diff options
| author | hexcoder- <heiko@hexco.de> | 2020-08-03 15:17:47 +0200 |
|---|---|---|
| committer | hexcoder- <heiko@hexco.de> | 2020-08-03 15:17:47 +0200 |
| commit | 55bd24b0c737b5e89b82dc01f322e4797164c4f1 (patch) | |
| tree | b4f95abd84843c63cdfc77a32ea0f6c28c541447 /docs/FAQ.md | |
| parent | f18c2eb8ae0b2d6c0d4147684b8efcaa1a0b2aae (diff) | |
| parent | 898353c87ae2b7e212e1012e847f02f8e18f9428 (diff) | |
| download | afl++-55bd24b0c737b5e89b82dc01f322e4797164c4f1.tar.gz | |
Merge branch 'dev' of https://github.com/AFLplusplus/AFLplusplus into dev
Diffstat (limited to 'docs/FAQ.md')
| -rw-r--r-- | docs/FAQ.md | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md index ee221d02..c15cd484 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -103,10 +103,11 @@ afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation! b) For PCGUARD instrumented binaries it is much more difficult. Here you can either modify the __sanitizer_cov_trace_pc_guard function in llvm_mode/afl-llvm-rt.o.c to write a backtrace to a file if the ID in - __afl_area_ptr[*guard] is one of the unstable edge IDs. Then recompile - and reinstall llvm_mode and rebuild your target. Run the recompiled - target with afl-fuzz for a while and then check the file that you - wrote with the backtrace information. + __afl_area_ptr[*guard] is one of the unstable edge IDs. + (Example code is already there). + Then recompile and reinstall llvm_mode and rebuild your target. + Run the recompiled target with afl-fuzz for a while and then check the + file that you wrote with the backtrace information. Alternatively you can use `gdb` to hook __sanitizer_cov_trace_pc_guard_init on start, check to which memory address the edge ID value is written and set a write breakpoint to that address (`watch 0x.....`). |