WeChat: cstutorcs
QQ: 749389476
#include
#include
#include
#include
#include
#include “Mutate.h”
#include “Utils.h”
int Freq = 1000000;
int Count = 0;
bool test(std::string &Target, std::string &Input, std::string &CampaignStr, std::string &OutDir) {
int ReturnCode = runTarget(Target, Input);
switch (ReturnCode) {
if (Count % Freq == 0)
storePassingInput(Input, CampaignStr, OutDir);
return true;
fprintf(stderr, “%d crashes found\n”, failureCount);
storeCrashingInput(Input, CampaignStr, OutDir);
return false;
fprintf(stderr, “%s not found\n”, Target.c_str());
// ./fuzzer [exe file] [seed input dir] [output dir]
int main(int argc, char **argv) {
if (argc < 5) {
printf("usage %s [exe file] [seed input dir] [output dir] [campaign]\n", argv[0]);
struct stat Buffer;
if (stat(argv[1], &Buffer)) {
fprintf(stderr, "%s not found\n", argv[1]);
if (stat(argv[2], &Buffer)) {
fprintf(stderr, "%s not found\n", argv[2]);
if (stat(argv[3], &Buffer)) {
fprintf(stderr, "%s not found\n", argv[3]);
if (argc >= 6) {
Freq = strtol(argv[5],NULL,10);
std::string Target(argv[1]);
std::string SeedInputDir(argv[2]);
std::string OutDir(argv[3]);
std::string CampaignStr(argv[4]);
Campaign FuzzCampaign;
if (!toCampaign(CampaignStr, FuzzCampaign)) {
initialize(OutDir);
if (readSeedInputs(SeedInputDir)) {
fprintf(stderr, “Cannot read seed input directory\n”);
while (true) {
for (auto i = 0; i < SeedInputs.size(); i++) {
auto I = SeedInputs[i];
std::string Mutant = mutate(I, FuzzCampaign);
test(Target, Mutant, CampaignStr, OutDir);
SeedInputs.push_back(Mutant);