neverzero for unicorn_mode

3 files changed, 17 insertions, 3 deletions

diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h
index 9c3580e5..f82d1217 100644
--- a/qemu_mode/patches/afl-qemu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-translate-inl.h
@@ -46,7 +46,7 @@ void afl_maybe_log(target_ulong cur_loc) {
 
   static __thread abi_ulong prev_loc;
 
-  register target_ulong afl_idx = cur_loc ^ prev_loc;
+  register uintptr_t afl_idx = cur_loc ^ prev_loc;
 
 #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO)
   asm volatile (
diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh
index 9dcf6773..3219e54c 100755
--- a/unicorn_mode/build_unicorn_support.sh
+++ b/unicorn_mode/build_unicorn_support.sh
@@ -144,7 +144,7 @@ echo "[+] Configuration complete."
 
 echo "[*] Attempting to build Unicorn (fingers crossed!)..."
 
-UNICORN_QEMU_FLAGS='--python=python2' make || exit 1
+UNICORN_QEMU_FLAGS='--python=python2' make -j `nproc` || exit 1
 
 echo "[+] Build process successful!"
 
diff --git a/unicorn_mode/patches/afl-unicorn-cpu-inl.h b/unicorn_mode/patches/afl-unicorn-cpu-inl.h
index 892c3f72..ed422725 100644
--- a/unicorn_mode/patches/afl-unicorn-cpu-inl.h
+++ b/unicorn_mode/patches/afl-unicorn-cpu-inl.h
@@ -241,7 +241,21 @@ static inline void afl_maybe_log(unsigned long cur_loc) {
   // DEBUG
   //printf("cur_loc = 0x%lx\n", cur_loc);  
 
-  afl_area_ptr[cur_loc ^ prev_loc]++;
+  register uintptr_t afl_idx = cur_loc ^ prev_loc;
+
+#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO)
+  asm volatile (
+    "incb (%0, %1, 1)\n"
+    "seto %%al\n"
+    "addb %%al, (%0, %1, 1)\n"
+    : /* no out */
+    : "r" (afl_area_ptr), "r" (afl_idx)
+    : "memory", "eax"
+  );
+#else
+  afl_area_ptr[afl_idx]++;
+#endif
+
   prev_loc = cur_loc >> 1;
 
 }