profile
viewpoint

AFLplusplus/LibAFL 604

Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

WorksButNotTested/AFLplusplus 0

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

WorksButNotTested/cpp_exception_handling_abi 0

A mini ABI capable of handling throw/catch statements for C++ without libstdc++

WorksButNotTested/crosstool-ng 0

A versatile (cross-)toolchain generator.

WorksButNotTested/frida 0

Clone this repo to build Frida

WorksButNotTested/frida-ci 0

Tools for running and setting up the continuous integration server

WorksButNotTested/frida-gum 0

Cross-platform instrumentation and introspection library written in C

WorksButNotTested/ghidra 0

Ghidra is a software reverse engineering (SRE) framework

PR opened AFLplusplus/AFLplusplus

Added bloaty test
+163 -0

0 comment

3 changed files

pr created time in 2 days

create barnchWorksButNotTested/AFLplusplus

branch : bloaty

created branch time in 2 days

PR opened frida/frida-gum

Exceptions
+527 -5

0 comment

6 changed files

pr created time in 2 days

push eventWorksButNotTested/frida-gum

Your Name

commit sha 89742c4b286510b741aec5067bd712ee9525da1c

Fix broken op-code

view details

Your Name

commit sha 99341ebe837b852e71a003092a978f0710c9ec70

Fix exception handling when handler is inside an excluded range

view details

push time in 2 days

create barnchWorksButNotTested/frida-gum

branch : exceptions

created branch time in 2 days

pull request commentAFLplusplus/AFLplusplus

Edit FRIDA mode and QEMU mode READMEs

Many thanks. Feel free to @ me if there’s anything else you need me to look at!

