One major issue with fuzzing is that it has to get the full compare correct or nothing. Libfuzz can work around this a little by allowing you to enable byte comparison. However, even that fails when confronted with something like strcmp.
We should be able to inject assembly into the binary to overwrite some libc calls and re-write them in a fuzzer-friendly (i.e.: byte-by-byte) way.
This would really only work for AFL+QEMU... For autoPwnCompile, however, we could add an option to compile those calls in to the source at compile time? Not sure how to do that cleanly at the moment..
One major issue with fuzzing is that it has to get the full compare correct or nothing. Libfuzz can work around this a little by allowing you to enable byte comparison. However, even that fails when confronted with something like strcmp.
We should be able to inject assembly into the binary to overwrite some libc calls and re-write them in a fuzzer-friendly (i.e.: byte-by-byte) way.
Calls: [ ] strcmp [ ] strncmp [ ] memcmp [ ] strcasecmp [ ] wmemcmp [ ] bcmp
This would really only work for AFL+QEMU... For autoPwnCompile, however, we could add an option to compile those calls in to the source at compile time? Not sure how to do that cleanly at the moment..