In the previous post, we stopped at the point where AFL++ had produced instrumented binaries with PCGUARD and LTO. In this installment, we pick up the story at runtime: tracing the execution of those binaries, observing how coverage signals are collected, and following how afl-fuzz consumes that feedback to discover new paths. This is where […]
Recent Posts
In the previous post, we laid out the theoretical map of AFL++’s instrumentation modes, from the classic edge coverage to modern LLVM-based techniques. With that foundation in place, it’s time to move from theory to practice. This article focuses on the compilation process with afl-cc: how LTO and PCGUARD instrumentation are inserted into the binary, […]
AFL++ has earned its reputation as a top-tier fuzzer thanks to its clever use of code coverage to guide the search for bugs. This series takes a deep dive into that process. In this first post, we’ll explore the instrumentation modes AFL++ uses to generate coverage—from the classic AFL edge hash to modern LLVM-based approaches. […]
In the previous posts, we successfully set up our development environment, wrote a minimal kernel to handle booting, and initialized the UART to get a “Hello, world!” message printing to a serial console. This was a critical milestone, proving that our code can boot and run correctly within the QEMU emulator on the virt AArch64 […]
In my last post, I laid the groundwork for interrupt handling in my AArch64 OS in Rust. Now, it’s time to put that foundation to good use and switch our UART from a polling-based approach to an interrupt-driven one. In this post, I’ll go over how I made that change and what it means for […]