llzmb

comment created time in 3 days

Pull request review commentAFLplusplus/AFLplusplus

Edit FRIDA mode and QEMU mode READMEs

 Generated block 0x7ffff75e98e2  *** ```+ * `AFL_FRIDA_INST_JIT` - Enable the instrumentation of Just-In-Time compiled-code. Code is considered to be JIT if the executable segment is not backed by a-file.+  code. Code is considered to be JIT if the executable segment is not backed by+  a file. * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage-instrumentation (the default where available). Required to use-`AFL_FRIDA_INST_TRACE`.+  instrumentation (the default where available). Required to use+  `AFL_FRIDA_INST_TRACE`. * `AFL_FRIDA_INST_NO_BACKPATCH` - Disable backpatching. At the end of executing-each block, control will return to FRIDA to identify the next block to execute.-* `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will-report instrumented blocks back to the parent so that it can also instrument-them and they be inherited by the next child on fork, implies-`AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH`.+  each block, control will return to FRIDA to identify the next block to+  execute.+* `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default, the child will+  report instrumented blocks back to the parent so that it can also instrument+  them and they be inherited by the next child on fork, implies+  `AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH`. * `AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH` - Disable prefetching of stalker-backpatching information. By default the child will report applied backpatches-to the parent so that they can be applied and then be inherited by the next-child on fork.+  backpatching information. By default, the child will report applied+  backpatches to the parent so that they can be applied and then be inherited by+  the next child on fork. * `AFL_FRIDA_INST_SEED` - Sets the initial seed for the hash function used to-generate block (and hence edge) IDs. Setting this to a constant value may be-useful for debugging purposes, e.g. investigating unstable edges.-* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks,-implies `AFL_FRIDA_INST_NO_OPTIMIZE`.+  generate block (and hence edge) IDs. Setting this to a constant value may be+  useful for debugging purposes, e.g., investigating unstable edges.+* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks, implies+  `AFL_FRIDA_INST_NO_OPTIMIZE`. * `AFL_FRIDA_INST_TRACE_UNIQUE` - As per `AFL_FRIDA_INST_TRACE`, but each edge-is logged only once, requires `AFL_FRIDA_INST_NO_OPTIMIZE`.-* `AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE` - File to write DynamoRio format-coverage information for unstable edges (e.g. to be loaded within IDA-lighthouse).+  is logged only once, requires `AFL_FRIDA_INST_NO_OPTIMIZE`.+* `AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE` - File to write DynamoRIO format+  coverage information for unstable edges (e.g., to be loaded within IDA+  lighthouse). * `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target-application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`)+  application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`). * `AFL_FRIDA_OUTPUT_STDERR` - Redirect the standard error of the target-application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`)+  application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`). * `AFL_FRIDA_PERSISTENT_DEBUG` - Insert a Breakpoint into the instrumented code-at `AFL_FRIDA_PERSISTENT_HOOK` and `AFL_FRIDA_PERSISTENT_RET` to allow the user-to detect issues in the persistent loop using a debugger.--```+  at `AFL_FRIDA_PERSISTENT_HOOK` and `AFL_FRIDA_PERSISTENT_RET` to allow the+  user to detect issues in the persistent loop using a debugger.++  ```+  gdb \+      --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=XXXXXXXXXX' \+      --ex 'set environment AFL_FRIDA_PERSISTENT_RET=XXXXXXXXXX' \+      --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \+      --ex 'set environment AFL_DEBUG_CHILD=1' \+      --ex 'set environment LD_PRELOAD=afl-frida-trace.so' \+      --args <my-executable> [my arguments]+  ``` -gdb \-		--ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=XXXXXXXXXX' \-		--ex 'set environment AFL_FRIDA_PERSISTENT_RET=XXXXXXXXXX' \-		--ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \-		--ex 'set environment AFL_DEBUG_CHILD=1' \-		--ex 'set environment LD_PRELOAD=afl-frida-trace.so' \-		--args <my-executable> [my arguments]--``` * `AFL_FRIDA_SECCOMP_FILE` - Write a log of any syscalls made by the target to-the specified file.+  the specified file. * `AFL_FRIDA_STALKER_ADJACENT_BLOCKS` - Configure the number of adjacent blocks- to fetch when generating instrumented code. By fetching blocks in the same- order they appear in the original program, rather than the order of execution- should help reduce locallity and adjacency. This includes allowing us to vector- between adjancent blocks using a NOP slide rather than an immediate branch.+  to fetch when generating instrumented code. By fetching blocks in the same+  order they appear in the original program, rather than the order of execution+  should help reduce locality and adjacency. This includes allowing us to vector+  between adjacent blocks using a NOP slide rather than an immediate branch. * `AFL_FRIDA_STALKER_IC_ENTRIES` - Configure the number of inline cache entries-stored along-side branch instructions which provide a cache to avoid having to-call back into FRIDA to find the next block. Default is 32.+  stored along-side branch instructions which provide a cache to avoid having to+  call back into FRIDA to find the next block. Default is 32. * `AFL_FRIDA_STATS_FILE` - Write statistics information about the code being-instrumented to the given file name. The statistics are written only for the-child process when new block is instrumented (when the-`AFL_FRIDA_STATS_INTERVAL` has expired). Note that simply because a new path is-found does not mean a new block needs to be compiled. It could simply be that-the existing blocks instrumented have been executed in a different order.