VirtualBox

修改源码

src/VBox/VMM/VMMAll/IOMAllMMIONew.cpp
注释掉如下代码

#ifdef VBOX_STRICT
    if (pRange->fFlags & IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_WRITE)
    {
# ifdef IN_RING3
        LogRel(("IOM: Complicated write %#x byte at %RGp to %s, initiating debugger intervention\n", cbValue, GCPhys,
                R3STRING(pRange->pszDesc)));
        rc = DBGFR3EventSrc(pVM, DBGFEVENT_DEV_STOP, RT_SRC_POS,
                            "Complicated write %#x byte at %RGp to %s\n", cbValue, GCPhys, R3STRING(pRange->pszDesc));
        if (rc == VERR_DBGF_NOT_ATTACHED)
            rc = VINF_SUCCESS;
# else
        return VINF_IOM_R3_MMIO_WRITE;
# endif
    }
#endif

include/iprt/assert.h 注释掉 RT_BREAKPOINT
删掉assert可能会引发莫名的死机，最好还是直接删源文件里的assert调用

#define RTAssertDebugBreak()    do { RT_BREAKPOINT(); } while (0)

Config.kmk 开启gcov，开启afl插桩

VBOX_GCC_SANITIZER_FLAGS:= \
    -fprofile-arcs -ftest-coverage 

src/VBox/Devices/Makefile.kmk, 仅对device部分插桩

VBoxDD_CFLAGS.debug+=-use-afl
VBoxDD_CXXFLAGS.debug+=-use-afl
VBoxDD_LDFLAGS.debug+=-use-afl

include/iprt/mangling.h 删掉如下代码

:bad
s/^\(.*\)$/error: Missing # define \1 /
:bad-pad
/^.\{0,70\}$/ { s/$/ /; bbad-pad; }
s/define \([^ ]*\) \([ ]*\)$/define \1 \2RT_MANGLER(\1)/
p
q 1

编译

./configure --disable-hardening --disable-docs
source ./env.sh
kmk BUILD_TYPE=debug VBOX_WITH_GCC_SANITIZER=1

安装

cd out/linux.x86/release/bin/src
make
sudo make install
cd ..
sudo depmod
sudo modprobe -r vboxdrv
sudo modprobe vboxdrv

运行

sudo ASAN_OPTIONS='detect_leaks=0' ./VirtualBox

提取覆盖率

IDA loadfile

sudo /home/hades/tools/DynamoRIO-Linux-8.0.0-1/bin64/drrun -t drcov -- ../VirtualBox