diff --git a/3k.c b/3k.c new file mode 100644 index 0000000000..ef50133794 --- /dev/null +++ b/3k.c @@ -0,0 +1,72 @@ +#include +#include + +void libafl_qemu_main_loop( void ); +void libafl_qemu_sys_init(int argc, char **argv, char **envp); +void libafl_qemu_cleanup( void ); + +void libafl_qemu_set_breakpoint( unsigned long int ); + +void libafl_qemu_remove_native_breakpoint( unsigned long int ); +void libafl_qemu_set_native_breakpoint( unsigned long int ); +void libafl_snapshot_save( const char* ); +void libafl_snapshot_load( const char* ); + +void libafl_phys_read(uint32_t, uint8_t*, int); + +void libafl_phys_write(uint32_t, uint8_t*, int); + +int64_t icount_to_ns(int64_t icount); + +int64_t libafl_get_clock( void ); +int main(int argc, char **argv, char **envp) +{ + unsigned char buf[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~"; + unsigned char buf2[32] = "0"; + unsigned char buf3[32] = "z"; + unsigned char buf4[32] = "a!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; + unsigned char buf5[32] = "b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; + libafl_qemu_sys_init(argc, argv, envp); + int pheader = 0x00006a4c; + // libafl_phys_read(0x20000110-0x20000100+pheader, buf,32); + // printf("FUZZ_INPUT[0]: %c\n", buf[0]); + // Start pre-run + libafl_qemu_set_native_breakpoint(0x4ce2);//send 217028 + libafl_qemu_main_loop(); + libafl_qemu_remove_native_breakpoint(0x4ce2); + // End pre-run + libafl_snapshot_save("Start"); + libafl_qemu_set_native_breakpoint(0x4be0); + int64_t tmp = libafl_get_clock(); + printf("snapshot icount: %ld, %ldns\n",tmp,icount_to_ns(tmp)); + libafl_snapshot_load("Start"); + tmp = libafl_get_clock(); + printf("snapshot icount after load: %ld, %ldns\n",tmp,icount_to_ns(tmp)); + + libafl_phys_write(0x20000110-0x20000100+pheader, buf,32); + libafl_qemu_main_loop(); + printf("%ld für %s\n",libafl_get_clock(),buf); + libafl_snapshot_load("Start"); + + libafl_phys_write(0x20000110-0x20000100+pheader, buf2,32); + libafl_qemu_main_loop(); + printf("%ld für %s\n",libafl_get_clock(),buf2); + libafl_snapshot_load("Start"); + + libafl_phys_write(0x20000110-0x20000100+pheader, buf3,32); + libafl_qemu_main_loop(); + printf("%ld für %s\n",libafl_get_clock(),buf3); + libafl_snapshot_load("Start"); + /*int counter = 3000; + do { + libafl_phys_write(0x20000110-0x20000100+pheader, buf,32); + libafl_qemu_main_loop(); + int64_t tmp = libafl_get_clock(); + printf("%ld, %ldns\n",tmp,icount_to_ns(tmp)); + libafl_snapshot_load("Start"); + // puts("Reload has occured"); + counter--; + } while (counter);*/ + libafl_qemu_cleanup(); + return 0; +} diff --git a/myconfigureunshared.sh b/myconfigureunshared.sh new file mode 100755 index 0000000000..4339d7b11d --- /dev/null +++ b/myconfigureunshared.sh @@ -0,0 +1,69 @@ +#!/bin/sh +cd "$(dirname "$0")" +mkdir -p build +cd build +../configure --target-list=arm-linux-user,arm-softmmu \ + --audio-drv-list= \ + --disable-blobs \ + --disable-bochs \ + --disable-brlapi \ + --disable-bsd-user \ + --disable-bzip2 \ + --disable-cap-ng \ + --disable-cloop \ + --disable-curl \ + --disable-curses \ + --disable-dmg \ + --enable-fdt \ + --disable-gcrypt \ + --disable-glusterfs \ + --disable-gnutls \ + --disable-gtk \ + --disable-guest-agent \ + --disable-iconv \ + --disable-libiscsi \ + --disable-libnfs \ + --disable-libssh \ + --disable-libusb \ + --disable-linux-aio \ + --disable-live-block-migration \ + --disable-lzo \ + --disable-nettle \ + --disable-numa \ + --disable-opengl \ + --disable-parallels \ + --disable-plugins \ + --disable-qcow1 \ + --disable-qed \ + --disable-rbd \ + --disable-rdma \ + --disable-replication \ + --disable-sdl \ + --disable-seccomp \ + --disable-smartcard \ + --disable-snappy \ + --disable-spice \ + --enable-system \ + --disable-tools \ + --disable-tpm \ + --disable-usb-redir \ + --disable-vde \ + --disable-vdi \ + --disable-vhost-crypto \ + --disable-vhost-kernel \ + --disable-vhost-net \ + --disable-vhost-scsi \ + --disable-vhost-user \ + --disable-vhost-vdpa \ + --disable-vhost-vsock \ + --disable-virglrenderer \ + --disable-virtfs \ + --disable-vnc \ + --disable-vnc-jpeg \ + --disable-vnc-png \ + --disable-vnc-sasl \ + --disable-vte \ + --disable-vvfat \ + --disable-xen \ + --disable-xen-pci-passthrough \ + --disable-xfsctl diff --git a/mytest.c b/mytest.c new file mode 100644 index 0000000000..baead008e7 --- /dev/null +++ b/mytest.c @@ -0,0 +1,31 @@ +#include +#include + +void libafl_qemu_main_loop( void ); +void libafl_qemu_sys_init(int argc, char **argv, char **envp); +void libafl_qemu_cleanup( void ); + +void libafl_qemu_set_breakpoint( unsigned long int ); +void libafl_qemu_remove_native_breakpoint( unsigned long int ); +void libafl_qemu_set_native_breakpoint( unsigned long int ); +void libafl_snapshot_save( const char* ); +void libafl_snapshot_load( const char* ); +int64_t libafl_get_clock( void ); +int main(int argc, char **argv, char **envp) +{ + libafl_qemu_sys_init(argc, argv, envp); + libafl_qemu_set_native_breakpoint(0x4c60);//send 217028 + libafl_qemu_main_loop(); + libafl_qemu_remove_native_breakpoint(0x4c60); + libafl_qemu_set_native_breakpoint(0x00004f5c); + libafl_snapshot_save("Start"); + printf("Snap start icount: %lu\n",libafl_get_clock()); + libafl_qemu_main_loop(); + printf("tr1 icount: %lu\n",libafl_get_clock()); + libafl_snapshot_load("Start"); + libafl_qemu_main_loop(); + printf("tr2 icount: %lu\n",libafl_get_clock()); + libafl_qemu_cleanup(); + + return 0; +} \ No newline at end of file diff --git a/myteststarter.sh b/myteststarter.sh new file mode 100755 index 0000000000..c6f7e49337 --- /dev/null +++ b/myteststarter.sh @@ -0,0 +1,12 @@ +#!/bin/sh +if [ ! -f dummy.qcow2 ]; then + qemu-img create -f qcow2 dummy.qcow2 32M +fi +export LD_LIBRARY_PATH=./build +build/qemu-system-arm -machine mps2-an385 -monitor null -semihosting \ + --semihosting-config enable=on,target=native \ + -kernel $1 \ + -serial stdio -nographic \ + -snapshot -drive if=none,format=qcow2,file=dummy.qcow2 \ + -icount shift=3,align=off,sleep=off \ + -S