diff --git a/libafl_extras/hook.c b/libafl_extras/hook.c index 272ecaf736..620a1d3043 100644 --- a/libafl_extras/hook.c +++ b/libafl_extras/hook.c @@ -37,6 +37,7 @@ size_t libafl_qemu_set_hook(target_ulong pc, void (*callback)(uint64_t, target_u hk->helper_info.name = "libafl_hook"; hk->helper_info.flags = dh_callflag(void); hk->helper_info.typemask = dh_typemask(void, 0) | dh_typemask(tl, 1) | dh_typemask(i64, 2); + // TODO check for overflow hk->num = libafl_qemu_hooks_num++; hk->next = libafl_qemu_hooks[idx]; libafl_qemu_hooks[idx] = hk; @@ -111,6 +112,52 @@ struct libafl_hook* libafl_search_hook(target_ulong addr) return NULL; } +#define GEN_REMOVE_HOOK(name) \ +int libafl_qemu_remove_##name##_hook(size_t num, int invalidate) \ +{ \ + CPUState *cpu; \ + struct libafl_##name##_hook** hk = &libafl_##name##_hooks; \ + \ + while (*hk) { \ + if ((*hk)->num == num) { \ + if (invalidate) { \ + CPU_FOREACH(cpu) { \ + tb_flush(cpu); \ + } \ + } \ + \ + void *tmp = *hk; \ + *hk = (*hk)->next; \ + free(tmp); \ + return 1; \ + } else { \ + hk = &(*hk)->next; \ + } \ + } \ + \ + return 0; \ +} + +#define GEN_REMOVE_HOOK1(name) \ +int libafl_qemu_remove_##name##_hook(size_t num) \ +{ \ + struct libafl_##name##_hook** hk = &libafl_##name##_hooks; \ + \ + while (*hk) { \ + if ((*hk)->num == num) { \ + void *tmp = *hk; \ + *hk = (*hk)->next; \ + free(tmp); \ + return 1; \ + } else { \ + hk = &(*hk)->next; \ + } \ + } \ + \ + return 0; \ +} + + static TCGHelperInfo libafl_exec_backdoor_hook_info = { .func = NULL, .name = "libafl_exec_backdoor_hook", \ .flags = dh_callflag(void), \ @@ -118,20 +165,26 @@ static TCGHelperInfo libafl_exec_backdoor_hook_info = { }; struct libafl_backdoor_hook* libafl_backdoor_hooks; +size_t libafl_backdoor_hooks_num = 0; -void libafl_add_backdoor_hook(void (*exec)(target_ulong id, uint64_t data), - uint64_t data) +size_t libafl_add_backdoor_hook(void (*exec)(target_ulong id, uint64_t data), + uint64_t data) { struct libafl_backdoor_hook* hook = calloc(sizeof(struct libafl_backdoor_hook), 1); // hook->exec = exec; hook->data = data; + hook->num = libafl_backdoor_hooks_num++; hook->next = libafl_backdoor_hooks; libafl_backdoor_hooks = hook; memcpy(&hook->helper_info, &libafl_exec_backdoor_hook_info, sizeof(TCGHelperInfo)); hook->helper_info.func = exec; + + return hook->num; } +GEN_REMOVE_HOOK(backdoor) + static TCGHelperInfo libafl_exec_edge_hook_info = { .func = NULL, .name = "libafl_exec_edge_hook", \ .flags = dh_callflag(void), \ @@ -139,8 +192,9 @@ static TCGHelperInfo libafl_exec_edge_hook_info = { }; struct libafl_edge_hook* libafl_edge_hooks; +size_t libafl_edge_hooks_num = 0; -void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst), +size_t libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst), void (*exec)(uint64_t data, uint64_t id), uint64_t data) { @@ -153,6 +207,7 @@ void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, targe hook->gen = gen; // hook->exec = exec; hook->data = data; + hook->num = libafl_edge_hooks_num++; hook->next = libafl_edge_hooks; libafl_edge_hooks = hook; @@ -160,8 +215,12 @@ void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, targe memcpy(&hook->helper_info, &libafl_exec_edge_hook_info, sizeof(TCGHelperInfo)); hook->helper_info.func = exec; } + + return hook->num; } +GEN_REMOVE_HOOK(edge) + static TCGHelperInfo libafl_exec_block_hook_info = { .func = NULL, .name = "libafl_exec_block_hook", \ .flags = dh_callflag(void), \ @@ -169,10 +228,11 @@ static TCGHelperInfo libafl_exec_block_hook_info = { }; struct libafl_block_hook* libafl_block_hooks; +size_t libafl_block_hooks_num = 0; -void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc), - void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length), - void (*exec)(uint64_t data, uint64_t id), uint64_t data) +size_t libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc), + void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length), + void (*exec)(uint64_t data, uint64_t id), uint64_t data) { CPUState *cpu; CPU_FOREACH(cpu) { @@ -184,6 +244,7 @@ void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc), hook->post_gen = post_gen; // hook->exec = exec; hook->data = data; + hook->num = libafl_block_hooks_num++; hook->next = libafl_block_hooks; libafl_block_hooks = hook; @@ -191,8 +252,12 @@ void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc), memcpy(&hook->helper_info, &libafl_exec_block_hook_info, sizeof(TCGHelperInfo)); hook->helper_info.func = exec; } + + return hook->num; } +GEN_REMOVE_HOOK(block) + static TCGHelperInfo libafl_exec_read_hook1_info = { .func = NULL, .name = "libafl_exec_read_hook1", \ .flags = dh_callflag(void), \ @@ -247,14 +312,15 @@ static TCGHelperInfo libafl_exec_write_hookN_info = { }; struct libafl_rw_hook* libafl_read_hooks; +size_t libafl_read_hooks_num = 0; -void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), - void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), - void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), - uint64_t data) +size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), + void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), + void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), + uint64_t data) { CPUState *cpu; CPU_FOREACH(cpu) { @@ -269,6 +335,7 @@ void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpI hook->exec8 = exec8; hook->execN = execN;*/ hook->data = data; + hook->num = libafl_read_hooks_num++; hook->next = libafl_read_hooks; libafl_read_hooks = hook; @@ -292,17 +359,22 @@ void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpI memcpy(&hook->helper_infoN, &libafl_exec_read_hookN_info, sizeof(TCGHelperInfo)); hook->helper_infoN.func = execN; } + + return hook->num; } -struct libafl_rw_hook* libafl_write_hooks; +GEN_REMOVE_HOOK(read) -void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), - void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), - void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), - uint64_t data) +struct libafl_rw_hook* libafl_write_hooks; +size_t libafl_write_hooks_num = 0; + +size_t libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), + void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), + void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), + uint64_t data) { CPUState *cpu; CPU_FOREACH(cpu) { @@ -317,6 +389,7 @@ void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOp hook->exec8 = exec8; hook->execN = execN;*/ hook->data = data; + hook->num = libafl_write_hooks_num++; hook->next = libafl_write_hooks; libafl_write_hooks = hook; @@ -340,8 +413,12 @@ void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOp memcpy(&hook->helper_infoN, &libafl_exec_write_hookN_info, sizeof(TCGHelperInfo)); hook->helper_infoN.func = execN; } + + return hook->num; } +GEN_REMOVE_HOOK(write) + static void libafl_gen_rw(TCGTemp *addr, MemOpIdx oi, struct libafl_rw_hook* hook) { size_t size = memop_size(get_memop(oi)); @@ -427,13 +504,14 @@ static TCGHelperInfo libafl_exec_cmp_hook8_info = { }; struct libafl_cmp_hook* libafl_cmp_hooks; +size_t libafl_cmp_hooks_num = 0; -void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size), - void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1), - void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1), - void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1), - void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1), - uint64_t data) +size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size), + void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1), + void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1), + void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1), + void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1), + uint64_t data) { CPUState *cpu; CPU_FOREACH(cpu) { @@ -447,6 +525,7 @@ void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t hook->exec4 = exec4; hook->exec8 = exec8;*/ hook->data = data; + hook->num = libafl_cmp_hooks_num++; hook->next = libafl_cmp_hooks; libafl_cmp_hooks = hook; @@ -466,8 +545,12 @@ void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t memcpy(&hook->helper_info8, &libafl_exec_cmp_hook8_info, sizeof(TCGHelperInfo)); hook->helper_info8.func = exec8; } + + return hook->num; } +GEN_REMOVE_HOOK(cmp) + void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot) { size_t size = 0; @@ -518,43 +601,61 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot) struct libafl_pre_syscall_hook* libafl_pre_syscall_hooks; struct libafl_post_syscall_hook* libafl_post_syscall_hooks; -void libafl_add_pre_syscall_hook(struct syshook_ret (*callback)( - uint64_t data, int sys_num, target_ulong arg0, - target_ulong arg1, target_ulong arg2, - target_ulong arg3, target_ulong arg4, - target_ulong arg5, target_ulong arg6, - target_ulong arg7), - uint64_t data) +size_t libafl_pre_syscall_hooks_num = 0; +size_t libafl_post_syscall_hooks_num = 0; + +size_t libafl_add_pre_syscall_hook(struct syshook_ret (*callback)( + uint64_t data, int sys_num, target_ulong arg0, + target_ulong arg1, target_ulong arg2, + target_ulong arg3, target_ulong arg4, + target_ulong arg5, target_ulong arg6, + target_ulong arg7), + uint64_t data) { struct libafl_pre_syscall_hook* hook = calloc(sizeof(struct libafl_pre_syscall_hook), 1); hook->callback = callback; hook->data = data; + hook->num = libafl_pre_syscall_hooks_num++; hook->next = libafl_pre_syscall_hooks; libafl_pre_syscall_hooks = hook; + + return hook->num; } -void libafl_add_post_syscall_hook(target_ulong (*callback)( - uint64_t data, target_ulong ret, int sys_num, - target_ulong arg0, target_ulong arg1, - target_ulong arg2, target_ulong arg3, - target_ulong arg4, target_ulong arg5, - target_ulong arg6, target_ulong arg7), - uint64_t data) +size_t libafl_add_post_syscall_hook(target_ulong (*callback)( + uint64_t data, target_ulong ret, int sys_num, + target_ulong arg0, target_ulong arg1, + target_ulong arg2, target_ulong arg3, + target_ulong arg4, target_ulong arg5, + target_ulong arg6, target_ulong arg7), + uint64_t data) { struct libafl_post_syscall_hook* hook = calloc(sizeof(struct libafl_post_syscall_hook), 1); hook->callback = callback; hook->data = data; + hook->num = libafl_post_syscall_hooks_num++; hook->next = libafl_post_syscall_hooks; libafl_post_syscall_hooks = hook; + + return hook->num; } -struct libafl_new_thread_hook* libafl_new_thread_hooks; +GEN_REMOVE_HOOK1(pre_syscall) +GEN_REMOVE_HOOK1(post_syscall) -void libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid), - uint64_t data) { +struct libafl_new_thread_hook* libafl_new_thread_hooks; +size_t libafl_new_thread_hooks_num = 0; + +size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid), + uint64_t data) { struct libafl_new_thread_hook* hook = calloc(sizeof(struct libafl_new_thread_hook), 1); hook->callback = callback; hook->data = data; + hook->num = libafl_new_thread_hooks_num++; hook->next = libafl_new_thread_hooks; libafl_new_thread_hooks = hook; + + return hook->num; } + +GEN_REMOVE_HOOK1(new_thread) diff --git a/libafl_extras/hook.h b/libafl_extras/hook.h index 108ae7fbec..428d935863 100644 --- a/libafl_extras/hook.h +++ b/libafl_extras/hook.h @@ -43,19 +43,22 @@ struct libafl_hook* libafl_search_hook(target_ulong addr); struct libafl_backdoor_hook { void (*exec)(target_ulong pc, uint64_t data); uint64_t data; + size_t num; TCGHelperInfo helper_info; struct libafl_backdoor_hook* next; }; extern struct libafl_backdoor_hook* libafl_backdoor_hooks; -void libafl_add_backdoor_hook(void (*exec)(target_ulong pc, uint64_t data), - uint64_t data); +size_t libafl_add_backdoor_hook(void (*exec)(target_ulong pc, uint64_t data), + uint64_t data); +int libafl_qemu_remove_backdoor_hook(size_t num, int invalidate); struct libafl_edge_hook { uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst); // void (*exec)(uint64_t data, uint64_t id); uint64_t data; + size_t num; uint64_t cur_id; TCGHelperInfo helper_info; struct libafl_edge_hook* next; @@ -63,24 +66,27 @@ struct libafl_edge_hook { extern struct libafl_edge_hook* libafl_edge_hooks; -void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst), - void (*exec)(uint64_t data, uint64_t id), - uint64_t data); +size_t libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst), + void (*exec)(uint64_t data, uint64_t id), + uint64_t data); +int libafl_qemu_remove_edge_hook(size_t num, int invalidate); struct libafl_block_hook { uint64_t (*gen)(uint64_t data, target_ulong pc); void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length); // void (*exec)(uint64_t data, uint64_t id); uint64_t data; + size_t num; TCGHelperInfo helper_info; struct libafl_block_hook* next; }; extern struct libafl_block_hook* libafl_block_hooks; -void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc), - void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length), - void (*exec)(uint64_t data, uint64_t id), uint64_t data); +size_t libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc), + void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length), + void (*exec)(uint64_t data, uint64_t id), uint64_t data); +int libafl_qemu_remove_block_hook(size_t num, int invalidate); struct libafl_rw_hook { uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi); @@ -90,6 +96,7 @@ struct libafl_rw_hook { void (*exec8)(uint64_t data, uint64_t id, target_ulong addr); void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size);*/ uint64_t data; + size_t num; TCGHelperInfo helper_info1; TCGHelperInfo helper_info2; TCGHelperInfo helper_info4; @@ -98,23 +105,30 @@ struct libafl_rw_hook { struct libafl_rw_hook* next; }; +// alias +#define libafl_read_hook libafl_rw_hook +#define libafl_write_hook libafl_rw_hook + extern struct libafl_rw_hook* libafl_read_hooks; extern struct