diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-09-13 11:37:26 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-13 11:37:26 +0200 |
| commit | 8ee11fecc475dd6bcaab7f1e5a38c1cfac4c7e56 (patch) | |
| tree | f728ee952e94bb299bd5fc603009fbcd51dd85cb /TODO | |
| parent | a67d86c6e2ca58db81f2ddf6d0a4c837be88271d (diff) | |
| parent | 36020c41df88ae863fbc2a148765f9c61c7f8bf8 (diff) | |
| download | afl++-8ee11fecc475dd6bcaab7f1e5a38c1cfac4c7e56.tar.gz | |
Merge pull request #57 from vanhauser-thc/persistent_qemu
Persistent mode in QEMU
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/TODO b/TODO index 26311713..87d1488c 100644 --- a/TODO +++ b/TODO @@ -20,6 +20,14 @@ gcc_plugin: qemu_mode: - update to 4.x (probably this will be skipped :( ) + - deferred mode with AFL_DEFERRED_QEMU=0xaddress + (AFL_ENTRYPOINT let you to specify only a basic block address as starting + point. This will be implemented togheter with the logic for persistent + mode.) + - instrim for QEMU mode via static analysis (with r2pipe? or angr?) + Idea: The static analyzer outputs a map in which each edge that must be + skipped is marked with 1. QEMU loads it at startup in the parent process. + unit testing / or large testcase campaign @@ -52,10 +60,3 @@ Problem: Average targets (tiff, jpeg, unrar) go through 1500 edges. Bad: completely changes how afl uses the map and the scheduling. Overall another very good solution, Marc Heuse/vanHauser follows this up -qemu_mode: - - persistent mode patching the return address (WinAFL style) - - deferred mode with AFL_DEFERRED_QEMU=0xaddress - (AFL_ENTRYPOINT let you to specify only a basic block address as starting - point. This will be implemented togheter with the logic for persistent - mode.) - |