qsym icon indicating copy to clipboard operation
qsym copied to clipboard

Published 20 hours ago verified publisher icon sslab-gatech

Function wrappers for multi-byte comparison

Open insuyun opened this issue 7 years ago • 2 comments
trafficstars

QSYM can solve multi-byte comparisons such as strcmp or memcmp gradually. But unfortunately, these functions are usually. not instrumented by AFL. Even though they are instrumented, AFL will consider intermediate results as uninteresting due to its loop bucketization.

This is not a big issue in fuzzing binary-formatted binaries that are main targets for AFL and QSYM. But we can still partially solve these cases by wrapping functions like angr did. For example, we can make strcmp wrapper and tries to generate a testcase that pass strcmp in one shot instead of intermediate results.

insuyun avatar Oct 24 '18 00:10 insuyun

Could the laf-intel.patch for AFL be of help? Patch against AFL 2.52b Blog entry explaining the transforms

hexcoder- avatar Jan 15 '19 18:01 hexcoder-

Yes. I think we can do the similar thing in QSYM side, too.

insuyun avatar Jan 15 '19 20:01 insuyun