Removable hooks
This commit is contained in:
Andrea Fioraldi
parent
e61d1f93b0
commit
e9c746c6ee
@ -37,6 +37,7 @@ size_t libafl_qemu_set_hook(target_ulong pc, void (*callback)(uint64_t, target_u
|
|||||||
hk->helper_info.name = "libafl_hook";
|
hk->helper_info.name = "libafl_hook";
|
||||||
hk->helper_info.flags = dh_callflag(void);
|
hk->helper_info.flags = dh_callflag(void);
|
||||||
hk->helper_info.typemask = dh_typemask(void, 0) | dh_typemask(tl, 1) | dh_typemask(i64, 2);
|
hk->helper_info.typemask = dh_typemask(void, 0) | dh_typemask(tl, 1) | dh_typemask(i64, 2);
|
||||||
|
// TODO check for overflow
|
||||||
hk->num = libafl_qemu_hooks_num++;
|
hk->num = libafl_qemu_hooks_num++;
|
||||||
hk->next = libafl_qemu_hooks[idx];
|
hk->next = libafl_qemu_hooks[idx];
|
||||||
libafl_qemu_hooks[idx] = hk;
|
libafl_qemu_hooks[idx] = hk;
|
||||||
@ -111,6 +112,52 @@ struct libafl_hook* libafl_search_hook(target_ulong addr)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define GEN_REMOVE_HOOK(name) \
|
||||||
|
int libafl_qemu_remove_##name##_hook(size_t num, int invalidate) \
|
||||||
|
{ \
|
||||||
|
CPUState *cpu; \
|
||||||
|
struct libafl_##name##_hook** hk = &libafl_##name##_hooks; \
|
||||||
|
\
|
||||||
|
while (*hk) { \
|
||||||
|
if ((*hk)->num == num) { \
|
||||||
|
if (invalidate) { \
|
||||||
|
CPU_FOREACH(cpu) { \
|
||||||
|
tb_flush(cpu); \
|
||||||
|
} \
|
||||||
|
} \
|
||||||
|
\
|
||||||
|
void *tmp = *hk; \
|
||||||
|
*hk = (*hk)->next; \
|
||||||
|
free(tmp); \
|
||||||
|
return 1; \
|
||||||
|
} else { \
|
||||||
|
hk = &(*hk)->next; \
|
||||||
|
} \
|
||||||
|
} \
|
||||||
|
\
|
||||||
|
return 0; \
|
||||||
|
}
|
||||||
|
|
||||||
|
#define GEN_REMOVE_HOOK1(name) \
|
||||||
|
int libafl_qemu_remove_##name##_hook(size_t num) \
|
||||||
|
{ \
|
||||||
|
struct libafl_##name##_hook** hk = &libafl_##name##_hooks; \
|
||||||
|
\
|
||||||
|
while (*hk) { \
|
||||||
|
if ((*hk)->num == num) { \
|
||||||
|
void *tmp = *hk; \
|
||||||
|
*hk = (*hk)->next; \
|
||||||
|
free(tmp); \
|
||||||
|
return 1; \
|
||||||
|
} else { \
|
||||||
|
hk = &(*hk)->next; \
|
||||||
|
} \
|
||||||
|
} \
|
||||||
|
\
|
||||||
|
return 0; \
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static TCGHelperInfo libafl_exec_backdoor_hook_info = {
|
static TCGHelperInfo libafl_exec_backdoor_hook_info = {
|
||||||
.func = NULL, .name = "libafl_exec_backdoor_hook", \
|
.func = NULL, .name = "libafl_exec_backdoor_hook", \
|
||||||
.flags = dh_callflag(void), \
|
.flags = dh_callflag(void), \
|
||||||
@ -118,20 +165,26 @@ static TCGHelperInfo libafl_exec_backdoor_hook_info = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct libafl_backdoor_hook* libafl_backdoor_hooks;
|
struct libafl_backdoor_hook* libafl_backdoor_hooks;
|
||||||
|
size_t libafl_backdoor_hooks_num = 0;
|
||||||
|
|
||||||
void libafl_add_backdoor_hook(void (*exec)(target_ulong id, uint64_t data),
|
size_t libafl_add_backdoor_hook(void (*exec)(target_ulong id, uint64_t data),
|
||||||
uint64_t data)
|
uint64_t data)
|
||||||
{
|
{
|
||||||
struct libafl_backdoor_hook* hook = calloc(sizeof(struct libafl_backdoor_hook), 1);
|
struct libafl_backdoor_hook* hook = calloc(sizeof(struct libafl_backdoor_hook), 1);
|
||||||
// hook->exec = exec;
|
// hook->exec = exec;
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_backdoor_hooks_num++;
|
||||||
hook->next = libafl_backdoor_hooks;
|
hook->next = libafl_backdoor_hooks;
|
||||||
libafl_backdoor_hooks = hook;
|
libafl_backdoor_hooks = hook;
|
||||||
|
|
||||||
memcpy(&hook->helper_info, &libafl_exec_backdoor_hook_info, sizeof(TCGHelperInfo));
|
memcpy(&hook->helper_info, &libafl_exec_backdoor_hook_info, sizeof(TCGHelperInfo));
|
||||||
hook->helper_info.func = exec;
|
hook->helper_info.func = exec;
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GEN_REMOVE_HOOK(backdoor)
|
||||||
|
|
||||||
static TCGHelperInfo libafl_exec_edge_hook_info = {
