merge master and dev, not tested, may have errors.

afl-pt/afl-ptfuzz.c

@@ -2299,6 +2299,12 @@ static u8 run_target(char** argv, u32 timeout) {
       // printf("%s\n", argv);
       // printf("%s\n", target_path);
 
+    int aa_pipe_fd[2];
+    if(pipe(aa_pipe_fd)<0)
+    {
+      printf("Fail to create pipe!!");
+      return -1;
+    }
 
 
 
@@ -2307,9 +2313,11 @@ static u8 run_target(char** argv, u32 timeout) {
     if (child_pid < 0) PFATAL("fork() failed");
 
     if (!child_pid) {
-
+      char buf[1];
       //printf("这是子进程,进程标识符是%d\n",getpid());
-
+      read(aa_pipe_fd[0], buf, sizeof(buf));
+      close(aa_pipe_fd[1]);
+      close(aa_pipe_fd[0]);
       struct rlimit r;
 
       if (mem_limit) {
@@ -2385,8 +2393,11 @@ static u8 run_target(char** argv, u32 timeout) {
     }
     else{
       start_pt_fuzzer(child_pid);
+      write(aa_pipe_fd[1],"s",strlen("s"));
       if (waitpid(child_pid, &status, 0) <= 0) PFATAL("waitpid() failed");
       stop_pt_fuzzer(trace_bits);
+      close(aa_pipe_fd[0]);
+      close(aa_pipe_fd[1]);
       //printf("这是父进程,进程标识符是%d\n",getpid());
       /*
       if(perf_config(child_pid, &run) == false)
@@ -8031,17 +8042,17 @@ int main(int argc, char** argv) {
 
       case 'l':
         min_addr = strtoul(optarg, NULL, 0);
-        printf("min_addr: %d\n", min_addr);
+        printf("min_addr: %ld\n", min_addr);
         break;
 
       case 'h':
         max_addr = strtoul(optarg, NULL, 0);
-        printf("max_addr: %d\n", max_addr);
+        printf("max_addr: %ld\n", max_addr);
         break;
 
       case 'e':
         entry_point = strtoul(optarg, NULL, 0);
-        printf("entry_point: %d\n", entry_point);
+        printf("entry_point: %ld\n", entry_point);
         break;
 
       default:
@@ -8136,6 +8147,26 @@ int main(int argc, char** argv) {
   }
 
 */
+
+#ifdef DEBUG
+  std::cout << "before wrmsr" << std::endl;
+#endif
+  char base_address[20];
+  char max_address[20];
+  sprintf(base_address,"%ld",min_addr);
+  sprintf(max_address,"%ld",max_addr);
+  char* reg_value[2] = {base_address, NULL};
+  wrmsr_on_all_cpus(0x580, 1, reg_value);
+
+  reg_value[0] = max_address;
+  wrmsr_on_all_cpus(0x581, 1, reg_value);
+
+#ifdef DEBUG
+  rdmsr_on_all_cpus(0x580);
+  rdmsr_on_all_cpus(0x581);
+  std::cout << "after wrmsr" << std::endl;
+#endif
+
   save_cmdline(argc, argv);
 
   fix_up_banner(argv[optind]);

msr/Makefile

@@ -1,43 +1,260 @@
-## -----------------------------------------------------------------------
-##   
-##   Copyright 2000 Transmeta Corporation - All Rights Reserved
-##
-##   This program is free software; you can redistribute it and/or modify
-##   it under the terms of the GNU General Public License as published by
-##   the Free Software Foundation, Inc., 675 Mass Ave, Cambridge MA 02139,
-##   USA; either version 2 of the License, or (at your option) any later
-##   version; incorporated herein by reference.
-##
-## -----------------------------------------------------------------------
+# CMAKE generated file: DO NOT EDIT!
+# Generated by "Unix Makefiles" Generator, CMake Version 3.9
 
-#
-# Makefile for MSRs
-#
+# Default target executed when no arguments are given to make.
+default_target: all
 
-CC       = gcc -Wall
-CFLAGS   = -g -O2 -fomit-frame-pointer -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
-LDFLAGS  = 
+.PHONY : default_target
 
-BIN	= wrmsr rdmsr cpuid
+# Allow only one "make -f Makefile2" at a time, but pass parallelism.
+.NOTPARALLEL:
 
-sbindir = /usr/sbin
 
-all: $(BIN)
+#=============================================================================
+# Special targets provided by cmake.
 
