SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CPUArchStatePtr to backdoor signature (#2038)

Browse Source
This commit is contained in:
Romain Malmain 2024-04-11 17:30:59 +02:00 committed by GitHub
parent 287d1ac7c7
commit 94a2a2363a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libafl_qemu/libafl_qemu_build/src/build.rs
View File

@ -8,7 +8,7 @@ use which::which;
const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
const QEMU_REVISION: &str = "f1e48d694ca31045169853ca65b1a5a95e8746e9"; const QEMU_REVISION: &str = "e99b9da6585504a8333f2846a61de487f94d3476";
#[allow(clippy::module_name_repetitions)] #[allow(clippy::module_name_repetitions)]
pub struct BuildResult { pub struct BuildResult {

10
libafl_qemu/libafl_qemu_sys/src/x86_64_stub_bindings.rs
View File

@ -1,4 +1,4 @@
/* automatically generated by rust-bindgen 0.68.1 */ /* automatically generated by rust-bindgen 0.69.4 */
#[repr(C)] #[repr(C)]
#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] #[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
@ -90,11 +90,11 @@ impl<T> __IncompleteArrayField<T> {
} }
#[inline] #[inline]
pub fn as_ptr(&self) -> *const T { pub fn as_ptr(&self) -> *const T {
core::ptr::from_ref(self) as *const T self as *const _ as *const T
} }
#[inline] #[inline]
pub fn as_mut_ptr(&mut self) -> *mut T { pub fn as_mut_ptr(&mut self) -> *mut T {
core::ptr::from_mut(self) as *mut T self as *mut _ as *mut T
} }
#[inline] #[inline]
pub unsafe fn as_slice(&self, len: usize) -> &[T] { pub unsafe fn as_slice(&self, len: usize) -> &[T] {
@ -13445,7 +13445,9 @@ extern "C" {
} }
extern "C" { extern "C" {
pub fn libafl_add_backdoor_hook( pub fn libafl_add_backdoor_hook(
exec: ::std::option::Option<extern "C" fn(data: u64, pc: target_ulong)>, exec: ::std::option::Option<
extern "C" fn(data: u64, cpu: *mut CPUArchState, pc: target_ulong),
>,
data: u64, data: u64,
) -> usize; ) -> usize;
} }

8
libafl_qemu/src/emu.rs
View File

@ -23,7 +23,7 @@ use libafl_qemu_sys::{
libafl_qemu_cpu_index, libafl_qemu_current_cpu, libafl_qemu_gdb_reply, libafl_qemu_get_cpu, libafl_qemu_cpu_index, libafl_qemu_current_cpu, libafl_qemu_gdb_reply, libafl_qemu_get_cpu,
libafl_qemu_num_cpus, libafl_qemu_num_regs, libafl_qemu_read_reg, libafl_qemu_num_cpus, libafl_qemu_num_regs, libafl_qemu_read_reg,
libafl_qemu_remove_breakpoint, libafl_qemu_set_breakpoint, libafl_qemu_trigger_breakpoint, libafl_qemu_remove_breakpoint, libafl_qemu_set_breakpoint, libafl_qemu_trigger_breakpoint,
libafl_qemu_write_reg, CPUStatePtr, FatPtr, GuestUsize, libafl_qemu_write_reg, CPUArchStatePtr, CPUStatePtr, FatPtr, GuestUsize,
}; };
pub use libafl_qemu_sys::{GuestAddr, GuestPhysAddr, GuestVirtAddr}; pub use libafl_qemu_sys::{GuestAddr, GuestPhysAddr, GuestVirtAddr};
#[cfg(emulation_mode = "usermode")] #[cfg(emulation_mode = "usermode")]
@ -1254,11 +1254,11 @@ impl Qemu {
pub fn add_backdoor_hook<T: Into<HookData>>( pub fn add_backdoor_hook<T: Into<HookData>>(
&self, &self,
data: T, data: T,
callback: extern "C" fn(T, GuestAddr), callback: extern "C" fn(T, CPUArchStatePtr, GuestAddr),
) -> BackdoorHookId { ) -> BackdoorHookId {
unsafe { unsafe {
let data: u64 = data.into().0; let data: u64 = data.into().0;
let callback: extern "C" fn(u64, GuestAddr) = transmute(callback); let callback: extern "C" fn(u64, CPUArchStatePtr, GuestAddr) = transmute(callback);
let num = libafl_qemu_sys::libafl_add_backdoor_hook(Some(callback), data); let num = libafl_qemu_sys::libafl_add_backdoor_hook(Some(callback), data);
BackdoorHookId(num) BackdoorHookId(num)
} }
@ -1696,7 +1696,7 @@ where
pub fn add_backdoor_hook<T: Into<HookData>>( pub fn add_backdoor_hook<T: Into<HookData>>(
&self, &self,
data: T, data: T,
callback: extern "C" fn(T, GuestAddr), callback: extern "C" fn(T, CPUArchStatePtr, GuestAddr),
) -> BackdoorHookId { ) -> BackdoorHookId {
self.qemu.add_backdoor_hook(data, callback) self.qemu.add_backdoor_hook(data, callback)
} }

