This repository has been archived by the owner on Mar 2, 2023. It is now read-only.
Function wrappers for multi-byte comparison #23
Labels
enhancement
New feature or request
Comments
|
Could the laf-intel.patch for AFL be of help? |
|
Yes. I think we can do the similar thing in QSYM side, too. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
QSYM can solve multi-byte comparisons such as strcmp or memcmp gradually. But unfortunately, these functions are usually. not instrumented by AFL. Even though they are instrumented, AFL will consider intermediate results as uninteresting due to its loop bucketization.
This is not a big issue in fuzzing binary-formatted binaries that are main targets for AFL and QSYM.
But we can still partially solve these cases by wrapping functions like angr did. For example, we can make strcmp wrapper and tries to generate a testcase that pass strcmp in one shot instead of intermediate results.
The text was updated successfully, but these errors were encountered: