-
Anh Nguyen-Tuong authored
Instead of the original laf-intel style instrumentation with nested 1 byte compare, we instead instrument each byte separately to provide afl with hints. We then execute the original cmp/jcc sequence. Advantages of this method are that we do not have to handle signed/unsigned comparisons of bytes, nor do we have to deal with having separate code to handle >=, <=. Furthermore, we can easily guide AFL towards inducing division by zero, by doing a compare against 0, i.e., logically add "cmp X, 0" before a "div X" instruction.
Anh Nguyen-Tuong authoredInstead of the original laf-intel style instrumentation with nested 1 byte compare, we instead instrument each byte separately to provide afl with hints. We then execute the original cmp/jcc sequence. Advantages of this method are that we do not have to handle signed/unsigned comparisons of bytes, nor do we have to deal with having separate code to handle >=, <=. Furthermore, we can easily guide AFL towards inducing division by zero, by doing a compare against 0, i.e., logically add "cmp X, 0" before a "div X" instruction.