10
libafl_qemu/src/hooks.rs
View File

@ -17,7 +17,7 @@ use libafl::{
inputs::UsesInput, inputs::UsesInput,
state::NopState, state::NopState,
}; };
use libafl_qemu_sys::{FatPtr, GuestAddr, GuestUsize}; use libafl_qemu_sys::{CPUArchStatePtr, FatPtr, GuestAddr, GuestUsize};
pub use crate::emu::SyscallHookResult; pub use crate::emu::SyscallHookResult;
use crate::{ use crate::{
@ -255,7 +255,7 @@ macro_rules! create_exec_wrapper {
static mut GENERIC_HOOKS: Vec<Pin<Box<(InstructionHookId, FatPtr)>>> = vec![]; static mut GENERIC_HOOKS: Vec<Pin<Box<(InstructionHookId, FatPtr)>>> = vec![];
create_wrapper!(generic, (pc: GuestAddr)); create_wrapper!(generic, (pc: GuestAddr));
static mut BACKDOOR_HOOKS: Vec<Pin<Box<(BackdoorHookId, FatPtr)>>> = vec![]; static mut BACKDOOR_HOOKS: Vec<Pin<Box<(BackdoorHookId, FatPtr)>>> = vec![];
create_wrapper!(backdoor, (pc: GuestAddr)); create_wrapper!(backdoor, (cpu: CPUArchStatePtr, pc: GuestAddr));
#[cfg(emulation_mode = "usermode")] #[cfg(emulation_mode = "usermode")]
static mut PRE_SYSCALL_HOOKS: Vec<Pin<Box<(PreSyscallHookId, FatPtr)>>> = vec![]; static mut PRE_SYSCALL_HOOKS: Vec<Pin<Box<(PreSyscallHookId, FatPtr)>>> = vec![];
@ -987,9 +987,9 @@ where
pub fn backdoor( pub fn backdoor(
&self, &self,
hook: Hook< hook: Hook<
fn(&mut Self, Option<&mut S>, GuestAddr), fn(&mut Self, Option<&mut S>, cpu: CPUArchStatePtr, GuestAddr),
Box<dyn for<'a> FnMut(&'a mut Self, Option<&'a mut S>, GuestAddr)>, Box<dyn for<'a> FnMut(&'a mut Self, Option<&'a mut S>, GuestAddr)>,
extern "C" fn(*const (), pc: GuestAddr), extern "C" fn(*const (), cpu: CPUArchStatePtr, pc: GuestAddr),
>, >,
) -> BackdoorHookId { ) -> BackdoorHookId {
match hook { match hook {
@ -1005,7 +1005,7 @@ where
pub fn backdoor_function( pub fn backdoor_function(
&self, &self,
hook: fn(&mut Self, Option<&mut S>, pc: GuestAddr), hook: fn(&mut Self, Option<&mut S>, cpu: CPUArchStatePtr, pc: GuestAddr),
) -> BackdoorHookId { ) -> BackdoorHookId {
unsafe { unsafe {
self.qemu self.qemu