Andrea Fioraldi
Andrea Fioraldi
A fuzzer can look for something different than crashes. Think about timeouts for instance. The oracle class looks at observation channels, similarly to feedback, but it decides if the testcase...
We have entities (eg executor) and for each entity we will provide some implementations into libafl (eg inmemoryexecutor and forkserverexecutor). These implementations are part of the library, they should not...
I need testers for these two platforms, especially iOS cause IDK if it really runs on iOS (bu should) cause I don't have any Apple device. You can comment here...
Map memory accesses inside the stackframe boundaries to an allocated separate memory. This shit cost a bit (not too cause the accesses are already instrumented), but I don't see any...
TODO If someone wants to contribute, this is a good first issue
Hi, there are several missing fuzzers in the list like the popular honggfuzz and AFLplusplus. The categorization is broken. For instance, libFuzzer is not a Binary fuzzer, but a source-level...
Hi, I'm experimenting a bit with klee and I noticed that when the size of malloc is symbolic it is concretized to 0. I'd like to concretize it to the...
I want to add the support to snapshotting the state of all threads. There are 2 cases: 1. a thread B starts after that thread A calls afl_snapshot() 2. a...
Hi @oleavr, Further experiments with frida-fuzzer on Java code show that the Stalker follows libart.so ``` *** block=0x7efbdc22159f module=frida-agent-64.so 0x7efbdc22159f frida-agent-64.so!0x19b59f *** block=0x7efbdc221633 module=frida-agent-64.so 0x7efbdc221633 frida-agent-64.so!0x19b633 *** block=0x7efbdc221643 module=frida-agent-64.so 0x7efbdc221643...
+ ugly camel case API is not supported in recent IDA versions. They were deprected in IDA 7.0 and abandoned later. + vmmap is intended to be parsed as a...