|
static TCGHelperInfo libafl_exec_edge_hook_info = {
|
||||||
.func = NULL, .name = "libafl_exec_edge_hook", \
|
.func = NULL, .name = "libafl_exec_edge_hook", \
|
||||||
.flags = dh_callflag(void), \
|
.flags = dh_callflag(void), \
|
||||||
@ -139,8 +192,9 @@ static TCGHelperInfo libafl_exec_edge_hook_info = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct libafl_edge_hook* libafl_edge_hooks;
|
struct libafl_edge_hook* libafl_edge_hooks;
|
||||||
|
size_t libafl_edge_hooks_num = 0;
|
||||||
|
|
||||||
void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst),
|
size_t libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst),
|
||||||
void (*exec)(uint64_t data, uint64_t id),
|
void (*exec)(uint64_t data, uint64_t id),
|
||||||
uint64_t data)
|
uint64_t data)
|
||||||
{
|
{
|
||||||
@ -153,6 +207,7 @@ void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, targe
|
|||||||
hook->gen = gen;
|
hook->gen = gen;
|
||||||
// hook->exec = exec;
|
// hook->exec = exec;
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_edge_hooks_num++;
|
||||||
hook->next = libafl_edge_hooks;
|
hook->next = libafl_edge_hooks;
|
||||||
libafl_edge_hooks = hook;
|
libafl_edge_hooks = hook;
|
||||||
|
|
||||||
@ -160,8 +215,12 @@ void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, targe
|
|||||||
memcpy(&hook->helper_info, &libafl_exec_edge_hook_info, sizeof(TCGHelperInfo));
|
memcpy(&hook->helper_info, &libafl_exec_edge_hook_info, sizeof(TCGHelperInfo));
|
||||||
hook->helper_info.func = exec;
|
hook->helper_info.func = exec;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GEN_REMOVE_HOOK(edge)
|
||||||
|
|
||||||
static TCGHelperInfo libafl_exec_block_hook_info = {
|
static TCGHelperInfo libafl_exec_block_hook_info = {
|
||||||
.func = NULL, .name = "libafl_exec_block_hook", \
|
.func = NULL, .name = "libafl_exec_block_hook", \
|
||||||
.flags = dh_callflag(void), \
|
.flags = dh_callflag(void), \
|
||||||
@ -169,10 +228,11 @@ static TCGHelperInfo libafl_exec_block_hook_info = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct libafl_block_hook* libafl_block_hooks;
|
struct libafl_block_hook* libafl_block_hooks;
|
||||||
|
size_t libafl_block_hooks_num = 0;
|
||||||
|
|
||||||
void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
|
size_t libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
|
||||||
void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length),
|
void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length),
|
||||||
void (*exec)(uint64_t data, uint64_t id), uint64_t data)
|
void (*exec)(uint64_t data, uint64_t id), uint64_t data)
|
||||||
{
|
{
|
||||||
CPUState *cpu;
|
CPUState *cpu;
|
||||||
CPU_FOREACH(cpu) {
|
CPU_FOREACH(cpu) {
|
||||||
@ -184,6 +244,7 @@ void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
|
|||||||
hook->post_gen = post_gen;
|
hook->post_gen = post_gen;
|
||||||
// hook->exec = exec;
|
// hook->exec = exec;
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_block_hooks_num++;
|
||||||
hook->next = libafl_block_hooks;
|
hook->next = libafl_block_hooks;
|
||||||
libafl_block_hooks = hook;
|
libafl_block_hooks = hook;
|
||||||
|
|
||||||
@ -191,8 +252,12 @@ void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
|
|||||||
memcpy(&hook->helper_info, &libafl_exec_block_hook_info, sizeof(TCGHelperInfo));
|
memcpy(&hook->helper_info, &libafl_exec_block_hook_info, sizeof(TCGHelperInfo));
|
||||||
hook->helper_info.func = exec;
|
hook->helper_info.func = exec;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GEN_REMOVE_HOOK(block)
|
||||||
|
|
||||||
static TCGHelperInfo libafl_exec_read_hook1_info = {
|
static TCGHelperInfo libafl_exec_read_hook1_info = {
|
||||||
.func = NULL, .name = "libafl_exec_read_hook1", \
|
.func = NULL, .name = "libafl_exec_read_hook1", \
|
||||||
.flags = dh_callflag(void), \
|
.flags = dh_callflag(void), \
|
||||||
