diff options
| author | van Hauser <vh@thc.org> | 2021-12-07 15:18:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-07 15:18:32 +0100 |
| commit | 1f6c72ea1baea69b2dc5b3a68bfacbc00652bc66 (patch) | |
| tree | a5a7ed81710c1dec50f0aa661b53c0cd884a4da2 /unicorn_mode/samples | |
| parent | 5469112db90741cb06c0979313938d83e63f793f (diff) | |
| parent | bb506de0b809f97a4221ee1b6e040dcb5f9ca56a (diff) | |
| download | afl++-1f6c72ea1baea69b2dc5b3a68bfacbc00652bc66.tar.gz | |
Merge pull request #1191 from llzmb/docs_quality_assurance
Docs content - quality assurance
Diffstat (limited to 'unicorn_mode/samples')
| -rw-r--r-- | unicorn_mode/samples/c/COMPILE.md | 3 | ||||
| -rw-r--r-- | unicorn_mode/samples/persistent/COMPILE.md | 4 | ||||
| -rw-r--r-- | unicorn_mode/samples/speedtest/README.md | 15 |
3 files changed, 15 insertions, 7 deletions
diff --git a/unicorn_mode/samples/c/COMPILE.md b/unicorn_mode/samples/c/COMPILE.md index 7da140f7..e5265071 100644 --- a/unicorn_mode/samples/c/COMPILE.md +++ b/unicorn_mode/samples/c/COMPILE.md @@ -6,6 +6,7 @@ This shows a simple harness for unicornafl in C The target can be built using the `make` command. Just make sure you have built unicorn support first: + ```bash cd /path/to/afl/unicorn_mode ./build_unicorn_support.sh @@ -19,4 +20,4 @@ was built in case you want to rebuild it or recompile it for any reason. The pre-built binary (persistent_target_x86_64) was built using -g -O0 in gcc. -We then load the binary and execute the main function directly. +Then load the binary and execute the main function directly. diff --git a/unicorn_mode/samples/persistent/COMPILE.md b/unicorn_mode/samples/persistent/COMPILE.md index 9f2ae718..5e607aef 100644 --- a/unicorn_mode/samples/persistent/COMPILE.md +++ b/unicorn_mode/samples/persistent/COMPILE.md @@ -3,7 +3,7 @@ This shows a simple persistent harness for unicornafl in C. In contrast to the normal c harness, this harness manually resets the unicorn state on each new input. -Thanks to this, we can rerun the test case in unicorn multiple times, without +Thanks to this, you can rerun the test case in unicorn multiple times, without the need to fork again. ## Compiling sample.c @@ -25,4 +25,4 @@ was built in case you want to rebuild it or recompile it for any reason. The pre-built binary (persistent_target_x86_64.bin) was built using -g -O0 in gcc. -We then load the binary and we execute the main function directly. \ No newline at end of file +Then load the binary and execute the main function directly. \ No newline at end of file diff --git a/unicorn_mode/samples/speedtest/README.md b/unicorn_mode/samples/speedtest/README.md index 3c1184a2..bd5ba8d0 100644 --- a/unicorn_mode/samples/speedtest/README.md +++ b/unicorn_mode/samples/speedtest/README.md @@ -35,7 +35,6 @@ cd python TODO: add results here. - ## Compiling speedtest_target.c You shouldn't need to compile simple_target.c since a X86_64 binary version is @@ -44,22 +43,30 @@ was built in case you want to rebuild it or recompile it for any reason. The pre-built binary (simple_target_x86_64.bin) was built using -g -O0 in gcc. -We then load the binary and execute the main function directly. +Then load the binary and execute the main function directly. + +## Addresses for the harness -## Addresses for the harness: To find the address (in hex) of main, run: + ```bash objdump -M intel -D target | grep '<main>:' | cut -d" " -f1 ``` + To find all call sites to magicfn, run: + ```bash objdump -M intel -D target | grep '<magicfn>$' | cut -d":" -f1 ``` + For malloc callsites: + ```bash objdump -M intel -D target | grep '<malloc@plt>$' | cut -d":" -f1 ``` + And free callsites: + ```bash objdump -M intel -D target | grep '<free@plt>$' | cut -d":" -f1 -``` +``` \ No newline at end of file |