syscall hook

2021-07-15 10:03:49 +02:00 · 2021-07-15 10:03:49 +02:00 · ea89e5a32c
commit ea89e5a32c
parent f71558480c
2 changed files with 31 additions and 2 deletions
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@ -127,8 +127,8 @@ static int exec_cmp_hook_added = 0;

 void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
 {
-    uint32_t size;
-    void* func;
+    uint32_t size = 0;
+    void* func = NULL;
    switch (ot & MO_SIZE) {
      case MO_64:
        size = 8;
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@ -13254,6 +13254,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
    return ret;
 }

+//// --- Begin LibAFL code ---
+
+int (*libafl_syscall_hook)(uint64_t*, int, uint64_t, uint64_t, uint64_t,
+                           uint64_t, uint64_t, uint64_t, uint64_t, uint64_t);
+
+//// --- End LibAFL code ---
+
 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                    abi_long arg2, abi_long arg3, abi_long arg4,
                    abi_long arg5, abi_long arg6, abi_long arg7,
@ -13283,9 +13290,31 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
        print_syscall(cpu_env, num, arg1, arg2, arg3, arg4, arg5, arg6);
    }

+    //// --- Begin LibAFL code ---
+
+    uint64_t ret64;
+    if (libafl_syscall_hook && libafl_syscall_hook(&ret64, num,
+                                                   (uint64_t)arg1,
+                                                   (uint64_t)arg2,
+                                                   (uint64_t)arg3,
+                                                   (uint64_t)arg4,
+                                                   (uint64_t)arg5,
+                                                   (uint64_t)arg6,
+                                                   (uint64_t)arg7,
+                                                   (uint64_t)arg8)) {
+      ret = (abi_ulong)ret64;
+      goto after_syscall;
+    }
+
+    //// --- End LibAFL code ---
+
    ret = do_syscall1(cpu_env, num, arg1, arg2, arg3, arg4,
                      arg5, arg6, arg7, arg8);

+    //// --- Begin LibAFL code ---
+after_syscall:
+    //// --- End LibAFL code ---
+
    if (unlikely(qemu_loglevel_mask(LOG_STRACE))) {
        print_syscall_ret(cpu_env, num, ret, arg1, arg2,
                          arg3, arg4, arg5, arg6);