Hi there,
I'm wondering how you handle with complicated structures which are used by syscalls……
For example, when fuzzing the function "cipher_update", the first parameter is "cryp_handle", which should be a meaningful pointer that points to a real complex structure, and this structure contains even more pointers and sub-structures. Simply doing bitflip of the function calls seems not feasible. How did you solve this problem?
So grateful if you could help me with it :)
Hi there, I'm wondering how you handle with complicated structures which are used by syscalls…… For example, when fuzzing the function "cipher_update", the first parameter is "cryp_handle", which should be a meaningful pointer that points to a real complex structure, and this structure contains even more pointers and sub-structures. Simply doing bitflip of the function calls seems not feasible. How did you solve this problem? So grateful if you could help me with it :)