Add Multiple Exit Support for More Architectures

Question

Add Multiple Exit Support for More Architectures

Closed this issue 5 years ago · 2 comments

Right now, multiple exits are only supported on X64 (X86_64).
The way it works on X64 is as follows:

When mapping a page, a syscall insn is patched in for each exit in this page
When a syscall hook is triggered (cheap), the hook checks if it belongs to an exit
Exit.

The other archs will need an alternative to syscall which is cheap in unicorn.
For X86, UB2 might be an option.
Any illegal instruction could maybe be used.

Answer 1 · 2019-10-24T16:05:50.000Z

Instead of building some awkward wrapper around Unicorn, I patched multiple exits in in this uc branch.
domenukk/unicornafl@81802f5
Cleaning this up now, then merging it to AFL++, then including it here.
Soon(tm)

Answer 2 · 2019-12-18T00:51:57.000Z

Merged to master with commit 3ac3007