new example in main

softmmu/main.c

@@ -125,7 +125,7 @@ int64_t libafl_get_clock( void )
 
 #ifndef AS_SHARED_LIB
 #ifdef TARGET_ARM
-void libafl_send_irq(int irqn);
+extern unsigned int libafl_int_offset;
 #endif
 int main(int argc, char **argv, char **envp)
 {
@@ -134,27 +134,29 @@ int main(int argc, char **argv, char **envp)
     qemu_cleanup();
     //LIBAFL Instrumentation Demo
     /*
-    unsigned char buf[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~";
+    // unsigned char buf[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~";
+#ifdef TARGET_ARM
+    libafl_int_offset = 375000;
+#endif
+    // unsigned char buf[32] = "\x02\x9b\x02\x9b\x02\x9b\x02\x9b"; // 0xFA71 x 4
+    unsigned char buf[32] = "\x05\x29\x07\x1f\x0b\x17\x01\x17"; // 5*73 7*59 11*43
+    unsigned char len = 8;
     libafl_qemu_sys_init(argc, argv, envp);
-    int pheader = 0x00006a28;
+    int pheader = 0x5be4;
     libafl_phys_write(0x20000110-0x20000100+pheader, buf,32);
     libafl_phys_read(0x20000110-0x20000100+pheader, buf,32);
+    libafl_phys_write(0x20000108-0x20000100+pheader, &len,1);
     printf("FUZZ_INPUT[0]: %x\n", buf[0]);
-    libafl_qemu_set_native_breakpoint(0x4be0);
+    libafl_qemu_set_native_breakpoint(0xae);
     libafl_snapshot_save("Start");
-    int counter = 3000;
+    int counter = 3;
     do {
-        libafl_qemu_main_loop();
-        #ifdef TARGET_ARM
-        libafl_send_irq(0);
-        #endif
         libafl_qemu_main_loop();
         libafl_snapshot_load("Start");
-        // puts("Reload has occured");
+        puts("Reload has occured");
         counter--;
     } while (runstate_check(RUN_STATE_DEBUG) && counter);
     libafl_qemu_cleanup();
-    */
     /*
     // Clock comparison
     unsigned char ex1[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~";