I'm not quite sure what you mean about 'pty privileges' when initializing AFL's forkserver. Would you be able to provide a little more detail into what you're looking for?
Regarding
afl-as.h - this file actually defines the assembly payloads that are inserted into your target program at compile-time. For example, the
__afl_maybe_log routine is defined on
line 422. If you ran
objdump -d ./your_instrumented_binary, you would see
__afl_maybe_log's assembly code as it was defined in this header file. You can actually see where these giant assembly strings are written directly into the binary around
line 519 of afl-as.c. So, you probably don't want to modify either of these source files, as they are the ones that perform the compile-time instrumentation.