@ -247,14 +312,15 @@ static TCGHelperInfo libafl_exec_write_hookN_info = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct libafl_rw_hook* libafl_read_hooks;
|
struct libafl_rw_hook* libafl_read_hooks;
|
||||||
|
size_t libafl_read_hooks_num = 0;
|
||||||
|
|
||||||
void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
||||||
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
||||||
uint64_t data)
|
uint64_t data)
|
||||||
{
|
{
|
||||||
CPUState *cpu;
|
CPUState *cpu;
|
||||||
CPU_FOREACH(cpu) {
|
CPU_FOREACH(cpu) {
|
||||||
@ -269,6 +335,7 @@ void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpI
|
|||||||
hook->exec8 = exec8;
|
hook->exec8 = exec8;
|
||||||
hook->execN = execN;*/
|
hook->execN = execN;*/
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_read_hooks_num++;
|
||||||
hook->next = libafl_read_hooks;
|
hook->next = libafl_read_hooks;
|
||||||
libafl_read_hooks = hook;
|
libafl_read_hooks = hook;
|
||||||
|
|
||||||
@ -292,17 +359,22 @@ void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpI
|
|||||||
memcpy(&hook->helper_infoN, &libafl_exec_read_hookN_info, sizeof(TCGHelperInfo));
|
memcpy(&hook->helper_infoN, &libafl_exec_read_hookN_info, sizeof(TCGHelperInfo));
|
||||||
hook->helper_infoN.func = execN;
|
hook->helper_infoN.func = execN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct libafl_rw_hook* libafl_write_hooks;
|
GEN_REMOVE_HOOK(read)
|
||||||
|
|
||||||
void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
struct libafl_rw_hook* libafl_write_hooks;
|
||||||
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
size_t libafl_write_hooks_num = 0;
|
||||||
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
|
||||||
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
size_t libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
||||||
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
uint64_t data)
|
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
|
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
|
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
||||||
|
uint64_t data)
|
||||||
{
|
{
|
||||||
CPUState *cpu;
|
CPUState *cpu;
|
||||||
CPU_FOREACH(cpu) {
|
CPU_FOREACH(cpu) {
|
||||||
@ -317,6 +389,7 @@ void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOp
|
|||||||
hook->exec8 = exec8;
|
hook->exec8 = exec8;
|
||||||
hook->execN = execN;*/
|
hook->execN = execN;*/
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_write_hooks_num++;
|
||||||
hook->next = libafl_write_hooks;
|
hook->next = libafl_write_hooks;
|
||||||
libafl_write_hooks = hook;
|
libafl_write_hooks = hook;
|
||||||
|
|
||||||
@ -340,8 +413,12 @@ void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOp
|
|||||||
memcpy(&hook->helper_infoN, &libafl_exec_write_hookN_info, sizeof(TCGHelperInfo));
|
memcpy(&hook->helper_infoN, &libafl_exec_write_hookN_info, sizeof(TCGHelperInfo));
|
||||||
hook->helper_infoN.func = execN;
|
hook->helper_infoN.func = execN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GEN_REMOVE_HOOK(write)
|
||||||
|
|
||||||
static void libafl_gen_rw(TCGTemp *addr, MemOpIdx oi, struct libafl_rw_hook* hook)
|
static void libafl_gen_rw(TCGTemp *addr, MemOpIdx oi, struct libafl_rw_hook* hook)
|
||||||
{
|
{
|
||||||
size_t size = memop_size(get_memop(oi));
|
size_t size = memop_size(get_memop(oi));
|
||||||
@ -427,13 +504,14 @@ static TCGHelperInfo libafl_exec_cmp_hook8_info = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct libafl_cmp_hook* libafl_cmp_hooks;
|
struct libafl_cmp_hook* libafl_cmp_hooks;
|
||||||
|
size_t libafl_cmp_hooks_num = 0;
|
||||||
|
|
||||||
void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size),
|
size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size),
|
||||||
void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1),
|
void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1),
|
||||||
void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1),
