blob: 3278b60cc8fb40cf18e378674ef1ba42eb5fcac5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
# QEMU persistent hook example
Compile the test binary and the library:
```
gcc -no-pie test.c -o test
gcc -fPIC -shared read_into_rdi.c -o read_into_rdi.so
```
Fuzz with:
```
export AFL_QEMU_PERSISTENT_ADDR=0x$(nm test | grep "T target_func" | awk '{print $1}')
export AFL_QEMU_PERSISTENT_HOOK=./read_into_rdi.so
mkdir in
echo 0000 > in/in
../../afl-fuzz -Q -i in -o out -- ./test
```
|
