diff options
| -rw-r--r-- | docs/sister_projects.txt | 2 | ||||
| -rw-r--r-- | libtokencap/README.md | 13 | ||||
| -rw-r--r-- | src/afl-sharedmem.c | 2 |
3 files changed, 9 insertions, 8 deletions
diff --git a/docs/sister_projects.txt b/docs/sister_projects.txt index a2eb2a22..25e5560c 100644 --- a/docs/sister_projects.txt +++ b/docs/sister_projects.txt @@ -319,11 +319,13 @@ Fuzzer shell for SQLite (Richard Hipp) Support for Python mutation modules (Christian Holler) ------------------------------------------------------ +now integrated in AFL++, originally from here https://github.com/choller/afl/blob/master/docs/mozilla/python_modules.txt Support for selective instrumentation (Christian Holler) -------------------------------------------------------- +now integrated in AFL++, originally from here https://github.com/choller/afl/blob/master/docs/mozilla/partial_instrumentation.txt Kernel fuzzing (Dmitry Vyukov) diff --git a/libtokencap/README.md b/libtokencap/README.md index baf69da1..8aae38bf 100644 --- a/libtokencap/README.md +++ b/libtokencap/README.md @@ -2,7 +2,7 @@ (See ../docs/README for the general instruction manual.) -This Linux-only companion library allows you to instrument `strcmp()`, `memcmp()`, +This companion library allows you to instrument `strcmp()`, `memcmp()`, and related functions to automatically extract syntax tokens passed to any of these libcalls. The resulting list of tokens may be then given as a starting dictionary to afl-fuzz (the -x option) to improve coverage on subsequent @@ -55,9 +55,10 @@ If you don't get any results, the target library is probably not using strcmp() and memcmp() to parse input; or you haven't compiled it with -fno-builtin; or the whole thing isn't dynamically linked, and LD_PRELOAD is having no effect. -PS. The library is Linux-only because there is probably no particularly portable -and non-invasive way to distinguish between read-only and read-write memory -mappings. The `__tokencap_load_mappings()` function is the only thing that would -need to be changed for other OSes. Porting to platforms with /proc/<pid>/maps -(e.g., FreeBSD) should be trivial. +Portability hints: There is probably no particularly portable and non-invasive +way to distinguish between read-only and read-write memory mappings. +The `__tokencap_load_mappings()` function is the only thing that would +need to be changed for other OSes. + +Current supported OSes are: Linux, Darwin, FreeBSD (thanks to @devnexen) diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index d94100a3..e11221a4 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -153,8 +153,6 @@ void setup_shm(unsigned char dumb_mode) { shm_str = alloc_printf("%d", shm_id); - setenv(SHM_ENV_VAR, shm_str, 1); - /* If somebody is asking us to fuzz instrumented binaries in dumb mode, we don't want them to detect instrumentation, since we won't be sending fork server commands. This should be replaced with better auto-detection |