diff options
| author | van Hauser <vh@thc.org> | 2022-01-26 11:00:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-26 11:00:55 +0100 |
| commit | 143c9d175e9357ba548413ee7dcee6a8de23f733 (patch) | |
| tree | a82736c060150480df81d19b50dfb7939cda7524 /docs/fuzzing_binary-only_targets.md | |
| parent | a790bf6cc2bb63f0659d8c96b46f5f4db2f9d4bc (diff) | |
| parent | b0758ac8db0a2ec833b5ef7a60ab2d04cc7f6a9a (diff) | |
| download | afl++-143c9d175e9357ba548413ee7dcee6a8de23f733.tar.gz | |
Merge pull request #1301 from AFLplusplus/dev 4.00c
v4.00c release
Diffstat (limited to 'docs/fuzzing_binary-only_targets.md')
| -rw-r--r-- | docs/fuzzing_binary-only_targets.md | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/docs/fuzzing_binary-only_targets.md b/docs/fuzzing_binary-only_targets.md index 32e6c6c2..1a2b27c7 100644 --- a/docs/fuzzing_binary-only_targets.md +++ b/docs/fuzzing_binary-only_targets.md @@ -14,6 +14,7 @@ fuzzed with AFL++. FRIDA mode and QEMU mode in persistent mode are the fastest - if persistent mode is possible and the stability is high enough. + Otherwise, try Zafl, RetroWrite, Dyninst, and if these fail, too, then try standard FRIDA/QEMU mode with `AFL_ENTRYPOINT` to where you need it. @@ -127,13 +128,13 @@ Working examples already exist :-) ### Nyx mode -Nyx is a full system emulation fuzzing environment with snapshot support that -is built upon KVM and QEMU. -It is only available on Linux and currently restricted to x86_x64. +Nyx is a full system emulation fuzzing environment with snapshot support that is +built upon KVM and QEMU. It is only available on Linux and currently restricted +to x86_x64. For binary-only fuzzing a special 5.10 kernel is required. -See [nyx_mode/README.md](../nyx_mode/README.md) +See [nyx_mode/README.md](../nyx_mode/README.md). ### Unicorn @@ -198,15 +199,15 @@ afl-clang-fast's. ### RetroWrite -RetroWrite is a static binary rewriter that can be combined with AFL++. -If you have an x86_64 binary that still has its symbols (i.e., not stripped binary), -is compiled with position independent code (PIC/PIE), and does not contain C++ exceptions, -then the RetroWrite solution might be for you. It decompiles to ASM files which -can then be instrumented with afl-gcc. +RetroWrite is a static binary rewriter that can be combined with AFL++. If you +have an x86_64 binary that still has its symbols (i.e., not stripped binary), is +compiled with position independent code (PIC/PIE), and does not contain C++ +exceptions, then the RetroWrite solution might be for you. It decompiles to ASM +files which can then be instrumented with afl-gcc. Binaries that are statically instrumented for fuzzing using RetroWrite are close -in performance to compiler-instrumented binaries and outperform -the QEMU-based instrumentation. +in performance to compiler-instrumented binaries and outperform the QEMU-based +instrumentation. [https://github.com/HexHive/retrowrite](https://github.com/HexHive/retrowrite) |