diff options
| author | van Hauser <vh@thc.org> | 2018-02-24 12:08:20 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2018-02-24 12:08:20 +0100 |
| commit | f843c135a7442aaf40381e76439e250ae905be18 (patch) | |
| tree | 8123ed783c290d12ed22fca97e13d138d606394f /README.txt | |
| parent | 15e935cd25c4fa76210d8f36d480678d364a379e (diff) | |
| download | afl-dyninst-f843c135a7442aaf40381e76439e250ae905be18.tar.gz | |
added my changes
Diffstat (limited to 'README.txt')
| -rw-r--r-- | README.txt | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/README.txt b/README.txt index 6f5764a..adecc8b 100644 --- a/README.txt +++ b/README.txt @@ -9,13 +9,15 @@ inserting callbacks for each basic block and an initialization callback either at _init or at specified entry point. Usage: ./afl-dyninst -i <binary> -o <binary> -l <library> -e <address> -s <number> - -i: Input binary - -o: Output binary - -l: Library to instrument (repeat for more than one) - -e: Entry point address to patch (required for stripped binaries) - -r: Runtime library to instrument (path to, repeat for more than one) - -s: Number of basic blocks to skip - -v: Verbose output + -i: Input binary + -o: Output binary + -l: Library to instrument (repeat for more than one) + -e: Entry point address to patch (required for stripped binaries) + -r: Runtime library to instrument (path to, repeat for more than one) + -s: Number of basic blocks to skip + -m: minimum size of a basic bock to instrument (default: 1) + -f: fix dyninst bug to sometimes not save edi/rdi register + -v: Verbose output Switch -l is used to supply the names of the libraries that should be instrumented along the binary. Instrumented libraries will be copied @@ -42,6 +44,15 @@ written to the same location with a ".ins" suffix as not to overwrite the original ones. Make sure to backup the originals and then rename the instrumented ones to original name. +Switch -m allows you to only instrument basic blocks of a minimum size - the +default minimum size is 1 + +Switch -f fixes a dyninst bug that lead to bugs in the instrumented program: +our basic block instrumentation function loaded into the instrumentd binaries +uses the edi/rdi. However dyninst does not always saves and restores it when +instrumenting that function leading to crashes and changed program behaviour +when the register is used for function parameters. + The instrumentation library "libDyninst.so" must be available in the current working directory as that is where the instrumented binary will be looking for it. |