|
void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1),
|
||||||
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1),
|
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1),
|
||||||
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1),
|
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1),
|
||||||
uint64_t data)
|
uint64_t data)
|
||||||
{
|
{
|
||||||
CPUState *cpu;
|
CPUState *cpu;
|
||||||
CPU_FOREACH(cpu) {
|
CPU_FOREACH(cpu) {
|
||||||
@ -447,6 +525,7 @@ void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t
|
|||||||
hook->exec4 = exec4;
|
hook->exec4 = exec4;
|
||||||
hook->exec8 = exec8;*/
|
hook->exec8 = exec8;*/
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_cmp_hooks_num++;
|
||||||
hook->next = libafl_cmp_hooks;
|
hook->next = libafl_cmp_hooks;
|
||||||
libafl_cmp_hooks = hook;
|
libafl_cmp_hooks = hook;
|
||||||
|
|
||||||
@ -466,8 +545,12 @@ void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t
|
|||||||
memcpy(&hook->helper_info8, &libafl_exec_cmp_hook8_info, sizeof(TCGHelperInfo));
|
memcpy(&hook->helper_info8, &libafl_exec_cmp_hook8_info, sizeof(TCGHelperInfo));
|
||||||
hook->helper_info8.func = exec8;
|
hook->helper_info8.func = exec8;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GEN_REMOVE_HOOK(cmp)
|
||||||
|
|
||||||
void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
|
void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
|
||||||
{
|
{
|
||||||
size_t size = 0;
|
size_t size = 0;
|
||||||
@ -518,43 +601,61 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
|
|||||||
struct libafl_pre_syscall_hook* libafl_pre_syscall_hooks;
|
struct libafl_pre_syscall_hook* libafl_pre_syscall_hooks;
|
||||||
struct libafl_post_syscall_hook* libafl_post_syscall_hooks;
|
struct libafl_post_syscall_hook* libafl_post_syscall_hooks;
|
||||||
|
|
||||||
void libafl_add_pre_syscall_hook(struct syshook_ret (*callback)(
|
size_t libafl_pre_syscall_hooks_num = 0;
|
||||||
uint64_t data, int sys_num, target_ulong arg0,
|
size_t libafl_post_syscall_hooks_num = 0;
|
||||||
target_ulong arg1, target_ulong arg2,
|
|
||||||
target_ulong arg3, target_ulong arg4,
|
size_t libafl_add_pre_syscall_hook(struct syshook_ret (*callback)(
|
||||||
target_ulong arg5, target_ulong arg6,
|
uint64_t data, int sys_num, target_ulong arg0,
|
||||||
target_ulong arg7),
|
target_ulong arg1, target_ulong arg2,
|
||||||
uint64_t data)
|
target_ulong arg3, target_ulong arg4,
|
||||||
|
target_ulong arg5, target_ulong arg6,
|
||||||
|
target_ulong arg7),
|
||||||
|
uint64_t data)
|
||||||
{
|
{
|
||||||
struct libafl_pre_syscall_hook* hook = calloc(sizeof(struct libafl_pre_syscall_hook), 1);
|
struct libafl_pre_syscall_hook* hook = calloc(sizeof(struct libafl_pre_syscall_hook), 1);
|
||||||
hook->callback = callback;
|
hook->callback = callback;
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_pre_syscall_hooks_num++;
|
||||||
hook->next = libafl_pre_syscall_hooks;
|
hook->next = libafl_pre_syscall_hooks;
|
||||||
libafl_pre_syscall_hooks = hook;
|
libafl_pre_syscall_hooks = hook;
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
void libafl_add_post_syscall_hook(target_ulong (*callback)(
|
size_t libafl_add_post_syscall_hook(target_ulong (*callback)(
|
||||||
uint64_t data, target_ulong ret, int sys_num,
|
uint64_t data, target_ulong ret, int sys_num,
|
||||||
target_ulong arg0, target_ulong arg1,
|
target_ulong arg0, target_ulong arg1,
|
||||||
target_ulong arg2, target_ulong arg3,
|
target_ulong arg2, target_ulong arg3,
|
||||||
target_ulong arg4, target_ulong arg5,
|
target_ulong arg4, target_ulong arg5,
|
||||||
target_ulong arg6, target_ulong arg7),
|
target_ulong arg6, target_ulong arg7),
|
||||||
uint64_t data)
|
uint64_t data)
|
||||||
{
|
{
|
||||||
struct libafl_post_syscall_hook* hook = calloc(sizeof(struct libafl_post_syscall_hook), 1);
|
