Changeset 1607 for zzuf


Ignore:
Timestamp:
Jan 7, 2007, 4:55:24 PM (14 years ago)
Author:
Sam Hocevar
Message:
  • Updated manpage, fixed - to \- here and there.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/doc/zzuf.1

    r1597 r1607  
    7373of the regular expressions will be ignored.
    7474.TP
    75 \fB\-F\fR, \fB\-\-max-forks\fR=\fIforks\fR
     75\fB\-F\fR, \fB\-\-max\-forks\fR=\fIforks\fR
    7676Specify the number of simultaneous children that can be run.
    7777
     
    120120.RE
    121121.IP
    122 You can use \(oq\fB-\fR\(cq to specify ranges. For instance, to protect all
    123 bytes from \(oq\\001\(cq to \(oq/\(cq, use \(oq\fB\-P\ \(dq\\001-/\(dq\fR\(cq.
     122You can use \(oq\fB\-\fR\(cq to specify ranges. For instance, to protect all
     123bytes from \(oq\\001\(cq to \(oq/\(cq, use \(oq\fB\-P\ \(dq\\001\-/\(dq\fR\(cq.
    124124
    125125The statistical outcome of this option should not be overlooked: if characters
    126126are protected, the effect of the \(oq\fB\-r\fR\(cq flag will vary depending
    127127on the data being fuzzed. For instance, asking to fuzz 1% of input bits
    128 (\fB\-r\ 0.01\fR) and to protect lowercase characters (\fB\-P\ a-z\fR) will
     128(\fB\-r\ 0.01\fR) and to protect lowercase characters (\fB\-P\ a\-z\fR) will
    129129result in an actual average fuzzing ratio of 0.9% with truly random data,
    1301300.3% with random ASCII data and 0.2% with standard English text.
     
    193193Fuzz 1% of the input bits of the \fBcat\fR program using seed 94324:
    194194.PP
    195 \fB    zzuf -s 94324 -r 0.01 cat /etc/motd\fR
     195\fB    zzuf \-s 94324 \-r 0.01 cat /etc/motd\fR
    196196.PP
    197197Fuzz the input of the \fBcat\fR program but do not fuzz newline characters
    198198and prevent non-ASCII characters from appearing in the output:
    199199.PP
    200 \fB    zzuf -P \(aq\\n\(aq -R \(aq\\x00-\\x1f\\x7f-\\xff\(aq cat /etc/motd\fR
     200\fB    zzuf \-P \(aq\\n\(aq \-R \(aq\\x00\-\\x1f\\x7f\-\\xff\(aq cat /etc/motd\fR
    201201.PP
    202202Fuzz the input of the \fBconvert\fR program, using file \fBfoo.jpeg\fR as the
     
    205205want \fBzzuf\fR to fuzz them):
    206206.PP
    207 \fB    zzuf -E \(aq\\.xml$\(aq convert -- foo.jpeg -format tga /dev/null\fR
     207\fB    zzuf \-E \(aq\\.xml$\(aq convert \-\- foo.jpeg \-format tga /dev/null\fR
    208208.PP
    209209Fuzz the input of \fBVLC\fR, using file \fBmovie.avi\fR as the original input
    210210and restricting fuzzing to filenames that appear on the command line
    211 (\fB\-c\fR), then generate \fBfuzzy-movie.avi\fR which is a file that
     211(\fB\-c\fR), then generate \fBfuzzy\-movie.avi\fR which is a file that
    212212can be read by \fBVLC\fR to reproduce the same behaviour without using
    213213\fBzzuf\fR:
    214214.PP
    215 \fB    zzuf -c -s 87423 -r 0.01 vlc movie.avi\fR
    216 \fB    zzuf -c -s 87423 -r 0.01 cp movie.avi fuzzy-movie.avi\fR
    217 \fB    vlc fuzzy-movie.avi\fR
     215\fB    zzuf \-c \-s 87423 \-r 0.01 vlc movie.avi\fR
     216\fB    zzuf \-c \-s 87423 \-r 0.01 cp movie.avi fuzzy\-movie.avi\fR
     217\fB    vlc fuzzy\-movie.avi\fR
    218218.PP
    219219Fuzz 2% of \fBMPlayer\fR's input bits (\fB\-r\ 0.02\fR) with seeds 0 to 9999
     
    223223and disabling its \fBSIGSEGV\fR signal handler (\fB\-S\fR):
    224224.PP
    225 \fB    zzuf -c -r 0.02 -q -s 0:10000 -F 3 -T 60 -S \\\fR
    226 \fB      mplayer -- -benchmark -vo null -fps 1000 movie.avi\fR
     225\fB    zzuf \-c \-r 0.02 \-q \-s 0:10000 \-F 3 \-T 60 \-S \\\fR
     226\fB      mplayer \-\- \-benchmark \-vo null \-fps 1000 movie.avi\fR
    227227.SH RESTRICTIONS
    228228.PP
     
    247247methods are planned.
    248248.PP
    249 \fBZzuf\fR will not work properly with applications using \fBgetc\fR() on
    250 platforms where it is defined as a macro, such as OpenBSD and FreeBSD,
    251 because it is unable to intercept calls to \fBgetc\fR().
    252 .PP
    253249As of now, \fBzzuf\fR does not really support multithreaded applications. The
    254250behaviour with multithreaded applications where more than one thread does file
     
    256252.SH NOTES
    257253In order to intercept file and network operations and signal handlers,
    258 \fBzzuf\fR diverts and reimplements the following functions:
     254\fBzzuf\fR diverts and reimplements the following functions, which can
     255be private libc symbols, too:
    259256.TP
    260257Unix file descriptor handling:
     
    271268.TP
    272269BSD-specific:
    273 \fBfgetln\fR()
     270\fBfgetln\fR(), \fB__srefill()\fR()
    274271.TP
    275272Signal handling:
     
    281278such as \fBltrace(1)\fR on Linux to know the missing functions.
    282279.PP
    283 One important unimplemented function is \fBfscanf\fR(), because of its
    284 complexity. Missing functions will be implemented based upon user request.
     280On some systems, such as FreeBSD, \fB__srefill\fR() is enough to monitor all
     281standard IO streams functions. On other systems each function needs to be
     282reimplemented on a case by case basis. One important unimplemented function
     283is \fBfscanf\fR(), because of its complexity. Missing functions will be
     284implemented based upon user request.
    285285.SH HISTORY
    286286.PP
Note: See TracChangeset for help on using the changeset viewer.