search

googleprojectzero / winafl

A fork of AFL for fuzzing Windows binaries
Apache License 2.0
2.34k stars 532 forks source link

Target function #393

Open mineechor opened 1 year ago

mineechor commented 1 year ago

Why does winafl target function have to finish opening and closing testcase(files) when afl does not have to manually specify object functions?

ifratric commented 1 year ago

That is because WinAFL uses persistent mode, meaning it does not restart the target process between iterations. WinAFL uses dynamic binary instrumentation to get coverage. Instrumenting the process initially is expensive, however that is the price you only have to pay once per process. That's why, instead of restarting the process for every iteration, WinAFL runs the user-specified target function in a loop. In order for that to work, the target function must behave in a relatively standalone way and have the requirements you mentioned.

mineechor commented 1 year ago

Thank you very much  

842294334 @.***

 

------------------ 原始邮件 ------------------ 发件人: "Ivan @.>; 发送时间: 2022年11月1日(星期二) 下午5:30 收件人: @.>; 抄送: @.>; @.>; 主题: Re: [googleprojectzero/winafl] Target function (Issue #393)

That is because WinAFL uses persistent mode, meaning it does not restart the target process between iterations. WinAFL uses dynamic binary instrumentation to get coverage. Instrumenting the process initially is expensive, however that is the price you only have to pay once per process. That's why, instead of restarting the process for every iteration, WinAFL runs the user-specified target function in a loop. In order for that to work, the target function must behave in a relatively standalone way and have the requirements you mentioned.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>