symqemu mutator options

author: vanhauser-thc <vh@thc.org> 2023-05-18 10:50:10 +0200
committer: vanhauser-thc <vh@thc.org> 2023-05-18 10:50:10 +0200
commit: 401d7617efbd2f38d9132eabfd1b1152abceda52 (patch)
tree: c7458bce2c0cd49146a0fbd06f38fcd8d95d0ea6 /custom_mutators/symqemu/README.md
parent: abd6eace9d767e4db6019e8eb69080d2352015c9 (diff)
download: afl++-401d7617efbd2f38d9132eabfd1b1152abceda52.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/custom_mutators/symqemu/README.md b/custom_mutators/symqemu/README.md
index b7702c06..c3071afc 100644
--- a/custom_mutators/symqemu/README.md
+++ b/custom_mutators/symqemu/README.md
@@ -2,10 +2,18 @@
 
 This uses the symcc to find new paths into the target.
 
+## How to build and use
+
 To use this custom mutator follow the steps in the symqemu repository 
 [https://github.com/eurecom-s3/symqemu/](https://github.com/eurecom-s3/symqemu/) 
 on how to build symqemu-x86_x64 and put it in your `PATH`.
 
-just type `make` to build this custom mutator.
+Just type `make` to build this custom mutator.
 
 ```AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/symqemu/symqemu-mutator.so AFL_DISABLE_TRIM=1 afl-fuzz ...```
+
+## Options
+
+`SYMQEMU_ALL=1` - use concolic solving on **all** queue items, not only interesting/favorite ones.
+
+`SYMQEMU_LATE=1` - use concolic solving only after there have been no finds for 5 minutes.
author	vanhauser-thc <vh@thc.org>	2023-05-18 10:50:10 +0200
committer	vanhauser-thc <vh@thc.org>	2023-05-18 10:50:10 +0200
commit	401d7617efbd2f38d9132eabfd1b1152abceda52 (patch)
tree	c7458bce2c0cd49146a0fbd06f38fcd8d95d0ea6 /custom_mutators/symqemu/README.md
parent	abd6eace9d767e4db6019e8eb69080d2352015c9 (diff)
download	afl++-401d7617efbd2f38d9132eabfd1b1152abceda52.tar.gz