diff options
| author | Davide Quarta <quarta@qti.qualcomm.com> | 2024-02-05 18:26:46 +0100 |
|---|---|---|
| committer | Davide Quarta <quarta@qti.qualcomm.com> | 2024-02-05 18:26:46 +0100 |
| commit | 023fc19ce04bffcbd623e27a1f2d1810c3ec0c3c (patch) | |
| tree | 9a1130a5c2fec03a6a85db5f2f176be958a2332d /instrumentation/README.persistent_mode.md | |
| parent | 8fedf4998449d5b6b909a1118fc2e152e4d2e6e7 (diff) | |
| download | afl++-023fc19ce04bffcbd623e27a1f2d1810c3ec0c3c.tar.gz | |
better replay mode error handling, added replay mode documentation, code formatting
Diffstat (limited to 'instrumentation/README.persistent_mode.md')
| -rw-r--r-- | instrumentation/README.persistent_mode.md | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/instrumentation/README.persistent_mode.md b/instrumentation/README.persistent_mode.md index 14e59f4a..b5d982b0 100644 --- a/instrumentation/README.persistent_mode.md +++ b/instrumentation/README.persistent_mode.md @@ -195,4 +195,32 @@ Then as first line after the `__AFL_LOOP` while loop: int len = __AFL_FUZZ_TESTCASE_LEN; ``` -And that is all! \ No newline at end of file +And that is all! + +## 6) Persistent record, and replay + +If your software under test requires keeping a state between persistent loop iterations (i.e., a stateful network stack), you can use the `AFL_PERSISTENT_RECORD` variable as described in the [environment variables documentation](../docs/env_variables.md). + +To easily replay a crashing, or hanging record, you can use the persistent replay functionality by compiling AFL++ after uncommenting the `AFL_PERSISTENT_REPLAY` define in [config.h](../include/config.h). + +You can then run the test binary specifying the record number via the AFL_PERSISTENT_REPLAY environment variable (i.e., `RECORD:XXXXX`` -> `AFL_PERSISTENT_REPLAY=XXXXX`). +The directory where the record files live can be specified via the `AFL_PERSISTENT_DIR` environment varilable, otherwise by default it will be considered the current directory (`./`). + +If your harness reads the input files from arguments using the special `@@` argument you will need to define `AFL_PERSISTENT_ARGPARSE` in `config.h`, or before including the `persistent_replay.h` header file as show before. +In order to offer transparent support to harnesses using the `@@` command line argument, arguments are parsed by the `__afl_record_replay_init` init function. Since not all systems support passing arguments to initializers, this functionality is disabled by default, it's recommendable to use the `__AFL_FUZZ_TESTCASE_BUF/__AFL_FUZZ_TESTCASE_LEN` shared memory mechanism instead. + +### 7) Drop in replay functionality + +To use the replay functionality without having to use `afl-cc` you can just define `AFL_COMPAT` and include the [include/persistent_replay.h](../include/persistent_replay.h) self contained header file that provides a drop-in replacement for the persistent loop mechanism. + +```c +#ifndef __AFL_FUZZ_TESTCASE_LEN + #define AFL_COMPAT + // #define AFL_PERSISTENT_REPLAY_ARGPARSE + #include "persistent_replay.h" +#endif + +__AFL_FUZZ_INIT(); +``` + +A simple example is provided in [persistent_demo_new.c](../utils/persistent_mode/persistent_demo_new.c). \ No newline at end of file |