From b189640a927e9ed17347b26f6579b0e41dcdda38 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 16:54:36 +0100 Subject: cleanup --- utils/argv_fuzzing/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'utils/argv_fuzzing/README.md') diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index e9224995..bcf388c7 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,4 +1,4 @@ -# argvfuzz +#argvfuzz AFL++ supports fuzzing file inputs or stdin. When source is available, `argv-fuzz-inl.h` can be used to change `main()` to build argv from stdin. @@ -13,4 +13,4 @@ A few conditions need to be fulfilled for this mechanism to work correctly: 2. If the target binary does not use the default libc's `_start` implementation (crt1.o), the hook may not run. 3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the - target binary expects argv to be living on the stack, things may go wrong. \ No newline at end of file + target binary expects argv to be living on the stack, things may go wrong. -- cgit 1.4.1 From 3188cac1d074352e9110d83c7ad5c3d5684d90f8 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Tue, 27 Dec 2022 16:57:30 +0100 Subject: cleanup --- utils/argv_fuzzing/README.md | 2 +- utils/argv_fuzzing/argv-fuzz-inl.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'utils/argv_fuzzing/README.md') diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index bcf388c7..ca90f26c 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,4 +1,4 @@ -#argvfuzz +# argvfuzz feature AFL++ supports fuzzing file inputs or stdin. When source is available, `argv-fuzz-inl.h` can be used to change `main()` to build argv from stdin. diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h index bb8f2813..abe86d3c 100644 --- a/utils/argv_fuzzing/argv-fuzz-inl.h +++ b/utils/argv_fuzzing/argv-fuzz-inl.h @@ -29,10 +29,10 @@ If you would like to always preserve argv[0], use this instead: AFL_INIT_SET0("prog_name"); - To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with - buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) - to preserver argv[0]. buf should be defined as: - unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; + To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with + buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf) + to preserver argv[0]. buf should be defined as: + unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; */ #ifndef _HAVE_ARGV_FUZZ_INL -- cgit 1.4.1 From 51e0707d4d5b65cf4245b7350986c66bf639f3cd Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 09:27:22 +0100 Subject: readme update --- utils/argv_fuzzing/README.md | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) (limited to 'utils/argv_fuzzing/README.md') diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index ca90f26c..e22fbe4e 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,15 +1,37 @@ -# argvfuzz feature +# argv_fuzzing feature +AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for fuzzing of arguments passed to a program from the command line interface, rather than from standard input. -AFL++ supports fuzzing file inputs or stdin. When source is available, -`argv-fuzz-inl.h` can be used to change `main()` to build argv from stdin. +## With source code +When source is available, a macro from the `argv-fuzz-inl.h` header file can be used to change the program's behavior to build argv from STDIN. +### Without persistent mode +Conditions needed to use the argv_fuzzing feature: +1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`) +2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`) +3. Use the one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: + - `AFL_INIT_ARGV();` or + - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed) + +see: [argv_fuzz_demo.c](argv_fuzz_demo.c) + +### With persistent mode +Conditions needed to use the argv_fuzzing feature with persistent mode: +1. Ensure your target can handle persistent mode fuzzing +2. Follow instructions in the [llvm_mode persistent mode](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md) +3. Use the one of the following macro near the beginning of the main function and after the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`): + - `AFL_INIT_ARGV_PERSISTENT(buf)`, if you want to + - `AFL_INIT_SET0_PERSISTENT("name_of_binary", buf)` + +see: [argv_fuzz_persistent_demo.c](argv_fuzz_persistent_demo.c) + +## Binary only `argvfuzz` tries to provide the same functionality for binaries. When loaded using `LD_PRELOAD`, it will hook the call to `__libc_start_main` and replace argv using the same logic of `argv-fuzz-inl.h`. A few conditions need to be fulfilled for this mechanism to work correctly: -1. As it relies on hooking the loader, it cannot work on static binaries. +1. As it relies on hooking the loader, it cannot work on static binaries 2. If the target binary does not use the default libc's `_start` implementation (crt1.o), the hook may not run. 3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the -- cgit 1.4.1 From f28f6adbce0b803b80938518ca9c559e428ef9cf Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 09:41:22 +0100 Subject: update --- utils/argv_fuzzing/Makefile | 8 +++++--- utils/argv_fuzzing/README.md | 15 +++++++++------ 2 files changed, 14 insertions(+), 9 deletions(-) (limited to 'utils/argv_fuzzing/README.md') diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 3ebde54b..fca46b09 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -11,7 +11,7 @@ # http://www.apache.org/licenses/LICENSE-2.0 # -.PHONY: all install clean +.PHONY: all install clean demo PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin @@ -58,5 +58,7 @@ clean: rm -f argvfuzz32.so argvfuzz64.so argv_fuzz_demo argv_fuzz_persistent_demo demo: - ../../afl-clang-fast -o argv_fuzz_demo argv_fuzz_demo.c - ../../afl-clang-fast -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file + CC = afl-clang-fast + CFLAGS = -fsanitize=address + -@$(CC) $(CFLAGS) -o argv_fuzz_demo argv_fuzz_demo.c + -@$(CC) $(CFLAGS) -o argv_fuzz_persistent_demo argv_fuzz_persistent_demo.c \ No newline at end of file diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index e22fbe4e..d248cf93 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,14 +1,16 @@ # argv_fuzzing feature -AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for fuzzing of arguments passed to a program from the command line interface, rather than from standard input. +AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for the fuzzing of arguments +passed to a program from the command line interface rather than from standard input. ## With source code -When source is available, a macro from the `argv-fuzz-inl.h` header file can be used to change the program's behavior to build argv from STDIN. +When the source code is available, a specific macro from the `argv-fuzz-inl.h` header file can be used to change +the program's behavior to build argv from STDIN. ### Without persistent mode Conditions needed to use the argv_fuzzing feature: 1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`) 2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`) -3. Use the one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: +3. Use one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: - `AFL_INIT_ARGV();` or - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed) @@ -18,7 +20,8 @@ see: [argv_fuzz_demo.c](argv_fuzz_demo.c) Conditions needed to use the argv_fuzzing feature with persistent mode: 1. Ensure your target can handle persistent mode fuzzing 2. Follow instructions in the [llvm_mode persistent mode](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md) -3. Use the one of the following macro near the beginning of the main function and after the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`): +3. Use one of the following macros near the beginning of the main function and after +the buffer initialization (`unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF`): - `AFL_INIT_ARGV_PERSISTENT(buf)`, if you want to - `AFL_INIT_SET0_PERSISTENT("name_of_binary", buf)` @@ -34,5 +37,5 @@ A few conditions need to be fulfilled for this mechanism to work correctly: 1. As it relies on hooking the loader, it cannot work on static binaries 2. If the target binary does not use the default libc's `_start` implementation (crt1.o), the hook may not run. -3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. If the - target binary expects argv to be living on the stack, things may go wrong. +3. The hook will replace argv with pointers to `.data` of `argvfuzz.so`. +Things may go wrong if the target binary expects argv to live on the stack. -- cgit 1.4.1 From 99c67defb4414c1f207123e2930d0500d338c6b8 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 10:58:44 +0100 Subject: readme cleanup --- utils/argv_fuzzing/README.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'utils/argv_fuzzing/README.md') diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index d248cf93..14fe5e2d 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,18 +1,22 @@ # argv_fuzzing feature -AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature allows for the fuzzing of arguments -passed to a program from the command line interface rather than from standard input. +AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature +allows for the fuzzing of arguments passed to a program from the command line +interface rather than from standard input. ## With source code -When the source code is available, a specific macro from the `argv-fuzz-inl.h` header file can be used to change -the program's behavior to build argv from STDIN. +When the source code is available, a specific macro from the `argv-fuzz-inl.h` +header file can be used to change the program's behavior to build argv from STDIN. ### Without persistent mode Conditions needed to use the argv_fuzzing feature: 1. Include `argv-fuzz-inl.h` header file (`#include "argv-fuzz-inl.h"`) -2. Identify your main function that parses arguments (for example, `int main(int argc, char **argv)`) -3. Use one of the following macros (near the beginning of the main function) to initialize argv with the fuzzer's input: +2. Identify your main function that parses arguments +(for example, `int main(int argc, char **argv)`) +3. Use one of the following macros (near the beginning of the main function) +to initialize argv with the fuzzer's input: - `AFL_INIT_ARGV();` or - - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` (the name of the program being executed) + - `AFL_INIT_SET0("prog_name");` to preserve `argv[0]` + (the name of the program being executed) see: [argv_fuzz_demo.c](argv_fuzz_demo.c) -- cgit 1.4.1 From 5670c847bd2cc619a9d4a11e9f7ccb1f4004a0b0 Mon Sep 17 00:00:00 2001 From: Maciej Domanski Date: Wed, 28 Dec 2022 11:00:14 +0100 Subject: readme update --- utils/argv_fuzzing/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'utils/argv_fuzzing/README.md') diff --git a/utils/argv_fuzzing/README.md b/utils/argv_fuzzing/README.md index 14fe5e2d..a085c098 100644 --- a/utils/argv_fuzzing/README.md +++ b/utils/argv_fuzzing/README.md @@ -1,7 +1,7 @@ # argv_fuzzing feature -AFL++ supports fuzzing file inputs or stdin. The argv_fuzzing feature +AFL++ supports fuzzing file inputs or standard input. The argv_fuzzing feature allows for the fuzzing of arguments passed to a program from the command line -interface rather than from standard input. +interface rather than from STDIN. ## With source code When the source code is available, a specific macro from the `argv-fuzz-inl.h` -- cgit 1.4.1