You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The harness example included in the README is as follows:
#include <stdio.h>
...
typedef int (__stdcall *IDP_Init_func_t)(int);
typedef int (__stdcall *IDP_GetPlugInInfo_func_t)(int);
...
void fuzz_me(char* filename){
IDP_Init_func_t IDP_Init_func;
IDP_GetPlugInInfo_func_t IDP_GetPlugInInfo_func;
...
/* Harness function #0 */
int* c0_a0 = (int*) calloc (4096, sizeof(int));
LOAD_FUNC(dlllib, IDP_Init);
int IDP_Init_ret = IDP_Init_func(&c0_a0);
dbg_printf("IDP_Init, ret = %d\n", IDP_Init_ret);
/* Harness function #1 */
int* c1_a0 = (int*) calloc (4096, sizeof(int));
LOAD_FUNC(dlllib, IDP_GetPlugInInfo);
int IDP_GetPlugInInfo_ret = IDP_GetPlugInInfo_func(&c1_a0);
dbg_printf("IDP_GetPlugInInfo, ret = %d\n", IDP_GetPlugInInfo_ret);
...
/* Harness function #66 */
int* c66_a0 = (int*) calloc (4096, sizeof(int));
LOAD_FUNC(dlllib, IDP_CloseImage);
int IDP_CloseImage_ret = IDP_CloseImage_func(&c66_a0);
dbg_printf("IDP_CloseImage, ret = %d\n", IDP_CloseImage_ret);
}
int main(int argc, char ** argv)
{
if (argc < 2) {
printf("Usage %s: <input file>\n", argv[0]);
printf(" e.g., harness.exe input\n");
exit(1);
}
dlllib = LoadLibraryA("%s");
if (dlllib == NULL){
dbg_printf("failed to load library, gle = %d\n", GetLastError());
exit(1);
}
char * filename = argv[1];
fuzz_me(filename);
return 0;
}
Questions:
The LoadLibraryA call does not accept any DLL name as input. Then how would the corresponding library be loaed?
The filename passed to the fuzz_me method in never read. Then how would it feed input to the API calls? The broader question is how the input read from the file flows to the APIs.
According to the function signature, IDP_Init method accepts an int argument. However, a pointer to an integer array was passed during invocation. Is that intended?
According to the README, afl-fuzz expects a DLL as harness (-harness harness.dll), while the example above is likely to generate a standalone executable that does not even conform the harness API. Can you explain?
The text was updated successfully, but these errors were encountered:
The harness example included in the README is as follows:
Questions:
LoadLibraryAcall does not accept any DLL name as input. Then how would the corresponding library be loaed?filenamepassed to thefuzz_memethod in never read. Then how would it feed input to the API calls? The broader question is how the input read from the file flows to the APIs.IDP_Initmethod accepts anintargument. However, a pointer to an integer array was passed during invocation. Is that intended?afl-fuzzexpects a DLL as harness (-harness harness.dll), while the example above is likely to generate a standalone executable that does not even conform the harness API. Can you explain?The text was updated successfully, but these errors were encountered: