This is a simple sample harness for a non-crashing file, to show the raw speed of C, Rust, and Python harnesses.
Make sure, you built unicornafl first (../../build_unicorn_support.sh).
Then, follow these individual steps:
cd rust
cargo build --release
../../../afl-fuzz -i ../sample_inputs -o out -- ./target/release/harness @@cd c
make
../../../afl-fuzz -i ../sample_inputs -o out -- ./harness @@cd python
../../../afl-fuzz -i ../sample_inputs -o out -U -- python3 ./harness.py @@TODO: add results here.
You shouldn't need to compile simple_target.c since a X86_64 binary version is pre-built and shipped in this sample folder. This file documents how the binary was built in case you want to rebuild it or recompile it for any reason.
The pre-built binary (simple_target_x86_64.bin) was built using -g -O0 in gcc.
We then load the binary and execute the main function directly.
To find the address (in hex) of main, run:
objdump -M intel -D target | grep '<main>:' | cut -d" " -f1To find all call sites to magicfn, run:
objdump -M intel -D target | grep '<magicfn>$' | cut -d":" -f1For malloc callsites:
objdump -M intel -D target | grep '<malloc@plt>$' | cut -d":" -f1And free callsites:
objdump -M intel -D target | grep '<free@plt>$' | cut -d":" -f1