diff options
| author | llzmb <46303940+llzmb@users.noreply.github.com> | 2021-11-30 20:28:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-30 20:28:20 +0100 |
| commit | da13111117efdb70f81deb162bd9e64c9a7d778a (patch) | |
| tree | 2d9dbe7aac1212e5729a0a744a5b37e957d0d8a0 /frida_mode/README.md | |
| parent | f2ff029cc25e81fec36abd0b8c676f1dd6a39c77 (diff) | |
| parent | 5525f8c9ef8bb879dadd0eb942d524827d1b0362 (diff) | |
| download | afl++-da13111117efdb70f81deb162bd9e64c9a7d778a.tar.gz | |
Merge branch 'dev' into docs_edit_readme_frida_mode_qemu_mode
Diffstat (limited to 'frida_mode/README.md')
| -rw-r--r-- | frida_mode/README.md | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/frida_mode/README.md b/frida_mode/README.md index c7d331b8..c19280e1 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -141,31 +141,33 @@ instances run CMPLOG mode and instrumentation of the binary is less frequent (only on CMP, SUB and CALL instructions) performance is not quite so critical. ## Advanced configuration options - +* `AFL_FRIDA_DRIVER_NO_HOOK` - See `AFL_QEMU_DRIVER_NO_HOOK`. When using the + QEMU driver to provide a `main` loop for a user provided + `LLVMFuzzerTestOneInput`, this option configures the driver to read input from + `stdin` rather than using in-memory test cases. * `AFL_FRIDA_INST_COVERAGE_FILE` - File to write DynamoRIO format coverage information (e.g., to be loaded within IDA lighthouse). * `AFL_FRIDA_INST_DEBUG_FILE` - File to write raw assembly of original blocks and their instrumented counterparts during block compilation. -``` -*** - -Creating block for 0x7ffff7953313: - 0x7ffff7953313 mov qword ptr [rax], 0 - 0x7ffff795331a add rsp, 8 - 0x7ffff795331e ret - -Generated block 0x7ffff75e98e2 - 0x7ffff75e98e2 mov qword ptr [rax], 0 - 0x7ffff75e98e9 add rsp, 8 - 0x7ffff75e98ed lea rsp, [rsp - 0x80] - 0x7ffff75e98f5 push rcx - 0x7ffff75e98f6 movabs rcx, 0x7ffff795331e - 0x7ffff75e9900 jmp 0x7ffff75e9384 - - -*** -``` + ``` + *** + + Creating block for 0x7ffff7953313: + 0x7ffff7953313 mov qword ptr [rax], 0 + 0x7ffff795331a add rsp, 8 + 0x7ffff795331e ret + + Generated block 0x7ffff75e98e2 + 0x7ffff75e98e2 mov qword ptr [rax], 0 + 0x7ffff75e98e9 add rsp, 8 + 0x7ffff75e98ed lea rsp, [rsp - 0x80] + 0x7ffff75e98f5 push rcx + 0x7ffff75e98f6 movabs rcx, 0x7ffff795331e + 0x7ffff75e9900 jmp 0x7ffff75e9384 + + *** + ``` * `AFL_FRIDA_INST_JIT` - Enable the instrumentation of Just-In-Time compiled code. Code is considered to be JIT if the executable segment is not backed by @@ -194,6 +196,8 @@ Generated block 0x7ffff75e98e2 * `AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE` - File to write DynamoRIO format coverage information for unstable edges (e.g., to be loaded within IDA lighthouse). +* `AFL_FRIDA_JS_SCRIPT` - Set the script to be loaded by the FRIDA scripting + engine. See [Scipting.md](Scripting.md) for details. * `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`). * `AFL_FRIDA_OUTPUT_STDERR` - Redirect the standard error of the target |