qemuafl
qemuafl copied to clipboard
AFLplusplus
This fork of QEMU enables fuzzing userspace ELF binaries under AFL++.
I was wondering if QEMUAFL is considering a UNICORN-like hooking framework built into QEMUAFL? This would greatly reduce runtime overheads of UNICORN/QILING. Also, it could leverage the sanitisation, persistence, selective...
There are many useful improvements, in target emulation precision, LoongArch support, better portability and TCG plugins.
When a target static musl binary is run with AFL_ENTRYPOINT defined, all non-crashing test inputs will produce a crash after a crashing test input is run. ## Cause Unlike GLIBC...
Thank you for this great project! Currently I'm trying to use afl++ in qemu mode. Everything is OK when I run it on Ubuntu 20.04. However, when I run qemu...
There is simple code ``` int main(int argc, char **argv) { UNUSED_PARAMETER(argc); UNUSED_PARAMETER(argv); char buf[3]; memset(buf, 0, 3); read(0, buf, 3); if (buf[0] == 'c') { printf("hit buf0\n"); if (buf[1]...
On a current Arch Linux x86_64 and aarch64 `make STATIC=1 binary-only` gives: ``` [*] Performing basic sanity checks... [+] All checks passed! [*] Making sure qemuafl is checked out [*]...
gen_helper_qasan_shadow_stack_push(tcg_const_tl(s->pc_curr)); gen_helper_qasan_shadow_stack_pop(cpu_reg(s, 30)); //linker register address will not equel pushed address ``` void HELPER(qasan_shadow_stack_pop)(target_ulong ptr) { #if defined(TARGET_ARM) ptr &= ~1; #endif #if defined (TARGET_AARCH64) //simple fix ,make stack frame...
Using the tracing facility would be cool if you can pass something like `AFL_QEMU_DRCOV_TRACE="/tmp/trace.drcov"` and qemu will trace the execution with `-trace exec_tb` and, once done, it convert the trace...
Metadata
Owner
Metadata
This fork of QEMU enables fuzzing userspace ELF binaries under AFL++.