PTfuzz: Guided Fuzzing With Processor Trace Feedback

PTfuzz: Guided Fuzzing With Processor Trace Feedback

Blog Article

Greybox fuzzing, such as american fuzzy lop (AFL), is very efficient in finding software vulnerability, which makes it the state-of-the-art fuzzing technology.Greybox fuzzing leverages the branch information collected during program running as feedback to guide choosing seeds.Current greybox fuzzing generally uses two kinds of methods to collect branch information: compile-time instrumentation (AFL) and emulation [AFL extended iphone 13 atlanta with QEMU emulation (QAFL)].Compile-time instrumentation is efficient, but it does not support binary programs.

Meanwhile, emulation supports binary programs, but its efficiency is very low.In this read more paper, we propose a greybox fuzzing approach named PTfuzz, which leverages hardware mechanism (Intel Processor Trace) to collect branch information.Our approach supports binary programs, just like the emulation method, while it gains a comparable performance with the compile-time instrumentation method.Our experiments show that PTfuzz can fuzz the original binary programs without any modification, and we gain a 3× performance improvement compared to QAFL.