-```-stats-------Time                  2021-07-21 11:45:49-Elapsed                                 1 seconds---Transitions                    cumulative               delta------------                    ----------               ------total                              753619               17645-call_imm                             9193 ( 1.22%)        344 ( 1.95%) [       344/s]-call_reg                                0 ( 0.00%)          0 ( 0.00%) [         0/s]-call_mem                                0 ( 0.00%)          0 ( 0.00%) [         0/s]-ret_slow_path                       67974 ( 9.02%)       2988 (16.93%) [      2988/s]-post_call_invoke                     7996 ( 1.06%)        299 ( 1.69%) [       299/s]-excluded_call_imm                    3804 ( 0.50%)        200 ( 1.13%) [       200/s]-jmp_imm                              5445 ( 0.72%)        255 ( 1.45%) [       255/s]-jmp_reg                             42081 ( 5.58%)       1021 ( 5.79%) [      1021/s]-jmp_mem                            578092 (76.71%)      10956 (62.09%) [     10956/s]-jmp_cond_imm                        38951 ( 5.17%)       1579 ( 8.95%) [      1579/s]-jmp_cond_mem                            0 ( 0.00%)          0 ( 0.00%) [         0/s]-jmp_cond_reg                            0 ( 0.00%)          0 ( 0.00%) [         0/s]-jmp_cond_jcxz                           0 ( 0.00%)          0 ( 0.00%) [         0/s]-jmp_continuation                       84 ( 0.01%)          3 ( 0.02%) [         3/s]---Instrumentation-----------------Instructions                         7907-Blocks                               1764-Avg Instructions / Block                4---EOB Instructions------------------Total                                1763 (22.30%)-Call Immediates                       358 ( 4.53%)-Call Immediates Excluded               74 ( 0.94%)-Call Register                           0 ( 0.00%)-Call Memory                             0 ( 0.00%)-Jump Immediates                       176 ( 2.23%)-Jump Register                           8 ( 0.10%)-Jump Memory                            10 ( 0.13%)-Conditional Jump Immediates          1051 (13.29%)-Conditional Jump CX Immediate           0 ( 0.00%)-Conditional Jump Register               0 ( 0.00%)-Conditional Jump Memory                 0 ( 0.00%)-Returns                               160 ( 2.02%)---Relocated Instructions------------------------Total                                 232 ( 2.93%)-addsd                                   2 ( 0.86%)-cmp                                    46 (19.83%)-comisd                                  2 ( 0.86%)-divsd                                   2 ( 0.86%)-divss                                   2 ( 0.86%)-lea                                   142 (61.21%)-mov                                    32 (13.79%)-movsd                                   2 ( 0.86%)-ucomisd                                 2 ( 0.86%)-```+  instrumented to the given file name. The statistics are written only for the+  child process when new block is instrumented (when the+  `AFL_FRIDA_STATS_INTERVAL` has expired). Note that simply because a new path+  is found does not mean a new block needs to be compiled. It could simply be+  that the existing blocks instrumented have been executed in a different order.++  ```+  stats+  -----+  Time                  2021-07-21 11:45:49+  Elapsed                                 1 seconds+++  Transitions                    cumulative               delta+  -----------                    ----------               -----+  total                              753619               17645+  call_imm                             9193 ( 1.22%)        344 ( 1.95%) [       344/s]+  call_reg                                0 ( 0.00%)          0 ( 0.00%) [         0/s]+  call_mem                                0 ( 0.00%)          0 ( 0.00%) [         0/s]+  ret_slow_path                       67974 ( 9.02%)       2988 (16.93%) [      2988/s]+  post_call_invoke                     7996 ( 1.06%)        299 ( 1.69%) [       299/s]+  excluded_call_imm                    3804 ( 0.50%)        200 ( 1.13%) [       200/s]+  jmp_imm                              5445 ( 0.72%)        255 ( 1.45%) [       255/s]+  jmp_reg                             42081 ( 5.58%)       1021 ( 5.79%) [      1021/s]+  jmp_mem                            578092 (76.71%)      10956 (62.09%) [     10956/s]+  jmp_cond_imm                        38951 ( 5.17%)       1579 ( 8.95%) [      1579/s]+  jmp_cond_mem                            0 ( 0.00%)          0 ( 0.00%) [         0/s]+  jmp_cond_reg                            0 ( 0.00%)          0 ( 0.00%) [         0/s]+  jmp_cond_jcxz                           0 ( 0.00%)          0 ( 0.00%) [         0/s]+  jmp_continuation                       84 ( 0.01%)          3 ( 0.02%) [         3/s]+++  Instrumentation+  ---------------+  Instructions                         7907+  Blocks                               1764+  Avg Instructions / Block                4+++  EOB Instructions+  ----------------+  Total                                1763 (22.30%)+  Call Immediates                       358 ( 4.53%)+  Call Immediates Excluded               74 ( 0.94%)+  Call Register                           0 ( 0.00%)+  Call Memory                             0 ( 0.00%)+  Jump Immediates                       176 ( 2.23%)+  Jump Register                           8 ( 0.10%)+  Jump Memory                            10 ( 0.13%)+  Conditional Jump Immediates          1051 (13.29%)+  Conditional Jump CX Immediate           0 ( 0.00%)+  Conditional Jump Register               0 ( 0.00%)+  Conditional Jump Memory                 0 ( 0.00%)+  Returns                               160 ( 2.02%)+++  Relocated Instructions+  ----------------------+  Total                                 232 ( 2.93%)+  addsd                                   2 ( 0.86%)+  cmp                                    46 (19.83%)+  comisd                                  2 ( 0.86%)+  divsd                                   2 ( 0.86%)+  divss                                   2 ( 0.86%)+  lea                                   142 (61.21%)+  mov                                    32 (13.79%)+  movsd                                   2 ( 0.86%)+  ucomisd                                 2 ( 0.86%)+  ```+ * `AFL_FRIDA_STATS_INTERVAL` - The maximum frequency to output statistics-information. Stats will be written whenever they are updated if the given-interval has elapsed since last time they were written.