struct libafl_post_syscall_hook* hook = calloc(sizeof(struct libafl_post_syscall_hook), 1);
|
||||||
hook->callback = callback;
|
hook->callback = callback;
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_post_syscall_hooks_num++;
|
||||||
hook->next = libafl_post_syscall_hooks;
|
hook->next = libafl_post_syscall_hooks;
|
||||||
libafl_post_syscall_hooks = hook;
|
libafl_post_syscall_hooks = hook;
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct libafl_new_thread_hook* libafl_new_thread_hooks;
|
GEN_REMOVE_HOOK1(pre_syscall)
|
||||||
|
GEN_REMOVE_HOOK1(post_syscall)
|
||||||
|
|
||||||
void libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid),
|
struct libafl_new_thread_hook* libafl_new_thread_hooks;
|
||||||
uint64_t data) {
|
size_t libafl_new_thread_hooks_num = 0;
|
||||||
|
|
||||||
|
size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid),
|
||||||
|
uint64_t data) {
|
||||||
struct libafl_new_thread_hook* hook = calloc(sizeof(struct libafl_new_thread_hook), 1);
|
struct libafl_new_thread_hook* hook = calloc(sizeof(struct libafl_new_thread_hook), 1);
|
||||||
hook->callback = callback;
|
hook->callback = callback;
|
||||||
hook->data = data;
|
hook->data = data;
|
||||||
|
hook->num = libafl_new_thread_hooks_num++;
|
||||||
hook->next = libafl_new_thread_hooks;
|
hook->next = libafl_new_thread_hooks;
|
||||||
libafl_new_thread_hooks = hook;
|
libafl_new_thread_hooks = hook;
|
||||||
|
|
||||||
|
return hook->num;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
GEN_REMOVE_HOOK1(new_thread)
|
||||||
|
|||||||
@ -43,19 +43,22 @@ struct libafl_hook* libafl_search_hook(target_ulong addr);
|
|||||||
struct libafl_backdoor_hook {
|
struct libafl_backdoor_hook {
|
||||||
void (*exec)(target_ulong pc, uint64_t data);
|
void (*exec)(target_ulong pc, uint64_t data);
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
TCGHelperInfo helper_info;
|
TCGHelperInfo helper_info;
|
||||||
struct libafl_backdoor_hook* next;
|
struct libafl_backdoor_hook* next;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern struct libafl_backdoor_hook* libafl_backdoor_hooks;
|
extern struct libafl_backdoor_hook* libafl_backdoor_hooks;
|
||||||
|
|
||||||
void libafl_add_backdoor_hook(void (*exec)(target_ulong pc, uint64_t data),
|
size_t libafl_add_backdoor_hook(void (*exec)(target_ulong pc, uint64_t data),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
|
int libafl_qemu_remove_backdoor_hook(size_t num, int invalidate);
|
||||||
|
|
||||||
struct libafl_edge_hook {
|
struct libafl_edge_hook {
|
||||||
uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst);
|
uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst);
|
||||||
// void (*exec)(uint64_t data, uint64_t id);
|
// void (*exec)(uint64_t data, uint64_t id);
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
uint64_t cur_id;
|
uint64_t cur_id;
|
||||||
TCGHelperInfo helper_info;
|
TCGHelperInfo helper_info;
|
||||||
struct libafl_edge_hook* next;
|
struct libafl_edge_hook* next;
|
||||||
@ -63,24 +66,27 @@ struct libafl_edge_hook {
|
|||||||
|
|
||||||
extern struct libafl_edge_hook* libafl_edge_hooks;
|
extern struct libafl_edge_hook* libafl_edge_hooks;
|
||||||
|
|
||||||
void libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst),
|
size_t libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst),
|
||||||
void (*exec)(uint64_t data, uint64_t id),
|
void (*exec)(uint64_t data, uint64_t id),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
|
int libafl_qemu_remove_edge_hook(size_t num, int invalidate);
|
||||||
|
|
||||||
struct libafl_block_hook {
|
struct libafl_block_hook {
|
||||||
uint64_t (*gen)(uint64_t data, target_ulong pc);
|
uint64_t (*gen)(uint64_t data, target_ulong pc);
|
||||||
void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length);
|
void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length);
|
||||||
// void (*exec)(uint64_t data, uint64_t id);
|
