Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document more clearly that EmulatorHooks.post_exec get called at the end of the harness #2765

Open
vringar opened this issue Dec 12, 2024 · 1 comment
Labels
enhancement New feature or request qemu LibAFL QEMU

Comments

@vringar
Copy link
Contributor

vringar commented Dec 12, 2024

Is your feature request related to a problem? Please describe.
I just wasted multiple days trying to figure out why my fuzzer, that I based on qemu_baremetal/low_level, reported incorrect values for a memory location that I read from my custom module in the post_exec step.

This was due to the fact that the snapshot had already been restored and the memory reset to its original value

qemu.restore_fast_snapshot(snap);

Describe the solution you'd like
Maybe change the post_exec name to post_harness? Also to differentiate against observers?

Describe alternatives you've considered
Update the comment to state that the hooks run after the harness

Additional context

What would be the correct way to read a chunk of memory after this line has returned?

I can't do it in an observer, because observers need to be serializable, so I can't add a Qemu struct to it.
I'm currently storing the return value of emulator.qemu().run() in a local var, reading the memory and then match of the stored value but that feels very hacky.

@vringar vringar added the enhancement New feature or request label Dec 12, 2024
@tokatoka tokatoka added the qemu LibAFL QEMU label Dec 12, 2024
@rmalmain
Copy link
Member

rmalmain commented Jan 2, 2025

you are right, for now the post_exec hooks are more post_harness hooks. we could add EmulatorModule callbacks for pre/post QEMU exec as well, i think it makes sense.
it could be a bit misleading since multiple runs of QEMU (and thus of the new hooks) can happen for a single input, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request qemu LibAFL QEMU
Projects
None yet
Development

No branches or pull requests

3 participants