libafl_rw_hook* libafl_write_hooks; -void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), - void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), - void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), - uint64_t data); -void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), - void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), - void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), - void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), - uint64_t data); +size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), + void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), + void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), + uint64_t data); +size_t libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi), + void (*exec1)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec2)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec4)(uint64_t data, uint64_t id, target_ulong addr), + void (*exec8)(uint64_t data, uint64_t id, target_ulong addr), + void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size), + uint64_t data); + +int libafl_qemu_remove_read_hook(size_t num, int invalidate); +int libafl_qemu_remove_write_hook(size_t num, int invalidate); void libafl_gen_read(TCGTemp *addr, MemOpIdx oi); void libafl_gen_write(TCGTemp *addr, MemOpIdx oi); @@ -126,6 +140,7 @@ struct libafl_cmp_hook { void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1); void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1);*/ uint64_t data; + size_t num; TCGHelperInfo helper_info1; TCGHelperInfo helper_info2; TCGHelperInfo helper_info4; @@ -135,12 +150,13 @@ struct libafl_cmp_hook { extern struct libafl_cmp_hook* libafl_cmp_hooks; -void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size), - void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1), - void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1), - void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1), - void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1), - uint64_t data); +size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size), + void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1), + void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1), + void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1), + void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1), + uint64_t data); +int libafl_qemu_remove_cmp_hook(size_t num, int invalidate); struct syshook_ret { target_ulong retval; @@ -154,6 +170,7 @@ struct libafl_pre_syscall_hook { target_ulong arg5, target_ulong arg6, target_ulong arg7); uint64_t data; + size_t num; struct libafl_pre_syscall_hook* next; }; @@ -164,35 +181,40 @@ struct libafl_post_syscall_hook { target_ulong arg4, target_ulong arg5, target_ulong arg6, target_ulong arg7); uint64_t data; + size_t num; struct libafl_post_syscall_hook* next; }; extern struct libafl_pre_syscall_hook* libafl_pre_syscall_hooks; extern struct libafl_post_syscall_hook* libafl_post_syscall_hooks; -void libafl_add_pre_syscall_hook(struct syshook_ret (*callback)( - uint64_t data, int sys_num, target_ulong arg0, - target_ulong arg1, target_ulong arg2, - target_ulong arg3, target_ulong arg4, - target_ulong arg5, target_ulong arg6, - target_ulong arg7), - uint64_t data); -void libafl_add_post_syscall_hook(target_ulong (*callback)( - uint64_t data, target_ulong ret, int sys_num, - target_ulong arg0, target_ulong arg1, - target_ulong arg2, target_ulong arg3, - target_ulong arg4, target_ulong arg5, - target_ulong arg6, target_ulong arg7), - uint64_t data); +size_t libafl_add_pre_syscall_hook(struct syshook_ret (*callback)( + uint64_t data, int sys_num, target_ulong arg0, + target_ulong arg1, target_ulong arg2, + target_ulong arg3, target_ulong arg4, + target_ulong arg5, target_ulong arg6, + target_ulong arg7), + uint64_t data); +size_t libafl_add_post_syscall_hook(target_ulong (*callback)( + uint64_t data, target_ulong ret, int sys_num, + target_ulong arg0, target_ulong arg1, + target_ulong arg2, target_ulong arg3, + target_ulong arg4, target_ulong arg5, + target_ulong arg6, target_ulong arg7), + uint64_t data); + +int libafl_qemu_remove_pre_syscall_hook(size_t num); +int libafl_qemu_remove_post_syscall_hook(size_t num); struct libafl_new_thread_hook { bool (*callback)(uint64_t data, uint32_t tid); uint64_t data; + size_t num; struct libafl_new_thread_hook* next; }; extern struct libafl_new_thread_hook* libafl_new_thread_hooks; -void libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid), - uint64_t data); - +size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid), + uint64_t data); +int libafl_qemu_remove_new_thread_hook(size_t num);