// void (*exec)(uint64_t data, uint64_t id);
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
TCGHelperInfo helper_info;
|
TCGHelperInfo helper_info;
|
||||||
struct libafl_block_hook* next;
|
struct libafl_block_hook* next;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern struct libafl_block_hook* libafl_block_hooks;
|
extern struct libafl_block_hook* libafl_block_hooks;
|
||||||
|
|
||||||
void libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
|
size_t libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
|
||||||
void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length),
|
void (*post_gen)(uint64_t data, target_ulong pc, target_ulong block_length),
|
||||||
void (*exec)(uint64_t data, uint64_t id), uint64_t data);
|
void (*exec)(uint64_t data, uint64_t id), uint64_t data);
|
||||||
|
int libafl_qemu_remove_block_hook(size_t num, int invalidate);
|
||||||
|
|
||||||
struct libafl_rw_hook {
|
struct libafl_rw_hook {
|
||||||
uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi);
|
uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi);
|
||||||
@ -90,6 +96,7 @@ struct libafl_rw_hook {
|
|||||||
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr);
|
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr);
|
||||||
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size);*/
|
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size);*/
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
TCGHelperInfo helper_info1;
|
TCGHelperInfo helper_info1;
|
||||||
TCGHelperInfo helper_info2;
|
TCGHelperInfo helper_info2;
|
||||||
TCGHelperInfo helper_info4;
|
TCGHelperInfo helper_info4;
|
||||||
@ -98,23 +105,30 @@ struct libafl_rw_hook {
|
|||||||
struct libafl_rw_hook* next;
|
struct libafl_rw_hook* next;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// alias
|
||||||
|
#define libafl_read_hook libafl_rw_hook
|
||||||
|
#define libafl_write_hook libafl_rw_hook
|
||||||
|
|
||||||
extern struct libafl_rw_hook* libafl_read_hooks;
|
extern struct libafl_rw_hook* libafl_read_hooks;
|
||||||
extern struct libafl_rw_hook* libafl_write_hooks;
|
extern struct libafl_rw_hook* libafl_write_hooks;
|
||||||
|
|
||||||
void libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
||||||
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
void libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
size_t libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, MemOpIdx oi),
|
||||||
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
|
||||||
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
|
|
||||||
|
int libafl_qemu_remove_read_hook(size_t num, int invalidate);
|
||||||
|
int libafl_qemu_remove_write_hook(size_t num, int invalidate);
|
||||||
|
|
||||||
void libafl_gen_read(TCGTemp *addr, MemOpIdx oi);
|
void libafl_gen_read(TCGTemp *addr, MemOpIdx oi);
|
||||||
void libafl_gen_write(TCGTemp *addr, MemOpIdx oi);
|
void libafl_gen_write(TCGTemp *addr, MemOpIdx oi);
|
||||||
@ -126,6 +140,7 @@ struct libafl_cmp_hook {
|
|||||||
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1);
|
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1);
|
||||||
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1);*/
|
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1);*/
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
TCGHelperInfo helper_info1;
|
TCGHelperInfo helper_info1;
|
||||||
TCGHelperInfo helper_info2;
|
TCGHelperInfo helper_info2;
|
||||||
TCGHelperInfo helper_info4;
|
TCGHelperInfo helper_info4;
|
||||||
@ -135,12 +150,13 @@ struct libafl_cmp_hook {
|
|||||||
|
|
||||||
extern struct libafl_cmp_hook* libafl_cmp_hooks;
|
extern struct libafl_cmp_hook* libafl_cmp_hooks;
|
||||||
|
|
||||||
void libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size),
|
size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size),
|
||||||
void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1),
