diff --git a/softmmu/main.c b/softmmu/main.c index ce95c16af8..020c5eaef8 100644 --- a/softmmu/main.c +++ b/softmmu/main.c @@ -105,7 +105,7 @@ void libafl_phys_write(vaddr addr, uint8_t* buf, int len) int64_t libafl_get_clock( void ) { - return cpus_get_virtual_clock(); + return icount_get_raw(); } #ifndef AS_SHARED_LIB @@ -116,20 +116,39 @@ int main(int argc, char **argv, char **envp) qemu_cleanup(); //LIBAFL Instrumentation Demo /* - unsigned char buf[4096] = {3}; + unsigned char buf[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~"; libafl_qemu_sys_init(argc, argv, envp); - libafl_phys_write(0x00006de4+0xc, buf,1); - libafl_phys_read(0x00006de4+0xc, buf,1); + int pheader = 0x00006a28; + libafl_phys_write(0x20000110-0x20000100+pheader, buf,32); + libafl_phys_read(0x20000110-0x20000100+pheader, buf,32); printf("FUZZ_INPUT[0]: %x\n", buf[0]); - libafl_qemu_set_native_breakpoint(0x00004f5c); + libafl_qemu_set_native_breakpoint(0x4be0); libafl_snapshot_save("Start"); + int counter = 3000; do { libafl_qemu_main_loop(); libafl_snapshot_load("Start"); - puts("Reload has occured"); - } while (runstate_check(RUN_STATE_DEBUG)); + // puts("Reload has occured"); + counter--; + } while (runstate_check(RUN_STATE_DEBUG) && counter); libafl_qemu_cleanup(); */ + /* + // Clock comparison + unsigned char ex1[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~"; + // unsigned char ex1[32] = "a!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; + unsigned char ex2[32] = "a!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; + libafl_qemu_sys_init(argc, argv, envp); + libafl_qemu_set_native_breakpoint(0x4be0); + libafl_snapshot_save("Start"); + libafl_phys_write(0x20000110-0x20000100+0x00006ae4, ex1,32); + libafl_qemu_main_loop(); + printf("Post ex1: %ld\n",libafl_get_clock()); + libafl_snapshot_load("Start"); + libafl_phys_write(0x20000110-0x20000100+0x00006ae4, ex2,32); + libafl_qemu_main_loop(); + printf("Post ex2: %ld\n",libafl_get_clock()); + */ return 0; }