ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-07 15:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow for -c0 also for src targets

Browse Source
This commit is contained in:
vanhauser-thc 2022-03-01 19:30:17 +01:00
parent f70760896c
commit d84a8da1e9
3 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/Changelog.md
View File

@ -12,6 +12,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- fix */build_...sh scripts to work outside of git - fix */build_...sh scripts to work outside of git
- new custom_mutator: libafl with token fuzzing :) - new custom_mutator: libafl with token fuzzing :)
- afl-fuzz: - afl-fuzz:
- when you just want to compile once and set CMPLOG, then just
set -c 0 to tell afl-fuzz that the fuzzing binary is also for
CMPLOG.
- new commandline options -g/G to set min/max length of generated - new commandline options -g/G to set min/max length of generated
fuzz inputs fuzz inputs
- reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow

9
docs/fuzzing_binary-only_targets.md
View File

@ -48,11 +48,12 @@ The following setup to use QEMU mode is recommended:
Then run as many instances as you have cores left with either -Q mode or - even Then run as many instances as you have cores left with either -Q mode or - even
better - use a binary rewriter like Dyninst, RetroWrite, ZAFL, etc. better - use a binary rewriter like Dyninst, RetroWrite, ZAFL, etc.
The binary rewriters all have their own advantages and caveats.
ZAFL is the best but cannot be used in a business/commercial context.
If [afl-dyninst](https://github.com/vanhauser-thc/afl-dyninst) works for your If a binary rewriter works for your target then you can use afl-fuzz normally
binary, then you can use afl-fuzz normally and it will have twice the speed and it will have twice the speed compared to QEMU mode (but slower than QEMU
compared to QEMU mode (but slower than QEMU persistent mode). Note that several persistent mode).
other binary rewriters exist, all with their advantages and caveats.
The speed decrease of QEMU mode is at about 50%. However, various options exist The speed decrease of QEMU mode is at about 50%. However, various options exist
to increase the speed: to increase the speed:

9
src/afl-fuzz.c
View File

@ -167,7 +167,8 @@ static void usage(u8 *argv0, int more_help) {
" See docs/README.MOpt.md\n" " See docs/README.MOpt.md\n"
" -c program - enable CmpLog by specifying a binary compiled for " " -c program - enable CmpLog by specifying a binary compiled for "
"it.\n" "it.\n"
" if using QEMU, just use -c 0.\n" " if using QEMU/FRIDA or if you the fuzzing target is compiled"
" for CmpLog then just use -c 0.\n"
" -l cmplog_opts - CmpLog configuration values (e.g. \"2AT\"):\n" " -l cmplog_opts - CmpLog configuration values (e.g. \"2AT\"):\n"
" 1=small files, 2=larger files (default), 3=all " " 1=small files, 2=larger files (default), 3=all "
"files,\n" "files,\n"
@ -1458,6 +1459,12 @@ int main(int argc, char **argv_orig, char **envp) {
if (!afl->use_banner) { afl->use_banner = argv[optind]; } if (!afl->use_banner) { afl->use_banner = argv[optind]; }
if (afl->shm.cmplog_mode && (!strcmp("-", afl->cmplog_binary) || !strcmp("0", afl->cmplog_binary))) {
afl->cmplog_binary = argv[optind];
}
if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) { if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) {
WARNF(cLRD WARNF(cLRD