Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time. Cannot retrieve contributors at this time
42 lines (29 sloc) 992 Bytes

CmpLog instrumentation

The CmpLog instrumentation enables the logging of the comparisons operands in a shared memory.

These values can be used by various mutators built on top of it. At the moment we support the RedQueen mutator (input-2-state instructions only).

Build

To use CmpLog, you have to build two versions of the instrumented target program.

The first version is built using the regular AFL++ instrumentation.

The second one, the CmpLog binary, with setting AFL_LLVM_CMPLOG during the compilation.

For example:

./configure --cc=~/path/to/afl-clang-fast
make
cp ./program ./program.afl
make clean
export AFL_LLVM_CMPLOG=1
./configure --cc=~/path/to/afl-clang-fast
make
cp ./program ./program.cmplog

Use

AFL++ has the new -c option that can be used to specify a CmpLog binary (the second build).

For example:

afl-fuzz -i input -o output -c ./program.cmplog -m none -- ./program.afl @@

Be careful to use -m none because CmpLog maps a lot of pages.

You can’t perform that action at this time.