ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhance examples

Browse Source
This commit is contained in:
vanhauser-thc
2023-01-19 17:24:56 +01:00
parent 86d3c65559
commit 628b4b6002
4 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
custom_mutators/README.md
View File

@ -11,6 +11,16 @@ The `./examples` folder contains examples for custom mutators in python and C.
In `./rust`, you will find rust bindings, including a simple example in `./rust/example` and an example for structured fuzzing, based on lain, in`./rust/example_lain`. In `./rust`, you will find rust bindings, including a simple example in `./rust/example` and an example for structured fuzzing, based on lain, in`./rust/example_lain`.
## The AFL++ grammar agnostic grammar mutator
In `./autotokens` you find a token-level fuzzer that does not need to know
anything about the grammar of an input as long as it is in ascii and allows
whitespace.
It is very fast and effective.
If you are looking for an example of how to effectively create a custom
mutator take a look at this one.
## The AFL++ Grammar Mutator ## The AFL++ Grammar Mutator
If you use git to clone AFL++, then the following will incorporate our If you use git to clone AFL++, then the following will incorporate our

7
custom_mutators/examples/custom_send.c
View File

@ -1,7 +1,14 @@
//
// This is an example on how to use afl_custom_send
// It writes each mutated data set to /tmp/foo
// You can modify this to send to IPC, shared memory, etc.
//
// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c // cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c
// cd ../.. // cd ../..
// afl-cc -o test-instr test-instr.c // afl-cc -o test-instr test-instr.c
// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \
// afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo // afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo
//
#include "custom_mutator_helpers.h" #include "custom_mutator_helpers.h"

4
custom_mutators/examples/example.c
View File

@ -6,7 +6,7 @@
Dominik Maier <mail@dmnk.co> Dominik Maier <mail@dmnk.co>
*/ */
// You need to use -I /path/to/AFLplusplus/include // You need to use -I/path/to/AFLplusplus/include -I.
#include "custom_mutator_helpers.h" #include "custom_mutator_helpers.h"
#include <stdint.h> #include <stdint.h>
@ -118,6 +118,8 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
} }
if (max_size > mutated_size) { mutated_size = max_size; }
*out_buf = mutated_out; *out_buf = mutated_out;
return mutated_size; return mutated_size;

4
custom_mutators/examples/post_library_gif.so.c
View File

@ -129,8 +129,8 @@ size_t afl_custom_post_process(post_state_t *data, unsigned char *in_buf,
/* Allocate memory for new buffer, reusing previous allocation if /* Allocate memory for new buffer, reusing previous allocation if
possible. Note we have to use afl-fuzz's own realloc! possible. Note we have to use afl-fuzz's own realloc!
Note that you should only do this if you need to grow the buffer, We use afl_realloc because it is effective.
otherwise work with in_buf, and assign it to *out_buf instead. */ You can also work within in_buf, and assign it to *out_buf. */
*out_buf = afl_realloc(out_buf, len); *out_buf = afl_realloc(out_buf, len);