diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-07 20:43:17 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-07 20:43:17 +0100 |
| commit | f2f6be5e999632b05ce92b4934ee97531d546a44 (patch) | |
| tree | c7eeea121fc83b5d0cf76daf59c47634c11bf264 /qemu_mode/patches/afl-qemu-cpu-inl.h | |
| parent | fd8fe4dd088464230df2dc456c5a9fbf905c907f (diff) | |
| download | afl++-f2f6be5e999632b05ce92b4934ee97531d546a44.tar.gz | |
afl qemu persistent hook
Diffstat (limited to 'qemu_mode/patches/afl-qemu-cpu-inl.h')
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-inl.h | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index 9a98fde3..7ef54d78 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -34,6 +34,10 @@ #include <sys/shm.h> #include "afl-qemu-common.h" +#ifndef AFL_QEMU_STATIC_BUILD +#include <dlfcn.h> +#endif + /*************************** * VARIOUS AUXILIARY STUFF * ***************************/ @@ -95,6 +99,8 @@ unsigned char persistent_save_gpr; target_ulong persistent_saved_gpr[AFL_REGS_NUM]; int persisent_retaddr_offset; +afl_persistent_hook_fn afl_persistent_hook_ptr; + /* Instrumentation ratio: */ unsigned int afl_inst_rms = MAP_SIZE; /* Exported for afl_gen_trace */ @@ -192,7 +198,7 @@ static void afl_setup(void) { __afl_cmp_map = shmat(shm_id, NULL, 0); - if (__afl_cmp_map == (void*)-1) _exit(1); + if (__afl_cmp_map == (void*)-1) exit(1); } @@ -240,6 +246,33 @@ static void afl_setup(void) { if (getenv("AFL_QEMU_PERSISTENT_GPR")) persistent_save_gpr = 1; + if (getenv("AFL_QEMU_PERSISTENT_HOOK")) { + +#ifdef AFL_QEMU_STATIC_BUILD + + fprintf(stderr, "[AFL] ERROR: you cannot use AFL_QEMU_PERSISTENT_HOOK when afl-qemu-trace is static\n"); + exit(1); + +#else + + persistent_save_gpr = 1; + + void* plib = dlopen(getenv("AFL_QEMU_PERSISTENT_HOOK"), RTLD_NOW); + if (!plib) { + fprintf(stderr, "[AFL] ERROR: invalid AFL_QEMU_PERSISTENT_HOOK=%s\n", getenv("AFL_QEMU_PERSISTENT_HOOK")); + exit(1); + } + + afl_persistent_hook_ptr = dlsym(plib, "afl_persistent_hook"); + if (!afl_persistent_hook_ptr) { + fprintf(stderr, "[AFL] ERROR: failed to find the function \"afl_persistent_hook\" in %s\n", getenv("AFL_QEMU_PERSISTENT_HOOK")); + exit(1); + } + +#endif + + } + if (getenv("AFL_QEMU_PERSISTENT_RETADDR_OFFSET")) persisent_retaddr_offset = strtoll(getenv("AFL_QEMU_PERSISTENT_RETADDR_OFFSET"), NULL, 0); |