GitHub - onsoim/afl4ddrfuzz

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
dictionaries		dictionaries
docs		docs
experimental		experimental
libdislocator		libdislocator
libtokencap		libtokencap
llvm_mode		llvm_mode
qemu_mode		qemu_mode
testcases		testcases
Makefile		Makefile
QuickStartGuide.txt		QuickStartGuide.txt
README		README
afl-analyze.c		afl-analyze.c
afl-as.c		afl-as.c
afl-as.h		afl-as.h
afl-cmin		afl-cmin
afl-fuzz.c		afl-fuzz.c
afl-gcc.c		afl-gcc.c
afl-gotcpu.c		afl-gotcpu.c
afl-plot		afl-plot
afl-showmap.c		afl-showmap.c
afl-tmin.c		afl-tmin.c
afl-whatsup		afl-whatsup
alloc-inl.h		alloc-inl.h
config.h		config.h
debug.h		debug.h
hash.h		hash.h
test-instr.c		test-instr.c
types.h		types.h

Repository files navigation

==================
American Fuzzy Lop for DDRFuzz
==================

  Written and maintained by onsoim <onsoim@gmail.com>

  Released under terms and conditions of Apache License, Version 2.0.

1) basic structure of AFL
-------------------------

- main
    - fuzz_one: mmap test case and mutate it
        - common_fuzz_stuff
            - **save_if_interesting**
    - sync_fuzzers: mmap from queue and call save_if_interesting
        - **save_if_interesting**

2) saving previous seed point
-----------------------------

`save_if_interesting` save intersting things like crash. So we also save `previous input` at this point.