From a420eb05138dddb35a4eecf90703a4b9cd674a76 Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Fri, 1 Oct 2021 16:27:26 +0200
Subject: [PATCH] Qemu generic hooks (#313)

* generic hooks

* Fix generic hooks
---
 fuzzers/fuzzbench_qemu/fuzz.c |  3 +++
 libafl_qemu/build.rs          |  2 +-
 libafl_qemu/src/emu.rs        | 14 ++++++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/fuzzers/fuzzbench_qemu/fuzz.c b/fuzzers/fuzzbench_qemu/fuzz.c
index 70afd693f1..d3fd13c603 100644
--- a/fuzzers/fuzzbench_qemu/fuzz.c
+++ b/fuzzers/fuzzbench_qemu/fuzz.c
@@ -2,8 +2,11 @@
 #include <stdlib.h>
 #include <stdio.h>
 
+char o = 0;
+
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     // printf("Got %ld bytes.\n", Size);
+    o += 1;
     if (Size >= 4 && *(uint32_t*)Data == 0xaabbccdd)
       abort();
 }
diff --git a/libafl_qemu/build.rs b/libafl_qemu/build.rs
index 5ad04db206..ec310b89bc 100644
--- a/libafl_qemu/build.rs
+++ b/libafl_qemu/build.rs
@@ -3,7 +3,7 @@ use which::which;
 
 const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-const QEMU_REVISION: &str = "6065cb8a84b305146d37ae540926bac439fc5601";
+const QEMU_REVISION: &str = "f9898d7db457e57f84178c3ae58b4972ad66587d";
 
 fn build_dep_check(tools: &[&str]) {
     for tool in tools {
diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs
index 62b5687ded..4c458b9e49 100644
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@@ -178,6 +178,8 @@ extern "C" {
     fn libafl_qemu_num_regs() -> i32;
     fn libafl_qemu_set_breakpoint(addr: u64) -> i32;
     fn libafl_qemu_remove_breakpoint(addr: u64) -> i32;
+    fn libafl_qemu_insert_hook(addr: u64, callback: /*extern "C"*/ extern fn ()) -> i32;
+    fn libafl_qemu_remove_hook(addr: u64) -> i32;
     fn libafl_qemu_run() -> i32;
     fn libafl_load_addr() -> u64;
     fn libafl_get_brk() -> u64;
@@ -395,6 +397,18 @@ pub fn remove_breakpoint(addr: u64) {
     }
 }
 
+pub fn set_hook(addr: u64, callback: extern fn()) {
+    unsafe {
+        libafl_qemu_insert_hook(addr, callback);
+    }
+}
+
+pub fn remove_hook(addr: u64) {
+    unsafe {
+        libafl_qemu_remove_hook(addr);
+    }
+}
+
 pub fn run() {
     unsafe {
         libafl_qemu_run();