tag:blogger.com,1999:blog-2373759610279545986.post8934791121100506177..comments2023-03-11T11:35:52.842+02:00Comments on I, Hacker: Practical considerations implementing fuzzing acceleration via checkpointingGal Diskinhttp://www.blogger.com/profile/07800877129438051009noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-2373759610279545986.post-77221902417858194732013-01-28T00:09:37.622+02:002013-01-28T00:09:37.622+02:00With regards to the "what memory to save/rest...With regards to the "what memory to save/restore" question, is there any value to making use of Copy-on-Write OS capabilities when feasible? Or would forking cost more than its worth?nitzanmshttps://www.blogger.com/profile/17527462445546975408noreply@blogger.comtag:blogger.com,1999:blog-2373759610279545986.post-75793822376337660682012-06-12T08:50:21.452+03:002012-06-12T08:50:21.452+03:00good question :-)
It is true you could classify t...good question :-)<br /><br />It is true you could classify this as a "in-memory fuzzer" (depending on your definition). I intentionally avoided the term "in-memory fuzzing" because I find the way it is used ambiguous. there are two main questions about the way this is used:<br /><br />* the question of what you're fuzzing: a single function, a small sequence of functions or a whole functional piece of the program<br /><br />* the question of what you're restoring: CPU state, memory contents or even system resources<br /><br />The in-memory fuzzers I saw so far usually belong to the simplest answers in these categories. there is one more distinction you can add, whether your fuzzer "honors" the program filters or not. <br /><br /><br />That being said, regardless of how you call it, my main purpose here is to provide notes on the pitfalls you'll face in implementing such a fuzzer. <br /><br />Cheers<br />--<br />G.D<br /><br />p.s - BTW, if you look at the file name in my example it is indeed called InMemoryFuzz. I chose the name because it works on single function and restores only the CPU state so there is no question this is a classic case of an in-memory fuzzerGal Diskinhttps://www.blogger.com/profile/07800877129438051009noreply@blogger.comtag:blogger.com,1999:blog-2373759610279545986.post-8237675720416813302012-06-12T03:37:09.349+03:002012-06-12T03:37:09.349+03:00Hey, what's the difference between your fuzzer...Hey, what's the difference between your fuzzer and an in-memory fuzzer?Le Duc Anhhttps://www.blogger.com/profile/13198244414094501930noreply@blogger.com