diff options
| author | realmadsci <71108352+realmadsci@users.noreply.github.com> | 2021-03-02 15:28:26 -0500 |
|---|---|---|
| committer | realmadsci <71108352+realmadsci@users.noreply.github.com> | 2021-03-02 12:55:44 -0800 |
| commit | 8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d (patch) | |
| tree | 9faa7686232eb5fe6057cabde8062b9933db5563 | |
| parent | f0bc2e0e8b9d7b7e6e5371153f1b3bd7500cdae7 (diff) | |
| download | afl++-8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d.tar.gz | |
cpu-exec: Add AFL_QEMU_EXCLUDE_RANGES
This environment variable allows rejection of specific regions from instrumentation. It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES, so it can be used to poke a "hole" in previously included sections.
| -rw-r--r-- | include/envs.h | 1 | ||||
| -rw-r--r-- | qemu_mode/README.md | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/envs.h b/include/envs.h index 143979c6..26f4de90 100644 --- a/include/envs.h +++ b/include/envs.h @@ -141,6 +141,7 @@ static char *afl_environment_variables[] = { "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", "AFL_QEMU_PERSISTENT_EXITS", "AFL_QEMU_INST_RANGES", + "AFL_QEMU_EXCLUDE_RANGES", "AFL_QEMU_SNAPSHOT", "AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", diff --git a/qemu_mode/README.md b/qemu_mode/README.md index bc4c1d2c..a14cbe64 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -99,6 +99,13 @@ Just set AFL_QEMU_INST_RANGES=A,B,C... The format of the items in the list is either a range of addresses like 0x123-0x321 or a module name like module.so (that is matched in the mapped object filename). +Alternatively you can tell QEMU to ignore part of an address space for instrumentation. + +Just set AFL_QEMU_EXCLUDE_RANGES=A,B,C... + +The format of the items on the list is the same as for AFL_QEMU_INST_RANGES, and excluding ranges +takes priority over any included ranges or AFL_INST_LIBS. + ## 7) CompareCoverage CompareCoverage is a sub-instrumentation with effects similar to laf-intel. |