source: zzuf/trunk/doc/libzzuf.3 @ 2353

Last change on this file since 2353 was 2353, checked in by sam, 7 years ago
  • Started writing a manual page for libzzuf.
File size: 3.7 KB
Line 
1.TH libzzuf 3 "2008-06-10" "libzzuf"
2.SH NAME
3libzzuf \- helper library for the zzuf multiple purpose fuzzer
4.SH DESCRIPTION
5.PP
6\fBlibzzuf\fR is a helper library automatically preloaded by \fBzzuf\fR when
7fuzzing applications, but it can also be used alone for very specific cases.
8.SH USAGE
9.PP
10\fBlibzzuf\fR must be preloaded using the operating system's default way of
11preloading libraries. For instance, on a typical Linux installation:
12.PP
13\fB    LD_PRELOAD=/usr/lib/zzuf/libzzuf.so\fR
14.SH ENVIRONMENT VARIABLES
15.PP
16\fBlibzzuf\fR's initial setup is done through environment variables. After
17they are read, no further communication is done with the fuzzed process. All
18environment variables are optional.
19.TP
20\fBZZUF_DEBUG\fR
21This environment variable is set to a file descriptor where \fBlibzzuf\fR will
22send debugging information.
23.TP
24\fBZZUF_SEED\fR
25This variable is set to the initial seed.
26.TP
27\fBZZUF_MINRATIO\fR, \fBZZUF_MAXRATIO\fR
28These variables are set to the minimal and maximal seed ratios.
29.TP
30\fBZZUF_AUTOINC\fR
31To do.
32.TP
33\fBZZUF_BYTES\fR
34To do.
35.TP
36\fBZZUF_LIST\fR
37To do.
38.TP
39\fBZZUF_PORTS\fR
40To do.
41.TP
42\fBZZUF_PROTECT\fR
43To do.
44.TP
45\fBZZUF_REFUSE\fR
46To do.
47.TP
48\fBZZUF_INCLUDE\fR
49To do.
50.TP
51\fBZZUF_EXCLUDE\fR
52To do.
53.TP
54\fBZZUF_SIGNAL\fR
55To do.
56.TP
57\fBZZUF_MEMORY\fR
58To do.
59.TP
60\fBZZUF_NETWORK\fR
61To do.
62.TP
63\fBZZUF_STDIN\fR
64To do.
65.SH NOTES
66In order to intercept file and network operations, signal handlers and memory
67allocations, \fBlibzzuf\fR diverts and reimplements the following functions,
68which can sometimes be private C library symbols, too:
69.TP
70Unix file descriptor handling:
71\fBopen\fR(), \fBdup\fR(), \fBdup2\fR(), \fBlseek\fR(), \fBread\fR(),
72\fBreadv\fR(), \fBpread\fR(), \fBaccept\fR(), \fBsocket\fR(), \fBrecv\fR(),
73\fBrecvfrom\fR(), \fBrecvmsg\fR(), \fBaio_read\fR(), \fBaio_return\fR(),
74\fBclose\fR()
75.TP
76Standard IO streams:
77\fBfopen\fR(), \fBfreopen\fR(), \fBfseek\fR(), \fBfseeko\fR(), \fBrewind\fR(),
78\fBfread\fR(), \fBgetc\fR(), \fBgetchar\fR(), \fBfgetc\fR(), \fBfgets\fR(),
79\fBungetc\fR(), \fBfclose\fR()
80.TP
81Memory management:
82\fBmmap\fR(), \fBmunmap\fR(), \fBmalloc\fR(), \fBcalloc\fR(), \fBvalloc\fR(),
83\fBfree\fR(), \fBmemalign\fR(), \fBposix_memalign\fR()
84.TP
85Linux-specific:
86\fBopen64\fR(), \fBlseek64\fR(), \fBmmap64\fR(), \fB_IO_getc\fR(),
87\fBgetline\fR(), \fBgetdelim\fR(), \fB__getdelim\fR(), \fBgetc_unlocked\fR(),
88\fBgetchar_unlocked\fR(), \fBfgetc_unlocked\fR(), \fBfgets_unlocked\fR(),
89\fBfread_unlocked\fR()
90.TP
91BSD-specific:
92\fBfgetln\fR(), \fB__srefill\fR()
93.TP
94Mac OS X-specific:
95\fBmap_fd\fR()
96.TP
97Signal handling:
98\fBsignal\fR(), \fBsigaction\fR()
99.PP
100If an application manipulates file descriptors (reading data, seeking around)
101using functions that are not in that list, \fBlibzzuf\fR will not fuzz its
102input consistently and the results should not be trusted. You can use a tool
103such as \fBltrace(1)\fR on Linux to know the missing functions.
104.PP
105On BSD systems, such as FreeBSD or Mac OS X, \fB__srefill\fR() is enough to
106monitor all standard IO streams functions. On other systems, such as Linux,
107each function is reimplemented on a case by case basis. One important
108unimplemented function is \fBfscanf\fR(), because of its complexity. Missing
109functions will be added upon user request.
110.SH SEE ALSO
111.PP
112\fBzzuf(1)\fR
113.SH AUTHOR
114.PP
115Copyright \(co 2002, 2007\-2008 Sam Hocevar <sam@zoy.org>.
116.PP
117\fBlibzzuf\fR and this manual page are free software. They come without any
118warranty, to the extent permitted by applicable law. You can redistribute
119them and/or modify them under the terms of the Do What The Fuck You Want
120To Public License, Version 2, as published by Sam Hocevar. See
121\fBhttp://sam.zoy.org/wtfpl/COPYING\fR for more details.
122.PP
123\fBzzuf\fR's webpage can be found at \fBhttp://libcaca.zoy.org/wiki/zzuf\fR.
Note: See TracBrowser for help on using the repository browser.