+  information. Stats will be written whenever they are updated if the given+  interval has elapsed since last time they were written. * `AFL_FRIDA_TRACEABLE` - Set the child process to be traceable by any process-to aid debugging and overcome the restrictions imposed by YAMA. Supported on-Linux only. Permits a non-root user to use `gcore` or similar to collect a core-dump of the instrumented target. Note that in order to capture the core dump you-must set a sufficient timeout (using `-t`) to avoid `afl-fuzz` killing the-process whilst it is being dumped.--## FASAN - Frida Address Sanitizer Mode-Frida mode also supports FASAN. The design of this is actually quite simple and+  to aid debugging and overcome the restrictions imposed by YAMA. Supported on+  Linux only. Permits a non-root user to use `gcore` or similar to collect a+  core dump of the instrumented target. Note that in order to capture the core+  dump you must set a sufficient timeout (using `-t`) to avoid `afl-fuzz`+  killing the process whilst it is being dumped.++## FASAN - FRIDA Address Sanitizer mode++FRIDA mode also supports FASAN. The design of this is actually quite simple and very similar to that used when instrumenting applications compiled from source. -### Address Sanitizer Basics+### Address Sanitizer basics  When Address Sanitizer is used to instrument programs built from source, the compiler first adds a dependency (`DT_NEEDED` entry) for the Address Sanitizer-dynamic shared object (DSO). This shared object contains the main logic for Address-Sanitizer, including setting and managing up the shadow memory. It also provides-replacement implementations for a number of functions in standard libraries.--These replacements include things like `malloc` and `free` which allows for those-allocations to be marked in the shadow memory, but also a number of other fuctions.-Consider `memcpy` for example, this is instrumented to validate the paramters-(test the source and destination buffers against the shadow memory. This is much-easier than instrumenting those standard libraries since, first it would require-you to re-compile them and secondly it would mean that the instrumentation would-be applied at a more expensive granular level. Lastly, load-widening (typically-found in highy optimized code) can also make this instrumentation more difficult.+dynamic shared object (DSO). This shared object contains the main logic for+Address Sanitizer, including setting and managing up the shadow memory. It also+provides replacement implementations for a number of functions in standard+libraries.++These replacements include things like `malloc` and `free` which allows for+those allocations to be marked in the shadow memory, but also a number of other+functions. Consider `memcpy`, for example. This is instrumented to validate the+parameters (test the source and destination buffers against the shadow memory).+This is much easier than instrumenting those standard libraries, since first, it+would require you to re-compile them and secondly it would mean that the+instrumentation would be applied at a more expensive granular level. Lastly,+load-widening (typically found in highly optimized code) can also make this+instrumentation more difficult.  Since the DSO is loaded before all of the standard libraries (in fact it insists on being first), the dynamic loader will use it to resolve imports from other modules which depend on it. -### FASAN Implementation--FASAN takes a similar approach. It requires the user to add the Address Sanitizer-DSO to the `AFL_PRELOAD` environment variable such that it is loaded into the target.-Again, it must be first in the list. This means that it is not necessary to-instrument the standard libraries to detect when an application has provided an-incorrect argument to `memcpy` for example. This avoids issues with load-widening-and should also mean a huge improvement in performance.--FASAN then adds instrumentation for any instrucutions which use memory operands and-then calls into the `__asan_loadN` and `__asan_storeN` functions provided by the DSO-to validate memory accesses against the shadow memory.--# Collisions-FRIDA mode has also introduced some improvements to reduce collisions in the map.-See [here](MapDensity.md) for details.--# OSX Library Fuzzing-An example of how to fuzz a dynamic library on OSX is included [here](test/osx-lib).-This requires the use of a simple test harness executable which will load the-library and call a target function within it. The dependent library can either-be loaded in using `dlopen` and `dlsym` in a function marked-`__attribute__((constructor()))` or the test harness can simply be linked-against it. It is important that the target library is loaded before execution-of `main`, since this is the point where FRIDA mode is initialized. Otherwise, it-will not be possible to configure coverage for the test library using-`AFL_FRIDA_INST_RANGES` or similar.--# Debugging-Please refer to the [debugging](#debugging) guide for assistant should you+### FASAN implementation++FASAN takes a similar approach. It requires the user to add the Address+Sanitizer DSO to the `AFL_PRELOAD` environment variable such that it is loaded+into the target. Again, it must be first in the list. This means that it is not+necessary to instrument the standard libraries to detect when an application has+provided an incorrect argument to `memcpy`, for example. This avoids issues with+load-widening and should also mean a huge improvement in performance.++FASAN then adds instrumentation for any instructions which use memory operands+and then calls into the `__asan_loadN` and `__asan_storeN` functions provided by+the DSO to validate memory accesses against the shadow memory.++## Collisions++FRIDA mode has also introduced some improvements to reduce collisions in the+map. For details, see [MapDensity.md](MapDensity.md).++## OSX library fuzzing++An example of how to fuzz a dynamic library on OSX is included, see+[test/osx-lib](test/osx-lib). This requires the use of a simple test harness+executable which will load the library and call a target function within it. The+dependent library can either be loaded in using `dlopen` and `dlsym` in a+function marked `__attribute__((constructor()))` or the test harness can simply+be linked against it. It is important that the target library is loaded before+execution of `main`, since this is the point where FRIDA mode is initialized.+Otherwise, it will not be possible to configure coverage for the test library+using `AFL_FRIDA_INST_RANGES` or similar.++## Debugging++Please refer to the [debugging](#debugging) guide for assistance should you encounter problems with FRIDA mode.

