AaronRobinsonMSFT
commented
1 year ago /cc @agocke
Open AaronRobinsonMSFT opened 1 year ago
AaronRobinsonMSFT
commented
1 year ago /cc @agocke
agocke
commented
1 year ago I used afl++ because it's notoriously simple to set up. I'm running Ubuntu 22.04 in WSL2.
Generate with:
cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ -S . -B artifacts -DCMAKE_BUILD_TYPE=Release
First, install using apt install afl. Next, compile mddump using the instrumenting compilers:
CC=afl-cc CXX=afl-c++ cmake --build artifacts --target mddump
Finally, set up and run AFL. Start by creating a beginning seed. I used the DLL from hello world. Add it to a new seeds_dir.
Then, run AFL with the command
afl-fuzz -i seeds_dir -o output_dir -- artifacts/src/mddump/mddump @@
It will use the files in the seeds_dir to mutate during the fuzzing. The @@ option says "my input is a path to a file", which AFL which generate for you.
This pops up an interactive window that shows you the AFL progress and the crashes it's generating. The output DLLs will be put in output_dir, so you can feed them back into mddump to see the crash in GDB.
AaronRobinsonMSFT
commented
1 year ago /cc @jkoritzinsky
See https://llvm.org/docs/LibFuzzer.html