+# Disable implicit rules so canonical targets will work.
+.SUFFIXES:
+
+
+# Remove some rules from gmake that .SUFFIXES does not remove.
+SUFFIXES =
+
+.SUFFIXES: .hpux_make_needs_suffix_list
+
+
+# Suppress display of executed commands.
+$(VERBOSE).SILENT:
+
+
+# A target that is always out of date.
+cmake_force:
+
+.PHONY : cmake_force
+
+#=============================================================================
+# Set environment variables for the build.
+
+# The shell in which to execute make rules.
+SHELL = /bin/sh
+
+# The CMake executable.
+CMAKE_COMMAND = /usr/bin/cmake
+
+# The command to remove a file.
+RM = /usr/bin/cmake -E remove -f
+
+# Escaping for special characters.
+EQUALS = =
+
+# The top-level source directory on which CMake was run.
+CMAKE_SOURCE_DIR = /home/hunter/ptfuzzer
+
+# The top-level build directory on which CMake was run.
+CMAKE_BINARY_DIR = /home/hunter/ptfuzzer
+
+#=============================================================================
+# Targets provided globally by CMake.
+
+# Special rule for the target install/strip
+install/strip: preinstall
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..."
+	/usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake
+.PHONY : install/strip
+
+# Special rule for the target install/strip
+install/strip/fast: preinstall/fast
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..."
+	/usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake
+.PHONY : install/strip/fast
+
+# Special rule for the target edit_cache
+edit_cache:
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "No interactive CMake dialog available..."
+	/usr/bin/cmake -E echo No\ interactive\ CMake\ dialog\ available.
+.PHONY : edit_cache
+
+# Special rule for the target edit_cache
+edit_cache/fast: edit_cache
+
+.PHONY : edit_cache/fast
+
+# Special rule for the target rebuild_cache
+rebuild_cache:
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running CMake to regenerate build system..."
+	/usr/bin/cmake -H$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR)
+.PHONY : rebuild_cache
+
+# Special rule for the target rebuild_cache
+rebuild_cache/fast: rebuild_cache
+
+.PHONY : rebuild_cache/fast
+
+# Special rule for the target list_install_components
+list_install_components:
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Available install components are: \"Unspecified\""
+.PHONY : list_install_components
+
+# Special rule for the target list_install_components
+list_install_components/fast: list_install_components
+
+.PHONY : list_install_components/fast
+
+# Special rule for the target install/local
+install/local: preinstall
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..."
+	/usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake
+.PHONY : install/local
+
+# Special rule for the target install/local
+install/local/fast: preinstall/fast
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..."
+	/usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake
+.PHONY : install/local/fast
+
+# Special rule for the target install
+install: preinstall
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..."
+	/usr/bin/cmake -P cmake_install.cmake
+.PHONY : install
+
+# Special rule for the target install
+install/fast: preinstall/fast
+	@$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..."
+	/usr/bin/cmake -P cmake_install.cmake
+.PHONY : install/fast
+
+# The main all target
+all: cmake_check_build_system
+	cd /home/hunter/ptfuzzer && $(CMAKE_COMMAND) -E cmake_progress_start /home/hunter/ptfuzzer/CMakeFiles /home/hunter/ptfuzzer/msr/CMakeFiles/progress.marks
+	cd /home/hunter/ptfuzzer && $(MAKE) -f CMakeFiles/Makefile2 msr/all
+	$(CMAKE_COMMAND) -E cmake_progress_start /home/hunter/ptfuzzer/CMakeFiles 0
+.PHONY : all
+
+# The main clean target
 clean:
-	rm -f *.o $(BIN)
+	cd /home/hunter/ptfuzzer && $(MAKE) -f CMakeFiles/Makefile2 msr/clean
+.PHONY : clean
+
+# The main clean target
+clean/fast: clean
+
+.PHONY : clean/fast
+
+# Prepare targets for installation.
+preinstall: all
+	cd /home/hunter/ptfuzzer && $(MAKE) -f CMakeFiles/Makefile2 msr/preinstall
+.PHONY : preinstall
+
+# Prepare targets for installation.
+preinstall/fast:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f CMakeFiles/Makefile2 msr/preinstall
+.PHONY : preinstall/fast
+
+# clear depends
+depend:
+	cd /home/hunter/ptfuzzer && $(CMAKE_COMMAND) -H$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 1
+.PHONY : depend
+
+# Convenience name for target.
+msr/CMakeFiles/msr.dir/rule:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f CMakeFiles/Makefile2 msr/CMakeFiles/msr.dir/rule
+.PHONY : msr/CMakeFiles/msr.dir/rule
+
+# Convenience name for target.
+msr: msr/CMakeFiles/msr.dir/rule
+
+.PHONY : msr
+
+# fast build rule for target.
+msr/fast:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/build
+.PHONY : msr/fast
+
+rdmsr.o: rdmsr.c.o
+
+.PHONY : rdmsr.o
+
+# target to build an object file
+rdmsr.c.o:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/rdmsr.c.o
+.PHONY : rdmsr.c.o
+
+rdmsr.i: rdmsr.c.i
+
+.PHONY : rdmsr.i
+
+# target to preprocess a source file
+rdmsr.c.i:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/rdmsr.c.i
+.PHONY : rdmsr.c.i
+
+rdmsr.s: rdmsr.c.s
+
+.PHONY : rdmsr.s
+
+# target to generate assembly for a file
+rdmsr.c.s:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/rdmsr.c.s
+.PHONY : rdmsr.c.s
+
+wrmsr.o: wrmsr.c.o
+
+.PHONY : wrmsr.o
+
+# target to build an object file
+wrmsr.c.o:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/wrmsr.c.o
+.PHONY : wrmsr.c.o
+
+wrmsr.i: wrmsr.c.i
+
+.PHONY : wrmsr.i
+
+# target to preprocess a source file
+wrmsr.c.i:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/wrmsr.c.i
+.PHONY : wrmsr.c.i
+
+wrmsr.s: wrmsr.c.s
+
+.PHONY : wrmsr.s
+
+# target to generate assembly for a file
+wrmsr.c.s:
+	cd /home/hunter/ptfuzzer && $(MAKE) -f msr/CMakeFiles/msr.dir/build.make msr/CMakeFiles/msr.dir/wrmsr.c.s
+.PHONY : wrmsr.c.s
+
+# Help Target
+help:
+	@echo "The following are some of the valid targets for this Makefile:"
+	@echo "... all (the default if no target is provided)"
+	@echo "... clean"
+	@echo "... depend"
+	@echo "... install/strip"
+	@echo "... edit_cache"
+	@echo "... msr"
+	@echo "... rebuild_cache"
+	@echo "... list_install_components"
+	@echo "... install/local"
+	@echo "... install"
+	@echo "... rdmsr.o"
+	@echo "... rdmsr.i"
+	@echo "... rdmsr.s"
+	@echo "... wrmsr.o"
+	@echo "... wrmsr.i"
+	@echo "... wrmsr.s"
+.PHONY : help
 
