Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
23 June 2024 at 04:00
Background
This is the next installment in a series of blogposts detailing the development process of a snapshot fuzzer that aims to utilize Bochs as a target execution engine. You can find the fuzzer and code in the Lucid repository
Introduction
Previously, we left off with implementing enough of the Linux emulation logic to get Lucid running a -static-pie
Bochs up to its start menu. Well, weβve accomplished a lot in the intervening few months since then. Weβve now implemented snapshots, code-coverage feedback, and more Linux emulation logic to the point now that we can actually fuzz things! So in this post, weβll review some of the major features that have been added to the codebase as well as some examples on how to set the fuzzer up for fuzzing.