From d7dccf9c4413e2392148e1c38f6a6c46d38c952f Mon Sep 17 00:00:00 2001 From: Yannick Naumann Date: Mon, 26 Aug 2024 16:07:46 +0200 Subject: [PATCH] Add output reading --- system/main.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/system/main.c b/system/main.c index 7174e359f1..a76c8872ba 100644 --- a/system/main.c +++ b/system/main.c @@ -107,6 +107,7 @@ int main(int argc, char **argv) unsigned long deltas[input_size]; u_int32_t inputs[input_size]; + u_int32_t outputs[input_size]; //========= Instrumentation end qemu_init(argc, argv); //========= Instrumentation start @@ -123,8 +124,9 @@ int main(int argc, char **argv) uint8_t register_in_32b[4]; uint8_t reg_tmp_val[4]; + uint8_t code_output[4]; // load input - //cpu_physical_memory_rw(target_addr, buffer, read_len, true); + // cpu_physical_memory_rw(target_addr, buffer, read_len, true); for (u_int32_t i = 0; i < input_size; i++) { @@ -169,9 +171,18 @@ int main(int argc, char **argv) vm_start(); qemu_main_loop(); libafl_qemu_remove_native_breakpoint(end); + + length = libafl_qemu_read_reg(cpu, 11, code_output); + if(length != 4) { + printf("Error: Could not read register\n"); + } + u_int32_t output = (u_int32_t)code_output[0] | ((u_int32_t)code_output[1] << 8) | ((u_int32_t)code_output[2] << 16) | ((u_int32_t)code_output[3] << 24); + printf("Output: %u\n", output); + unsigned long end_count = icount_get_raw(); printf("End: %lu\n", end_count); inputs[i] = i; + outputs[i] = output; deltas[i] = end_count - start_count; printf("Delta: %lu\n", deltas[i]); @@ -182,7 +193,7 @@ int main(int argc, char **argv) FILE *fptr = fopen(output_path, "w"); for (int i = 0; i < input_size; i++) { - fprintf(fptr, "%d,%lu\n", inputs[i], deltas[i]); + fprintf(fptr, "%d,%lu,%d\n", inputs[i], deltas[i],outputs[i]); } fclose(fptr);