diff --git a/libafl_qemu/src/command.rs b/libafl_qemu/src/command.rs index bb658d9b6c..9e70c0a46e 100644 --- a/libafl_qemu/src/command.rs +++ b/libafl_qemu/src/command.rs @@ -5,9 +5,10 @@ use std::fmt::{Debug, Display, Formatter}; use enum_map::Enum; use libafl::{ executors::ExitKind, - inputs::{BytesInput, HasBytesVec}, + inputs::HasTargetBytes, state::{HasExecutions, State}, }; +use libafl_bolts::AsSlice; use libafl_qemu_sys::{GuestPhysAddr, GuestVirtAddr}; use num_enum::TryFromPrimitive; @@ -77,7 +78,7 @@ where &self, emu: &Emulator, qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ret_reg: Option, ) -> Result; } @@ -106,6 +107,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { match self { @@ -145,7 +147,7 @@ where &self, emu: &Emulator>, qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ret_reg: Option, ) -> Result { match self { @@ -233,6 +235,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { false @@ -246,7 +249,7 @@ where QT, S, >, - _input: &BytesInput, + _input: &S::Input, _ret_reg: Option, ) -> Result { let qemu = emu.qemu(); @@ -286,6 +289,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { false @@ -295,7 +299,7 @@ where &self, emu: &Emulator>, _qemu_executor_state: &mut QemuExecutorState, - _input: &BytesInput, + _input: &S::Input, _ret_reg: Option, ) -> Result { let qemu = emu.qemu(); @@ -323,6 +327,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { true @@ -332,12 +337,12 @@ where &self, emu: &Emulator>, _qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ret_reg: Option, ) -> Result { let qemu = emu.qemu(); - let ret_value = self.location.write(qemu, input.bytes()); + let ret_value = self.location.write(qemu, input.target_bytes().as_slice()); if let Some(reg) = ret_reg { qemu.write_reg(reg, ret_value).unwrap(); @@ -357,6 +362,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { false @@ -366,7 +372,7 @@ where &self, emu: &Emulator>, _qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ret_reg: Option, ) -> Result { let emu_exit_handler = emu.exit_handler().borrow_mut(); @@ -381,7 +387,9 @@ where .set_input_location(self.input_location.clone(), ret_reg) .unwrap(); - let ret_value = self.input_location.write(qemu, input.bytes()); + let ret_value = self + .input_location + .write(qemu, input.target_bytes().as_slice()); if let Some(reg) = ret_reg { qemu.write_reg(reg, ret_value).unwrap(); @@ -399,6 +407,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { false @@ -408,7 +417,7 @@ where &self, emu: &Emulator>, _qemu_executor_state: &mut QemuExecutorState, - _input: &BytesInput, + _input: &S::Input, _ret_reg: Option, ) -> Result { let emu_exit_handler = emu.exit_handler().borrow_mut(); @@ -433,6 +442,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { true @@ -442,7 +452,7 @@ where &self, _emu: &Emulator>, _qemu_executor_state: &mut QemuExecutorState, - _input: &BytesInput, + _input: &S::Input, _ret_reg: Option, ) -> Result { let guest_version = self.0; @@ -471,6 +481,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { true @@ -480,7 +491,7 @@ where &self, _emu: &Emulator>, qemu_executor_state: &mut QemuExecutorState, - _input: &BytesInput, + _input: &S::Input, _ret_reg: Option, ) -> Result { let qemu_helpers = qemu_executor_state.hooks_mut().helpers_mut(); @@ -501,6 +512,7 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn usable_at_runtime(&self) -> bool { true @@ -511,7 +523,7 @@ where &self, _emu: &Emulator>, qemu_executor_state: &mut QemuExecutorState, - _input: &BytesInput, + _input: &S::Input, _ret_reg: Option, ) -> Result { let qemu_helpers = qemu_executor_state.hooks_mut().helpers_mut(); diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs index 2992ec4618..582a22440e 100644 --- a/libafl_qemu/src/emu.rs +++ b/libafl_qemu/src/emu.rs @@ -14,7 +14,7 @@ use std::{ ptr, }; -use libafl::{executors::ExitKind, inputs::BytesInput}; +use libafl::executors::ExitKind; #[cfg(emulation_mode = "systemmode")] use libafl_qemu_sys::qemu_init; #[cfg(emulation_mode = "usermode")] @@ -128,14 +128,14 @@ where fn try_put_input( emu: &Emulator, qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ); fn handle( emu: &Emulator, exit_reason: Result, qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ) -> Result; } @@ -157,13 +157,13 @@ where QT: QemuHelperTuple, S: State + HasExecutions, { - fn try_put_input(_: &Emulator, _: &mut QemuExecutorState, _: &BytesInput) {} + fn try_put_input(_: &Emulator, _: &mut QemuExecutorState, _: &S::Input) {} fn handle( _: &Emulator, exit_reason: Result, _: &mut QemuExecutorState, - _: &BytesInput, + _: &S::Input, ) -> Result { match exit_reason { Ok(reason) => Ok(InnerHandlerResult::ReturnToHarness(reason)), @@ -226,11 +226,12 @@ where SM: IsSnapshotManager, QT: QemuHelperTuple + StdInstrumentationFilter + Debug, S: State + HasExecutions, + S::Input: HasTargetBytes, { fn try_put_input( emu: &Emulator, qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ) { let exit_handler = emu.state().exit_handler.borrow(); @@ -246,7 +247,7 @@ where emu: &Emulator, exit_reason: Result, qemu_executor_state: &mut QemuExecutorState, - input: &BytesInput, + input: &S::Input, ) -> Result { let exit_handler = emu.exit_handler().borrow_mut(); let qemu = emu.qemu(); @@ -632,7 +633,10 @@ create_hook_id!(NewThread, libafl_qemu_remove_new_thread_hook, false); use std::{pin::Pin, ptr::NonNull}; -use libafl::state::{HasExecutions, State}; +use libafl::{ + inputs::HasTargetBytes, + state::{HasExecutions, State}, +}; use libafl_bolts::os::unix_signals::Signal; use crate::{ @@ -1528,7 +1532,7 @@ where /// Of course, the emulated target is not contained securely and can corrupt state or interact with the operating system. pub unsafe fn run( &self, - input: &BytesInput, + input: &S::Input, qemu_executor_state: &mut QemuExecutorState, ) -> Result { loop {