History

Dongjia "toka" Zhang c415b4d5f6

* 0.13

* z3

* capstone

* fixer

---------

Co-authored-by: Dominik Maier <domenukk@gmail.com>

2024-06-13 23:35:35 +02:00

src

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

build.rs

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

build.sh

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

Cargo.toml

0.13.0 (#2253 )

2024-06-13 23:35:35 +02:00

clean.sh

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

cms_transform_fuzzer.cc

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

concatenator.py

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

Makefile.toml

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

README.md

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

stub_rt.c

LibAFL Dynamic Analysis (#2208 )

2024-05-24 14:43:27 +02:00

README.md

Dynamic Analysis Fuzzer

This fuzzer is to show how you can collect runtime analysis information during fuzzing using LibAFL. We use the Little-CMS project for the example. First, this fuzzer requires nlohmann-json3-dev to work.

To run the fuzzer, 0. Compile the fuzzer with cargo build --release

mkdir analysis and run build.sh. This will compile Little-CMS to extract the analysis information and generate a json file for each module.
run python3 concatenator.py analysis. This will concatenate all the json into one single file. This json file maps a function id to its analysis information.
Compile the fuzzer with cargo make fuzzer. This will instrument the fuzzer at every function entry point. Therefore, whenever we reach the entry of any function, we can log its id and logs what functions we executed.
Run the fuzzer RUST_LOG=info ./fuzzer --input ./corpus --output ./out. You'll see a stream of analysis data