diff options
Diffstat (limited to 'qemu_mode')
| -rw-r--r-- | qemu_mode/README.persistent.md | 3 | ||||
| -rw-r--r-- | qemu_mode/libcompcov/Makefile | 4 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-tcg-runtime-inl.h | 7 |
3 files changed, 11 insertions, 3 deletions
diff --git a/qemu_mode/README.persistent.md b/qemu_mode/README.persistent.md index c96a451b..46077402 100644 --- a/qemu_mode/README.persistent.md +++ b/qemu_mode/README.persistent.md @@ -26,7 +26,8 @@ hexadecimal with the 0x prefix or as a decimal value. If the target is compiled with position independant code (PIE/PIC), you must add 0x4000000000 to that address, because qemu loads to this base address. On strange setups the base address set by QEMU for PIE executable may change, -you can check it printing the process map using AFL_QEMU_DEBUG_MAPS=1. +you can check it printing the process map using +`AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace TARGET-BINARY` If this address is not valid, afl-fuzz will error during startup with the message that the forkserver was not found. diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index 07bab99d..f06ac2af 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -15,6 +15,8 @@ PREFIX ?= /usr/local HELPER_PATH = $(PREFIX)/lib/afl +DOC_PATH ?= $(PREFIX)/share/doc/afl +MAN_PATH ?= $(PREFIX)/man/man8 VERSION = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2) @@ -38,5 +40,5 @@ compcovtest: compcovtest.cc install: all install -m 755 ../../libcompcov.so $${DESTDIR}$(HELPER_PATH) - install -m 644 README.compcov $${DESTDIR}$(HELPER_PATH) + install -m 644 -T README.md $${DESTDIR}$(DOC_PATH)/README.compcov.md diff --git a/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h b/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h index 04fcde4e..b7cd71bb 100644 --- a/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h +++ b/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h @@ -171,7 +171,7 @@ static int area_is_mapped(void *ptr, size_t len) { } -void HELPER(afl_cmplog_rtn)(CPUX86State *env) { +void HELPER(afl_cmplog_rtn)(CPUArchState *env) { #if defined(TARGET_X86_64) @@ -199,7 +199,12 @@ void HELPER(afl_cmplog_rtn)(CPUX86State *env) { if (!area_is_mapped(ptr1, 32) || !area_is_mapped(ptr2, 32)) return; +#if defined(TARGET_X86_64) || defined(TARGET_I386) uintptr_t k = (uintptr_t)env->eip; +#else + uintptr_t k = 0; +#endif + k = (k >> 4) ^ (k << 8); k &= CMP_MAP_W - 1; |