How to fuzz?
54 views
Skip to first unread message
Albert Peyrot
Apr 17, 2012, 4:42:27 AM4/17/12
to BitBlaze User Discussion group
Hi guys! I am new to bitblaze. What I want to do is to fuzz (to get an
automatic input generator for maximal code coverage).
I wrote a simple program
CODE START
char x;
// I read x from the network and it is the only tainted variable I
have
if (x=='5')
{
printf("Success");
}
else if (x=='9')
{
printf("Unsure");
}
else
{
printf("Failure");
}
CODE END
I injected the value '5' and got a trace.
Now I use appreplay to create the stp file.
then I append to it "QUERY(FALSE);"
Now, when I run
>stp -p taint5.stp
it returns to me 0x35 which is '5'.
What I want is to get any other value (either '9', or all characters
which are neither '5' or '9'). If I'll have them, I could fuzz between
different inputs.
Can you suggest me what should I query to get this?
Regards
- Albert
automatic input generator for maximal code coverage).
I wrote a simple program
CODE START
char x;
// I read x from the network and it is the only tainted variable I
have
if (x=='5')
{
printf("Success");
}
else if (x=='9')
{
printf("Unsure");
}
else
{
printf("Failure");
}
CODE END
I injected the value '5' and got a trace.
Now I use appreplay to create the stp file.
then I append to it "QUERY(FALSE);"
Now, when I run
>stp -p taint5.stp
it returns to me 0x35 which is '5'.
What I want is to get any other value (either '9', or all characters
which are neither '5' or '9'). If I'll have them, I could fuzz between
different inputs.
Can you suggest me what should I query to get this?
Regards
- Albert
Reply all
Reply to author
Forward
0 new messages