3-24
commented
5 months ago The driver calls main function of grep with argc and argv. To do that, you need to rename 'main' in grep into something else, and the driver code calls the renamed grep's main function.
Although you can call grep using something like 'system()', it is problematic because the coverage information of grep will not be propagated to AFL.
In problem 2, I understand the concept of how fuzzing driver helps us to fuzz both spaces, but I don't understand how to apply the driver to AFL. Does fuzz_driver.c contain linux commands that execute the compiled 'grep' directly? Am I required to use the compiled fuzz_driver instead of grep inside the afl-fuzz fuzzing command like this? "afl-fuzz .... ./fuzz_driver @@"