afl qemu persistent hook

qemu_mode/patches/afl-qemu-cpu-inl.h

@@ -34,6 +34,10 @@
 #include <sys/shm.h>
 #include "afl-qemu-common.h"
 
+#ifndef AFL_QEMU_STATIC_BUILD
+#include <dlfcn.h>
+#endif
+
 /***************************
  * VARIOUS AUXILIARY STUFF *
  ***************************/
@@ -95,6 +99,8 @@ unsigned char persistent_save_gpr;
 target_ulong  persistent_saved_gpr[AFL_REGS_NUM];
 int           persisent_retaddr_offset;
 
+afl_persistent_hook_fn afl_persistent_hook_ptr;
+
 /* Instrumentation ratio: */
 
 unsigned int afl_inst_rms = MAP_SIZE;         /* Exported for afl_gen_trace */
@@ -192,7 +198,7 @@ static void afl_setup(void) {
 
       __afl_cmp_map = shmat(shm_id, NULL, 0);
 
-      if (__afl_cmp_map == (void*)-1) _exit(1);
+      if (__afl_cmp_map == (void*)-1) exit(1);
 
     }
     
@@ -240,6 +246,33 @@ static void afl_setup(void) {
 
   if (getenv("AFL_QEMU_PERSISTENT_GPR")) persistent_save_gpr = 1;
 
+  if (getenv("AFL_QEMU_PERSISTENT_HOOK")) {
+  
+#ifdef AFL_QEMU_STATIC_BUILD
+
+    fprintf(stderr, "[AFL] ERROR: you cannot use AFL_QEMU_PERSISTENT_HOOK when afl-qemu-trace is static\n");
+    exit(1);
+
+#else
+  
+    persistent_save_gpr = 1;
+  
+    void* plib = dlopen(getenv("AFL_QEMU_PERSISTENT_HOOK"), RTLD_NOW);
+    if (!plib) {
+      fprintf(stderr, "[AFL] ERROR: invalid AFL_QEMU_PERSISTENT_HOOK=%s\n", getenv("AFL_QEMU_PERSISTENT_HOOK"));
+      exit(1);
+    }
+    
+    afl_persistent_hook_ptr = dlsym(plib, "afl_persistent_hook");
+    if (!afl_persistent_hook_ptr) {
+      fprintf(stderr, "[AFL] ERROR: failed to find the function \"afl_persistent_hook\" in %s\n", getenv("AFL_QEMU_PERSISTENT_HOOK"));
+      exit(1);
+    }
+
+#endif
+
+  }
+  
   if (getenv("AFL_QEMU_PERSISTENT_RETADDR_OFFSET"))
     persisent_retaddr_offset =
         strtoll(getenv("AFL_QEMU_PERSISTENT_RETADDR_OFFSET"), NULL, 0);