cpu-exec: Add AFL_QEMU_EXCLUDE_RANGES

This environment variable allows rejection of specific regions from instrumentation. It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES, so it can be used to poke a "hole" in previously included sections.
author: realmadsci <71108352+realmadsci@users.noreply.github.com> 2021-03-02 15:28:26 -0500
committer: realmadsci <71108352+realmadsci@users.noreply.github.com> 2021-03-02 12:55:44 -0800
commit: 8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d (patch)
tree: 9faa7686232eb5fe6057cabde8062b9933db5563 /qemu_mode
parent: f0bc2e0e8b9d7b7e6e5371153f1b3bd7500cdae7 (diff)
download: afl++-8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/qemu_mode/README.md b/qemu_mode/README.md
index bc4c1d2c..a14cbe64 100644
--- a/qemu_mode/README.md
+++ b/qemu_mode/README.md
@@ -99,6 +99,13 @@ Just set AFL_QEMU_INST_RANGES=A,B,C...
 The format of the items in the list is either a range of addresses like 0x123-0x321
 or a module name like module.so (that is matched in the mapped object filename).
 
+Alternatively you can tell QEMU to ignore part of an address space for instrumentation.
+
+Just set AFL_QEMU_EXCLUDE_RANGES=A,B,C...
+
+The format of the items on the list is the same as for AFL_QEMU_INST_RANGES, and excluding ranges
+takes priority over any included ranges or AFL_INST_LIBS.
+
 ## 7) CompareCoverage
 
 CompareCoverage is a sub-instrumentation with effects similar to laf-intel.
author	realmadsci <71108352+realmadsci@users.noreply.github.com>	2021-03-02 15:28:26 -0500
committer	realmadsci <71108352+realmadsci@users.noreply.github.com>	2021-03-02 12:55:44 -0800
commit	8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d (patch)
tree	9faa7686232eb5fe6057cabde8062b9933db5563 /qemu_mode
parent	f0bc2e0e8b9d7b7e6e5371153f1b3bd7500cdae7 (diff)
download	afl++-8bdb40b7631ea0a6f7dec8e51a6c69c6b3c7513d.tar.gz