FRET-qemu/3k.c

#include <stdio.h>
#include <stdint.h>

void libafl_qemu_main_loop( void );
void libafl_qemu_sys_init(int argc, char **argv, char **envp);
void libafl_qemu_cleanup( void );

void libafl_qemu_set_breakpoint( unsigned long int );

void libafl_qemu_remove_native_breakpoint( unsigned long int );
void libafl_qemu_set_native_breakpoint( unsigned long int );
void libafl_snapshot_save( const char* );
void libafl_snapshot_load( const char* );

void libafl_phys_read(uint32_t, uint8_t*, int);

void libafl_phys_write(uint32_t, uint8_t*, int);

int64_t icount_to_ns(int64_t icount);

int64_t libafl_get_clock( void );
int main(int argc, char **argv, char **envp)
{
    unsigned char buf[32] = "_`abcdefghijklmnopqrstuvwxyz{|}~";
    unsigned char buf2[32] = "0";
    unsigned char buf3[32] = "z";
    unsigned char buf4[32] = "a!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
    unsigned char buf5[32] = "b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
    libafl_qemu_sys_init(argc, argv, envp);
    int pheader = 0x00006a4c;
    // libafl_phys_read(0x20000110-0x20000100+pheader, buf,32);
    // printf("FUZZ_INPUT[0]: %c\n", buf[0]);
    // Start pre-run
    libafl_qemu_set_native_breakpoint(0x4ce2);//send 217028
    libafl_qemu_main_loop();
    libafl_qemu_remove_native_breakpoint(0x4ce2);
    // End pre-run
    libafl_snapshot_save("Start");
    libafl_qemu_set_native_breakpoint(0x4be0);
    int64_t tmp = libafl_get_clock();
    printf("snapshot icount: %ld, %ldns\n",tmp,icount_to_ns(tmp));
    libafl_snapshot_load("Start");
    tmp = libafl_get_clock();
    printf("snapshot icount after load: %ld, %ldns\n",tmp,icount_to_ns(tmp));

    libafl_phys_write(0x20000110-0x20000100+pheader, buf,32);
    libafl_qemu_main_loop();
    printf("%ld für %s\n",libafl_get_clock(),buf);
    libafl_snapshot_load("Start");

    libafl_phys_write(0x20000110-0x20000100+pheader, buf2,32);
    libafl_qemu_main_loop();
    printf("%ld für %s\n",libafl_get_clock(),buf2);
    libafl_snapshot_load("Start");

    libafl_phys_write(0x20000110-0x20000100+pheader, buf3,32);
    libafl_qemu_main_loop();
    printf("%ld für %s\n",libafl_get_clock(),buf3);
    libafl_snapshot_load("Start");
    /*int counter = 3000;
    do {
        libafl_phys_write(0x20000110-0x20000100+pheader, buf,32);
        libafl_qemu_main_loop();
        int64_t tmp = libafl_get_clock();
        printf("%ld, %ldns\n",tmp,icount_to_ns(tmp));
        libafl_snapshot_load("Start");
        // puts("Reload has occured");
        counter--;
    } while (counter);*/
    libafl_qemu_cleanup();
    return 0;
}