-
Notifications
You must be signed in to change notification settings - Fork 2
/
runFuzz
executable file
·48 lines (40 loc) · 979 Bytes
/
runFuzz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/sh
AFL=${TAFL:-/usr/pkg/triforceafl/bin}
IMG=disk.bin
KERN=netbsd.gdb
export AFL_PATH=
#if [ ! -x "`which $GDB`" ] ; then
# echo "You need a GDB! I cant find $GDB"
# exit 1
#fi
# hokey arg parsing, sorry!
if [ "x$1" = "x-C" ] ; then # continue
INP="-"
shift
else
INP=inputs
fi
if [ "x$1" = "x-M" -o "x$1" = "x-S" ] ; then # master/slave args
FARGS="$1 $2"
shift; shift
else
echo "specify -M n or -S n please"
exit 1
fi
getSym() {
name=$1
nm $KERN | grep -w $name | cut -d ' ' -f1
}
PANIC=0x`getSym panic`
LOGSTORE=0 #XXX for now
#test -d inputs || mkdir inputs
#test -f inputs/ex1 || ./gen.py
# run fuzzer and qemu-system
export AFL_SKIP_CRASHES=1
$AFL/afl-fuzz $FARGS -t 500+ -m 3000 -i $INP -o outputs -QQ -- \
$AFL/afl-qemu-system-trace \
-L $AFL/../share/pc-bios \
-m 128M -nographic -drive format=raw,file=privmem:${IMG} \
-aflPanicAddr "$PANIC" \
-aflDmesgAddr "$LOGSTORE" \
-aflFile @@