ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu debug

Browse Source
This commit is contained in:
van Hauser
2020-06-05 09:42:17 +02:00
parent a1beb72cad
commit e01cad2f7d
4 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/aflpp_driver/aflpp_qemu_driver.c
View File

@ -6,7 +6,7 @@
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
static const size_t kMaxAflInputSize = 1 << 20; static const size_t kMaxAflInputSize = 1 * 1024 * 1024;
static uint8_t AflInputBuf[kMaxAflInputSize]; static uint8_t AflInputBuf[kMaxAflInputSize];
void __attribute__((noinline)) afl_qemu_driver_stdin_input(void) { void __attribute__((noinline)) afl_qemu_driver_stdin_input(void) {

1
examples/qemu_persistent_hook/read_into_rdi.c
View File

@ -1,6 +1,7 @@
#include <stdint.h> #include <stdint.h>
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
#include <string.h>
#define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define g2h(x) ((void *)((unsigned long)(x) + guest_base))
#define h2g(x) ((uint64_t)(x)-guest_base) #define h2g(x) ((uint64_t)(x)-guest_base)

2
qemu_mode/patches/afl-qemu-cpu-inl.h
View File

@ -341,6 +341,8 @@ void afl_forkserver(CPUState *cpu) {
status |= (FS_OPT_SET_MAPSIZE(MAP_SIZE) | FS_OPT_MAPSIZE); status |= (FS_OPT_SET_MAPSIZE(MAP_SIZE) | FS_OPT_MAPSIZE);
if (sharedmem_fuzzing != 0) status |= FS_OPT_SHDMEM_FUZZ; if (sharedmem_fuzzing != 0) status |= FS_OPT_SHDMEM_FUZZ;
if (status) status |= (FS_OPT_ENABLED); if (status) status |= (FS_OPT_ENABLED);
if (getenv("AFL_DEBUG"))
fprintf(stderr, "Debug: Sending status %08x\n", status);
memcpy(tmp, &status, 4); memcpy(tmp, &status, 4);
/* Tell the parent that we're alive. If the parent doesn't want /* Tell the parent that we're alive. If the parent doesn't want

14
src/afl-forkserver.c
View File

@ -277,8 +277,8 @@ static void report_error_and_exit(int error) {
break; break;
case FS_ERROR_MMAP: case FS_ERROR_MMAP:
FATAL( FATAL(
"the fuzzing target reports that the mmap() call to the shared memory " "the fuzzing target reports that the mmap() call to the shared "
"failed."); "memory failed.");
break; break;
default: default:
FATAL("unknown error code %u from fuzzing target!", error); FATAL("unknown error code %u from fuzzing target!", error);
@ -488,17 +488,17 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
if (!be_quiet) { OKF("All right - fork server is up."); } if (!be_quiet) { OKF("All right - fork server is up."); }
if ((status & FS_OPT_ERROR) == FS_OPT_ERROR)
report_error_and_exit(FS_OPT_GET_ERROR(status));
if ((status & FS_OPT_ENABLED) == FS_OPT_ENABLED) {
if (getenv("AFL_DEBUG")) { if (getenv("AFL_DEBUG")) {
ACTF("Extended forkserver functions received (%08x).", status); ACTF("Extended forkserver functions received (%08x).", status);
} }
if ((status & FS_OPT_ERROR) == FS_OPT_ERROR)
report_error_and_exit(FS_OPT_GET_ERROR(status));
if ((status & FS_OPT_ENABLED) == FS_OPT_ENABLED) {
if ((status & FS_OPT_SNAPSHOT) == FS_OPT_SNAPSHOT) { if ((status & FS_OPT_SNAPSHOT) == FS_OPT_SNAPSHOT) {
fsrv->snapshot = 1; fsrv->snapshot = 1;