werunplugged/unplugged-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
unplugged-system/external/AFLplusplus/utils/argv_fuzzing
History
ziv-gabel 06ee9615ad Initial commit: AOSP 14 with modifications for Unplugged OS
2025-10-06 13:59:42 +00:00
..
argv-fuzz-inl.h Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
argvfuzz.c Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
Makefile Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
README.md Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00

README.md

argvfuzz

AFL++ supports fuzzing file inputs or stdin. When source is available, argv-fuzz-inl.h can be used to change main() to build argv from stdin.

argvfuzz tries to provide the same functionality for binaries. When loaded using LD_PRELOAD, it will hook the call to __libc_start_main and replace argv using the same logic of argv-fuzz-inl.h.

A few conditions need to be fulfilled for this mechanism to work correctly:

  1. As it relies on hooking the loader, it cannot work on static binaries.
  2. If the target binary does not use the default libc's _start implementation (crt1.o), the hook may not run.
  3. The hook will replace argv with pointers to .data of argvfuzz.so. If the target binary expects argv to be living on the stack, things may go wrong.