diff options
| -rw-r--r-- | README.md | 8 | ||||
| -rw-r--r-- | afl-showmap.c | 25 | ||||
| -rw-r--r-- | docs/ChangeLog | 4 | ||||
| -rw-r--r-- | docs/unicorn_mode.txt | 2 | ||||
| -rw-r--r-- | unicorn_mode/README.md | 2 |
5 files changed, 34 insertions, 7 deletions
diff --git a/README.md b/README.md index 953c1afb..86e8d217 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,14 @@ # american fuzzy lop plus plus (afl++) + Release Version: 2.53c + Github Version: 2.53d + + Originally developed by Michal "lcamtuf" Zalewski. Repository: [https://github.com/vanhauser-thc/AFLplusplus](https://github.com/vanhauser-thc/AFLplusplus) - afl++ is maintained by Marc Heuse <mh@mh-sec.de>, Heiko Eissfeldt + afl++ is maintained by Marc Heuse <mh@mh-sec.de>, Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and Andrea Fioraldi <andreafioraldi@gmail.com>. ## The enhancements compared to the original stock afl @@ -18,7 +22,7 @@ Additionally the following patches have been integrated: - * AFLfast's power schedules by Marcel Boehme: [https://github.com/mboehme/aflfast](https://github.com/mboehme/aflfast) + * AFLfast's power schedules by Marcel Böhme: [https://github.com/mboehme/aflfast](https://github.com/mboehme/aflfast) * C. Hollers afl-fuzz Python mutator module and llvm_mode whitelist support: [https://github.com/choller/afl](https://github.com/choller/afl) diff --git a/afl-showmap.c b/afl-showmap.c index baf8352e..bce7cb4e 100644 --- a/afl-showmap.c +++ b/afl-showmap.c @@ -59,10 +59,13 @@ static u8 *out_file, /* Trace output file */ static u32 exec_tmout; /* Exec timeout (ms) */ +static u32 total, highest; /* tuple content information */ + static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ static u8 quiet_mode, /* Hide non-essential messages? */ edges_only, /* Ignore hit counts? */ + raw_instr_output, /* Do not apply AFL filters */ cmin_mode, /* Generate output in afl-cmin mode? */ binary_mode, /* Write output as a binary map */ keep_cores; /* Allow coredumps? */ @@ -114,7 +117,7 @@ static void classify_counts(u8* mem, const u8* map) { mem++; } - } else { + } else if (!raw_instr_output) { while (i--) { *mem = map[*mem]; @@ -154,7 +157,6 @@ static u32 write_results(void) { } - if (binary_mode) { for (i = 0; i < MAP_SIZE; i++) @@ -173,6 +175,10 @@ static u32 write_results(void) { if (!trace_bits[i]) continue; ret++; + + total += trace_bits[i]; + if (highest < trace_bits[i]) + highest = trace_bits[i]; if (cmin_mode) { @@ -412,6 +418,7 @@ static void usage(u8* argv0) { " -q - sink program's output and don't show messages\n" " -e - show edge coverage only, ignore hit counts\n" + " -r - show real tuple values instead of AFL filter values\n" " -c - allow core dumps\n\n" "This tool displays raw tuple data captured by AFL instrumentation.\n" @@ -541,12 +548,12 @@ int main(int argc, char** argv) { s32 opt; u8 mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0; - u32 tcnt; + u32 tcnt = 0; char** use_argv; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQUbc")) > 0) + while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQUbcr")) > 0) switch (opt) { @@ -611,6 +618,7 @@ int main(int argc, char** argv) { case 'e': if (edges_only) FATAL("Multiple -e options not supported"); + if (raw_instr_output) FATAL("-e and -r are mutually exclusive"); edges_only = 1; break; @@ -664,6 +672,13 @@ int main(int argc, char** argv) { if (keep_cores) FATAL("Multiple -c options not supported"); keep_cores = 1; break; + + case 'r': + + if (raw_instr_output) FATAL("Multiple -r options not supported"); + if (edges_only) FATAL("-e and -r are mutually exclusive"); + raw_instr_output = 1; + break; default: @@ -699,7 +714,7 @@ int main(int argc, char** argv) { if (!quiet_mode) { if (!tcnt) FATAL("No instrumentation detected" cRST); - OKF("Captured %u tuples in '%s'." cRST, tcnt, out_file); + OKF("Captured %u tuples (highest value %u, total values %u) in '%s'." cRST, tcnt, highest, total, out_file); } diff --git a/docs/ChangeLog b/docs/ChangeLog index dfb2e4e7..8b1d832d 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -17,6 +17,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. Version ++2.53d (dev): ---------------------- + - afl-showmap: new option -r now shows the real values in the buckets (stock + afl never did), plus shows tuple content summary information now + - fix building on *BSD (thanks to tobias.kortkamp for the patch) + - small docu updates - ... your patch? :) diff --git a/docs/unicorn_mode.txt b/docs/unicorn_mode.txt index ae6a2bde..b691fff8 100644 --- a/docs/unicorn_mode.txt +++ b/docs/unicorn_mode.txt @@ -20,6 +20,8 @@ The idea and much of the implementation comes from Nathan Voss <njvoss299@gmail. 2) How to use ------------- +Requirements: you need an installed python2 environment. + *** Building AFL's Unicorn Mode *** First, make afl as usual. diff --git a/unicorn_mode/README.md b/unicorn_mode/README.md index f12ed8bc..9ee975ef 100644 --- a/unicorn_mode/README.md +++ b/unicorn_mode/README.md @@ -10,6 +10,8 @@ afl-unicorn lets you fuzz any piece of binary that can be emulated by [Unicorn Engine](http://www.unicorn-engine.org/). +Requirements: Python2 + For the full readme please see docs/unicorn_mode.txt For an in-depth description of what this is, how to install it, and how to use |