Closed hdbreaker closed 2 years ago
ifratric
commented
2 years ago Hi, the filename is constructed here:
https://github.com/googleprojectzero/Jackalope/blob/9e9dfa558270ad492864c9beba3c3867b3cae698/fuzzer.cpp#L959
So you can change that line to something like
string outfile = DirJoin(out_dir, string("input_") + std::to_string(tc->thread_id) + string(".ext"));
hdbreaker
commented
2 years ago I already identify the line but the problem is that I’m fuzzing multi format file extensions, so I need a way to dynamically change the extension, and not fixed to an specific extension
ifratric
commented
2 years ago In that case, you can try, before DeliverSample() call here:
https://github.com/googleprojectzero/Jackalope/blob/9e9dfa558270ad492864c9beba3c3867b3cae698/fuzzer.cpp#L224
do the following:
sample?)((FileSampleDelivery*)(tc->sampleDelivery))->SetFilename(...)An easier option though would be to have one fuzzer instance per extension. If you want them to share corpus/coverage set, you can have all instances connect to the same coverage server.
hdbreaker
commented
2 years ago I was able to fix it just adding a dumb extension! thank you so much!
Hey guys how are you? My fuzzing target needs the file extension in "input_ {{ThreadID}}" to determinate which dll must load to parse the content.
I was trying to modify the fuzzer.cpp code to add this functionality but I didn't find the correct function/line to add this functionality.
Can you help me to improve/add this feature to the app? In which part of the code the file input_ is written? and how can I add the file extension to that input file?
Thank you ahead!