https://github.com/wtdcode/fuzzercorn

Bring libfuzzer to Unicorn
https://github.com/wtdcode/fuzzercorn

Last synced: 2 months ago
JSON representation

Bring libfuzzer to Unicorn

• Host: GitHub
• URL: https://github.com/wtdcode/fuzzercorn
• Owner: wtdcode
• Created: 2022-01-21T19:12:48.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2022-01-23T13:35:33.000Z (over 3 years ago)
• Last Synced: 2025-03-18T09:37:43.754Z (3 months ago)
• Language: Python
• Size: 34.2 KB
• Stars: 26
• Watchers: 1
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Fuzzercorn

libfuzzer bindings for Unicorn.

## API

```C

// The main entry point of the fuzzer.

// Note this function should be called only **ONCE** per process.

//

// @Uc: The Unicorn instance.

// @Argc: A pointer to argc.

// @Argv: A pointer to argv array.

// @Input: The Callback to place input. If it returns false, the unicorn won't be

//         started. Users also may use this to implement custom fuzzing logic, for

//         example starting fuzzer in the callback. Always return 0.

// @Init: The Callback to initialize before fuzzing. Only called once and should always

//        return 0 whatever happens.

// @Validate: Validate if an error is a crash. Only get called if unicorn returns an

//            error by default. If @AlwaysValidate is set to true, it would be called

//            everytime the emulation is done.

// @Mutate: Mutate the input **in-place**. Note that setting this pointer to non-null but

//          don't provide any implementation may have side-effects. If you would not like to

//          mutate, set it to nullptr.

// @Cross: Combines two input to new output.

// @Ranges: Specify the ranges the fuzzer is interested. Only the code within the ranges

//          would be intrumented. Setting this to nullptr will get all code instrumented.

// @UserData: User provided data and will be passed to callbacls.

// @AlwaysValidate: see @Validate.

// @ExitCode: The program (fuzzer) exit code. Should be returned as the exit code of the

//            outer program.

// @CounterCount: The coverage map size. Reduce this can speedup the fuzzing but may cause

//                more conflicts.

FUZZER_INTERFACE_VISIBILITY FuzzerCornError FuzzerCornFuzz(

    uc_engine *Uc, int *Argc, char ***Argv, FuzzerCornPlaceInputCallback Input,

    FuzzerCornInitialize Init, FuzzerCornValidateCallback Validate,

    FuzzerCornMutatorCallback Mutate, FuzzerCornCrossOverCallback Cross,

    InstrumentRange *Ranges, size_t RangeCount, void *UserData,

    bool AlwaysValidate, int *ExitCode, size_t CounterCount);

```