ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 11:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

add custom_post_run.c

Browse Source
This commit is contained in:
yangzao
2023-11-24 11:06:06 -07:00
parent d6cefdc193
commit 770e868d04
4 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
custom_mutators/examples/custom_post_run.c Normal file
View File

@ -0,0 +1,53 @@
//
// This is an example on how to use afl_custom_post_run
// It executes custom code each time after AFL++ executes the target
//
// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c /////////////////////to_be_edited
// cd ../..
// afl-cc -o test-instr test-instr.c
// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \
// afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo
//
#include "afl-fuzz.h"
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
typedef struct my_mutator {
afl_state_t *afl;
} my_mutator_t;
my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
my_mutator_t *data = calloc(1, sizeof(my_mutator_t));
if (!data) {
perror("afl_custom_init alloc");
return NULL;
}
data->afl = afl;
return data;
}
void afl_custom_post_run(my_mutator_t *data, uint8_t *buf, size_t buf_size) {
printf("hello from afl_custom_post_run\n");
return;
}
void afl_custom_deinit(my_mutator_t *data) {
free(data);
}

12
include/afl-fuzz.h
View File

@ -1020,6 +1020,18 @@ struct custom_mutator {
*/ */
void (*afl_custom_fuzz_send)(void *data, const u8 *buf, size_t buf_size); void (*afl_custom_fuzz_send)(void *data, const u8 *buf, size_t buf_size);
/**
* This method can be used if you want to run some code or scripts each time
* AFL++ executes the target with afl-fuzz.
*
* (Optional)
*
* @param data pointer returned in afl_custom_init by this custom mutator
* @param buf Buffer containing the test case
* @param buf_size Size of the test case
*/
void (*afl_custom_post_run)(void *data, const u8 *buf, size_t buf_size);
/** /**
* Allow for additional analysis (e.g. calling a different tool that does a * Allow for additional analysis (e.g. calling a different tool that does a
* different kind of coverage and saves this for the custom mutator). * different kind of coverage and saves this for the custom mutator).

12
src/afl-fuzz-mutators.c
View File

@ -397,6 +397,18 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
} }
/* "afl_custom_post_run", optional */
mutator->afl_custom_post_run = dlsym(dh, "afl_custom_post_run");
if (!mutator->afl_custom_post_run) {
ACTF("optional symbol 'afl_custom_post_run' not found.");
} else {
OKF("Found 'afl_custom_post_run'.");
}
/* "afl_custom_queue_new_entry", optional */ /* "afl_custom_queue_new_entry", optional */
mutator->afl_custom_queue_new_entry = dlsym(dh, "afl_custom_queue_new_entry"); mutator->afl_custom_queue_new_entry = dlsym(dh, "afl_custom_queue_new_entry");
if (!mutator->afl_custom_queue_new_entry) { if (!mutator->afl_custom_queue_new_entry) {

2
src/afl-fuzz-run.c
View File

@ -60,6 +60,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon);
#ifdef PROFILING #ifdef PROFILING
clock_gettime(CLOCK_REALTIME, &spec); clock_gettime(CLOCK_REALTIME, &spec);
time_spent_start = (spec.tv_sec * 1000000000) + spec.tv_nsec; time_spent_start = (spec.tv_sec * 1000000000) + spec.tv_nsec;