SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add interrupt injection

Browse Source
This commit is contained in:
Alwin Berger 2023-01-03 20:09:45 +01:00
parent decae09931
commit 9b9fbc3677
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fuzzers/FRET/src/fuzzer.rs
View File

@ -54,6 +54,10 @@ fn virt2phys(vaddr: GuestAddr, tab: &EasyElf) -> GuestAddr {
return vaddr; return vaddr;
} }
extern "C" {
static mut libafl_int_offset : u32;
}
pub fn fuzz() { pub fn fuzz() {
if let Ok(s) = env::var("FUZZ_SIZE") { if let Ok(s) = env::var("FUZZ_SIZE") {
str::parse::<usize>(&s).expect("FUZZ_SIZE was not a number"); str::parse::<usize>(&s).expect("FUZZ_SIZE was not a number");
@ -126,6 +130,9 @@ pub fn fuzz() {
) )
.expect("Symbol or env BREAKPOINT not found"); .expect("Symbol or env BREAKPOINT not found");
println!("Breakpoint address = {:#x}", breakpoint); println!("Breakpoint address = {:#x}", breakpoint);
unsafe {
libafl_int_offset = 422483;
}
let mut run_client = |state: Option<_>, mut mgr, _core_id| { let mut run_client = |state: Option<_>, mut mgr, _core_id| {
// Initialize QEMU // Initialize QEMU

2
libafl_qemu/src/emu.rs
View File

@ -285,6 +285,7 @@ extern "C" {
fn libafl_load_qemu_snapshot(name: *const u8, sync: bool); fn libafl_load_qemu_snapshot(name: *const u8, sync: bool);
pub fn icount_get_raw() -> u64; pub fn icount_get_raw() -> u64;
fn libafl_start_int_timer();
} }
#[cfg(emulation_mode = "systemmode")] #[cfg(emulation_mode = "systemmode")]
@ -881,6 +882,7 @@ impl Emulator {
libafl_qemu_run(); libafl_qemu_run();
#[cfg(emulation_mode = "systemmode")] #[cfg(emulation_mode = "systemmode")]
{ {
libafl_start_int_timer();
vm_start(); vm_start();
qemu_main_loop(); qemu_main_loop();
} }