最近在学习afl的使用，作者比较菜，希望大佬们可以指点一二
afl-training是根据现实案例为模板进行的afl使用练习
且玩且开心
项目地址
e3eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6E0P5h3E0@1k6i4u0Q4x3V1k6S2k6X3I4Q4x3X3c8@1M7X3q4A6L8X3W2F1k6#2)9J5k6h3N6A6N6l9`.`.
食用之前可以参考
3aaK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2U0L8$3c8W2M7X3y4@1L8#2)9J5k6h3y4G2L8g2)9J5c8X3q4Q4x3V1j5%4z5o6p5@1x3#2)9J5k6h3S2@1L8h3H3`.
8eeK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0M7q4)9J5k6i4N6W2K9i4S2A6L8W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9K6c8W2)9#2k6W2)9#2k6X3u0A6P5W2)9K6c8p5#2*7d9i4S2y4g2q4f1J5e0i4A6u0x3p5#2m8i4K6y4p5i4K6y4p5i4K6t1$3j5h3#2H3i4K6y4n7L8h3W2V1i4K6y4p5x3U0t1@1y4K6b7^5x3K6j5$3y4W2)9J5y4X3q4E0M7q4)9K6b7X3W2V1P5q4)9K6c8o6q4Q4x3U0k6S2L8i4m8Q4x3@1u0K6L8W2)9K6c8o6R3J5x3r3x3^5z5o6l9$3j5e0y4X3j5U0l9#2j5$3p5&6y4o6V1%4x3U0f1#2k6r3y4X3y4e0V1^5z5e0m8W2i4K6t1$3j5h3#2H3i4K6y4n7j5$3S2C8M7$3#2Q4x3@1b7&6y4K6f1J5x3U0j5&6y4h3p5H3x3U0g2S2k6U0R3K6y4K6u0V1y4X3b7I4k6X3c8S2x3e0b7@1y4h3p5^5y4e0x3%4j5h3p5$3y4h3j5#2j5U0y4U0k6X3y4V1z5o6t1&6y4o6t1#2k6X3k6T1y4o6j5J5x3e0N6W2z5o6M7&6z5o6u0V1j5X3g2W2y4h3p5I4x3e0M7@1i4K6t1$3j5h3#2H3i4K6y4n7M7$3y4W2L8X3g2Q4x3@1b7I4x3U0k6Q4x3U0k6S2L8i4m8Q4x3@1u0K6k6i4y4K6K9h3!0F1K9h3c8Q4x3@1b7I4y4e0V1J5x3e0x3^5y4o6j5&6i4K6t1$3j5h3#2H3i4K6y4n7K9$3g2&6i4K6y4p5y4h3f1#2k6h3p5&6z5o6f1@1y4e0p5^5y4o6M7@1z5r3p5&6z5r3p5K6k6r3q4S2k6U0q4V1x3U0x3K6k6U0m8T1k6U0N6V1y4h3y4T1k6X3p5H3x3X3j5$3k6h3c8V1x3r3t1%4j5U0N6V1k6e0W2V1z5r3b7%4z5e0m8U0k6X3q4X3k6e0q4S2y4U0y4T1x3X3j5^5j5h3u0W2x3K6x3%4z5o6p5&6z5r3j5J5k6o6j5#2k6r3t1#2k6U0S2X3y4$3k6V1j5e0N6S2j5$3y4S2x3U0x3#2x3$3p5&6k6e0S2V1y4e0p5&6y4U0x3K6j5K6R3$3x3$3x3%4x3K6R3$3y4K6x3K6k6o6t1&6j5h3p5J5k6o6N6X3x3$3k6W2j5e0j5J5j5K6f1&6y4e0g2U0z5r3t1J5x3h3f1#2k6W2)9J5y4X3q4E0M7q4)9K6b7X3q4K6j5$3g2F1k6g2)9K6c8o6q4Q4x3U0k6S2L8i4m8Q4x3@1u0#2K9h3&6Q4x3@1c8y4K9W2p5I4e0g2c8C8y4f1#2*7f1i4W2z5b7g2)9J5y4e0y4p5i4K6t1#2x3@1c8Q4x3U0k6S2L8i4m8Q4x3@1u0V1k6i4k6A6j5$3g2@1P5i4m8W2i4K6y4p5g2$3W2F1k6r3!0%4M7#2)9J5b7U0p5H3i4K6u0n7P5o6j5@1i4K6t1$3j5h3#2H3i4K6y4n7N6X3g2J5M7$3W2G2L8W2)9K6c8o6j5J5x3o6V1H3x3o6M7H3i4K6t1$3j5h3#2H3i4K6y4n7L8r3q4F1k6#2)9K6c8s2A6Z5i4K6g2X3b7@1&6Q4x3U0k6S2L8i4m8Q4x3@1u0W2P5s2m8G2M7Y4c8C8k6i4W2Q4x3@1c8m8f1i4x3H3y4q4)9J5y4e0u0r3f1X3k6$3N6o6k6C8f1$3j5&6x3i4u0I4d9r3y4*7f1#2g2Q4x3U0f1K6c8q4)9J5y4X3q4E0M7q4)9K6b7Y4m8S2M7%4y4Q4y4h3k6@1K9h3y4C8k6i4c8Q4x3@1c8&6N6r3S2H3P5q4S2T1k6q4c8^5j5f1#2a6e0h3y4D9g2X3c8B7g2V1I4c8N6g2m8J5M7V1I4g2j5f1N6&6K9@1u0d9P5X3k6d9i4K6t1#2x3V1t1#2K9%4y4H3i4K6t1#2x3V1u0z5f1$3W2K9f1g2c8p5f1e0W2B7K9f1c8r3M7f1N6K6c8%4W2s2j5#2M7`.

