09c4d9ed75
Previously, __lsan_do_leak_check() was run when using __AFL_LEAK_CHECK, however this was the incorrect function to use. According to the documentation: "Subsequent calls to this function will have no effect and end-of-process leak check will not run". This meant that if the memory did not leak on the first usage of __AFL_LEAK_CHECK, subsquent calls to this macro would never do anything. Likewise, it is not possible to use an LSAN suppression list with symbolize=0, so instead __lsan_disable and __lsan_enable are used to 'ignore' certain memory allocations where needed.
AFL++ documentation
This is the overview of the AFL++ docs content.
For general information on AFL++, see the README.md of the repository.
Also take a look at our FAQ.md and best_practices.md.
Fuzzing targets with the source code available
You can find a quickstart for fuzzing targets with the source code available in the README.md of the repository.
For in-depth information on the steps of the fuzzing process, see fuzzing_in_depth.md or click on the following image and select a step.
For further information on instrumentation, see the READMEs in the instrumentation/ folder.
Instrumenting the target
For more information, click on the following image and select a step.
Preparing the fuzzing campaign
For more information, click on the following image and select a step.
Fuzzing the target
For more information, click on the following image and select a step.
Managing the fuzzing campaign
For more information, click on the following image and select a step.
Fuzzing other targets
To learn about fuzzing other targets, see:
- Binary-only: fuzzing_binary-only_targets.md
- GUI programs: best_practices.md#fuzzing-a-gui-program
- Libraries: frida_mode/README.md
- Network services: best_practices.md#fuzzing-a-network-service
- Non-linux: unicorn_mode/README.md
Additional information
- Tools that help fuzzing with AFL++: third_party_tools.md
- Tutorials: tutorials.md