Merge pull request #1939 from bet4it/docs

vanhauser-thc · web-flow · commit 27d05f3c216e · 2023-12-22T09:19:13.000+01:00
Improve binary-only related docs
diff --git a/docs/fuzzing_binary-only_targets.md b/docs/fuzzing_binary-only_targets.md
@@ -94,8 +94,7 @@ For more information, see
 
 In FRIDA mode, you can fuzz binary-only targets as easily as with QEMU mode.
 FRIDA mode is most of the times slightly faster than QEMU mode. It is also
-newer, lacks COMPCOV, and has the advantage that it works on MacOS (both intel
-and M1).
+newer, and has the advantage that it works on MacOS (both intel and M1).
 
 To build FRIDA mode:
 
@@ -113,10 +112,6 @@ The mode is approximately 2-5x slower than compile-time instrumentation, and is
 less conducive to parallelization. But for binary-only fuzzing, it gives a huge
 speed improvement if it is possible to use.
 
-If you want to fuzz a binary-only library, then you can fuzz it with frida-gum
-via frida_mode/. You will have to write a harness to call the target function in
-the library, use afl-frida.c as a template.
-
 You can also perform remote fuzzing with frida, e.g., if you want to fuzz on
 iPhone or Android devices, for this you can use
 [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) as
@@ -302,7 +297,6 @@ some are very hard to set up...
 * S2E: [https://github.com/S2E](https://github.com/S2E)
 * TinyInst:
   [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst)
-  (Mac/Windows only)
 *  ... please send me any missing that are good
 
 ## Closing words
diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c
@@ -166,15 +166,15 @@ static void afl_print_env(void) {
 
   if (fd < 0) {
 
-    FWARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno);
+    FWARNF("Failed to open /proc/self/environ, errno: (%d)", errno);
     return;
 
   }
 
   ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1);
   if (bytes_read < 0) {
 
-    FFATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno);
+    FFATAL("Failed to read /proc/self/environ, errno: (%d)", errno);
 
   }
 
diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c
@@ -653,7 +653,7 @@ void ranges_init(void) {
   /*
    * After step 4 we have the total ranges to be instrumented, we now subtract
    * that either from the original ranges of the modules or from the whole
-   * memory if AFL_INST_NO_DYNAMIC_LOAD to configure the stalker.
+   * memory if AFL_FRIDA_INST_NO_DYNAMIC_LOAD to configure the stalker.
    */
   if (ranges_inst_dynamic_load) {
 

Original file line number	Diff line number	Diff line change
`@@ -166,15 +166,15 @@ static void afl_print_env(void) {`
`166`	`166`
`167`	`167`	`if (fd < 0) {`
`168`	`168`
`169`		`- FWARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno);`
	`169`	`+ FWARNF("Failed to open /proc/self/environ, errno: (%d)", errno);`
`170`	`170`	`return;`
`171`	`171`
`172`	`172`	`}`
`173`	`173`
`174`	`174`	`ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1);`
`175`	`175`	`if (bytes_read < 0) {`
`176`	`176`
`177`		`- FFATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno);`
	`177`	`+ FFATAL("Failed to read /proc/self/environ, errno: (%d)", errno);`
`178`	`178`
`179`	`179`	`}`
`180`	`180`