mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-07 15:51:32 +00:00
64 lines
1.1 KiB
C
64 lines
1.1 KiB
C
//
|
|
// This is an example on how to use afl_custom_send
|
|
// It writes each mutated data set to /tmp/foo
|
|
// You can modify this to send to IPC, shared memory, etc.
|
|
//
|
|
// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c
|
|
// cd ../..
|
|
// afl-cc -o test-instr test-instr.c
|
|
// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \
|
|
// afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo
|
|
//
|
|
|
|
#include <stdio.h>
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
|
|
#include "afl-fuzz.h"
|
|
|
|
typedef struct my_mutator {
|
|
|
|
afl_state_t *afl;
|
|
|
|
} my_mutator_t;
|
|
|
|
my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
|
|
|
|
my_mutator_t *data = calloc(1, sizeof(my_mutator_t));
|
|
if (!data) {
|
|
|
|
perror("afl_custom_init alloc");
|
|
return NULL;
|
|
|
|
}
|
|
|
|
data->afl = afl;
|
|
|
|
return data;
|
|
|
|
}
|
|
|
|
void afl_custom_fuzz_send(my_mutator_t *data, uint8_t *buf, size_t buf_size) {
|
|
|
|
int fd = open("/tmp/foo", O_CREAT | O_NOFOLLOW | O_TRUNC | O_RDWR, 0644);
|
|
|
|
if (fd >= 0) {
|
|
|
|
(void)write(fd, buf, buf_size);
|
|
close(fd);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
void afl_custom_deinit(my_mutator_t *data) {
|
|
|
|
free(data);
|
|
|
|
}
|
|
|