SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

kill -9 qemu_libafl_bridge

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-07-09 15:21:32 +02:00
parent 3c47ed8361
commit a493478375
7 changed files with 0 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
qemu_libafl_bridge/.gitignore vendored
View File

@ -1,14 +0,0 @@
# Generated by Cargo
# will have compiled files and executables
debug/
target/
# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
Cargo.lock
# These are backup files generated by rustfmt
**/*.rs.bk
# MSVC Windows builds of rustc generate these, which store debugging information
*.pdb

18
qemu_libafl_bridge/Cargo.toml
View File

@ -1,18 +0,0 @@
[package]
name = "qemu_libafl_bridge"
version = "0.3.2"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
description = "QEMU and LibAFL bridge lib"
repository = "https://github.com/AFLplusplus/qemu-libafl-bridge/"
license = "MIT OR Apache-2.0"
readme = "../README.md"
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
num = "0.4"
num_enum = "0.5.1"
[build-dependencies]
cc = { version = "1.0" }

17
qemu_libafl_bridge/build.rs
View File

@ -1,17 +0,0 @@
use std::{env, path::Path};
fn main() {
let out_dir = env::var_os("OUT_DIR").unwrap();
let out_dir = out_dir.to_string_lossy().to_string();
let src_dir = Path::new("src");
println!("cargo:rerun-if-changed=src/weaks.c");
cc::Build::new()
.file(src_dir.join("weaks.c"))
.compile("weaks");
println!("cargo:rustc-link-search=native={}", &out_dir);
println!("cargo:rerun-if-changed=build.rs");
}

25
qemu_libafl_bridge/src/amd64.rs
View File

@ -1,25 +0,0 @@
use num_enum::{IntoPrimitive, TryFromPrimitive};
#[derive(IntoPrimitive, TryFromPrimitive, Clone, Copy)]
#[repr(i32)]
#[allow(clippy::pub_enum_variant_names)]
pub enum Amd64Regs {
Rax = 0,
Rbx = 1,
Rcx = 2,
Rdx = 3,
Rsi = 4,
Rdi = 5,
Rbp = 6,
Rsp = 7,
R8 = 8,
R9 = 9,
R10 = 10,
R11 = 11,
R12 = 12,
R13 = 13,
R14 = 14,
R15 = 15,
Rip = 16,
Rflags = 17,
}

109
qemu_libafl_bridge/src/lib.rs
View File

@ -1,109 +0,0 @@
use core::{convert::Into, mem::transmute, ptr::copy_nonoverlapping};
use num::Num;
use std::{slice::from_raw_parts, str::from_utf8_unchecked};
pub mod amd64;
pub mod x86;
/*
int libafl_qemu_write_reg(int reg, uint8_t* val);
int libafl_qemu_read_reg(int reg, uint8_t* val);
int libafl_qemu_num_regs(void);
int libafl_qemu_set_breakpoint(uint64_t addr);
int libafl_qemu_remove_breakpoint(uint64_t addr);
*/
extern "C" {
fn libafl_qemu_write_reg(reg: i32, val: *const u8) -> i32;
fn libafl_qemu_read_reg(reg: i32, val: *mut u8) -> i32;
fn libafl_qemu_num_regs() -> i32;
fn libafl_qemu_set_breakpoint(addr: u64) -> i32;
fn libafl_qemu_remove_breakpoint(addr: u64) -> i32;
fn libafl_qemu_run() -> i32;
fn strlen(s: *const u8) -> usize;
static exec_path: *const u8;
static guest_base: isize;
}
pub struct QemuEmulator {}
impl QemuEmulator {
pub fn write_mem<T>(&mut self, addr: isize, buf: &[T]) {
let host_addr = self.g2h(addr);
unsafe { copy_nonoverlapping(buf.as_ptr() as *const _ as *const u8, host_addr, buf.len()) }
}
pub fn read_mem<T>(&mut self, addr: isize, buf: &mut [T]) {
let host_addr = self.g2h(addr);
unsafe {
copy_nonoverlapping(
host_addr as *const u8,
buf.as_mut_ptr() as *mut _ as *mut u8,
buf.len(),
)
}
}
pub fn num_regs(&self) -> i32 {
unsafe { libafl_qemu_num_regs() }
}
pub fn write_reg<R, T>(&mut self, reg: R, val: T) -> Result<(), String>
where
T: Num + PartialOrd + Copy,
R: Into<i32>,
{
let reg = reg.into();
let success = unsafe { libafl_qemu_write_reg(reg, &val as *const _ as *const u8) };
if success != 0 {
Ok(())
} else {
Err(format!("Failed to write to register {}", reg))
}
}
pub fn read_reg<R, T>(&mut self, reg: R) -> Result<T, String>
where
T: Num + PartialOrd + Copy,
R: Into<i32>,
{
let reg = reg.into();
let mut val = T::zero();
let success = unsafe { libafl_qemu_read_reg(reg, &mut val as *mut _ as *mut u8) };
if success != 0 {
Ok(val)
} else {
Err(format!("Failed to read register {}", reg))
}
}
pub fn set_breakpoint(&mut self, addr: isize) {
unsafe { libafl_qemu_set_breakpoint(addr as u64) };
}
pub fn remove_breakpoint(&mut self, addr: isize) {
unsafe { libafl_qemu_remove_breakpoint(addr as u64) };
}
pub fn run(&mut self) {
unsafe { libafl_qemu_run() };
}
pub fn g2h(&self, addr: isize) -> *mut u8 {
unsafe { transmute(addr + guest_base) }
}
pub fn h2g(&self, addr: isize) -> *mut u8 {
unsafe { transmute(addr - guest_base) }
}
pub fn exec_path(&self) -> &str {
unsafe { from_utf8_unchecked(from_raw_parts(exec_path, strlen(exec_path))) }
}
pub fn new() -> Self {
Self {}
}
}

35
qemu_libafl_bridge/src/weaks.c
View File

@ -1,35 +0,0 @@
#include <stdlib.h>
#include <stdint.h>
__attribute__((weak)) int libafl_qemu_write_reg(int reg, uint8_t* val) {
(void)reg;
(void)val;
return 0;
}
__attribute__((weak)) int libafl_qemu_read_reg(int reg, uint8_t* val) {
(void)reg;
(void)val;
return 0;
}
__attribute__((weak)) int libafl_qemu_num_regs(void) {
return 0;
}
__attribute__((weak)) int libafl_qemu_set_breakpoint(uint64_t addr) {
(void)addr;
return 0;
}
__attribute__((weak)) int libafl_qemu_remove_breakpoint(uint64_t addr) {
(void)addr;
return 0;
}
__attribute__((weak)) int libafl_qemu_run() {
return 0;
}
__attribute__((weak)) char* exec_path = NULL;
__attribute__((weak)) size_t guest_base = 0;

17
qemu_libafl_bridge/src/x86.rs
View File

@ -1,17 +0,0 @@
use num_enum::{IntoPrimitive, TryFromPrimitive};
#[derive(IntoPrimitive, TryFromPrimitive, Clone, Copy)]
#[repr(i32)]
#[allow(clippy::pub_enum_variant_names)]
pub enum X86Regs {
Eax = 0,
Ebx = 1,
Ecx = 2,
Edx = 3,
Esi = 4,
Edi = 5,
Ebp = 6,
Esp = 7,
Eip = 8,
Eflags = 9,
}