From 2868ba98b6e9320899bf6f0a21c4e04e9428169f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 4 Jan 2019 11:32:01 +0100 Subject: README updates --- README.md | 26 ++++++++++++++++++-------- afl-dyninst.cpp | 2 ++ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6abacf0..e219632 100644 --- a/README.md +++ b/README.md @@ -24,15 +24,25 @@ if you built dyninst 10.x or from directly from github: you also have to set DYN 3. make install -*NOTE:* building dyninst10 is a pain. I recommend the following steps: +### Building dyninst 10 + +building dyninst10 is a pain. I recommend the following steps: 1. remove elfutils if installed as distribution package 2. download the newest elfutils, make and (!) make install - +3. install libboost-all-dev for your distribution +4. execute (depending where your libboost is installed, for me its /usr/lib/x86_64-linux-gnu): +``` +cd /usr/lib/x86_64-linux-gnu && for i in libboost*.so libboost*.a; do + n=`echo $i|sed 's/\./-mt./'` + ln -s $i $n +done +``` +5. now clone dyninst; mkdir build; cd build; cmake ..; make; make install ## Commandline options -Usage: ./afl-dyninst-dfvD -i -o -l -e
-E
-s -S -m +Usage: ./afl-dyninst-dfvD -i INPUT_BINARY -o OUTPUT_BINARY -l INPUT_LIBRARY -e ADDRESS -E ADDRESS -s NUMBER -S FUNCNAME -m SIZE -i: input binary -o: output binary -d: do not instrument the binary, only supplied libraries @@ -69,11 +79,11 @@ argument to __libc_start_main. Switch -E is used to specify addresses that should force a clean exit when reached. This can speed up the fuzzing tremendously. -Switch -s instructs afl-dyninst to skip the first of basic -blocks. Currently, it is used to work around a bug in Dyninst -but doubles as an optimization option, as skipping the basic blocks -of the initialization routines makes things run faster. If the instrumented -binary is crashing by itself, try skiping a number of blocks. +Switch -s instructs afl-dyninst to skip the first NUMBER of basic blocks. +Currently, it is used to work around a bug in Dyninst but doubles as an +optimization option, as skipping the basic blocks of the initialization +routines makes things run faster. If the instrumented binary is crashing by +itself, try skiping a number of blocks. Switch -r allows you to specify a path to the library that is loaded via dlopen() at runtime. Instrumented runtime libraries will be diff --git a/afl-dyninst.cpp b/afl-dyninst.cpp index 4ff3edb..5b25262 100644 --- a/afl-dyninst.cpp +++ b/afl-dyninst.cpp @@ -346,6 +346,8 @@ bool insertBBCallback(BPatch_addressSpace * appBin, BPatch_function * curFunc, c int main(int argc, char **argv) { char *func2patch = NULL; int loop; + + cout << "afl-dyninst (c) 2017-2019 by Aleksandar Nikolic and Marc Heuse [https://github.com/vanhauser-thc/afl-dyninst] Apache 2.0 License" << endl; if (argc < 3 || strncmp(argv[1], "-h", 2) == 0 || strncmp(argv[1], "--h", 3) == 0) { cout << "Usage: " << argv[0] << USAGE; -- cgit 1.4.1