Improve harness instructions

mykter · Nov 7, 2017 · 35d4fc4 · 35d4fc4
1 parent fdbcf15
commit 35d4fc4
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/harness/README.md b/harness/README.md
@@ -19,7 +19,7 @@ How can we fuzz it?
 
 2.  To allow AFL to work effectively, the code needs to be instrumented - so we have to compile it using one of afl-clang-fast, afl-clang, or afl-gcc.
 
-3.  For the data generated by AFL to actually test the library, we have to write a _harness_ that will take external input and feed it to the library. This can either be from a file specified on the command line, or directly from stdin. See `man 3 stdin` for an overview.
+3.  For the data generated by AFL to actually test the library, we have to write a _harness_ that will take external input and feed it to the library. This can either be from a file specified on the command line, or directly from stdin.
 
 A minimal stdin test harness
 ----------------------------
@@ -38,11 +38,11 @@ void main() {
 
 We can compile this minimal program like so:
 
-`AFL_HARDEN=1 ~/local/afl-2.52b/afl-clang-fast harness.c library.c -o harness -w`
+`AFL_HARDEN=1 ~/afl-2.52b/afl-clang-fast harness.c library.c -o harness -w`
 
 It will call the library code (run `./harness` to test it out), but there's no hook yet to allow the inputs generated by afl to make it to the target function. Try running this program under afl-fuzz: `afl-fuzz -i in -o out ./harness` - you will see that afl gives you a warning that nothing is happening: "(odd, check syntax!)".
 
-So let's make our harness take input from stdin and feed it to the target function:
+So let's make our harness take input from stdin and feed it to the target function. See `man 3 stdin` for an overview if the concept of standard input and output is new to you.
 
 ```
 #include "library.h"
@@ -67,7 +67,7 @@ After compiling this with the instrumenting compiler, running it under afl-fuzz
 
 Arbitrary input formats
 -----------------------
-This is pretty straightforward - but what about `lib_mul`? It doesn't take a buffer as input, it takes two numbers. To handle this, our harness will simply parse out two integers from the input stream.
+Fuzzing `lib_echo` is pretty straightforward - but what about `lib_mul`? It doesn't take a buffer as input, it takes two numbers. To handle this, our harness will simply parse out two integers from the input stream.
 
 ```
 #include "library.h"
@@ -92,12 +92,12 @@ int main(int argc, char* argv[]) {
 		read(0, &b, 1);
 		printf("%d", lib_mul(a,b));
 	} else {
-		printf("Usage: %s mul|rot\n", argv[0]);
+		printf("Usage: %s mul|echo\n", argv[0]);
 	}
 }
 ```
 
-We don't need to 'tell' afl-fuzz about what this harness in any way - it will work it out, just like it does for any other input format. But note that as we've added some functionality to our harness to specify which library function to fuzz, we now we need to call it like so:
+We don't need to 'tell' afl-fuzz about what this harness in any way - it will work it out, just like it does for any other input format. But note that as we've added some functionality to our harness to specify which library function to fuzz, we now we need to tell afl-fuzz how to launch it:
 
     afl-fuzz -i in -o out ./harness mul