afl-showmap(8)

1afl-showmap(8)              System Manager's Manual             afl-showmap(8)
2
3
4

NAME

6       afl-showmap
7
8

SYNOPSIS

10       afl-showmap [ options ] -- /path/to/target_app [ ... ]
11
12

OPTIONS

14       Required parameters:
15         -o file    - file to write the trace data to
16
17       Execution control settings:
18         -t msec    - timeout for each run (default: 1000ms)
19         -m megs    - memory limit for child process (default: none)
20         -O         - use binary-only instrumentation (FRIDA mode)
21         -Q         - use binary-only instrumentation (QEMU mode)
22         -U         - use Unicorn-based instrumentation (Unicorn mode)
23         -W         - use qemu-based instrumentation with Wine (Wine mode)
24                      (Not necessary, here for consistency with other afl-* tools)
25         -X         - use Nyx mode
26
27       Other settings:
28         -i dir     - process all files below this directory, must be combined with -o.
29                      With -C, -o is a file, without -C it must be a directory
30                      and each bitmap will be written there individually.
31         -I filelist - alternatively to -i, -I is a list of files
32         -C         - collect coverage, writes all edges to -o and gives a summary
33                      Must be combined with -i.
34         -q         - sink program's output and don't show messages
35         -e         - show edge coverage only, ignore hit counts
36         -r         - show real tuple values instead of AFL filter values
37         -s         - do not classify the map
38         -c         - allow core dumps
39
40       This tool displays raw tuple data captured by AFL instrumentation.
41       For additional help, consult docs/README.md.
42
43       If you use -i/-I mode, then custom mutator post_process send send functionality
44       is supported.
45
46       Environment variables used:
47       LD_BIND_LAZY: do not set LD_BIND_NOW env var for target
48       AFL_CMIN_CRASHES_ONLY: (cmin_mode) only write tuples for crashing inputs
49       AFL_CMIN_ALLOW_ANY: (cmin_mode) write tuples for crashing inputs also
50       AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash
51       AFL_DEBUG: enable extra developer output
52       AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)
53       AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.
54                        (default: SIGKILL)
55       AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination
56                                    (default: SIGTERM). If unset and AFL_KILL_SIGNAL is
57                                    set, that value will be used.
58       AFL_MAP_SIZE: the shared memory size for that target. must be >= the size the
59                     target was compiled for
60       AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target
61       AFL_PRINT_FILENAMES: Print the queue entry currently processed will to stdout
62       AFL_QUIET: do not print extra informational output
63       AFL_NO_FORKSRV: run target via execve instead of using the forkserver
64
65

AUTHOR

67       AFL++  was  written  by  Michal "lcamtuf" Zalewski and is maintained by
68       Marc    "van    Hauser"    Heuse    <mh@mh-sec.de>,    Dominik    Maier
69       <domenukk@gmail.com>,  Andrea  Fioraldi  <andreafioraldi@gmail.com> and
70       Heiko "hexcoder-" Eissfeldt <heiko.eissfeldt@hexco.de> The homepage  of
71       AFL++ is: https://github.com/AFLplusplus/AFLplusplus
72
73

LICENSE

75       Apache License Version 2.0, January 2004
76
77
78
79AFL++                             2023-08-29                    afl-showmap(8)