This should point here… https://github.com/AFLplusplus/AFLplusplus/blob/dev/frida_mode/DEBUGGING.md

llzmb

comment created time in 3 days

PullRequestReviewEvent

push eventWorksButNotTested/AFLplusplus

hexcoder-

commit sha d0fc985e22328504dd0c4e21770ae2b31e63421a

prototype compiles

view details

hexcoder-

commit sha 8e662898095ed6ba283a87119e383948b83b8d75

adapt compiler driver to laod new pass manager passes

view details

hexcoder-

commit sha 544a65db5470359c18436eca123282d74fa47f2e

converted afl-llvm-pass to new pass manager

view details

hexcoder-

commit sha 6e08e809074763a9c4b35b65805e628689a2d562

converted compare-transform-pass to new pass manager

view details

hexcoder-

commit sha 379c5806580dd58824df0f4fb7d215841d1bd459

converted split-switches-pass to new pass manager

view details

hexcoder-

commit sha c49b30879474042f16dcf8de200c603a47965ea4

switch PreservedAnalyses from none to all

view details

hexcoder-

commit sha 1f2fa22dad4440bf053e24811b5ece89ca276afc

make new pass manager interface compiler version dependent (>=7)

view details

hexcoder-

commit sha 7d0e0cde0ad8c5b89eaf72a9751e3fb7513cc0e9

fix declaration for new pass manager

view details

vanhauser-thc

commit sha 8a9f3bcca87ef7bcadec09e2504ae3a40d6d4314

d2

view details

Akira Moroo

commit sha de027b3b6b92723b9561137795ac38f57eebc9ad

coresight_mode: Change to use https for submodule URLs Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

van Hauser

commit sha 4434aa103c11cee18d2cbd4eb6ba32c00bbc14ca

Merge pull request #1173 from retrage/retrage/coresight-mode-pr coresight_mode: Change to use https for submodule URLs

view details

hexcoder

commit sha ef35c803da168816eab6d9ee3fbeb682322792e0

add supported boards, name prerequisite

view details

vanhauser-thc

commit sha 3a7a8704eeca4fccf9629552574c5aac5f0f2271

better string length counting

view details

vanhauser-thc

commit sha 6f9a98c4a97e8e261fc52891d61f0b0c145b6364

better string length counting

view details

hexcoder-

commit sha 0e9b2089498c2acf307bbc90ade420b33aede150

Merge branch 'dev_newpm' into dev

view details

vanhauser-thc

commit sha d50da14f600ae7f50552fc7ad930a0accaa05b09

fix for compcov transform strings

view details

vanhauser-thc

commit sha a0cc3dc1017e912e623ec8773e2eda5b70970e23

llvm new passmanager fixes

view details

vanhauser-thc

commit sha 6f5ba59d99056fabace9a4f1ef8f7706ad3b9386

further fixes for new pass manager

view details

vanhauser-thc

commit sha 39e2003630220bf2567a9f9d1babd0b32604a8c3

further fixes for new pass manager

view details

vanhauser-thc

commit sha 11f89ab785f0b74c0862c46406f81007ac5cf3ba

do not add zero byte on string compares with len

view details

push time in 3 days

issue commentgoogle/fuzzbench

Experiment not run?

