7fada7d985
* Add DrCov Reader * Removed libafl_jumper deps * Fix DrCovWriter, add dump_drcov_addrs * Taplo * Move frida from usize to u64 * DrCov usize=>u64 * Better error print * More u64 * ? * debug * clippy * clippy * Add Merge option to DrCovReader * Add drcov_merge tool * Move folder around * DrCov * More assert * fmt * Move around * Fix print * Add option to read multiple files/full folders
LIBAFL_JUMPER
If you want to replace your unicorn use with libafl_qemu, this might be your tool.
It can run as stub binary.
From inside LibAFL, you can break at jmp, then mmap and load all of the memory you need,
then continue running.
Depending on your toolchain, you want to build the tool for the guest platform.
Since the loader will run inside qemu-linux-user, the target OS needs to be linux
(Of course, there might be other use cases for you).
To build this statically linked with musl libc, we can do the following:
# Install cross compiler toolchain
apt-get install gcc-arm-linux-gnueabihf
# Install the rust toolchain parts
rustup target add arm-unknown-linux-musleabi
# Build for the target. The addresses in the linker script should not be used by your target binary.
RUSTFLAGS="-C target-feature=+crt-static, -C link-self-contained=yes -C linker=arm-linux-gnueabi-gcc -C link-arg=T$(realpath linker_script.ld)" cargo build --target=arm-unknown-linux-musleabi --release
↪ Or do that for any other architecture, such as x86_64-unknown-linux-musl.
Then, you can run libafl_jumper with a hex-encoded address as parameter, and break at the libafl_jmp and (m)map your memory to the right place in memory, before continuing to run.
The jumper will then jump to the provided address.
Enjoy jumping like a little bunny.