diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/env_variables.md | 8 | ||||
| -rw-r--r-- | docs/fuzzing_in_depth.md | 2 | ||||
| -rw-r--r-- | docs/important_changes.md | 10 |
3 files changed, 10 insertions, 10 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md index 530e1342..86ebf25c 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -553,14 +553,14 @@ The QEMU wrapper used to instrument binary-only code supports several settings: and sub in x86 and x86_64. This is an alias of `AFL_COMPCOV_LEVEL=1` when `AFL_COMPCOV_LEVEL` is not specified. - - With `AFL_QEMU_FORCE_DFL` you force QEMU to ignore the registered signal + - With `AFL_QEMU_FORCE_DFL`, you force QEMU to ignore the registered signal handlers of the target. - When the target is i386/x86_64, you can specify the address of the function that has to be the body of the persistent loop using `AFL_QEMU_PERSISTENT_ADDR=start addr`. - - With `AFL_QEMU_PERSISTENT_GPR=1` QEMU will save the original value of + - With `AFL_QEMU_PERSISTENT_GPR=1`, QEMU will save the original value of general purpose registers and restore them in each persistent cycle. - Another modality to execute the persistent loop is to specify also the @@ -568,11 +568,11 @@ The QEMU wrapper used to instrument binary-only code supports several settings: assigned, instead of patching the return address, the specified instruction is transformed to a jump towards `start addr`. - - With `AFL_QEMU_PERSISTENT_RETADDR_OFFSET` you can specify the offset from + - With `AFL_QEMU_PERSISTENT_RETADDR_OFFSET`, you can specify the offset from the stack pointer in which QEMU can find the return address when `start addr` is hit. - - With `AFL_USE_QASAN` you can enable QEMU AddressSanitizer for dynamically + - With `AFL_USE_QASAN`, you can enable QEMU AddressSanitizer for dynamically linked binaries. - The underlying QEMU binary will recognize any standard "user space diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index d1fee7cc..2e030e7b 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -449,7 +449,7 @@ mode!) and switch the input directory with a dash (`-`): Adding a dictionary is helpful. See the directory [dictionaries/](../dictionaries/) if something is already included for your data format, and tell afl-fuzz to load that dictionary by adding `-x -dictionaries/FORMAT.dict`. With afl-clang-lto you have an autodictionary +dictionaries/FORMAT.dict`. With afl-clang-lto, you have an autodictionary generation for which you need to do nothing except to use afl-clang-lto as the compiler. You also have the option to generate a dictionary yourself, see [utils/libtokencap/README.md](../utils/libtokencap/README.md). diff --git a/docs/important_changes.md b/docs/important_changes.md index 9d4523e8..203c5a66 100644 --- a/docs/important_changes.md +++ b/docs/important_changes.md @@ -5,26 +5,26 @@ changes. ## From version 3.00 onwards -With AFL++ 3.13-3.20 we introduce frida_mode (-O) to have an alternative for +With AFL++ 3.13-3.20, we introduce frida_mode (-O) to have an alternative for binary-only fuzzing. It is slower than Qemu mode but works on MacOS, Android, iOS etc. -With AFL++ 3.15 we introduced the following changes from previous behaviors: +With AFL++ 3.15, we introduced the following changes from previous behaviors: * Also -M main mode does not do deterministic fuzzing by default anymore * afl-cmin and afl-showmap -Ci now descent into subdirectories like afl-fuzz -i does (but note that afl-cmin.bash does not) -With AFL++ 3.14 we introduced the following changes from previous behaviors: +With AFL++ 3.14, we introduced the following changes from previous behaviors: * afl-fuzz: deterministic fuzzing it not a default for -M main anymore * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash, however, does not) -With AFL++ 3.10 we introduced the following changes from previous behaviors: +With AFL++ 3.10, we introduced the following changes from previous behaviors: * The '+' feature of the '-t' option now means to auto-calculate the timeout with the value given being the maximum timeout. The original meaning of "skipping timeouts instead of abort" is now inherent to the -t option. -With AFL++ 3.00 we introduced changes that break some previous AFL and AFL++ +With AFL++ 3.00, we introduced changes that break some previous AFL and AFL++ behaviors and defaults: * There are no llvm_mode and gcc_plugin subdirectories anymore and there is only one compiler: afl-cc. All previous compilers now symlink to this one. |