diff --git a/custom_mutators/README.md b/custom_mutators/README.md index b0444c85..5e1d0fe6 100644 --- a/custom_mutators/README.md +++ b/custom_mutators/README.md @@ -3,6 +3,14 @@ Custom mutators enhance and alter the mutation strategies of afl++. For further information and documentation on how to write your own, read [the docs](../docs/custom_mutators.md). +## Examples + +The `./examples` folder contains examples for custom mutators in python and C. + +## Rust + +In `./rust`, you will find rust bindings, including a simple example in `./rust/example` and an example for structured fuzzing, based on lain, in`./rust/example_lain`. + ## The afl++ Grammar Mutator If you use git to clone afl++, then the following will incorporate our diff --git a/utils/custom_mutators/Makefile b/custom_mutators/examples/Makefile similarity index 100% rename from utils/custom_mutators/Makefile rename to custom_mutators/examples/Makefile diff --git a/utils/custom_mutators/README.md b/custom_mutators/examples/README.md similarity index 100% rename from utils/custom_mutators/README.md rename to custom_mutators/examples/README.md diff --git a/utils/custom_mutators/XmlMutatorMin.py b/custom_mutators/examples/XmlMutatorMin.py similarity index 100% rename from utils/custom_mutators/XmlMutatorMin.py rename to custom_mutators/examples/XmlMutatorMin.py diff --git a/utils/custom_mutators/common.py b/custom_mutators/examples/common.py similarity index 100% rename from utils/custom_mutators/common.py rename to custom_mutators/examples/common.py diff --git a/utils/custom_mutators/custom_mutator_helpers.h b/custom_mutators/examples/custom_mutator_helpers.h similarity index 100% rename from utils/custom_mutators/custom_mutator_helpers.h rename to custom_mutators/examples/custom_mutator_helpers.h diff --git a/utils/custom_mutators/example.c b/custom_mutators/examples/example.c similarity index 100% rename from utils/custom_mutators/example.c rename to custom_mutators/examples/example.c diff --git a/utils/custom_mutators/example.py b/custom_mutators/examples/example.py similarity index 100% rename from utils/custom_mutators/example.py rename to custom_mutators/examples/example.py diff --git a/utils/custom_mutators/post_library_gif.so.c b/custom_mutators/examples/post_library_gif.so.c similarity index 100% rename from utils/custom_mutators/post_library_gif.so.c rename to custom_mutators/examples/post_library_gif.so.c diff --git a/utils/custom_mutators/post_library_png.so.c b/custom_mutators/examples/post_library_png.so.c similarity index 100% rename from utils/custom_mutators/post_library_png.so.c rename to custom_mutators/examples/post_library_png.so.c diff --git a/utils/custom_mutators/simple-chunk-replace.py b/custom_mutators/examples/simple-chunk-replace.py similarity index 100% rename from utils/custom_mutators/simple-chunk-replace.py rename to custom_mutators/examples/simple-chunk-replace.py diff --git a/utils/custom_mutators/simple_example.c b/custom_mutators/examples/simple_example.c similarity index 100% rename from utils/custom_mutators/simple_example.c rename to custom_mutators/examples/simple_example.c diff --git a/utils/custom_mutators/wrapper_afl_min.py b/custom_mutators/examples/wrapper_afl_min.py similarity index 100% rename from utils/custom_mutators/wrapper_afl_min.py rename to custom_mutators/examples/wrapper_afl_min.py diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 62e01f83..9d5381e8 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -285,8 +285,8 @@ afl-fuzz /path/to/program ## 4) Example -Please see [example.c](../utils/custom_mutators/example.c) and -[example.py](../utils/custom_mutators/example.py) +Please see [example.c](../custom_mutators/examples/example.c) and +[example.py](../custom_mutators/examples/example.py) ## 5) Other Resources diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md index 50ad75d4..f9ac1c53 100644 --- a/docs/life_pro_tips.md +++ b/docs/life_pro_tips.md @@ -83,5 +83,5 @@ You can find a simple solution in utils/argv_fuzzing. ## Attacking a format that uses checksums? Remove the checksum-checking code or use a postprocessor! -See utils/custom_mutators/ for more. +See `afl_custom_post_process` in custom_mutators/examples/examples.c for more. diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 4aa2133e..38cb5ba6 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -190,8 +190,8 @@ handlers of the target. ## 13) Gotchas, feedback, bugs -If you need to fix up checksums or do other cleanup on mutated test cases, see -utils/custom_mutators/ for a viable solution. +If you need to fix up checksums or do other cleanups on mutated test cases, see +`afl_custom_post_process` in custom_mutators/examples/example.c for a viable solution. Do not mix QEMU mode with ASAN, MSAN, or the likes; QEMU doesn't appreciate the "shadow VM" trick employed by the sanitizers and will probably just diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index bae4220f..a5d666ff 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -29,8 +29,8 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { } } # Compile the custom mutator - cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../utils/custom_mutators/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 - cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../utils/custom_mutators/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 + cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 + cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 test -e test-custom-mutator -a -e ./libexamplemutator.so && { # Create input directory mkdir -p in