diff options
| author | Khaled Yakdan <yakdan@code-intelligence.de> | 2019-09-04 23:20:18 +0200 |
|---|---|---|
| committer | Khaled Yakdan <yakdan@code-intelligence.de> | 2019-09-04 23:20:18 +0200 |
| commit | b31dff6beec6a7aa17da6f7f8a2eef198c263ccc (patch) | |
| tree | c039aeed3572b171c2b7108cd650a0ee53c1b0f6 /qemu_mode/patches/afl-qemu-common.h | |
| parent | 1b3f9713309d27c49b153f9b3af12d208076e93c (diff) | |
| parent | abf61ecc8f1b4ea3de59f818d859139637b29f32 (diff) | |
| download | afl++-b31dff6beec6a7aa17da6f7f8a2eef198c263ccc.tar.gz | |
Merge branch 'master-upstream' into custom_mutator_docs
# Conflicts: # afl-fuzz.c
Diffstat (limited to 'qemu_mode/patches/afl-qemu-common.h')
| -rw-r--r-- | qemu_mode/patches/afl-qemu-common.h | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h new file mode 100644 index 00000000..88c110b4 --- /dev/null +++ b/qemu_mode/patches/afl-qemu-common.h @@ -0,0 +1,49 @@ +/* + american fuzzy lop++ - high-performance binary-only instrumentation + ------------------------------------------------------------------- + + Originally written by Andrew Griffiths <agriffiths@google.com> and + Michal Zalewski <lcamtuf@google.com> + + TCG instrumentation and block chaining support by Andrea Biondo + <andrea.biondo965@gmail.com> + + QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero + counters by Andrea Fioraldi <andreafioraldi@gmail.com> + + Copyright 2015, 2016, 2017 Google Inc. All rights reserved. + Copyright 2019 AFLplusplus Project. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + This code is a shim patched into the separately-distributed source + code of QEMU 3.1.0. It leverages the built-in QEMU tracing functionality + to implement AFL-style instrumentation and to take care of the remaining + parts of the AFL fork server logic. + + The resulting QEMU binary is essentially a standalone instrumentation + tool; for an example of how to leverage it for other purposes, you can + have a look at afl-showmap.c. + + */ + +#include "../../config.h" + +/* NeverZero */ + +#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) +#define INC_AFL_AREA(loc) \ + asm volatile( \ + "incb (%0, %1, 1)\n" \ + "adcb $0, (%0, %1, 1)\n" \ + : /* no out */ \ + : "r"(afl_area_ptr), "r"(loc) \ + : "memory", "eax") +#else +#define INC_AFL_AREA(loc) afl_area_ptr[loc]++ +#endif + |