Skip to content

InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing

License

Notifications You must be signed in to change notification settings

csienslab/instrim

Repository files navigation

InsTrim

The paper: InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing

Build

Prerequisite

  • llvm-8.0-dev
  • clang-8.0
  • cmake >= 3.2

Make

git clone https://github.com/csienslab/instrim.git
cd instrim
cmake .
make

Patch and build AFL Fuzzer

Run build_afl.sh or

wget http://lcamtuf.coredump.cx/afl/releases/afl-2.52b.tgz
tar -xvf afl-2.52b.tgz
cd afl-2.52b
patch -p1 < ../instrim/afl-fuzzer.patch
make
cd llvm_mode
make

Usage

Setup the environment

export INSTRIM_LIB=[absolute path of instrim/libLLVMInsTrim.so]

Instrument the target program

With Instrim

MARKSET=1 afl-2.52b/afl-clang-fast [compilation options, your target ...]

With Instrim-Approx

MARKSET=1 LOOPHEAD=1 afl-2.52b/afl-clang-fast [compilation options, your target ...]

Skip single block functions

The following is recommendable for C/C++ targets that are not using vtables or similar techniques:

MARKSET=1 SKIPSINGLEBLOCK=1 afl-2.52b/afl-clang-fast [compilation options, your target ...]

Finally

Then you can use AFL with LLVM mode to fuzz those instrumented binaries.

About

InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published