diff options
| -rw-r--r-- | custom_mutators/examples/custom_post_run.c | 6 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 19 |
3 files changed, 22 insertions, 7 deletions
diff --git a/custom_mutators/examples/custom_post_run.c b/custom_mutators/examples/custom_post_run.c index 073aac96..828216ea 100644 --- a/custom_mutators/examples/custom_post_run.c +++ b/custom_mutators/examples/custom_post_run.c @@ -2,10 +2,10 @@ // This is an example on how to use afl_custom_post_run // It executes custom code each time after AFL++ executes the target // -// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c /////////////////////to_be_edited +// cc -O3 -fPIC -shared -g -o custom_post_run.so -I../../include custom_post_run.c // cd ../.. // afl-cc -o test-instr test-instr.c -// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \ +// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_post_run.so \ // afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo // @@ -39,7 +39,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { } -void afl_custom_post_run(my_mutator_t *data, uint8_t *buf, size_t buf_size) { +void afl_custom_post_run(my_mutator_t *data) { printf("hello from afl_custom_post_run\n"); return; diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 7e91dc03..94f48009 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1027,10 +1027,8 @@ struct custom_mutator { * (Optional) * * @param data pointer returned in afl_custom_init by this custom mutator - * @param buf Buffer containing the test case - * @param buf_size Size of the test case */ - void (*afl_custom_post_run)(void *data, const u8 *buf, size_t buf_size); + void (*afl_custom_post_run)(void *data); /** * Allow for additional analysis (e.g. calling a different tool that does a diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 29cc5352..ac346b86 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -60,7 +60,7 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); - + post_run(afl); #ifdef PROFILING clock_gettime(CLOCK_REALTIME, &spec); @@ -1113,3 +1113,20 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { } +/* Run some code each time scripts each time AFL++ executes the target + with afl-fuzz. */ + +void post_run(afl_state_t *afl) { + if (unlikely(afl->custom_mutators_count)) { + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_post_run) { + + el->afl_custom_post_run(el->data); + + } + + }); + } +} \ No newline at end of file |