diff options
| author | van Hauser <vh@thc.org> | 2020-07-12 23:53:29 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-07-12 23:53:29 +0200 |
| commit | abb0d47985d22d8090540e987b2173d80c574439 (patch) | |
| tree | 31081d0b494152bc8a2678f1036fdbcc06d8e84b /examples | |
| parent | b126a5d5a8d90dcc10ccb890b379c3dfdc5cf8d4 (diff) | |
| download | afl++-abb0d47985d22d8090540e987b2173d80c574439.tar.gz | |
little untracer enhancements
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/afl_untracer/TODO | 2 | ||||
| -rw-r--r-- | examples/afl_untracer/afl-untracer.c | 16 |
2 files changed, 14 insertions, 4 deletions
diff --git a/examples/afl_untracer/TODO b/examples/afl_untracer/TODO new file mode 100644 index 00000000..fffffacf --- /dev/null +++ b/examples/afl_untracer/TODO @@ -0,0 +1,2 @@ + * add shmem fuzzing + * add snapshot feature? diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 664e691c..dc2cd378 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -56,6 +56,7 @@ #include <sys/shm.h> #include <sys/wait.h> #include <sys/types.h> +#include <sys/personality.h> #if defined(__linux__) #include <sys/ucontext.h> @@ -395,7 +396,7 @@ static void __afl_map_shm(void) { } /* Fork server logic. */ -static void __afl_start_forkserver(void) { +inline static void __afl_start_forkserver(void) { u8 tmp[4] = {0, 0, 0, 0}; u32 status = 0; @@ -411,7 +412,7 @@ static void __afl_start_forkserver(void) { } -static u32 __afl_next_testcase(u8 *buf, u32 max_len) { +inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { s32 status; @@ -437,7 +438,7 @@ static u32 __afl_next_testcase(u8 *buf, u32 max_len) { } -static void __afl_end_testcase(int status) { +inline static void __afl_end_testcase(int status) { if (write(FORKSRV_FD + 1, &status, 4) != 4) do_exit = 1; // fprintf(stderr, "write2 %d\n", do_exit); @@ -673,6 +674,8 @@ static void *(*o_function)(u8 *buf, int len); /* the MAIN function */ int main(int argc, char *argv[]) { + (void) personality(ADDR_NO_RANDOMIZE); // disable ASLR + pid = getpid(); if (getenv("AFL_DEBUG")) debug = 1; @@ -706,6 +709,9 @@ int main(int argc, char *argv[]) { while (1) { + // instead of fork() we could also use the snapshot lkm or do our own mini + // snapshot feature like in https://github.com/marcinguy/fuzzer + // -> snapshot.c if ((pid = fork()) == -1) PFATAL("fork failed"); if (pid) { @@ -738,6 +744,9 @@ int main(int argc, char *argv[]) { } +#ifndef _DEBUG +inline +#endif static void fuzz() { // STEP 3: call the function to fuzz, also the functions you might @@ -753,4 +762,3 @@ static void fuzz() { // END STEP 3 } - |