ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 08:11:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
AFLplusplus/utils/aflpp_driver
History
vanhauser-thc dde0538b48 nits
2021-04-28 10:59:34 +02:00
..
aflpp_driver_test.c
code format
2020-12-13 11:24:49 +01:00
aflpp_driver.c
format
2021-03-21 16:23:08 +01:00
aflpp_qemu_driver_hook.c
nits
2021-04-28 10:59:34 +02:00
aflpp_qemu_driver.c
fix asserts
2020-12-08 11:30:05 +01:00
GNUmakefile
allow aflpp_qemu_driver_hook.o to fail
2021-04-14 22:23:16 +02:00
Makefile
renamed examples/ to utils/
2020-12-01 14:40:30 +01:00
README.md
update readme
2021-04-14 18:49:02 +02:00

README.md

afl++ drivers

aflpp_driver

aflpp_driver is used to compile directly libfuzzer LLVMFuzzerTestOneInput() targets.

Just do afl-clang-fast++ -o fuzz fuzzer_harness.cc libAFLDriver.a [plus required linking].

You can also sneakily do this little trick: If this is the clang compile command to build for libfuzzer: clang++ -o fuzz -fsanitize=fuzzer fuzzer_harness.cc -lfoo then just switch clang++ with afl-clang-fast++ and our compiler will magically insert libAFLDriver.a :)

aflpp_qemu_driver

aflpp_qemu_driver is used for libfuzzer LLVMFuzzerTestOneInput() targets that are to be fuzzed in qemu_mode. So we compile them with clang/clang++, without -fsantize=fuzzer or afl-clang-fast, and link in libAFLQemuDriver.a:

clang++ -o fuzz fuzzer_harness.cc libAFLQemuDriver.a [plus required linking].

Then just do (where the name of the binary is fuzz):

AFL_QEMU_PERSISTENT_ADDR=0x$(nm fuzz | grep "T LLVMFuzzerTestOneInput" | awk '{print $1}')
AFL_QEMU_PERSISTENT_HOOK=/path/to/aflpp_qemu_driver_hook.so afl-fuzz -Q ... -- ./fuzz`