diff options
| author | Sergej Schumilo <sergej@schumilo.de> | 2023-08-03 14:43:16 +0200 | 
|---|---|---|
| committer | Sergej Schumilo <sergej@schumilo.de> | 2023-08-03 14:43:16 +0200 | 
| commit | 5d78a6f592fff853ff722f2722a6576b0f565abd (patch) | |
| tree | 82f8d4b1feacf026fabda235a301838ff94265da /nyx_mode | |
| parent | 8f31086a7fa1d7ef9d4dc416f238a10dd140e2d3 (diff) | |
| download | afl++-5d78a6f592fff853ff722f2722a6576b0f565abd.tar.gz | |
update nyx mode readme (NYX_AUX_BUFFER_SIZE)
Diffstat (limited to 'nyx_mode')
| -rw-r--r-- | nyx_mode/README.md | 21 | 
1 files changed, 21 insertions, 0 deletions
| diff --git a/nyx_mode/README.md b/nyx_mode/README.md index eee7d363..605bc103 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -313,6 +313,27 @@ command: If you want to disable fast snapshots (except for crashes), you can simply set the `NYX_DISABLE_SNAPSHOT_MODE` environment variable. +### Nyx crash reports + +If the Nyx agent detects a crash in the target application, it can pass +additional information on that crash to AFL++ (assuming that the agent +implements this feature). For each saved crashing input AFL++ will also create +an additional file in the `crashes` directory with a `.log` file extension. +Crash reports generated by the default agent shipped with the Nyx packer will +contain information such as the faulting address and signal number. +Additionally, if the target is compiled with AddressSanitizer, the crash report +will also contain the entire ASan report. + +From a technical perspective, the crash report is passed from QEMU-Nyx to AFL++ +via a shared memory region called Nyx Auxiliary Buffer which is by default 4096 +bytes in size. In this shared memory region a specific amount is reserved for +the header (1408 bytes) and the remaining bytes can be used to transfer crash +reports (also the `hprintf` feature utilizes the very same shared memory for +transferring data). By default a crash report will be truncated to 2688 bytes. +However, if you want to increase the size of the shared memory region, you can +set the `NYX_AUX_BUFFER_SIZE` environment variable to a higher value (keep in +mind that this value must be a multiple of 4096). + ### Run AFL++Nyx with a custom agent Most of the common use-cases for linux userland targets are already handled by | 
