From db360332c4cf92c3b90d8dfab9292763e677aebf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Dec 2021 14:33:56 +0100 Subject: make llvm 14-dev working. again. --- qemu_mode/qemuafl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'qemu_mode') diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 002e4739..8809a2b2 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 002e473939a350854d56f67ce7b2e2d9706b8bca +Subproject commit 8809a2b2ebf089d3427dd8f6a0044bcc2e13b389 -- cgit 1.4.1 From 6ce72deb75163a8532ab3142cc1a9d8a1138459b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Dec 2021 15:21:12 +0100 Subject: more rename --- qemu_mode/qemuafl | 2 +- src/afl-fuzz-one.c | 4 ++-- src/afl-fuzz-stats.c | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 8809a2b2..002e4739 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 8809a2b2ebf089d3427dd8f6a0044bcc2e13b389 +Subproject commit 002e473939a350854d56f67ce7b2e2d9706b8bca diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 96c32a86..ebf3f4ac 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -447,7 +447,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->not_on_tty)) { ACTF( - "Fuzzing test case #%u (%u total, %llu uniq crashes found, " + "Fuzzing test case #%u (%u total, %llu crashes saved, " "perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...", afl->current_entry, afl->queued_items, afl->saved_crashes, afl->queue_cur->perf_score, afl->queue_cur->exec_us, @@ -2968,7 +2968,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->not_on_tty) { - ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...", + ACTF("Fuzzing test case #%u (%u total, %llu crashes saved)...", afl->current_entry, afl->queued_items, afl->saved_crashes); fflush(stdout); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 5016095f..50e6c2f4 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -832,7 +832,7 @@ void show_stats(afl_state_t *afl) { sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_items), ((double)afl->cur_skipped_items * 100) / afl->queued_items); - SAYF(bV bSTOP " items timed out : " cRST "%-18s " bSTG bV, tmp); + SAYF(bV bSTOP " runs timed out : " cRST "%-18s " bSTG bV, tmp); sprintf(tmp, "%0.02f bits/tuple", t_bytes ? (((double)t_bits) / t_bytes) : 0); @@ -870,7 +870,7 @@ void show_stats(afl_state_t *afl) { SAYF(" new edges on : " cRST "%-20s" bSTG bV "\n", tmp); - sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_crashes), + sprintf(tmp, "%s (%s%s saved)", u_stringify_int(IB(0), afl->total_crashes), u_stringify_int(IB(1), afl->saved_crashes), (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); @@ -904,7 +904,7 @@ void show_stats(afl_state_t *afl) { } - sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_tmouts), + sprintf(tmp, "%s (%s%s saved)", u_stringify_int(IB(0), afl->total_tmouts), u_stringify_int(IB(1), afl->saved_tmouts), (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); -- cgit 1.4.1 From 77ce31c8ba1f90d8895ba16a2bb509db88071a10 Mon Sep 17 00:00:00 2001 From: llzmb <46303940+llzmb@users.noreply.github.com> Date: Sat, 11 Dec 2021 19:13:22 +0100 Subject: Add docs content overview --- dictionaries/README.md | 2 +- docs/README.md | 41 ++++++++++++++++++++++ docs/afl-fuzz_approach.md | 2 +- docs/resources/fuzzing_process_overview.drawio.svg | 4 +++ instrumentation/README.gcc_plugin.md | 5 +-- instrumentation/README.llvm.md | 2 +- qemu_mode/README.md | 2 +- testcases/README.md | 2 +- utils/libdislocator/README.md | 2 +- utils/libtokencap/README.md | 2 +- 10 files changed, 55 insertions(+), 9 deletions(-) create mode 100644 docs/README.md create mode 100644 docs/resources/fuzzing_process_overview.drawio.svg (limited to 'qemu_mode') diff --git a/dictionaries/README.md b/dictionaries/README.md index 0b3b4d90..ab0a6798 100644 --- a/dictionaries/README.md +++ b/dictionaries/README.md @@ -1,6 +1,6 @@ # AFL++ dictionaries -(See [../README.md](../README.md) for the general instruction manual.) +For the general instruction manual, see [docs/README.md](../docs/README.md). This subdirectory contains a set of dictionaries that can be used in conjunction with the -x option to allow the fuzzer to effortlessly explore the grammar of diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 00000000..22f86de1 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,41 @@ +# AFL++ documentation + +This is the overview of the AFL++ docs content. + +For general information on AFL++, see the +[README.md of the repository](../README.md). + +Also take a look at our [FAQ.md](FAQ.md) and +[best_practices.md](best_practices.md). + +## Fuzzing targets with the source code available + +You can find a quickstart for fuzzing targets with the source code available in +the [README.md of the repository](../README.md#quick-start-fuzzing-with-afl). + +For in-depth information on the steps of the fuzzing process, see +[fuzzing_in_depth.md](fuzzing_in_depth.md) or click on the following +image to select a step. + +![Fuzzing process overview](https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/dev/docs/resources/fuzzing_process_overview.drawio.svg "Fuzzing process overview") + +For further information on instrumentation, see the +[READMEs in the instrumentation/ folder](../instrumentation/). + +## Fuzzing other targets + +To learn about fuzzing other targets, see: + +* Binary-only: [fuzzing_binary-only_targets.md](fuzzing_binary-only_targets.md) +* GUI programs: + [best_practices.md#fuzzing-a-gui-program](best_practices.md#fuzzing-a-gui-program) +* Libraries: [frida_mode/README.md](../frida_mode/README.md) +* Network services: + [best_practices.md#fuzzing-a-network-service](best_practices.md#fuzzing-a-network-service) +* Non-linux: [unicorn_mode/README.md](../unicorn_mode/README.md) + +## Additional information + +* Tools that help fuzzing with AFL++: + [third_party_tools.md](third_party_tools.md) +* Tutorials: [tutorials.md](tutorials.md) \ No newline at end of file diff --git a/docs/afl-fuzz_approach.md b/docs/afl-fuzz_approach.md index 058fe352..6af39769 100644 --- a/docs/afl-fuzz_approach.md +++ b/docs/afl-fuzz_approach.md @@ -40,7 +40,7 @@ superior to blind fuzzing or coverage-only tools. This section provides an overview of the status screen - plus tips for troubleshooting any warnings and red text shown in the UI. -For the general instruction manual, see [README.md](../README.md). +For the general instruction manual, see [README.md](README.md). ### A note about colors diff --git a/docs/resources/fuzzing_process_overview.drawio.svg b/docs/resources/fuzzing_process_overview.drawio.svg new file mode 100644 index 00000000..c46bfbbc --- /dev/null +++ b/docs/resources/fuzzing_process_overview.drawio.svg @@ -0,0 +1,4 @@ + + + +
Prepare campaign
Prepare campaign
Required task
Required task
Optional task
Optional taskCheck coverageMonitor statusTriage crashesUse multiple coresUse multiple machinesRun afl-fuzzMake input corpus uniqueMinimize corpus fileCollect inputsSelect compilerSelect optionsSelect sanitizerCompile target source codeWrite and compile harnessModify target
Instrument target
Instrument target
Fuzz target
Fuzz target
Manage campaign
Manage campaignViewer does not support full SVG 1.1 \ No newline at end of file diff --git a/instrumentation/README.gcc_plugin.md b/instrumentation/README.gcc_plugin.md index ef38662b..ed39af9d 100644 --- a/instrumentation/README.gcc_plugin.md +++ b/instrumentation/README.gcc_plugin.md @@ -1,7 +1,8 @@ # GCC-based instrumentation for afl-fuzz -For the general instruction manual, see [../README.md](../README.md). For the -LLVM-based instrumentation, see [README.llvm.md](README.llvm.md). +For the general instruction manual, see [docs/README.md](../docs/README.md). + +For the LLVM-based instrumentation, see [README.llvm.md](README.llvm.md). This document describes how to build and use `afl-gcc-fast` and `afl-g++-fast`, which instrument the target with the help of gcc plugins. diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index d220e52c..7855a987 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -1,6 +1,6 @@ # Fast LLVM-based instrumentation for afl-fuzz -For the general instruction manual, see [../README.md](../README.md). +For the general instruction manual, see [docs/README.md](../docs/README.md). For the GCC-based instrumentation, see [README.gcc_plugin.md](README.gcc_plugin.md). diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 8e04cbf9..a045ef4f 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -1,6 +1,6 @@ # High-performance binary-only instrumentation for afl-fuzz -For the general instruction manual, see [README.md](../README.md). +For the general instruction manual, see [docs/README.md](../docs/README.md). ## 1) Introduction diff --git a/testcases/README.md b/testcases/README.md index a2f74d68..119fd272 100644 --- a/testcases/README.md +++ b/testcases/README.md @@ -1,6 +1,6 @@ # AFL++ starting test cases - (See [../README.md](../README.md) for the general instruction manual.) +For the general instruction manual, see [docs/README.md](../docs/README.md). The archives/, images/, multimedia/, and others/ subdirectories contain small, standalone files that can be used to seed afl-fuzz when testing parsers for a diff --git a/utils/libdislocator/README.md b/utils/libdislocator/README.md index 7150c205..116a22ba 100644 --- a/utils/libdislocator/README.md +++ b/utils/libdislocator/README.md @@ -1,6 +1,6 @@ # libdislocator, an abusive allocator - (See ../../README.md for the general instruction manual.) +For the general instruction manual, see [docs/README.md](../../docs/README.md). This is a companion library that can be used as a drop-in replacement for the libc allocator in the fuzzed binaries. It improves the odds of bumping into diff --git a/utils/libtokencap/README.md b/utils/libtokencap/README.md index 343fcce0..4e7ed1d1 100644 --- a/utils/libtokencap/README.md +++ b/utils/libtokencap/README.md @@ -5,7 +5,7 @@ The afl-clang-fast AFL_LLVM_DICT2FILE feature is much better, afl-clang-lto has that feature automatically integrated. - (See ../../README.md for the general instruction manual.) +For the general instruction manual, see [docs/README.md](../../docs/README.md). This companion library allows you to instrument `strcmp()`, `memcmp()`, and related functions to automatically extract syntax tokens passed to any of -- cgit 1.4.1 From 52dd5d479d411460c8cf2010a89f72e269d799ea Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Dec 2021 17:13:31 +0100 Subject: update qemu --- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/qemuafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 680c04d6..0c5c12d3 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -002e473939 +ce65a7349e diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 002e4739..ce65a734 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 002e473939a350854d56f67ce7b2e2d9706b8bca +Subproject commit ce65a7349e7156e052b37a660422cad8346764d0 -- cgit 1.4.1