Value parameter to generic hook
This commit is contained in:
parent
f9898d7db4
commit
4e3982d812
@ -32,6 +32,7 @@ extern struct libafl_breakpoint* libafl_qemu_breakpoints;
|
|||||||
struct libafl_hook {
|
struct libafl_hook {
|
||||||
target_ulong addr;
|
target_ulong addr;
|
||||||
void (*callback)(void);
|
void (*callback)(void);
|
||||||
|
uint64_t value;
|
||||||
TCGHelperInfo helper_info;
|
TCGHelperInfo helper_info;
|
||||||
struct libafl_hook* next;
|
struct libafl_hook* next;
|
||||||
};
|
};
|
||||||
@ -113,6 +114,17 @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
|
|||||||
|
|
||||||
//// --- Begin LibAFL code ---
|
//// --- Begin LibAFL code ---
|
||||||
|
|
||||||
|
struct libafl_hook* hk = libafl_qemu_hooks;
|
||||||
|
while (hk) {
|
||||||
|
if (hk->addr == db->pc_next) {
|
||||||
|
TCGv_i64 tmp0 = tcg_const_i64(hk->value);
|
||||||
|
TCGTemp *tmp1[1] = { tcgv_i64_temp(tmp0) };
|
||||||
|
tcg_gen_callN(hk->callback, NULL, 1, tmp1);
|
||||||
|
tcg_temp_free_i64(tmp0);
|
||||||
|
}
|
||||||
|
hk = hk->next;
|
||||||
|
}
|
||||||
|
|
||||||
struct libafl_breakpoint* bp = libafl_qemu_breakpoints;
|
struct libafl_breakpoint* bp = libafl_qemu_breakpoints;
|
||||||
while (bp) {
|
while (bp) {
|
||||||
if (bp->addr == db->pc_next) {
|
if (bp->addr == db->pc_next) {
|
||||||
@ -121,14 +133,6 @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
|
|||||||
bp = bp->next;
|
bp = bp->next;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct libafl_hook* hk = libafl_qemu_hooks;
|
|
||||||
while (hk) {
|
|
||||||
if (hk->addr == db->pc_next) {
|
|
||||||
tcg_gen_callN(hk->callback, NULL, 0, NULL);
|
|
||||||
}
|
|
||||||
hk = hk->next;
|
|
||||||
}
|
|
||||||
|
|
||||||
//// --- End LibAFL code ---
|
//// --- End LibAFL code ---
|
||||||
|
|
||||||
/* Disassemble one instruction. The translate_insn hook should
|
/* Disassemble one instruction. The translate_insn hook should
|
||||||
|
8
cpu.c
8
cpu.c
@ -56,6 +56,7 @@ struct libafl_breakpoint* libafl_qemu_breakpoints = NULL;
|
|||||||
struct libafl_hook {
|
struct libafl_hook {
|
||||||
target_ulong addr;
|
target_ulong addr;
|
||||||
void (*callback)(void);
|
void (*callback)(void);
|
||||||
|
uint64_t value;
|
||||||
TCGHelperInfo helper_info;
|
TCGHelperInfo helper_info;
|
||||||
struct libafl_hook* next;
|
struct libafl_hook* next;
|
||||||
};
|
};
|
||||||
@ -71,7 +72,7 @@ int libafl_qemu_read_reg(int reg, uint8_t* val);
|
|||||||
int libafl_qemu_num_regs(void);
|
int libafl_qemu_num_regs(void);
|
||||||
int libafl_qemu_set_breakpoint(uint64_t addr);
|
int libafl_qemu_set_breakpoint(uint64_t addr);
|
||||||
int libafl_qemu_remove_breakpoint(uint64_t addr);
|
int libafl_qemu_remove_breakpoint(uint64_t addr);
|
||||||
int libafl_qemu_insert_hook(uint64_t addr, void (*callback)(void));
|
int libafl_qemu_set_hook(uint64_t addr, void (*callback)(void), uint64_t value);
|
||||||
int libafl_qemu_remove_hook(uint64_t addr);
|
int libafl_qemu_remove_hook(uint64_t addr);
|
||||||
|
|
||||||
int libafl_qemu_write_reg(int reg, uint8_t* val)
|
int libafl_qemu_write_reg(int reg, uint8_t* val)
|
||||||
@ -162,7 +163,7 @@ int libafl_qemu_remove_breakpoint(uint64_t addr)
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
int libafl_qemu_insert_hook(uint64_t addr, void (*callback)(void))
|
int libafl_qemu_set_hook(uint64_t addr, void (*callback)(void), uint64_t value)
|
||||||
{
|
{
|
||||||
CPUState *cpu;
|
CPUState *cpu;
|
||||||
|
|
||||||
@ -174,10 +175,11 @@ int libafl_qemu_insert_hook(uint64_t addr, void (*callback)(void))
|
|||||||
struct libafl_hook* hk = malloc(sizeof(struct libafl_hook));
|
struct libafl_hook* hk = malloc(sizeof(struct libafl_hook));
|
||||||
hk->addr = pc;
|
hk->addr = pc;
|
||||||
hk->callback = callback;
|
hk->callback = callback;
|
||||||
|
hk->value = value;
|
||||||
hk->helper_info.func = callback;
|
hk->helper_info.func = callback;
|
||||||
hk->helper_info.name = "libafl_hook";
|
hk->helper_info.name = "libafl_hook";
|
||||||
hk->helper_info.flags = dh_callflag(void);
|
hk->helper_info.flags = dh_callflag(void);
|
||||||
hk->helper_info.typemask = dh_typemask(void, 0);
|
hk->helper_info.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1);
|
||||||
hk->next = libafl_qemu_hooks;
|
hk->next = libafl_qemu_hooks;
|
||||||
libafl_qemu_hooks = hk;
|
libafl_qemu_hooks = hk;
|
||||||
libafl_helper_table_add(&hk->helper_info);
|
libafl_helper_table_add(&hk->helper_info);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user