From 91ed32b7e29565cdb92fa3ebb395066da939be47 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 16 Mar 2018 12:20:58 +0100 Subject: final dynamorio changes --- CHANGES | 4 +++- Makefile | 2 +- README.txt | 6 +++--- afl-fuzz-dyninst.sh | 9 +++++++++ afl-fuzz.sh | 9 --------- 5 files changed, 16 insertions(+), 14 deletions(-) create mode 100755 afl-fuzz-dyninst.sh delete mode 100755 afl-fuzz.sh diff --git a/CHANGES b/CHANGES index 6804f76..82b7d74 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,10 @@ Changelog ========= https://github.com/vanhauser-thc/afl-dyninst + - renamed afl-fuzz.sh to afl-fuzz-dyninst.sh and make install + installs now the scripts - added -E switch to force a program exit at specific addresses - - added -D switch which does not basic block instrumentation + - added -D switch which does not do basic block instrumentation - the -S switch can now be specified several times - checks the dyninst version and comments on the -f option - added -S switch to skip instrumenting a specific function diff --git a/Makefile b/Makefile index 25ef545..f48af58 100644 --- a/Makefile +++ b/Makefile @@ -40,5 +40,5 @@ clean: install: all install -d $(INSTALL_ROOT)/bin install -d $(INSTALL_ROOT)/lib - install afl-dyninst $(INSTALL_ROOT)/bin + install afl-dyninst afl-dyninst.sh afl-fuzz-dyninst.sh $(INSTALL_ROOT)/bin install libAflDyninst.so $(INSTALL_ROOT)/lib diff --git a/README.txt b/README.txt index d9cb3f0..12ebb2c 100644 --- a/README.txt +++ b/README.txt @@ -69,7 +69,7 @@ This options is mainly to hunt down bugs in dyninst. Switch -D installs the afl fork server and forced exit functions but no basic block instrumentation. That would serve no purpose - unless there is -another interesting tool coming up ... +another interesting tool coming up ... :) Compiling: @@ -109,7 +109,7 @@ Since AFL checks if the binary has been instrumented by afl-gcc,AFL_SKIP_BIN_CHE variable needs to be set. No modifications to AFL it self is needed. $ export AFL_SKIP_BIN_CHECK=1 Then, AFL can be run as usual: -$ afl-fuzz -i testcases/archives/common/gzip/ -o test_gzip -- ./gzip_ins -d -c +$ afl-fuzz -i testcases/archives/common/gzip/ -o test_gzip -- ./gzip_ins -d -c -Note that there are the helper scripts afl-fuzz.sh and afl-dyninst.sh for you which set the +Note that there are the helper scripts afl-fuzz-dyninst.sh and afl-dyninst.sh for you which set the required environment variables for you. diff --git a/afl-fuzz-dyninst.sh b/afl-fuzz-dyninst.sh new file mode 100755 index 0000000..bb10a95 --- /dev/null +++ b/afl-fuzz-dyninst.sh @@ -0,0 +1,9 @@ +#!/bin/bash +test -z "$1" -o "$1" = "-h" && { echo Syntax: $0 afl-fuzz-options ; echo sets the afl-dyninst environment variables ; exit 1 ; } +export AFL_SKIP_BIN_CHECK=1 +export DYNINSTAPI_RT_LIB=/usr/local/lib/libdyninstAPI_RT.so +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:. +export AFL_EXIT_WHEN_DONE=1 +#export AFL_TMPDIR=/run/$$ +#export AFL_PRELOAD=./desock.so:./libdislocator/libdislocator.so +afl-fuzz $* diff --git a/afl-fuzz.sh b/afl-fuzz.sh deleted file mode 100755 index bb10a95..0000000 --- a/afl-fuzz.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -test -z "$1" -o "$1" = "-h" && { echo Syntax: $0 afl-fuzz-options ; echo sets the afl-dyninst environment variables ; exit 1 ; } -export AFL_SKIP_BIN_CHECK=1 -export DYNINSTAPI_RT_LIB=/usr/local/lib/libdyninstAPI_RT.so -export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:. -export AFL_EXIT_WHEN_DONE=1 -#export AFL_TMPDIR=/run/$$ -#export AFL_PRELOAD=./desock.so:./libdislocator/libdislocator.so -afl-fuzz $* -- cgit 1.4.1