ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-19 21:13:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Maciej Domanski
2022-12-28 09:41:22 +01:00
parent 51e0707d4d
commit f28f6adbce
2 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
utils/argv_fuzzing/Makefile
View File

@ -11,7 +11,7 @@
# http://www.apache.org/licenses/LICENSE-2.0
#
.PHONY: all install clean
.PHONY: all install clean demo
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
@ -58,5 +58,7 @@ clean:
rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo
demo:
../../afl-clang-fast -o argv_fuzz_demo argv_fuzz_demo.c
../../afl-clang-fast -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c
CC = afl-clang-fast
CFLAGS = -fsanitize=address
-@$(CC) $(CFLAGS) -o argv_fuzz_demo argv_fuzz_demo.c
-@$(CC) $(CFLAGS) -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c

15
utils/argv_fuzzing/README.md
View File

@ -1,14 +1,16 @@
# argv_fuzzing feature
AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for fuzzing of arguments passed to a program from the command line interface, rather than from standard input.
AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for the fuzzing of arguments
passed to a program from the command line interface rather than from standard input.
## With source code
When source is available, a macro from the `argv-fuzz-inl.h` header file can be used to change the program's behavior to build argv from STDIN.
When the source code is available, a specific macro from the `argv-fuzz-inl.h` header file can be used to change
the program's behavior to build argv from STDIN.
### Without persistent mode
Conditions needed to use the argv_fuzzing feature:
1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`)
2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`)
3. Use the one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input:
3. Use one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input:
- `AFL_INIT_ARGV();` or
- `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed)
@ -18,7 +20,8 @@ see: [argv_fuzz_demo.c](argv_fuzz_demo.c)
Conditions needed to use the argv_fuzzing feature with persistent mode:
1. Ensure your target can handle persistent mode fuzzing
2. Follow instructions in the [llvm_mode persistent mode](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md)
3. Use the one of the following macro near the beginning of the main function and after the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`):
3. Use one of the following macros near the beginning of the main function and after
the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`):
- `AFL_INIT_ARGV_PERSISTENT(buf)`, if you want to
- `AFL_INIT_SET0_PERSISTENT("name_of_binary", buf)`
@ -34,5 +37,5 @@ A few conditions need to be fulfilled for this mechanism to work correctly:
1. As it relies on hooking the loader, it cannot work on static binaries
2. If the target binary does not use the default libc's `_start` implementation
(crt1.o), the hook may not run.
3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the
target binary expects argv to be living on the stack, things may go wrong.
3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`.
Things may go wrong if the target binary expects argv to live on the stack.