Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vanhauser-thc/afl-dynamorio

run AFL with dynamorio
https://github.com/vanhauser-thc/afl-dynamorio

afl afl-fuzz afl-fuzzer binary-instrument dynamorio fuzzer fuzzing thc

Last synced: 2 months ago
JSON representation

run AFL with dynamorio

Awesome Lists containing this project

README 

        
# binary-only fuzzing with dynamorio and afl



## Installation

1. download, compile and install afl => https://github.com/vanhauser-thc/AFLplusplus

2. download, compile and install dyninst => https://github.com/dyninst/dyninst

3. download, compile and install afl-dyninst  => https://github.com/vanhauser-thc/afl-dyninst

4. download, compile and install dynamorio => https://github.com/DynamoRIO/dynamorio

5. make a symlink to the afl folder here named "afl" , e.g. "ln -s ../AFLplusplus afl"

6. export DYNAMORIO_HOME=/path/to/dynamorio/build directory

7. make

8. make install



## How to run

1. afl-dyninst.sh -i program -o program_instrumented -D

It is a good idea to add -e and -E with well selected function addresses to

make the fuzzing faster

NOTE: you can skip this step and use -forkserver option in the next step.

But this is slower at the moment!



2. afl-fuzz-dynamorio.sh [normal afl-fuzz options]

That's it! If you fuzzing does not run, afl-fuzz might need more memory, set

AFL_MEM to a high value, e.g. 700 for 700MB



## When to use it

when normal afl-dyninst is crashing the binary and qemu mode -Q is not

an option.

Dynamorio is x10-50 slower than Qemu, 25x slower than dyninst - however 10x

faster than Pintool, and works additionally on ARM and AARCH64.

In memory fuzzing (function fuzzing) is a much faster option and implemented

in a future release.



## Who and where

https://github.com/vanhauser-thc/afl-dynamorio



Marc "van Hauser" Heuse  ||