1*08b48e0bSAndroid Build Coastguard Worker# QEMU persistent hook example 2*08b48e0bSAndroid Build Coastguard Worker 3*08b48e0bSAndroid Build Coastguard WorkerCompile the test binary and the library: 4*08b48e0bSAndroid Build Coastguard Worker 5*08b48e0bSAndroid Build Coastguard Worker``` 6*08b48e0bSAndroid Build Coastguard Workermake 7*08b48e0bSAndroid Build Coastguard Worker``` 8*08b48e0bSAndroid Build Coastguard Worker 9*08b48e0bSAndroid Build Coastguard WorkerFuzz with: 10*08b48e0bSAndroid Build Coastguard Worker 11*08b48e0bSAndroid Build Coastguard Worker``` 12*08b48e0bSAndroid Build Coastguard Workerexport AFL_QEMU_PERSISTENT_ADDR=0x$(nm test | grep "T target_func" | awk '{print $1}') 13*08b48e0bSAndroid Build Coastguard Workerexport AFL_QEMU_PERSISTENT_HOOK=./read_into_rdi.so 14*08b48e0bSAndroid Build Coastguard Worker 15*08b48e0bSAndroid Build Coastguard Workermkdir in 16*08b48e0bSAndroid Build Coastguard Workerecho 0000 > in/in 17*08b48e0bSAndroid Build Coastguard Worker 18*08b48e0bSAndroid Build Coastguard Worker../../afl-fuzz -Q -i in -o out -- ./test 19*08b48e0bSAndroid Build Coastguard Worker```