Fab. Good work!

jdhiser

comment created time in 5 days

PR opened frida/frida-gum

Fix broken op-code
+1 -1

0 comment

1 changed file

pr created time in 5 days

create barnchWorksButNotTested/frida-gum

branch : fix-stalker-x86

created branch time in 5 days

push eventWorksButNotTested/frida-gum

Your Name

commit sha f582c6d2d7bb3206df111e37d29973912d861a91

Handle excluded tail calls through .plt.got and .plt.sec

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

Your Name

commit sha 819191886df7a9be5272032eed45392f6fb27de8

Handle excluded tail calls through .plt.got and .plt.sec

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha 93668ad4871fe33e3ae9ac005e5e9391c53fd83a

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha f17715bf7399beaf09e36eac2509e4b7a517f3f6

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha 3bad0a92cd61dc65741c247133c84a6cdc489730

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha 72852c60ae275ce48a236dd2108584cf86008e9c

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha 556007aa9db034dbf74671acee808c7459fe2763

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha bb2708996eaae1c524fd72eaa70d817b69888ae8

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha f7ac57f2fe4322b955bd63c7e1821f5b3f6a0722

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/frida-gum

WorksButNotTested

commit sha bfb8310e5288378654f12cb52fdab0a6167e4c6b

Update gum/backend-x86/gumstalker-x86.c Co-authored-by: Ole André Vadla Ravnås <oleavr@gmail.com>

view details

push time in 5 days

push eventWorksButNotTested/AFLplusplus

hexcoder-

commit sha eb7db334a5feeaac9502bd2df5dd885d9d752f5b

Fix compilation on RaspberryPi 32-bit (please review)

view details

hexcoder-

commit sha 3d18243fd7d20bb1926396ec5c05df74fcd2dd95

Fix compilation error under RaspberryPi 64-Bit Manjaro Linux (no SYS_eventfd available here)

view details

vanhauser-thc

commit sha 581cb16965a2a6aa33c052afb936e5d4a5c65ad7

enhance cmplog rtn hooks

view details

Your Name

commit sha 283172c2f0f6e214ad82b2edf0fb94429e19be2c

Add Caching to Instrumentation

view details

push time in 7 days

push eventWorksButNotTested/AFLplusplus

hexcoder-

commit sha eb7db334a5feeaac9502bd2df5dd885d9d752f5b

Fix compilation on RaspberryPi 32-bit (please review)

view details

hexcoder-

commit sha 3d18243fd7d20bb1926396ec5c05df74fcd2dd95

Fix compilation error under RaspberryPi 64-Bit Manjaro Linux (no SYS_eventfd available here)

view details

vanhauser-thc

commit sha 581cb16965a2a6aa33c052afb936e5d4a5c65ad7

enhance cmplog rtn hooks

view details

push time in 7 days

CommitCommentEvent

issue commentgoogle/clusterfuzzlite

Support local deployments

Awesome. Thanks.

jonathanmetzman

comment created time in 9 days

delete branch WorksButNotTested/AFLplusplus

delete branch : cache-backup

delete time in 9 days

push eventWorksButNotTested/AFLplusplus

llzmb

commit sha b1aecf4ff0d2f82168619d40d59fcf959e7eb0f6

Edit list of environment variables

view details

llzmb

commit sha bb255fdd790dfa4027f511ae3a8eebbbfd6b42e8

Fix line breaks

view details

vanhauser-thc

commit sha 74b4274e35609a22d42fdf0672bc374e39a7c788

update for new sanitizer support

view details

llzmb

commit sha 72878cc14b7697024b6387b4c09dff786763d0a1

Edit list of environment variables

view details

llzmb

commit sha 66ca8618ea3ae1506c96a38ef41b5f04387ab560

Edit list of environment variables

view details

Akira Moroo

commit sha 9100f3c416707d926fc100d4441cf32bb1da6dd6

Add initial CoreSight mode support The original code is: https://github.com/RICSecLab/AFLplusplus-cs/tree/retrage/coresight-mode-pr Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

