diff options
| author | echel0nn <melih.sahin@protonmail.com> | 2023-08-13 21:59:00 +0300 |
|---|---|---|
| committer | echel0nn <melih.sahin@protonmail.com> | 2023-08-13 21:59:00 +0300 |
| commit | ca82b65d6c10482aee9cedbea43a5078011b1ce2 (patch) | |
| tree | fb1da8cd6b8c2fbcdfaa775d8dae786368ddeb5c | |
| parent | fdb4ed2131347b78ae2904978a331d87333f8f3f (diff) | |
| download | afl++-ca82b65d6c10482aee9cedbea43a5078011b1ce2.tar.gz | |
added README description & shortened pos defs
| -rw-r--r-- | custom_mutators/examples/README.md | 3 | ||||
| -rw-r--r-- | custom_mutators/examples/elf_header_mutator.c | 31 |
2 files changed, 16 insertions, 18 deletions
diff --git a/custom_mutators/examples/README.md b/custom_mutators/examples/README.md index 655f7a5e..112db243 100644 --- a/custom_mutators/examples/README.md +++ b/custom_mutators/examples/README.md @@ -33,3 +33,6 @@ like surgical_havoc_mutate() that allow to perform a randomly chosen mutation from a subset of the havoc mutations. If you do so, you have to specify -I /path/to/AFLplusplus/include when compiling. + +elf_header_mutator.c - example ELF header mutator based on + [LibGolf](https://github.com/xcellerator/libgolf/) diff --git a/custom_mutators/examples/elf_header_mutator.c b/custom_mutators/examples/elf_header_mutator.c index 32980d12..b985257a 100644 --- a/custom_mutators/examples/elf_header_mutator.c +++ b/custom_mutators/examples/elf_header_mutator.c @@ -623,39 +623,34 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *in_buf, size_t buf_size, size_t mutated_size = ehdr_size + phdr_size + elf->text.text_size; int pos = 0; // example fields - ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos); - pos = pos + 1; - ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos); - pos = pos + 1; - ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos); - pos = pos + 1; - ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos); - pos = pos + 1; + ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos++); + ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos++); + ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos++); + ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos++); for (int i = 0x8; i < 0x10; ++i) { - (ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos); - pos = pos + 1; + (ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos++); } ehdr->e_version = (uint32_t *)(in_buf + pos); - pos = pos + 4; + pos += 4; // sections headers ehdr->e_shoff = (uint64_t *)(in_buf + pos); - pos = pos + 8; + pos += 8; ehdr->e_shentsize = (uint16_t *)(in_buf + pos); - pos = pos + 2; + pos += 2; ehdr->e_shnum = (uint16_t *)(in_buf + pos); - pos = pos + 2; + pos += 2; ehdr->e_shstrndx = (uint16_t *)(in_buf + pos); - pos = pos + 2; + pos += 2; ehdr->e_flags = (uint32_t *)(in_buf + pos); - pos = pos + 4; + pos += 4; // physical addr phdr->p_paddr = (uint64_t *)(in_buf + pos); - pos = pos + 8; + pos += 8; phdr->p_align = (uint64_t *)(in_buf + pos); - pos = pos + 8; + pos += 8; /* mimic GEN_ELF() * Write: |