How to get the mutated offset in testcase files #2015
-
|
Hello, I would like to know the location of the file that increases the coverage well while doing fuzzing. In the old AFL, the testcase files were stored in the form "id:00,sig:00,src:0,pos:XXX ~" so I knew them by name, but now there is no pos. How can I find out in AFL++? And what does it mean that src is in A+B form in a file name like "id:000064,sig:06,src:005442+002743,time:3617131737,execs:4851518831,op:splice,rep:2"? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment · 1 reply
-
|
there is so much mutation that the pos qualifier is pointless. src:a+b means that there was at least one splicing (a being the source of the mutation and b having been spliced in somewhere). note that can be multiple splicings but only one is shows with +xxx. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the answer! |
Beta Was this translation helpful? Give feedback.
there is so much mutation that the pos qualifier is pointless.
you have the queue item the new coverage is based one (src:xxx) and a comparison of that contents with the contents that generated new coverage you can maybe find that out. but as I said, there is so much mutation happening, you will most of the time not know which of the many file changes is the reason.
src:a+b means that there was at least one splicing (a being the source of the mutation and b having been spliced in somewhere). note that can be multiple splicings but only one is shows with +xxx.