about summary refs log tree commit diff
path: root/examples/afl_untracer/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'examples/afl_untracer/README.md')
-rw-r--r--examples/afl_untracer/README.md20
1 files changed, 20 insertions, 0 deletions
diff --git a/examples/afl_untracer/README.md b/examples/afl_untracer/README.md
new file mode 100644
index 00000000..4ff96423
--- /dev/null
+++ b/examples/afl_untracer/README.md
@@ -0,0 +1,20 @@
+# afl-untracer
+
+afl-untracer is an example skeleton file which can easily be used to fuzz
+a closed source library.
+
+It requires less memory than qemu_mode however it is way
+more course grained and does not provide interesting features like compcov
+or cmplog.
+
+Read and modify afl-untracer.c then `make` and use it as the afl-fuzz target
+(or even remote via afl-network-proxy).
+
+To generate the `patches.txt` file for your target library use the
+`ida_get_patchpoints.py` script for IDA Pro or
+`ghidra_get_patchpoints.java` for Ghidra.
+
+This idea is based on [UnTracer](https://github.com/FoRTE-Research/UnTracer-AFL)
+and modified by [Trapfuzz](https://github.com/googleprojectzero/p0tools/tree/master/TrapFuzz).
+This implementation is slower because the traps are not patched out with each
+run, but on the other hand gives much better coverage information.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-29 15:25:59 +0000