about summary refs log tree commit diff
path: root/examples/afl_untracer/afl-untracer.c
diff options
context:
space:
mode:
Diffstat (limited to 'examples/afl_untracer/afl-untracer.c')
-rw-r--r--examples/afl_untracer/afl-untracer.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c
index 664e691c..68658bfd 100644
--- a/examples/afl_untracer/afl-untracer.c
+++ b/examples/afl_untracer/afl-untracer.c
@@ -56,6 +56,7 @@
 #include <sys/shm.h>
 #include <sys/wait.h>
 #include <sys/types.h>
+#include <sys/personality.h>
 
 #if defined(__linux__)
   #include <sys/ucontext.h>
@@ -73,6 +74,9 @@
 
 // STEP 1:
 
+/* here you need to specify the parameter for the target function */
+static void *(*o_function)(u8 *buf, int len);
+
 /* use stdin (1) or a file on the commandline (0) */
 static u32 use_stdin = 1;
 
@@ -395,7 +399,7 @@ static void __afl_map_shm(void) {
 }
 
 /* Fork server logic. */
-static void __afl_start_forkserver(void) {
+inline static void __afl_start_forkserver(void) {
 
   u8  tmp[4] = {0, 0, 0, 0};
   u32 status = 0;
@@ -411,7 +415,7 @@ static void __afl_start_forkserver(void) {
 
 }
 
-static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
+inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
 
   s32 status;
 
@@ -437,7 +441,7 @@ static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
 
 }
 
-static void __afl_end_testcase(int status) {
+inline static void __afl_end_testcase(int status) {
 
   if (write(FORKSRV_FD + 1, &status, 4) != 4) do_exit = 1;
   // fprintf(stderr, "write2 %d\n", do_exit);
@@ -667,12 +671,11 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) {
 
 }
 
-/* here you need to specify the parameter for the target function */
-static void *(*o_function)(u8 *buf, int len);
-
 /* the MAIN function */
 int main(int argc, char *argv[]) {
 
+  (void)personality(ADDR_NO_RANDOMIZE);  // disable ASLR
+
   pid = getpid();
   if (getenv("AFL_DEBUG")) debug = 1;
 
@@ -706,6 +709,9 @@ int main(int argc, char *argv[]) {
 
   while (1) {
 
+    // instead of fork() we could also use the snapshot lkm or do our own mini
+    // snapshot feature like in https://github.com/marcinguy/fuzzer
+    // -> snapshot.c
     if ((pid = fork()) == -1) PFATAL("fork failed");
 
     if (pid) {
@@ -738,7 +744,11 @@ int main(int argc, char *argv[]) {
 
 }
 
-static void fuzz() {
+#ifndef _DEBUG
+inline
+#endif
+    static void
+    fuzz() {
 
   // STEP 3: call the function to fuzz, also the functions you might
   //         need to call to prepare the function and - important! -
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 17:53:03 +0000