ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

showmap -A -> -H, accurate help output

Browse Source
This commit is contained in:
vanhauser-thc
2021-11-16 11:03:53 +01:00
parent 464f1a78df
commit 268339a683
10 changed files with 43 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
GNUmakefile
View File

@ -346,7 +346,7 @@ help:
@echo "HELP --- the following make targets exist:" @echo "HELP --- the following make targets exist:"
@echo "==========================================" @echo "=========================================="
@echo "all: just the main afl++ binaries" @echo "all: just the main afl++ binaries"
@echo "binary-only: everything for binary-only fuzzing: coresight_mode, qemu_mode, unicorn_mode, libdislocator, libtokencap" @echo "binary-only: everything for binary-only fuzzing: qemu_mode, frida_mode, unicorn_mode, coresight_mode, libdislocator, libtokencap"
@echo "source-only: everything for source code fuzzing: gcc_plugin, libdislocator, libtokencap" @echo "source-only: everything for source code fuzzing: gcc_plugin, libdislocator, libtokencap"
@echo "distrib: everything (for both binary-only and source code fuzzing)" @echo "distrib: everything (for both binary-only and source code fuzzing)"
@echo "man: creates simple man pages from the help option of the programs" @echo "man: creates simple man pages from the help option of the programs"

6
afl-cmin
View File

@ -396,7 +396,7 @@ BEGIN {
system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"")
} else { } else {
system("cp \""in_dir"/"first_file"\" "stdin_file) system("cp \""in_dir"/"first_file"\" "stdin_file)
system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -A \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null")
} }
first_count = 0 first_count = 0
@ -432,8 +432,8 @@ BEGIN {
retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string) retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string)
} else { } else {
print " Processing "in_count" files (forkserver mode)..." print " Processing "in_count" files (forkserver mode)..."
# print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -A \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null" # print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null"
retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -A \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null")
} }
if (retval && !AFL_CMIN_CRASHES_ONLY) { if (retval && !AFL_CMIN_CRASHES_ONLY) {

4
afl-cmin.bash
View File

@ -310,7 +310,7 @@ if [ "$STDIN_FILE" = "" ]; then
else else
cp "$IN_DIR/$FIRST_FILE" "$STDIN_FILE" cp "$IN_DIR/$FIRST_FILE" "$STDIN_FILE"
AFL_CMIN_ALLOW_ANY=1 "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/.run_test" -Z $EXTRA_PAR -A "$STDIN_FILE" -- "$@" </dev/null AFL_CMIN_ALLOW_ANY=1 "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/.run_test" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
fi fi
@ -360,7 +360,7 @@ echo "[*] Obtaining traces for input files in '$IN_DIR'..."
cp "$IN_DIR/$fn" "$STDIN_FILE" cp "$IN_DIR/$fn" "$STDIN_FILE"
"$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -A "$STDIN_FILE" -- "$@" </dev/null "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" </dev/null
done done

1
coresight_mode/README.md
View File

@ -55,7 +55,6 @@ There are AFL++ CoreSight mode-specific environment variables for run-time confi
## TODO List ## TODO List
* Change `afl-showmap` ARM CoreSight mode option to `-A` without conflict
* Eliminate modified glibc dependency * Eliminate modified glibc dependency
* Support parallel fuzzing * Support parallel fuzzing

6
docs/Changelog.md
View File

@ -10,12 +10,14 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
### Version ++3.15a (dev) ### Version ++3.15a (dev)
- documentation restructuring, made possible by Google Season of Docs :) - documentation restructuring, made possible by Google Season of Docs :)
- new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :)
thanks to RICSecLab submitting!
- afl-fuzz: - afl-fuzz:
- cmplog binaries will need to be recompiled for this version - cmplog binaries will need to be recompiled for this version
(it is better!) (it is better!)
- fix a regression introduced in 3.10 that resulted in less - fix a regression introduced in 3.10 that resulted in less
coverage being detected. thanks to Collin May for reporting! coverage being detected. thanks to Collin May for reporting!
- added AFL_IGNORE_PROBLEMS plus checks to identify and abort on - added AFL_IGNORE_PROBLEMS, plus checks to identify and abort on
incorrect LTO usage setups and enhanced the READMEs for better incorrect LTO usage setups and enhanced the READMEs for better
information on how to deal with instrumenting libraries information on how to deal with instrumenting libraries
- fix -n dumb mode (nobody should use this) - fix -n dumb mode (nobody should use this)
@ -30,6 +32,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- honor persistent mode for more speed. thanks to dloffre-snl - honor persistent mode for more speed. thanks to dloffre-snl
for reporting! for reporting!
- fix bug where targets are not killed on timeouts - fix bug where targets are not killed on timeouts
- moved hidden afl-showmap -A option to -H to be used for
coresight_mode
- Prevent accidently killing non-afl/fuzz services when aborting - Prevent accidently killing non-afl/fuzz services when aborting
afl-showmap and other tools. afl-showmap and other tools.
- afl-cc: - afl-cc:

7
src/afl-analyze.c
View File

@ -848,12 +848,17 @@ static void usage(u8 *argv0) {
" -f file - input file read by the tested program (stdin)\n" " -f file - input file read by the tested program (stdin)\n"
" -t msec - timeout for each run (%u ms)\n" " -t msec - timeout for each run (%u ms)\n"
" -m megs - memory limit for child process (%u MB)\n" " -m megs - memory limit for child process (%u MB)\n"
#if defined(__linux__) && defined(__aarch64__)
" -A - use binary-only instrumentation (ARM CoreSight mode)\n" " -A - use binary-only instrumentation (ARM CoreSight mode)\n"
#endif
" -O - use binary-only instrumentation (FRIDA mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n"
#if defined(__linux__)
" -Q - use binary-only instrumentation (QEMU mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine " " -W - use qemu-based instrumentation with Wine (Wine "
"mode)\n\n" "mode)\n"
#endif
"\n"
"Analysis settings:\n" "Analysis settings:\n"

6
src/afl-fuzz-bitmap.c
View File

@ -452,14 +452,12 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
if (unlikely(len == 0)) { return 0; } if (unlikely(len == 0)) { return 0; }
u8 fn[PATH_MAX];
u8 *queue_fn = ""; u8 *queue_fn = "";
u8 new_bits = '\0'; u8 new_bits = 0, keeping = 0, res, classified = 0;
s32 fd; s32 fd;
u8 keeping = 0, res, classified = 0;
u64 cksum = 0; u64 cksum = 0;
u8 fn[PATH_MAX];
/* Update path frequency. */ /* Update path frequency. */
/* Generating a hash on every input is super expensive. Bad idea and should /* Generating a hash on every input is super expensive. Bad idea and should

7
src/afl-fuzz.c
View File

@ -113,12 +113,17 @@ static void usage(u8 *argv0, int more_help) {
"maximum.\n" "maximum.\n"
" -m megs - memory limit for child process (%u MB, 0 = no limit " " -m megs - memory limit for child process (%u MB, 0 = no limit "
"[default])\n" "[default])\n"
#if defined(__linux__) && defined(__aarch64__)
" -A - use binary-only instrumentation (ARM CoreSight mode)\n" " -A - use binary-only instrumentation (ARM CoreSight mode)\n"
#endif
" -O - use binary-only instrumentation (FRIDA mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n"
#if defined(__linux__)
" -Q - use binary-only instrumentation (QEMU mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine " " -W - use qemu-based instrumentation with Wine (Wine "
"mode)\n\n" "mode)\n"
#endif
"\n"
"Mutator settings:\n" "Mutator settings:\n"
" -D - enable deterministic fuzzing (once per queue entry)\n" " -D - enable deterministic fuzzing (once per queue entry)\n"

