about summary refs log tree commit diff
path: root/examples/afl_untracer/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'examples/afl_untracer/README.md')
-rw-r--r--examples/afl_untracer/README.md15
1 files changed, 15 insertions, 0 deletions
diff --git a/examples/afl_untracer/README.md b/examples/afl_untracer/README.md
index 4ff96423..8e24c2a4 100644
--- a/examples/afl_untracer/README.md
+++ b/examples/afl_untracer/README.md
@@ -14,6 +14,21 @@ To generate the `patches.txt` file for your target library use the
 `ida_get_patchpoints.py` script for IDA Pro or
 `ghidra_get_patchpoints.java` for Ghidra.
 
+The patches.txt file has to pointed to by `AFL_UNTRACER_FILE`.
+
+Example (after modfying afl-untracer.c to your needs, compiling and creating
+patches.txt):
+```
+AFL_UNTRACER_FILE=./patches.txt afl-fuzz -i in -o out -- ./afl-untracer
+```
+
+To testing/debugging you can try:
+```
+make DEBUG=1
+AFL_UNTRACER_FILE=./patches.txt AFL_DEBUG=1 gdb ./afl-untracer
+```
+and then you can easily set breakpoints to "breakpoint" and "fuzz".
+
 This idea is based on [UnTracer](https://github.com/FoRTE-Research/UnTracer-AFL)
 and modified by [Trapfuzz](https://github.com/googleprojectzero/p0tools/tree/master/TrapFuzz).
 This implementation is slower because the traps are not patched out with each
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-28 05:21:46 +0000