You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I just wasted multiple days trying to figure out why my fuzzer, that I based on qemu_baremetal/low_level, reported incorrect values for a memory location that I read from my custom module in the post_exec step.
This was due to the fact that the snapshot had already been restored and the memory reset to its original value
I can't do it in an observer, because observers need to be serializable, so I can't add a Qemu struct to it.
I'm currently storing the return value of emulator.qemu().run() in a local var, reading the memory and then match of the stored value but that feels very hacky.
The text was updated successfully, but these errors were encountered:
you are right, for now the post_exec hooks are more post_harness hooks. we could add EmulatorModule callbacks for pre/post QEMU exec as well, i think it makes sense.
it could be a bit misleading since multiple runs of QEMU (and thus of the new hooks) can happen for a single input, though.
Is your feature request related to a problem? Please describe.
I just wasted multiple days trying to figure out why my fuzzer, that I based on qemu_baremetal/low_level, reported incorrect values for a memory location that I read from my custom module in the
post_exec
step.This was due to the fact that the snapshot had already been restored and the memory reset to its original value
LibAFL/fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs
Line 192 in be21fae
Describe the solution you'd like
Maybe change the post_exec name to post_harness? Also to differentiate against observers?
Describe alternatives you've considered
Update the comment to state that the hooks run after the harness
Additional context
What would be the correct way to read a chunk of memory after this line has returned?
LibAFL/fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs
Line 160 in be21fae
I can't do it in an observer, because observers need to be serializable, so I can't add a
Qemu
struct to it.I'm currently storing the return value of
emulator.qemu().run()
in a local var, reading the memory and then match of the stored value but that feels very hacky.The text was updated successfully, but these errors were encountered: