diff options
| -rw-r--r-- | docs/fuzzing_binary-only_targets.md | 8 | ||||
| -rw-r--r-- | frida_mode/src/main.c | 4 | ||||
| -rw-r--r-- | frida_mode/src/ranges.c | 2 |
3 files changed, 4 insertions, 10 deletions
diff --git a/docs/fuzzing_binary-only_targets.md b/docs/fuzzing_binary-only_targets.md index 9d9d6bb6..a151bce4 100644 --- a/docs/fuzzing_binary-only_targets.md +++ b/docs/fuzzing_binary-only_targets.md @@ -94,8 +94,7 @@ For more information, see In FRIDA mode, you can fuzz binary-only targets as easily as with QEMU mode. FRIDA mode is most of the times slightly faster than QEMU mode. It is also -newer, lacks COMPCOV, and has the advantage that it works on MacOS (both intel -and M1). +newer, and has the advantage that it works on MacOS (both intel and M1). To build FRIDA mode: @@ -113,10 +112,6 @@ The mode is approximately 2-5x slower than compile-time instrumentation, and is less conducive to parallelization. But for binary-only fuzzing, it gives a huge speed improvement if it is possible to use. -If you want to fuzz a binary-only library, then you can fuzz it with frida-gum -via frida_mode/. You will have to write a harness to call the target function in -the library, use afl-frida.c as a template. - You can also perform remote fuzzing with frida, e.g., if you want to fuzz on iPhone or Android devices, for this you can use [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) as @@ -302,7 +297,6 @@ some are very hard to set up... * S2E: [https://github.com/S2E](https://github.com/S2E) * TinyInst: [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) - (Mac/Windows only) * ... please send me any missing that are good ## Closing words diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index bd7b1351..9daf067b 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -166,7 +166,7 @@ static void afl_print_env(void) { if (fd < 0) { - FWARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); + FWARNF("Failed to open /proc/self/environ, errno: (%d)", errno); return; } @@ -174,7 +174,7 @@ static void afl_print_env(void) { ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); if (bytes_read < 0) { - FFATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); + FFATAL("Failed to read /proc/self/environ, errno: (%d)", errno); } diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index e9fc3b4e..269ba59b 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -653,7 +653,7 @@ void ranges_init(void) { /* * After step 4 we have the total ranges to be instrumented, we now subtract * that either from the original ranges of the modules or from the whole - * memory if AFL_INST_NO_DYNAMIC_LOAD to configure the stalker. + * memory if AFL_FRIDA_INST_NO_DYNAMIC_LOAD to configure the stalker. */ if (ranges_inst_dynamic_load) { |