search

AngoraFuzzer / Angora

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Apache License 2.0
919 stars 168 forks source link

Angora compile IR #110

Open aug2uag opened 3 years ago

aug2uag commented 3 years ago

Would Angora have support to compile from LLVM or BAP derived intermediate representation?

Trying to analyze binary (pre-compiled) but couldn't figure out how:

 INFO  angora::fuzz_main > CommandOpt { mode: LLVM, id: 0, main: ("/input/azorult2", []), track: ("/input/azorult2", []), tmp_dir: "./output/bar/tmp", out_file: "./output/bar/tmp/cur_input", forksrv_socket_path: "./output/bar/tmp/forksrv_socket", track_path: "./output/bar/tmp/track", is_stdin: true, search_method: Gd, mem_limit: 200, time_limit: 1, is_raw: true, uses_asan: false, ld_library: "$LD_LIBRARY_PATH:/clang+llvm/lib", enable_afl: true, enable_exploitation: true }
thread 'main' panicked at 'The program is not complied by Angora', fuzzer/src/check_dep.rs:55:9
DataCorrupted commented 2 years ago

Angora actually supports compiling from LLVM IR or bytecode. You may see here for more details on how it's done.