
   "event-sink",
   "invocation-listener",

fuzzers/binary_only/frida_windows_gdiplus/Cargo.toml

@@ -23,7 +23,7 @@ libafl = { path = "../../../libafl", features = [
   "errors_backtrace",
 ] } #,  "llmp_small_maps", "llmp_debug"]}
 libafl_bolts = { path = "../../../libafl_bolts" }
-frida-gum = { version = "0.14.2", features = [
+frida-gum = { version = "0.15.1", features = [
   "auto-download",
   "event-sink",
   "invocation-listener",

libafl_frida/Cargo.toml

@@ -66,11 +66,11 @@ nix = { workspace = true, default-features = true, features = ["mman"] }
 libc = { workspace = true }
 hashbrown = { workspace = true, default-features = true }
 rangemap = { workspace = true }
-frida-gum-sys = { version = "0.14.2", features = [
+frida-gum-sys = { version = "0.15.1", features = [
   "event-sink",
   "invocation-listener",
 ] }
-frida-gum = { version = "0.14.2", features = [
+frida-gum = { version = "0.15.1", features = [
   "event-sink",
   "invocation-listener",
   "module-names",

libafl_frida/src/asan/asan_rt.rs

@@ -476,13 +476,14 @@ impl AsanRuntime {
     #[allow(clippy::too_many_lines)]
     pub fn register_hooks(&mut self, gum: &Gum) {
         let mut interceptor = Interceptor::obtain(gum);
+        let module = Module::obtain(gum);
         macro_rules! hook_func {
             //No library case
             ($name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => {
                 paste::paste! {
                     log::trace!("Hooking {}", stringify!($name));
 
-                    let target_function = frida_gum::Module::find_export_by_name(None, stringify!($name)).expect("Failed to find function");
+                    let target_function = module.find_export_by_name(None, stringify!($name)).expect("Failed to find function");
 
                     static [<$name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
 
@@ -522,7 +523,7 @@ impl AsanRuntime {
                 paste::paste! {
                     log::trace!("Hooking {}:{}", $lib, stringify!($name));
 
-                    let target_function = frida_gum::Module::find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function");
+                    let target_function = module.find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function");
 
                     static [<$lib_ident:snake:upper _ $name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
 
@@ -564,7 +565,7 @@ impl AsanRuntime {
             ($name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => {
                 paste::paste! {
                     log::trace!("Hooking {}", stringify!($name));
-                    let target_function = frida_gum::Module::find_export_by_name(None, stringify!($name)).expect("Failed to find function");
+                    let target_function = module.find_export_by_name(None, stringify!($name)).expect("Failed to find function");
 
                     static [<$name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
 
@@ -604,7 +605,7 @@ impl AsanRuntime {
             ($lib:literal, $lib_ident:ident, $name:ident, ($($param:ident : $param_type:ty),*), $return_type:ty) => {
                 paste::paste! {
                     log::trace!("Hooking {}:{}", $lib, stringify!($name));
-                    let target_function = frida_gum::Module::find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function");
+                    let target_function = module.find_export_by_name(Some($lib), stringify!($name)).expect("Failed to find function");
 
                     static [<$lib_ident:snake:upper _ $name:snake:upper _PTR>]: std::sync::OnceLock<extern "C" fn($($param: $param_type),*) -> $return_type> = std::sync::OnceLock::new();
 
@@ -693,7 +694,7 @@ impl AsanRuntime {
         macro_rules! hook_heap_windows {
             ($libname:literal, $lib_ident:ident) => {
             log::info!("Hooking allocator functions in {}", $libname);
-            for export in Module::enumerate_exports($libname) {
+            for export in module.enumerate_exports($libname) {
                 // log::trace!("- {}", export.name);
                 match &export.name[..] {
                     "NtGdiCreateCompatibleDC" => {
@@ -919,7 +920,7 @@ impl AsanRuntime {
         macro_rules! hook_cpp {
            ($libname:literal, $lib_ident:ident) => {
             log::info!("Hooking c++ functions in {}", $libname);
-            for export in Module::enumerate_exports($libname) {
+            for export in module.enumerate_exports($libname) {
                 match &export.name[..] {
                     "_Znam" => {
                         hook_func!($libname, $lib_ident, _Znam, (size: usize), *mut c_void);

libafl_frida/src/executor.rs

@@ -187,7 +187,7 @@ where
         // Include the current module (the fuzzer) in stalked ranges. We clone the ranges so that
         // we don't add it to the INSTRUMENTED ranges.
         let mut ranges = helper.ranges().clone();
-        for module in frida_gum::Module::enumerate_modules() {
+        for module in frida_gum::Module::obtain(gum).enumerate_modules() {
             if module.base_address < Self::new as usize
                 && (Self::new as usize) < module.base_address + module.size
             {

libafl_frida/src/helper.rs

@@ -10,7 +10,7 @@ use std::{
 use frida_gum::{
     instruction_writer::InstructionWriter,
     stalker::{StalkerIterator, StalkerOutput, Transformer},
-    Backend, Gum, Module, ModuleDetails, ModuleMap, PageProtection, Script,
+    Backend, Gum, ModuleDetails, ModuleMap, Script,
 };
 use frida_gum_sys::gchar;
 use libafl::{
@@ -415,19 +415,6 @@ pub unsafe extern "C" fn test_function(message: *const gchar) {
     }
 }
 
-/// Helper function to get the size of a module's CODE section from frida
-#[must_use]
-pub fn get_module_size(module_name: &str) -> usize {
-    let mut code_size = 0;
-    let code_size_ref = &mut code_size;
-    Module::enumerate_ranges(module_name, PageProtection::ReadExecute, move |details| {
-        *code_size_ref = details.memory_range().size();
-        true
-    });
-
-    code_size
-}
-
 fn pathlist_contains_module<I, P>(list: I, module: &ModuleDetails) -> bool
 where
     I: IntoIterator<Item = P>,

libafl_frida/src/windows_hooks.rs

@@ -21,15 +21,16 @@ unsafe extern "C" fn unhandled_exception_filter_detour(
 }
 /// Initialize the hooks
 pub fn initialize(gum: &Gum) {
+    let module = Module::obtain(gum);
     let is_processor_feature_present =
-        Module::find_export_by_name(Some("kernel32.dll"), "IsProcessorFeaturePresent");
+        module.find_export_by_name(Some("kernel32.dll"), "IsProcessorFeaturePresent");
     let is_processor_feature_present = is_processor_feature_present.unwrap();
     assert!(
         !is_processor_feature_present.is_null(),
         "IsProcessorFeaturePresent not found"
     );
     let unhandled_exception_filter =
-        Module::find_export_by_name(Some("kernel32.dll"), "UnhandledExceptionFilter");
+        module.find_export_by_name(Some("kernel32.dll"), "UnhandledExceptionFilter");
     let unhandled_exception_filter = unhandled_exception_filter.unwrap();
     assert!(
         !unhandled_exception_filter.is_null(),