demo break+snapshot workflow

2021-12-28 22:14:13 +01:00 · 2021-12-28 22:14:13 +01:00 · ae0e744998
commit ae0e744998
parent c26a334f7a
5 changed files with 142 additions and 4 deletions
--- a/myconfigure.sh
+++ b/myconfigure.sh
@ -0,0 +1,69 @@
 #!/bin/sh
 cd "$(dirname "$0")"
 mkdir -p build
 cd build
 ../configure --target-list=arm-linux-user,arm-softmmu,x86_64-linux-user --enable-tcg-interpreter \
                --audio-drv-list= \
                --disable-blobs \
                --disable-bochs \
                --disable-brlapi \
                --disable-bsd-user \
                --disable-bzip2 \
                --disable-cap-ng \
                --disable-cloop \
                --disable-curl \
                --disable-curses \
                --disable-dmg \
                --enable-fdt \
                --disable-gcrypt \
                --disable-glusterfs \
                --disable-gnutls \
                --disable-gtk \
                --disable-guest-agent \
                --disable-iconv \
                --disable-libiscsi \
                --disable-libnfs \
                --disable-libssh \
                --disable-libusb \
                --disable-linux-aio \
                --disable-live-block-migration \
                --disable-lzo \
                --disable-nettle \
                --disable-numa \
                --disable-opengl \
                --disable-parallels \
                --disable-plugins \
                --disable-qcow1 \
                --disable-qed \
                --disable-rbd \
                --disable-rdma \
                --disable-replication \
                --disable-sdl \
                --disable-seccomp \
                --disable-smartcard \
                --disable-snappy \
                --disable-spice \
                --enable-system \
                --disable-tools \
                --disable-tpm \
                --disable-usb-redir \
                --disable-vde \
                --disable-vdi \
                --disable-vhost-crypto \
                --disable-vhost-kernel \
                --disable-vhost-net \
                --disable-vhost-scsi \
                --disable-vhost-user \
                --disable-vhost-vdpa \
                --disable-vhost-vsock \
                --disable-virglrenderer \
                --disable-virtfs \
                --disable-vnc \
                --disable-vnc-jpeg \
                --disable-vnc-png \
                --disable-vnc-sasl \
                --disable-vte \
                --disable-vvfat \
                --disable-xen \
                --disable-xen-pci-passthrough \
                --disable-xfsctl 
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@ -305,7 +305,10 @@ void cpu_handle_guest_debug(CPUState *cpu)
            cpu_single_step(cpu, 0);
        }
    } else {
-        gdb_set_stop_cpu(cpu);
+        /* Begin LibAFL changes */
        // With LibAFL Breakpoints there is no gdb attached.
        // gdb_set_stop_cpu(cpu);
        /* End LibAFL changes */
        qemu_system_debug_request();
        cpu->stopped = true;
    }
--- a/softmmu/main.c
+++ b/softmmu/main.c
@ -44,11 +44,63 @@ int main(int argc, char **argv)
 #define main qemu_main
 #endif /* CONFIG_COCOA */
 /* Begin LibAFL instrumentation */
 #include "sysemu/runstate.h"
 #include "migration/snapshot.h"
 #include "hw/core/cpu.h"
 #include "qapi/error.h"
 void libafl_qemu_main_loop( void );
 void libafl_qemu_init(int argc, char **argv, char **envp);
 void libafl_qemu_cleanup( void );
 void libafl_qemu_init(int argc, char **argv, char **envp) { qemu_init(argc, argv, envp); }
 void libafl_qemu_cleanup( void ) { qemu_cleanup(); }
 void libafl_breakpoint_insert( vaddr );
 void libafl_snapshot_save( const char* );
 void libafl_snapshot_load( const char* );
 void libafl_qemu_main_loop( void )
 {
    vm_start();
    qemu_main_loop();
 }
 void libafl_breakpoint_insert(vaddr pc)
 {
    CPUState *cpu;
    CPU_FOREACH(cpu) {
        cpu_breakpoint_insert(cpu, pc, BP_GDB, NULL);
    }
 }
 void libafl_snapshot_save( const char* name )
 {
    Error *err = NULL;
    save_snapshot(name, true, NULL, false, NULL, &err);
 }
 void libafl_snapshot_load( const char* name )
 {
    Error *err = NULL;
    load_snapshot(name, NULL, false, NULL, &err);
 }
 int main(int argc, char **argv, char **envp)
 {
-    qemu_init(argc, argv, envp);
+    // qemu_init(argc, argv, envp);
-    qemu_main_loop();
+    // qemu_main_loop();
-    qemu_cleanup();
+    // qemu_cleanup();
    libafl_qemu_init(argc, argv, envp);
    libafl_breakpoint_insert(0x00004f5c);
    libafl_snapshot_save("Start");
    do {
        libafl_qemu_main_loop();
        libafl_snapshot_load("Start");
        puts("Reload has occured");
    } while (runstate_check(RUN_STATE_DEBUG));
    libafl_qemu_cleanup();
    return 0;
 }
 /* End LibAFL instrumentation */
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@ -668,6 +668,10 @@ static bool main_loop_should_exit(void)
    if (qemu_debug_requested()) {
        vm_stop(RUN_STATE_DEBUG);
        /* Begin LibAFL instrumentation */
        // main loop will exit back to fuzzer
        return true;
        /* End LibAFL instrumentation */
    }
    if (qemu_suspend_requested()) {
        qemu_system_suspend();
--- a/starter.sh
+++ b/starter.sh
@ -0,0 +1,10 @@
 #!/bin/sh
 if [ ! -f dummy.qcow2 ]; then
 	qemu-img create -f qcow2 dummy.qcow2 32M
 fi
 build/qemu-system-arm -machine mps2-an385 -monitor null -semihosting \
        --semihosting-config enable=on,target=native \
        -kernel $1 \
        -serial stdio -nographic \
 	-snapshot -drive if=none,format=qcow2,file=dummy.qcow2 \
        -S