You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hmz007
36ed224bac
|
1 year ago | |
|---|---|---|
| .. | ||
| Makefile | 1 year ago | |
| README.md | 1 year ago | |
| argv-fuzz-inl.h | 1 year ago | |
| argvfuzz.c | 1 year ago | |
README.md
argvfuzz
AFL++ supports fuzzing file inputs or stdin. When source is available,
argv-fuzz-inl.h can be used to change main() to build argv from stdin.
argvfuzz tries to provide the same functionality for binaries. When loaded
using LD_PRELOAD, it will hook the call to __libc_start_main and replace
argv using the same logic of argv-fuzz-inl.h.
A few conditions need to be fulfilled for this mechanism to work correctly:
- As it relies on hooking the loader, it cannot work on static binaries.
- If the target binary does not use the default libc's
_startimplementation (crt1.o), the hook may not run. - The hook will replace argv with pointers to
.dataofargvfuzz.so. If the target binary expects argv to be living on the stack, things may go wrong.