Skip to content
Branch: master
Go to file

Latest commit


Failed to load latest commit information.
Latest commit message
Commit time

#binary-only fuzzing with dynamorio and afl


  1. download, compile and install afl =>
  2. download, compile and install dyninst =>
  3. download, compile and install afl-dyninst =>
  4. download, compile and install dynamorio =>
  5. make a symlink to the afl folder here named "afl" , e.g. "ln -s ../AFLplusplus afl"
  6. export DYNAMORIO_HOME=/path/to/dynamorio/build directory
  7. make
  8. make install

##How to run

  1. -i program -o program_instrumented -D It is a good idea to add -e and -E with well selected function addresses to make the fuzzing faster NOTE: you can skip this step and use -forkserver option in the next step. But this is slower at the moment!

  2. [normal afl-fuzz options] That's it! If you fuzzing does not run, afl-fuzz might need more memory, set AFL_MEM to a high value, e.g. 700 for 700MB

##When to use it when normal afl-dyninst is crashing the binary and qemu mode -Q is not an option. Dynamorio is x10-50 slower than Qemu, 25x slower than dyninst - however 10x faster than Pintool, and works additionally on ARM and AARCH64. In memory fuzzing (function fuzzing) is a much faster option and implemented in a future release.

##Who and where

Marc "van Hauser" Heuse ||

You can’t perform that action at this time.