mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-10 01:01:33 +00:00
21 lines
856 B
Markdown
21 lines
856 B
Markdown
# afl-untracer
|
|
|
|
afl-untracer is an example skeleton file which can easily be used to fuzz
|
|
a closed source library.
|
|
|
|
It requires less memory than qemu_mode however it is way
|
|
more course grained and does not provide interesting features like compcov
|
|
or cmplog.
|
|
|
|
Read and modify afl-untracer.c then `make` and use it as the afl-fuzz target
|
|
(or even remote via afl-network-proxy).
|
|
|
|
To generate the `patches.txt` file for your target library use the
|
|
`ida_get_patchpoints.py` script for IDA Pro or
|
|
`ghidra_get_patchpoints.java` for Ghidra.
|
|
|
|
This idea is based on [UnTracer](https://github.com/FoRTE-Research/UnTracer-AFL)
|
|
and modified by [Trapfuzz](https://github.com/googleprojectzero/p0tools/tree/master/TrapFuzz).
|
|
This implementation is slower because the traps are not patched out with each
|
|
run, but on the other hand gives much better coverage information.
|