diff --git a/examples/fuzzing/stm32f429/fuzz.py b/examples/fuzzing/stm32f429/fuzz.py index 3f90bd212..c4da71397 100644 --- a/examples/fuzzing/stm32f429/fuzz.py +++ b/examples/fuzzing/stm32f429/fuzz.py @@ -42,10 +42,7 @@ def fuzzing_callback(ql: Qiling): return UC_ERR_OK - ql.uc.ctl_exits_enabled(True) - ql.uc.ctl_set_exits([0x80006d9]) - - ql_afl_fuzz_custom(ql, input_file, place_input_callback, fuzzing_callback=fuzzing_callback) + ql_afl_fuzz_custom(ql, input_file, place_input_callback, fuzzing_callback=fuzzing_callback, exits=[0x80006d9]) os.exit(0) diff --git a/qiling/extensions/afl/afl.py b/qiling/extensions/afl/afl.py index 6f078448d..99c15a7d8 100644 --- a/qiling/extensions/afl/afl.py +++ b/qiling/extensions/afl/afl.py @@ -28,9 +28,6 @@ def ql_afl_fuzz(ql: Qiling, :raises UcAflError: If something wrong happens with the fuzzer. """ - ql.uc.ctl_exits_enabled(True) - ql.uc.ctl_set_exits(exits) - def _dummy_fuzz_callback(_ql: "Qiling"): if isinstance(_ql.arch, QlArchARM): pc = _ql.arch.effective_pc @@ -43,17 +40,21 @@ def _dummy_fuzz_callback(_ql: "Qiling"): return UC_ERR_OK - return ql_afl_fuzz_custom(ql, input_file, place_input_callback, _dummy_fuzz_callback, + return ql_afl_fuzz_custom(ql, input_file, place_input_callback, _dummy_fuzz_callback, exits, validate_crash_callback, always_validate, persistent_iters) def ql_afl_fuzz_custom(ql: Qiling, input_file: str, place_input_callback: Callable[["Qiling", bytes, int], bool], fuzzing_callback: Callable[["Qiling"], int], + exits: List[int] = [], validate_crash_callback: Callable[["Qiling", bytes, int], bool] = None, always_validate: bool = False, persistent_iters: int = 1): + ql.uc.ctl_exits_enabled(True) + ql.uc.ctl_set_exits(exits) + def _ql_afl_place_input_wrapper(uc, input_bytes, iters, data): (ql, cb, _, _) = data