Module cmp 

Instrumentation for collecting fine-grained coverage information: including both i) wrapping external symbols in the loaded-module space; and ii) individually instrumenting all CPU-level CMP and TEST instructions found in the target module.

Modules

cmp

Fine-grained coverage instrumentation for CMP and TEST instructions: Instructions are instrumented iff they are in the target module, which is passed via the CLI.

utils

Utility functions for fine-grained coverage collection: Including functions to: wrap the specified external symbols, extract partial match information from comparison operands, mutate the AFL coverage bitmap, etc.

wrappers

dr_wrap wrapper functions for external compare symbols: (e.g. memcmp) found in the loaded module space. These wrapper functions collect byte-by-byte coverage information on the comparisons. The calls to the wrapped functions are not skipped, hence the application logic is unaffected.

Enums

Symbols

External symbols that will be wrapped collect byte-by-byte coverage information on comparisons.

Constants

CMP_MAX_LEN

Max number of bytes that coverage information is collected for. Instrumentation overhead will be large for long comparisons, and writes to longer spans in the coverage bitmap will result in a greater number of index clashes (more noise).