Merge pull request #109 from hac425xxx/qbdi_mode

Qbdi mode
author: Andrea Fioraldi <andreafioraldi@gmail.com> 2019-11-17 11:49:07 +0100
committer: GitHub <noreply@github.com> 2019-11-17 11:49:07 +0100
commit: c8d94e88a7f2e65a068cfdd4ea07c437dafdfa38 (patch)
tree: 910c078b4133cd2a6696ad1225bacf64f48a035a /qbdi_mode/demo-so.c
parent: a8f6ce5475fc369deea40ac566eb56183f5450ba (diff)
parent: f3a23e51fabf14f2bac1be26d1f55817c37e02a4 (diff)
download: afl++-c8d94e88a7f2e65a068cfdd4ea07c437dafdfa38.tar.gz
1 files changed, 39 insertions, 0 deletions
diff --git a/qbdi_mode/demo-so.c b/qbdi_mode/demo-so.c
new file mode 100755
index 00000000..dbb7b714
--- /dev/null
+++ b/qbdi_mode/demo-so.c
@@ -0,0 +1,39 @@
+#include <stdio.h>
+
+// gcc -shared -o libdemo.so demo-so.c -w
+int target_func(char *buf, int size) {
+
+  printf("buffer:%p, size:%p\n", buf, size);
+  switch (buf[0]) {
+
+    case 1:
+      puts("222");
+      if (buf[1] == '\x44') {
+
+        puts("null ptr deference");
+        *(char *)(0) = 1;
+
+      }
+
+      break;
+    case 0xff:
+      if (buf[2] == '\xff') {
+
+        if (buf[1] == '\x44') {
+
+          puts("crash....");
+          *(char *)(0xdeadbeef) = 1;
+
+        }
+
+      }
+
+      break;
+    default: puts("default action"); break;
+
+  }
+
+  return 1;
+
+}
+
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2019-11-17 11:49:07 +0100
committer	GitHub <noreply@github.com>	2019-11-17 11:49:07 +0100
commit	c8d94e88a7f2e65a068cfdd4ea07c437dafdfa38 (patch)
tree	910c078b4133cd2a6696ad1225bacf64f48a035a /qbdi_mode/demo-so.c
parent	a8f6ce5475fc369deea40ac566eb56183f5450ba (diff)
parent	f3a23e51fabf14f2bac1be26d1f55817c37e02a4 (diff)
download	afl++-c8d94e88a7f2e65a068cfdd4ea07c437dafdfa38.tar.gz