--------------------华丽分割线-------------------
libxml2是一个流行库，该库很适合fuzz

(项目由autoconf编译
Autoconf解决了系统特使构建和运行时信息的难题，但在软件开发时还有更多的难题，GNU构建系统是为了更好的开发软件而开发的一套完整的公益事业。
主要组成部分有Autoconf、Automake和Libtool
)

(ASAN是linux下内存检测工具，为了后期更好的分析crash，在此处可以开启Address Sanitizer(ASAN)这个内存检测工具，此工具可以更好的检测出缓存区溢出、UAF 等内存漏洞)

好的，操作到这里，libxml2的库应该就被插桩编译完成了
下面就是寻找fuzz点,编写一个harness

xmlReadFile（）
好的，围绕这个点编写harness（作者在这里想了想，写的和结果差不多，这里就直接贴答案了）
以下harness.c文件

(afl_loop解析
我们将1000传递给了afl_loop()函数。这就相当于AFL在启动一个新进程前，要fuzz1000个测试用例，当然这是消耗内存的，并且这可以根据正在模糊化到应用程序进行高度可调。添加这种代码启用持久模式并不容易。由于在启动期间产生的资源或其他因素，一些应用程序可能没有支持轻松添加while循环到体系结构)

harness很简单，就是通过输入不同的测试用例不停地fuzz xmlReadFile函数

编译成功，下图相关参数解析

开始fuzz

-m参数表示对于子进程的内存限制

这个函数的使用事例在parse3.c

作者比较菜，这里给出自己的答案，如果有错误，评论区指出，秉着不要脸的原则，意见随便提，有用我就改，欢迎大家提供更好的harness

与上一版的不同就是作者把初始化和清理都写在了循环里
编译成功后，开始fuzz,与此同时我们可以使用afl自带的xml字典测试样例，拷贝到in目录中
目录 afl-2.52b/dictionaries/xml.dict

关于xmlReadMemory到harness可以参考
404K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6Y4L8$3!0Y4L8r3g2Q4x3V1k6X3N6i4A6*7k6i4u0Q4x3X3c8@1k6i4y4@1i4K6u0V1M7%4g2A6N6r3g2Q4x3V1k6@1M7X3g2W2i4K6u0r3L8h3q4K6N6r3g2J5i4K6u0r3L8r3W2T1P5r3#2D9x3W2)9J5k6s2j5J5i4K6u0W2z5g2)9J5k6e0t1`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！