ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-19 04:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve binary-only related docs

Browse Source
This commit is contained in:
Bet4
2023-12-21 23:48:43 +08:00
parent c38dedbecd
commit 86d76b52ac
3 changed files with 4 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/fuzzing_binary-only_targets.md
View File

@ -94,8 +94,7 @@ For more information, see
In FRIDA mode, you can fuzz binary-only targets as easily as with QEMU mode. In FRIDA mode, you can fuzz binary-only targets as easily as with QEMU mode.
FRIDA mode is most of the times slightly faster than QEMU mode. It is also FRIDA mode is most of the times slightly faster than QEMU mode. It is also
newer, lacks COMPCOV, and has the advantage that it works on MacOS (both intel newer, and has the advantage that it works on MacOS (both intel and M1).
and M1).
To build FRIDA mode: To build FRIDA mode:
@ -113,10 +112,6 @@ The mode is approximately 2-5x slower than compile-time instrumentation, and is
less conducive to parallelization. But for binary-only fuzzing, it gives a huge less conducive to parallelization. But for binary-only fuzzing, it gives a huge
speed improvement if it is possible to use. speed improvement if it is possible to use.
If you want to fuzz a binary-only library, then you can fuzz it with frida-gum
via frida_mode/. You will have to write a harness to call the target function in
the library, use afl-frida.c as a template.
You can also perform remote fuzzing with frida, e.g., if you want to fuzz on You can also perform remote fuzzing with frida, e.g., if you want to fuzz on
iPhone or Android devices, for this you can use iPhone or Android devices, for this you can use
[https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) as [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) as
@ -302,7 +297,6 @@ some are very hard to set up...
* S2E: [https://github.com/S2E](https://github.com/S2E) * S2E: [https://github.com/S2E](https://github.com/S2E)
* TinyInst: * TinyInst:
[https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst)
(Mac/Windows only)
* ... please send me any missing that are good * ... please send me any missing that are good
## Closing words ## Closing words

4
frida_mode/src/main.c
View File

@ -166,7 +166,7 @@ static void afl_print_env(void) {
if (fd < 0) { if (fd < 0) {
FWARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); FWARNF("Failed to open /proc/self/environ, errno: (%d)", errno);
return; return;
} }
@ -174,7 +174,7 @@ static void afl_print_env(void) {
ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1);
if (bytes_read < 0) { if (bytes_read < 0) {
FFATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); FFATAL("Failed to read /proc/self/environ, errno: (%d)", errno);
} }

2
frida_mode/src/ranges.c
View File

@ -653,7 +653,7 @@ void ranges_init(void) {
/* /*
* After step 4 we have the total ranges to be instrumented, we now subtract * After step 4 we have the total ranges to be instrumented, we now subtract
* that either from the original ranges of the modules or from the whole * that either from the original ranges of the modules or from the whole
* memory if AFL_INST_NO_DYNAMIC_LOAD to configure the stalker. * memory if AFL_FRIDA_INST_NO_DYNAMIC_LOAD to configure the stalker.
*/ */
if (ranges_inst_dynamic_load) { if (ranges_inst_dynamic_load) {