-distclean: clean
-	rm -f *~ \#*
 
-install: all
-	install -m 755 $(BIN) $(sbindir)
 
-.o:
-	$(CC) $(LDFLAGS) -o $@ $<
+#=============================================================================
+# Special targets to cleanup operation of make.
 
-.c.o:
-	$(CC) $(CFLAGS) -o $@ $<
+# Special rule to run CMake to check the build system integrity.
+# No rule that depends on this can have commands that come from listfiles
+# because they might be regenerated.
+cmake_check_build_system:
+	cd /home/hunter/ptfuzzer && $(CMAKE_COMMAND) -H$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 0
+.PHONY : cmake_check_build_system
 
-.c:
-	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<

pt/pt_decoder.cpp

@@ -208,6 +208,11 @@ bool pt_tracer::open_pt(int pt_perf_type) {
         printf("perf_event_open() failed\n");
         return false;
     }
+    if(ioctl(perf_fd, PERF_EVENT_IOC_SET_FILTER, "filter 0x580/580@/home/hunter/ptfuzzer/build/ptest/readelf") < 0){
+        std::cerr << "set filter for fd " << perf_fd  << " failed." << std::endl;
+        return false;
+    }
+
 #ifdef DEBUG
     std::cout << "before wrmsr" << std::endl;
 #endif