Akira Moroo

commit sha d63d69a1f66e00f453e358662527fbd78361147d

Clarify usage message for ARM CoreSight mode REF: https://github.com/AFLplusplus/AFLplusplus/pull/1156#issuecomment-966196217 Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

Akira Moroo

commit sha cf0fd0ff3342fe1b9a028dca95b750f730e2afd6

Remove unnecessary mem_limit in afl-showmap Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

Akira Moroo

commit sha c2feee4ed1b35cc590e2beaa595d710b09e1427c

Add platform check for `-A` CoreSight mode REF: https://github.com/AFLplusplus/AFLplusplus/pull/1156#discussion_r747454306 Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

Akira Moroo

commit sha feff8191ecbde9bb039e2311440f47e8f0325413

Fix platform check for `-A` CoreSight mode Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

Akira Moroo

commit sha d4a0fd41cd29b5862cac0b99b96b2afc67e33c7d

Check `-M` / `-S` is not specified with `-A` Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

van Hauser

commit sha 02b621e83c5242493dd6353a158414083885623a

Merge pull request #1136 from llzmb/docs_edit_environment_variables Edit list of environment variables

view details

Akira Moroo

commit sha 2d4b18f98ea15cef30a47d62319a10defda45237

Fix finding glibc patches Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

Akira Moroo

commit sha 3f864fa129c821ff35771ad0fe74c9e1ec88ee08

coresight_mode: Add TODO list to README.md Signed-off-by: Akira Moroo <retrage01@gmail.com>

view details

van Hauser

commit sha 464f1a78dff320609d4580a7b2493dc5b527df67

Merge pull request #1156 from retrage/retrage/coresight-mode-pr Add CoreSight mode support

view details

vanhauser-thc

commit sha 268339a683aab00f8487eac1ca31ef5d6c6abc4b

showmap -A -> -H, accurate help output

view details

vanhauser-thc

commit sha 1a8d3f82f289d248aa70ce6877b66c7387f77fc9

fix afl-showmap

view details

vanhauser-thc

commit sha b659be15494011184694a35ce02927f743fe0518

add coresight to docs

view details

vanhauser-thc

commit sha 132630d48d0f9fe50e9388f941433c85636587da

nit

view details

Your Name

commit sha 75145658585705445998aac89d92f517a943eb6c

Fix sorting of ranges

view details

push time in 9 days

push eventWorksButNotTested/AFLplusplus

Your Name

commit sha 2cd4f4e7fa709b89cf30f7ae3fbbbcb71c8a7340

Added vorbis test

view details

Your Name

commit sha 8c9ce591e5aaaf2ce16322f6dd873bb0a2969a8c

Shift saved values down the stack by 8 bytes

view details

Your Name

commit sha 4a2d944df3a3c3f00f46dd1a2f62cb7d977b28a0

Compilation warning fixes

view details

Your Name

commit sha d61a4def5e73d7e552d929652a237bd124861c77

Minor ASAN fix (again)

view details

Your Name

commit sha 2101c651f5bd2ddde8dbcf8732ee5d6da49238b5

Fix freetype target to build for x86 (32-bit)

view details

Your Name

commit sha 0aae4589eee4319f36efae8c3b28a397ce21eb25

Optimize assembly for x86

view details

Your Name

commit sha f85edd9181a8e022b775e5ac9073fb59a23b544c

Changes to skip coverage code on deterministic branches on x86

view details

van Hauser

commit sha 24f5e8a6db3fa44afd2491ee617db5103657bc70

Merge pull request #1171 from WorksButNotTested/frida Frida

view details

hexcoder-

commit sha 5c1b2412a58103db15350ba1511bde0d071822a2

cmplog: Fix compilation for LLVM 12.0.0 (getFixedValue was not available here)

view details

hexcoder-

commit sha d73b400704aa5cc75616a3b3ab9cc90d16759692

Merge branch 'dev' of https://github.com/AFLplusplus/AFLplusplus into dev

view details

push time in 9 days

more