FRET-qemu/include/libafl/hooks/tcg/jmp.h

#pragma once

#include "qemu/osdep.h"
#include "qapi/error.h"

#include "exec/exec-all.h"
#include "exec/tb-flush.h"

#include "libafl/exit.h"
#include "libafl/hook.h"

typedef uint64_t (*libafl_jmp_gen_cb)(uint64_t data, target_ulong src, target_ulong dst);
typedef void (*libafl_jmp_exec_cb)(uint64_t data, target_ulong src, target_ulong dst, uint64_t id);

struct libafl_jmp_hook {
    libafl_jmp_gen_cb gen_cb;
    libafl_jmp_exec_cb exec_cb;
    uint64_t data;
    size_t num;
    TCGHelperInfo helper_info;
    struct libafl_jmp_hook* next;
};

extern struct libafl_jmp_hook* libafl_jmp_hooks;

size_t libafl_add_jmp_hook(uint64_t (*gen_cb)(uint64_t data, target_ulong src, target_ulong dst),
                          void (*exec_cb)(uint64_t data, target_ulong src, target_ulong dst, uint64_t id),
                          uint64_t data);

void libafl_gen_jmp(target_ulong src, target_ulong dst);

// Use an indirect jump target
void libafl_gen_jmp_dynamic(target_ulong src, TCGv_i32 dst);
int libafl_qemu_remove_jmp_hook(size_t num, int invalidate);