kotee4ko
commented
3 years ago without debug output of LKM I get this values for a bit modificated test-case: which is a bit faster that other realizations.
time /test1
1
2
3
4
5
6
7
real 0m0.618s
user 0m0.240s
sys 0m0.372sBut my goal not speed. I want fuzz network pthread binary server program under qemu-mode.
Can you advice me, please? Push in right direction. I thinking about modify forkserver soure to allow it trigger roll-back option for child process. It shouldn't be very hard, just accept targets pid_nr via ioctl and walk to task_struct from like: pid_nr -> struct pid -> task_struct.
Then roll back target. But how to find entry point inside code? It is so huge....
Thanks.
Hi :)