修改源码
src/VBox/VMM/VMMAll/IOMAllMMIONew.cpp
注释掉如下代码
#ifdef VBOX_STRICT
if (pRange->fFlags & IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_WRITE)
{
# ifdef IN_RING3
LogRel(("IOM: Complicated write %#x byte at %RGp to %s, initiating debugger intervention\n", cbValue, GCPhys,
R3STRING(pRange->pszDesc)));
rc = DBGFR3EventSrc(pVM, DBGFEVENT_DEV_STOP, RT_SRC_POS,
"Complicated write %#x byte at %RGp to %s\n", cbValue, GCPhys, R3STRING(pRange->pszDesc));
if (rc == VERR_DBGF_NOT_ATTACHED)
rc = VINF_SUCCESS;
# else
return VINF_IOM_R3_MMIO_WRITE;
# endif
}
#endif
include/iprt/assert.h 注释掉 RT_BREAKPOINT
删掉assert可能会引发莫名的死机,最好还是直接删源文件里的assert调用
#define RTAssertDebugBreak() do { RT_BREAKPOINT(); } while (0)
Config.kmk 开启gcov,开启afl插桩
VBOX_GCC_SANITIZER_FLAGS:= \
-fprofile-arcs -ftest-coverage
src/VBox/Devices/Makefile.kmk, 仅对device部分插桩
VBoxDD_CFLAGS.debug+=-use-afl
VBoxDD_CXXFLAGS.debug+=-use-afl
VBoxDD_LDFLAGS.debug+=-use-afl
include/iprt/mangling.h 删掉如下代码
:bad
s/^\(.*\)$/error: Missing # define \1 /
:bad-pad
/^.\{0,70\}$/ { s/$/ /; bbad-pad; }
s/define \([^ ]*\) \([ ]*\)$/define \1 \2RT_MANGLER(\1)/
p
q 1
编译
./configure --disable-hardening --disable-docs
source ./env.sh
kmk BUILD_TYPE=debug VBOX_WITH_GCC_SANITIZER=1
安装
cd out/linux.x86/release/bin/src
make
sudo make install
cd ..
sudo depmod
sudo modprobe -r vboxdrv
sudo modprobe vboxdrv
运行
sudo ASAN_OPTIONS='detect_leaks=0' ./VirtualBox
提取覆盖率
IDA loadfile
sudo /home/hades/tools/DynamoRIO-Linux-8.0.0-1/bin64/drrun -t drcov -- ../VirtualBox
网友评论