neverzero qemu for x86/x86_64

author: Andrea Fioraldi <andreafioraldi@gmail.com> 2019-08-27 20:57:52 +0200
committer: Andrea Fioraldi <andreafioraldi@gmail.com> 2019-08-27 20:57:52 +0200
commit: bec9b307db299b586c2574031d3cc1a491dc00c3 (patch)
tree: 9454b4e4dc96fdc71e3b32d206ac47cd9f9dc092 /qemu_mode
parent: 10df5ad0ac3dcff705f6932487fecbdaf690e1f0 (diff)
download: afl++-bec9b307db299b586c2574031d3cc1a491dc00c3.tar.gz
1 files changed, 16 insertions, 2 deletions
diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h
index bfb2897e..9c3580e5 100644
--- a/qemu_mode/patches/afl-qemu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-translate-inl.h
@@ -42,11 +42,25 @@ extern abi_ulong afl_start_code, afl_end_code;
 
 void tcg_gen_afl_maybe_log_call(target_ulong cur_loc);
 
-void afl_maybe_log(target_ulong cur_loc) { 
+void afl_maybe_log(target_ulong cur_loc) {
 
   static __thread abi_ulong prev_loc;
 
-  afl_area_ptr[cur_loc ^ prev_loc]++;
+  register target_ulong afl_idx = cur_loc ^ prev_loc;
+
+#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO)
+  asm volatile (
+    "incb (%0, %1, 1)\n"
+    "seto %%al\n"
+    "addb %%al, (%0, %1, 1)\n"
+    : /* no out */
+    : "r" (afl_area_ptr), "r" (afl_idx)
+    : "memory", "eax"
+  );
+#else
+  afl_area_ptr[afl_idx]++;
+#endif
+
   prev_loc = cur_loc >> 1;
 
 }
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2019-08-27 20:57:52 +0200
committer	Andrea Fioraldi <andreafioraldi@gmail.com>	2019-08-27 20:57:52 +0200
commit	bec9b307db299b586c2574031d3cc1a491dc00c3 (patch)
tree	9454b4e4dc96fdc71e3b32d206ac47cd9f9dc092 /qemu_mode
parent	10df5ad0ac3dcff705f6932487fecbdaf690e1f0 (diff)
download	afl++-bec9b307db299b586c2574031d3cc1a491dc00c3.tar.gz