Skip to content
/ AFL-Snapshot-LKM Public
forked from AFLplusplus/AFL-Snapshot-LKM

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

0 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Microsvuln/AFL-Snapshot-LKM

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
include
include
 
 
lib
lib
 
 
src
src
 
 
test
test
 
 
.clang-format
.clang-format
 
 
.custom-format.py
.custom-format.py
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
load.sh
load.sh
 
 
unload.sh
unload.sh
 
 

Repository files navigation

AFL++ Snapshot LKM

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

Based on https://github.com/sslab-gatech/perf-fuzz.

Written and maintained by Nick "kallsyms" Gregory and Andrea Fioraldi.

Why?

fork() is slow and we want to fuzz faster. The speed gain currently varies between 1-20% depending on the taget, but this is WIP to be faster.

If your application is stateful, persistent mode in llvm_mode will give you a better performance though.

Build

Just make.

Usage

Load it using ./load.sh, unload it using ./unload.sh.

While the module is loaded, AFL++ will detect it and automatically switch from fork() to snapshot mode. (Note: currently llvm_mode only, available from v2.63c onwards)

TODOs

  • switch from kprobe to ftrace for hooking (faster)
  • implement pages blacklist/whitelist
  • API for fine grained snapshotting (e.g. add a new VMA outside the whitelist)
  • support for multithreaded applications

About

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 86.0%
  • Python 10.2%
  • Makefile 2.4%
  • Shell 1.4%