19
src/afl-showmap.c
View File

@ -844,13 +844,18 @@ static void usage(u8 *argv0) {
"Execution control settings:\n" "Execution control settings:\n"
" -t msec - timeout for each run (none)\n" " -t msec - timeout for each run (none)\n"
" -m megs - memory limit for child process (%u MB)\n" " -m megs - memory limit for child process (%u MB)\n"
#if defined(__linux__) && defined(__aarch64__)
" -A - use binary-only instrumentation (ARM CoreSight mode)\n"
#endif
" -O - use binary-only instrumentation (FRIDA mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n"
" -P - use binary-only instrumentation (ARM CoreSight mode)\n" #if defined(__linux__)
" -Q - use binary-only instrumentation (QEMU mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use Unicorn-based instrumentation (Unicorn mode)\n" " -U - use Unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine mode)\n" " -W - use qemu-based instrumentation with Wine (Wine mode)\n"
" (Not necessary, here for consistency with other afl-* " " (Not necessary, here for consistency with other afl-* "
"tools)\n\n" "tools)\n"
#endif
"\n"
"Other settings:\n" "Other settings:\n"
" -i dir - process all files below this directory, must be combined " " -i dir - process all files below this directory, must be combined "
"with -o.\n" "with -o.\n"
@ -920,7 +925,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (getenv("AFL_QUIET") != NULL) { be_quiet = true; } if (getenv("AFL_QUIET") != NULL) { be_quiet = true; }
while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqCZOPQUWbcrsh")) > 0) { while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqCZOHQUWbcrsh")) > 0) {
switch (opt) { switch (opt) {
@ -1049,7 +1054,7 @@ int main(int argc, char **argv_orig, char **envp) {
quiet_mode = true; quiet_mode = true;
break; break;
case 'A': case 'H':
/* Another afl-cmin specific feature. */ /* Another afl-cmin specific feature. */
at_file = optarg; at_file = optarg;
break; break;
@ -1065,13 +1070,13 @@ int main(int argc, char **argv_orig, char **envp) {
/* FIXME: We want to use -P for consistency, but it is already unsed for /* FIXME: We want to use -P for consistency, but it is already unsed for
* undocumenetd feature "Another afl-cmin specific feature." */ * undocumenetd feature "Another afl-cmin specific feature." */
case 'P': /* CoreSight mode */ case 'A': /* CoreSight mode */
#if !defined(__aarch64__) || !defined(__linux__) #if !defined(__aarch64__) || !defined(__linux__)
FATAL("-P option is not supported on this platform"); FATAL("-A option is not supported on this platform");
#endif #endif
if (fsrv->cs_mode) { FATAL("Multiple -P options not supported"); } if (fsrv->cs_mode) { FATAL("Multiple -A options not supported"); }
fsrv->cs_mode = true; fsrv->cs_mode = true;
break; break;

7
src/afl-tmin.c
View File

@ -866,14 +866,19 @@ static void usage(u8 *argv0) {
" -f file - input file read by the tested program (stdin)\n" " -f file - input file read by the tested program (stdin)\n"
" -t msec - timeout for each run (%u ms)\n" " -t msec - timeout for each run (%u ms)\n"
" -m megs - memory limit for child process (%u MB)\n" " -m megs - memory limit for child process (%u MB)\n"
#if defined(__linux__) && defined(__aarch64__)
" -A - use binary-only instrumentation (ARM CoreSight mode)\n" " -A - use binary-only instrumentation (ARM CoreSight mode)\n"
#endif
" -O - use binary-only instrumentation (FRIDA mode)\n" " -O - use binary-only instrumentation (FRIDA mode)\n"
#if defined(__linux__)
" -Q - use binary-only instrumentation (QEMU mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine " " -W - use qemu-based instrumentation with Wine (Wine "
"mode)\n" "mode)\n"
" (Not necessary, here for consistency with other afl-* " " (Not necessary, here for consistency with other afl-* "
"tools)\n\n" "tools)\n"
#endif
"\n"
"Minimization settings:\n" "Minimization settings:\n"