|
void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1),
|
||||||
void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1),
|
void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1),
|
||||||
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1),
|
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1),
|
||||||
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1),
|
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
|
int libafl_qemu_remove_cmp_hook(size_t num, int invalidate);
|
||||||
|
|
||||||
struct syshook_ret {
|
struct syshook_ret {
|
||||||
target_ulong retval;
|
target_ulong retval;
|
||||||
@ -154,6 +170,7 @@ struct libafl_pre_syscall_hook {
|
|||||||
target_ulong arg5, target_ulong arg6,
|
target_ulong arg5, target_ulong arg6,
|
||||||
target_ulong arg7);
|
target_ulong arg7);
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
struct libafl_pre_syscall_hook* next;
|
struct libafl_pre_syscall_hook* next;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -164,35 +181,40 @@ struct libafl_post_syscall_hook {
|
|||||||
target_ulong arg4, target_ulong arg5,
|
target_ulong arg4, target_ulong arg5,
|
||||||
target_ulong arg6, target_ulong arg7);
|
target_ulong arg6, target_ulong arg7);
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
struct libafl_post_syscall_hook* next;
|
struct libafl_post_syscall_hook* next;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern struct libafl_pre_syscall_hook* libafl_pre_syscall_hooks;
|
extern struct libafl_pre_syscall_hook* libafl_pre_syscall_hooks;
|
||||||
extern struct libafl_post_syscall_hook* libafl_post_syscall_hooks;
|
extern struct libafl_post_syscall_hook* libafl_post_syscall_hooks;
|
||||||
|
|
||||||
void libafl_add_pre_syscall_hook(struct syshook_ret (*callback)(
|
size_t libafl_add_pre_syscall_hook(struct syshook_ret (*callback)(
|
||||||
uint64_t data, int sys_num, target_ulong arg0,
|
uint64_t data, int sys_num, target_ulong arg0,
|
||||||
target_ulong arg1, target_ulong arg2,
|
target_ulong arg1, target_ulong arg2,
|
||||||
target_ulong arg3, target_ulong arg4,
|
target_ulong arg3, target_ulong arg4,
|
||||||
target_ulong arg5, target_ulong arg6,
|
target_ulong arg5, target_ulong arg6,
|
||||||
target_ulong arg7),
|
target_ulong arg7),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
void libafl_add_post_syscall_hook(target_ulong (*callback)(
|
size_t libafl_add_post_syscall_hook(target_ulong (*callback)(
|
||||||
uint64_t data, target_ulong ret, int sys_num,
|
uint64_t data, target_ulong ret, int sys_num,
|
||||||
target_ulong arg0, target_ulong arg1,
|
target_ulong arg0, target_ulong arg1,
|
||||||
target_ulong arg2, target_ulong arg3,
|
target_ulong arg2, target_ulong arg3,
|
||||||
target_ulong arg4, target_ulong arg5,
|
target_ulong arg4, target_ulong arg5,
|
||||||
target_ulong arg6, target_ulong arg7),
|
target_ulong arg6, target_ulong arg7),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
|
|
||||||
|
int libafl_qemu_remove_pre_syscall_hook(size_t num);
|
||||||
|
int libafl_qemu_remove_post_syscall_hook(size_t num);
|
||||||
|
|
||||||
struct libafl_new_thread_hook {
|
struct libafl_new_thread_hook {
|
||||||
bool (*callback)(uint64_t data, uint32_t tid);
|
bool (*callback)(uint64_t data, uint32_t tid);
|
||||||
uint64_t data;
|
uint64_t data;
|
||||||
|
size_t num;
|
||||||
struct libafl_new_thread_hook* next;
|
struct libafl_new_thread_hook* next;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern struct libafl_new_thread_hook* libafl_new_thread_hooks;
|
extern struct libafl_new_thread_hook* libafl_new_thread_hooks;
|
||||||
|
|
||||||
void libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid),
|
size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid),
|
||||||
uint64_t data);
|
uint64_t data);
|
||||||
|
int libafl_qemu_remove_new_thread_hook(size_t num);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user