Add a functionality to see the current qemu mappings. (#2971)

* add * a * take qemu * fix for fuzzers
2025-02-12 16:56:36 +01:00 · 2025-02-12 16:56:36 +01:00 · cb3abf27a3
commit cb3abf27a3
parent 739156cb23
2 changed files with 49 additions and 9 deletions
--- a/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs
+++ b/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs
@ -31,7 +31,7 @@ use libafl_qemu::{
    elf::EasyElf,
    modules::{drcov::DrCovModule, SnapshotModule},
    ArchExtras, CallingConvention, Emulator, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExecutor,
-    QemuExitReason, QemuRWError, QemuShutdownCause, Regs,
+    QemuExitReason, QemuMappingsViewer, QemuRWError, QemuShutdownCause, Regs,
 };

 #[derive(Default)]
@ -156,14 +156,8 @@ pub fn fuzz() {

        qemu.entry_break(test_one_input_ptr);

-        for m in qemu.mappings() {
-            log::info!(
-                "Mapping: 0x{:016x}-0x{:016x}, {}",
-                m.start(),
-                m.end(),
-                m.path().unwrap_or(&"<EMPTY>".to_string())
-            );
-        }
+        let mappings = QemuMappingsViewer::new(&qemu);
+        println!("{:#?}", mappings);

        let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap();
        log::info!("Break at {pc:#x}");
--- a/libafl_qemu/src/qemu/usermode.rs
+++ b/libafl_qemu/src/qemu/usermode.rs
@ -16,6 +16,52 @@ use pyo3::{pyclass, pymethods, IntoPyObject, Py, PyRef, PyRefMut, Python};

 use crate::{qemu::QEMU_IS_RUNNING, Qemu, CPU};

+pub struct QemuMappingsViewer<'a> {
+    qemu: &'a Qemu,
+    mappings: Vec<MapInfo>,
+}
+
+impl<'a> QemuMappingsViewer<'a> {
+    /// Capture the memory mappings of Qemu at the moment when we create this object
+    /// Thus if qemu make updates to the mappings, they won't be reflected to this object.
+    #[must_use]
+    pub fn new(qemu: &'a Qemu) -> Self {
+        let mut mappings: Vec<MapInfo> = vec![];
+        for m in qemu.mappings() {
+            mappings.push(m);
+        }
+        Self { qemu, mappings }
+    }
+
+    /// Update the mappings
+    pub fn update(&mut self) {
+        let mut mappings: Vec<MapInfo> = vec![];
+        for m in self.qemu.mappings() {
+            mappings.push(m);
+        }
+        self.mappings = mappings;
+    }
+}
+
+impl core::fmt::Debug for QemuMappingsViewer<'_> {
+    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+        for m in &self.mappings {
+            let flags = format!("Flags: {:?}", m.flags());
+            let padded = format!("{flags:<20}");
+            writeln!(
+                f,
+                "Mapping: 0x{:016x}-0x{:016x}, {:>10} IsPriv: {:?} Path: {}",
+                m.start(),
+                m.end(),
+                padded,
+                m.is_priv(),
+                m.path().unwrap_or(&"<EMPTY>".to_string())
+            )?;
+        }
+        Ok(())
+    }
+}
+
 #[cfg_attr(feature = "python", pyclass(unsendable))]
 pub struct GuestMaps {
    self_maps_root: *mut IntervalTreeRoot,