diff options
| -rw-r--r-- | examples/afl_untracer/README.md | 4 | ||||
| -rw-r--r-- | examples/afl_untracer/afl-untracer.c | 2 | ||||
| -rw-r--r-- | llvm_mode/README.lto.md | 11 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-lto-instrim.so.cc | 3 |
4 files changed, 13 insertions, 7 deletions
diff --git a/examples/afl_untracer/README.md b/examples/afl_untracer/README.md index 29234889..05fd8776 100644 --- a/examples/afl_untracer/README.md +++ b/examples/afl_untracer/README.md @@ -16,7 +16,7 @@ Supported is so far Intel (i386/x86_64) and AARCH64. ### Modify afl-untracer.c Read and modify afl-untracer.c then `make`. -To adapt afl-untracer.c to your need read the header of the file and then +To adapt afl-untracer.c to your needs, read the header of the file and then search and edit the `STEP 1`, `STEP 2` and `STEP 3` locations. ### Generate patches.txt file @@ -25,7 +25,7 @@ To generate the `patches.txt` file for your target library use the `ida_get_patchpoints.py` script for IDA Pro or `ghidra_get_patchpoints.java` for Ghidra. -The patches.txt file has to pointed to by `AFL_UNTRACER_FILE`. +The patches.txt file has to be pointed to by `AFL_UNTRACER_FILE`. To easily run the scripts without needing to run the GUI with Ghidra: ``` diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 5dbc71bf..af16a6bf 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -276,7 +276,7 @@ library_list_t *find_library(char *name) { } -/* for having an easy breakpoint after load the shared library */ +/* for having an easy breakpoint location after loading the shared library */ // this seems to work for clang too. nice :) requires gcc 4.4+ #pragma GCC push_options #pragma GCC optimize("O0") diff --git a/llvm_mode/README.lto.md b/llvm_mode/README.lto.md index f930c560..fa5b8665 100644 --- a/llvm_mode/README.lto.md +++ b/llvm_mode/README.lto.md @@ -145,16 +145,21 @@ Known issues: Hence if building a target with afl-clang-lto fails try to build it with llvm11 and LTO enabled (`CC=clang-11` `CXX=clang++-11` `CFLAGS=-flto=full` and `CXXFLAGS=-flto=full`). + +An example that does not build with llvm 11 and LTO is ffmpeg. + If this succeeeds then there is an issue with afl-clang-lto. Please report at [https://github.com/AFLplusplus/AFLplusplus/issues/226](https://github.com/AFLplusplus/AFLplusplus/issues/226) ### Target crashes immediately -If the target is using early constructors (values smaller than 6) or have their -own _init/.init functions and these are instrumented then the target will -likely crash when started. This can be avoided by compiling with +If the target is using early constructors (priority values smaller than 6) +or have their own _init/.init functions and these are instrumented then the +target will likely crash when started. This can be avoided by compiling with `AFL_LLVM_MAP_DYNAMIC=1` . +This can e.g. happen with OpenSSL. + ## Upcoming Work 1. Currently the LTO whitelist feature does not allow to instrument main, diff --git a/llvm_mode/afl-llvm-lto-instrim.so.cc b/llvm_mode/afl-llvm-lto-instrim.so.cc index a686bb81..a7d9b756 100644 --- a/llvm_mode/afl-llvm-lto-instrim.so.cc +++ b/llvm_mode/afl-llvm-lto-instrim.so.cc @@ -10,7 +10,8 @@ http://www.apache.org/licenses/LICENSE-2.0 - This library is plugged into LLVM when invoking clang through afl-clang-fast. + This library is plugged into LLVM when invoking clang through afl-clang-fast + or afl-clang-lto with AFL_LLVM_INSTRUMENT=CFG or =INSTRIM */ |