SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a functionality to see the current qemu mappings. (#2971)

Browse Source 
* add

* a

* take qemu

* fix for fuzzers
This commit is contained in:
Dongjia "toka" Zhang 2025-02-12 16:56:36 +01:00 committed by GitHub
parent 739156cb23
commit cb3abf27a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 49 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fuzzers/binary_only/qemu_coverage/src/fuzzer.rs
View File

@ -31,7 +31,7 @@ use libafl_qemu::{
elf::EasyElf, elf::EasyElf,
modules::{drcov::DrCovModule, SnapshotModule}, modules::{drcov::DrCovModule, SnapshotModule},
ArchExtras, CallingConvention, Emulator, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExecutor, ArchExtras, CallingConvention, Emulator, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExecutor,
QemuExitReason, QemuRWError, QemuShutdownCause, Regs, QemuExitReason, QemuMappingsViewer, QemuRWError, QemuShutdownCause, Regs,
}; };
#[derive(Default)] #[derive(Default)]
@ -156,14 +156,8 @@ pub fn fuzz() {
qemu.entry_break(test_one_input_ptr); qemu.entry_break(test_one_input_ptr);
for m in qemu.mappings() { let mappings = QemuMappingsViewer::new(&qemu);
log::info!( println!("{:#?}", mappings);
"Mapping: 0x{:016x}-0x{:016x}, {}",
m.start(),
m.end(),
m.path().unwrap_or(&"<EMPTY>".to_string())
);
}
let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap(); let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap();
log::info!("Break at {pc:#x}"); log::info!("Break at {pc:#x}");

46
libafl_qemu/src/qemu/usermode.rs
View File

@ -16,6 +16,52 @@ use pyo3::{pyclass, pymethods, IntoPyObject, Py, PyRef, PyRefMut, Python};
use crate::{qemu::QEMU_IS_RUNNING, Qemu, CPU}; use crate::{qemu::QEMU_IS_RUNNING, Qemu, CPU};
pub struct QemuMappingsViewer<'a> {
qemu: &'a Qemu,
mappings: Vec<MapInfo>,
}
impl<'a> QemuMappingsViewer<'a> {
/// Capture the memory mappings of Qemu at the moment when we create this object
/// Thus if qemu make updates to the mappings, they won't be reflected to this object.
#[must_use]
pub fn new(qemu: &'a Qemu) -> Self {
let mut mappings: Vec<MapInfo> = vec![];
for m in qemu.mappings() {
mappings.push(m);
}
Self { qemu, mappings }
}
/// Update the mappings
pub fn update(&mut self) {
let mut mappings: Vec<MapInfo> = vec![];
for m in self.qemu.mappings() {
mappings.push(m);
}
self.mappings = mappings;
}
}
impl core::fmt::Debug for QemuMappingsViewer<'_> {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
for m in &self.mappings {
let flags = format!("Flags: {:?}", m.flags());
let padded = format!("{flags:<20}");
writeln!(
f,
"Mapping: 0x{:016x}-0x{:016x}, {:>10} IsPriv: {:?} Path: {}",
m.start(),
m.end(),
padded,
m.is_priv(),
m.path().unwrap_or(&"<EMPTY>".to_string())
)?;
}
Ok(())
}
}
#[cfg_attr(feature = "python", pyclass(unsendable))] #[cfg_attr(feature = "python", pyclass(unsendable))]
pub struct GuestMaps { pub struct GuestMaps {
self_maps_root: *mut IntervalTreeRoot, self_maps_root: *mut IntervalTreeRoot,