a11078a78c
This adds support for `afl-fuzz -Q`, which can be used to instrument arbitrary black-box binary code for fuzz testing using American Fuzzy Lop through QEMU emulation. This requires a custom QEMU 2.2.0 build of the Linux userspace emulators (system emulators aren't required) with some custom patches. Furthermore we have to patch the patches a little to make the build more sane (there are some notes in the README about this). Overall, the addition of this feature by default doesn't significantly impact build times (since building QEMU for only one target builds only a fraction of the source code, and many features are disabled), so it's enabled by default. Signed-off-by: Austin Seipp <aseipp@pobox.com>
19 lines
763 B
Markdown
19 lines
763 B
Markdown
Updating the QEMU patches
|
|
=========================
|
|
|
|
When updating to the latest American Fuzzy Lop, make sure to check for
|
|
any new patches to qemu for binary fuzzing support:
|
|
|
|
https://github.com/mirrorer/afl/tree/master/qemu_mode
|
|
|
|
Be sure to check the build script and make sure it's also using the
|
|
right QEMU version and options in `qemu.nix`:
|
|
|
|
https://github.com/mirrorer/afl/blob/master/qemu_mode/build_qemu_support.sh
|
|
|
|
`afl-config.h` and `afl-qemu-cpu-inl.h` are part of the afl source
|
|
code, and copied from `config.h` and `afl-qemu-cpu-inl.h`
|
|
appropriately. The QEMU patches need to be slightly adjusted to
|
|
`#include` these files (the patches try to otherwise include files
|
|
like `../../config.h` which causes the build to fail). See `qemu.nix`
|
|
for details.
|