diff options
| author | van Hauser <vh@thc.org> | 2022-01-21 13:08:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-21 13:08:20 +0100 |
| commit | b427a53a6b203dd73aabb25f6068e55691339b03 (patch) | |
| tree | 020fb8d0b012d5ebfd7ded0b32c00b79851a0532 /docs/fuzzing_binary-only_targets.md | |
| parent | 26a3d1b53b0a3ae690735c550c2985f079f3c672 (diff) | |
| parent | 2bb86863e6d15dbd5bb0c381afa51f476302784e (diff) | |
| download | afl++-b427a53a6b203dd73aabb25f6068e55691339b03.tar.gz | |
Merge pull request #1299 from llzmb/docs_quality_assurance_3
Docs content - quality assurance - 3rd run
Diffstat (limited to 'docs/fuzzing_binary-only_targets.md')
| -rw-r--r-- | docs/fuzzing_binary-only_targets.md | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/docs/fuzzing_binary-only_targets.md b/docs/fuzzing_binary-only_targets.md index 32e6c6c2..1a2b27c7 100644 --- a/docs/fuzzing_binary-only_targets.md +++ b/docs/fuzzing_binary-only_targets.md @@ -14,6 +14,7 @@ fuzzed with AFL++. FRIDA mode and QEMU mode in persistent mode are the fastest - if persistent mode is possible and the stability is high enough. + Otherwise, try Zafl, RetroWrite, Dyninst, and if these fail, too, then try standard FRIDA/QEMU mode with `AFL_ENTRYPOINT` to where you need it. @@ -127,13 +128,13 @@ Working examples already exist :-) ### Nyx mode -Nyx is a full system emulation fuzzing environment with snapshot support that -is built upon KVM and QEMU. -It is only available on Linux and currently restricted to x86_x64. +Nyx is a full system emulation fuzzing environment with snapshot support that is +built upon KVM and QEMU. It is only available on Linux and currently restricted +to x86_x64. For binary-only fuzzing a special 5.10 kernel is required. -See [nyx_mode/README.md](../nyx_mode/README.md) +See [nyx_mode/README.md](../nyx_mode/README.md). ### Unicorn @@ -198,15 +199,15 @@ afl-clang-fast's. ### RetroWrite -RetroWrite is a static binary rewriter that can be combined with AFL++. -If you have an x86_64 binary that still has its symbols (i.e., not stripped binary), -is compiled with position independent code (PIC/PIE), and does not contain C++ exceptions, -then the RetroWrite solution might be for you. It decompiles to ASM files which -can then be instrumented with afl-gcc. +RetroWrite is a static binary rewriter that can be combined with AFL++. If you +have an x86_64 binary that still has its symbols (i.e., not stripped binary), is +compiled with position independent code (PIC/PIE), and does not contain C++ +exceptions, then the RetroWrite solution might be for you. It decompiles to ASM +files which can then be instrumented with afl-gcc. Binaries that are statically instrumented for fuzzing using RetroWrite are close -in performance to compiler-instrumented binaries and outperform -the QEMU-based instrumentation. +in performance to compiler-instrumented binaries and outperform the QEMU-based +instrumentation. [https://github.com/HexHive/retrowrite](https://github.com/HexHive/retrowrite) |