switch to icount_get_raw

softmmu/main.c

@@ -105,7 +105,7 @@ void libafl_phys_write(vaddr addr, uint8_t* buf, int len)
 
 int64_t libafl_get_clock( void )
 {
-    return cpus_get_virtual_clock();
+    return icount_get_raw();
 }
 
 #ifndef AS_SHARED_LIB
@@ -116,20 +116,39 @@ int main(int argc, char **argv, char **envp)
     qemu_cleanup();
     //LIBAFL Instrumentation Demo
     /*
-    unsigned char buf[4096] = {3};
+    unsigned char buf[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~";
     libafl_qemu_sys_init(argc, argv, envp);
-    libafl_phys_write(0x00006de4+0xc, buf,1);
+    int pheader = 0x00006a28;
-    libafl_phys_read(0x00006de4+0xc, buf,1);
+    libafl_phys_write(0x20000110-0x20000100+pheader, buf,32);
+    libafl_phys_read(0x20000110-0x20000100+pheader, buf,32);
     printf("FUZZ_INPUT[0]: %x\n", buf[0]);
-    libafl_qemu_set_native_breakpoint(0x00004f5c);
+    libafl_qemu_set_native_breakpoint(0x4be0);
     libafl_snapshot_save("Start");
+    int counter = 3000;
     do {
         libafl_qemu_main_loop();
         libafl_snapshot_load("Start");
-        puts("Reload has occured");
+        // puts("Reload has occured");
-    } while (runstate_check(RUN_STATE_DEBUG));
+        counter--;
+    } while (runstate_check(RUN_STATE_DEBUG) && counter);
     libafl_qemu_cleanup();
     */
+    /*
+    // Clock comparison
+    unsigned char ex1[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~";
+    // unsigned char ex1[32] = "a!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
+    unsigned char ex2[32] = "a!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
+    libafl_qemu_sys_init(argc, argv, envp);
+    libafl_qemu_set_native_breakpoint(0x4be0);
+    libafl_snapshot_save("Start");
+    libafl_phys_write(0x20000110-0x20000100+0x00006ae4, ex1,32);
+    libafl_qemu_main_loop();
+    printf("Post ex1: %ld\n",libafl_get_clock());
+    libafl_snapshot_load("Start");
+    libafl_phys_write(0x20000110-0x20000100+0x00006ae4, ex2,32);
+    libafl_qemu_main_loop();
+    printf("Post ex2: %ld\n",libafl_get_clock());
+    */
 
     return 0;
 }