ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-18 04:38:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

added README description & shortened pos defs

Browse Source
This commit is contained in:
echel0nn
2023-08-13 21:59:00 +03:00
parent fdb4ed2131
commit ca82b65d6c
2 changed files with 16 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
custom_mutators/examples/README.md
View File

@ -33,3 +33,6 @@ like surgical_havoc_mutate() that allow to perform a randomly chosen
mutation from a subset of the havoc mutations. mutation from a subset of the havoc mutations.
If you do so, you have to specify -I /path/to/AFLplusplus/include when If you do so, you have to specify -I /path/to/AFLplusplus/include when
compiling. compiling.
elf_header_mutator.c - example ELF header mutator based on
[LibGolf](https://github.com/xcellerator/libgolf/)

31
custom_mutators/examples/elf_header_mutator.c
View File

@ -623,39 +623,34 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *in_buf, size_t buf_size,
size_t mutated_size = ehdr_size + phdr_size + elf->text.text_size; size_t mutated_size = ehdr_size + phdr_size + elf->text.text_size;
int pos = 0; int pos = 0;
// example fields // example fields
ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos); ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos++);
pos = pos + 1; ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos++);
ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos); ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos++);
pos = pos + 1; ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos++);
ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos);
pos = pos + 1;
ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos);
pos = pos + 1;
for (int i = 0x8; i < 0x10; ++i) { for (int i = 0x8; i < 0x10; ++i) {
(ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos); (ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos++);
pos = pos + 1;
} }
ehdr->e_version = (uint32_t *)(in_buf + pos); ehdr->e_version = (uint32_t *)(in_buf + pos);
pos = pos + 4; pos += 4;
// sections headers // sections headers
ehdr->e_shoff = (uint64_t *)(in_buf + pos); ehdr->e_shoff = (uint64_t *)(in_buf + pos);
pos = pos + 8; pos += 8;
ehdr->e_shentsize = (uint16_t *)(in_buf + pos); ehdr->e_shentsize = (uint16_t *)(in_buf + pos);
pos = pos + 2; pos += 2;
ehdr->e_shnum = (uint16_t *)(in_buf + pos); ehdr->e_shnum = (uint16_t *)(in_buf + pos);
pos = pos + 2; pos += 2;
ehdr->e_shstrndx = (uint16_t *)(in_buf + pos); ehdr->e_shstrndx = (uint16_t *)(in_buf + pos);
pos = pos + 2; pos += 2;
ehdr->e_flags = (uint32_t *)(in_buf + pos); ehdr->e_flags = (uint32_t *)(in_buf + pos);
pos = pos + 4; pos += 4;
// physical addr // physical addr
phdr->p_paddr = (uint64_t *)(in_buf + pos); phdr->p_paddr = (uint64_t *)(in_buf + pos);
pos = pos + 8; pos += 8;
phdr->p_align = (uint64_t *)(in_buf + pos); phdr->p_align = (uint64_t *)(in_buf + pos);
pos = pos + 8; pos += 8;
/* mimic GEN_ELF() /* mimic GEN_ELF()
* Write: * Write: