afl-as.h

[Tanvi Allada]

I am working on fuzzing a shell and am incorporating pty privileges when initializing/running the forkserver. I realize that we may need to touch afl-as.h, my question is why exactly was this code written in assembly? Is there another version that uses C code like the rest of the fuzzing code? Thank you!

[Connor Shugg]

Hi Tanvi,

I'm not quite sure what you mean about 'pty privileges' when initializing AFL's forkserver. Would you be able to provide a little more detail into what you're looking for?

Regarding afl-as.h - this file actually defines the assembly payloads that are inserted into your target program at compile-time. For example, the __afl_maybe_log routine is defined on line 422. If you ran objdump -d ./your_instrumented_binary, you would see __afl_maybe_log's assembly code as it was defined in this header file. You can actually see where these giant assembly strings are written directly into the binary around line 519 of afl-as.c. So, you probably don't want to modify either of these source files, as they are the ones that perform the compile-time instrumentation.

Hope this helps!

Connor

On Wed, Apr 12, 2023 at 2:18 PM Tanvi Allada <tanvi...@vt.edu> wrote:

I am working on fuzzing a shell and am incorporating pty privileges when initializing/running the forkserver. I realize that we may need to touch afl-as.h, my question is why exactly was this code written in assembly? Is there another version that uses C code like the rest of the fuzzing code? Thank you!

--
You received this message because you are subscribed to the Google Groups "afl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to afl-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/afl-users/9004dee1-6279-43bd-b134-37e35192d30an%40googlegroups.com.