GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


       libzzuf - helper library for the zzuf multiple purpose fuzzer


       libzzuf  is  a  helper  library  automatically  preloaded  by zzuf when
       fuzzing applications, but it can  also  be  used  alone  for  debugging
       purposes or specific cases that cannot be covered by zzuf.


       libzzuf  must  be preloaded using the operating system's default way of
       preloading libraries. For instance, on a typical Linux installation:



       libzzuf's initial setup is done through  environment  variables.  After
       they  are  read,  no  further  information  can  be  sent to the fuzzed

       All environment variables are optional.

              This environment variable is set to the debugging level. 0 means
              no  debugging  information  is  sent  to  zzuf. 1 logs important
              information as well as all diverted functions.  2  logs  fuzzing
              status and all optional file stream information.

              This  environment  variable  is  set  to a file descriptor where
              libzzuf will send debugging information. This is  used  to  send
              data to the main zzuf controlling binary.

              This  variable  is set to the initial random seed. Corresponding
              zzuf flag: --seed.

              These variables are set  to  the  minimal  and  maximal  fuzzing
              ratios.  Corresponding zzuf flag: --ratio.

              If  this  variable  is  set, the random seed is incremented each
              time a new file is opened. Corresponding zzuf flag: --autoinc.

              This variable contains byte ranges to which  fuzzing  should  be
              restricted.  Corresponding zzuf flag: --bytes.

              This  variable  contains file descriptor ranges to which fuzzing
              should be restricted. Corresponding zzuf flag: --list.

              If  this  variable  is   set,   network   mode   is   activated.
              Corresponding zzuf flag: --network.

              This  variable  contains  port ranges to which fuzzing should be
              restricted.  Corresponding zzuf flag: --port.

              These variables contain character ranges to protect  or  refuse.
              Corresponding zzuf flags: --protect, --refuse.

              These  variables  contain  regular expressions to indicate which
              files should be included or excluded from  the  list  of  fuzzed
              files. Corresponding zzuf flags: --include, --exclude.

              If  this  variable  is set, the fuzzed process will be prevented
              from installing signal handlers that  usually  cause  coredumps.
              Corresponding zzuf flag: --signal.

              This  variable  contains  the  maximum amount of memory that the
              fuzzed process is allowed to allocate. Corresponding zzuf  flag:

              If  this  variable  is  set, standard input will be fuzzed, too.
              Corresponding zzuf flag: --stdin.


       In order to intercept file and network operations, signal handlers  and
       memory  allocations,  libzzuf  diverts  and  reimplements the following
       functions, which can sometimes be private C library symbols, too:

       Unix file descriptor handling:
              open(),  dup(),  dup2(),  lseek(),  read(),  readv(),   pread(),
              accept(),  socket(),  recv(), recvfrom(), recvmsg(), aio_read(),
              aio_return(), close()

       Standard IO streams:
              fopen(),  freopen(),  fseek(),  fseeko(),   rewind(),   fread(),
              getc(), getchar(), fgetc(), fgets(), ungetc(), fclose()

       Memory management:
              mmap(),   munmap(),   malloc(),   calloc(),   valloc(),  free(),
              memalign(), posix_memalign()

       Required on Linux:
              open64(),   lseek64(),    mmap64(),    _IO_getc(),    getline(),
              getdelim(),  __getdelim(),  getc_unlocked(), getchar_unlocked(),
              fgetc_unlocked(), fgets_unlocked(), fread_unlocked(), __uflow()

       Required on BSD systems:
              fgetln(), __srefill(), __srget()

       Required on Mac OS X:

       Required on HP-UX:
              __open64(), __lseek64(), __filbuf()

       Required on OpenSolaris:
              freopen64(), fseeko64(), fsetpos64()

       Signal handling:
              signal(), sigaction()

       If an application manipulates file descriptors (reading  data,  seeking
       around)  using  functions  that  are not in that list, libzzuf will not
       fuzz its input consistently and the results should not be trusted.  You
       can  use  a  tool  such  as  ltrace(1)  on  Linux  to  know the missing

       On BSD systems, such as FreeBSD or Mac OS X, __srefill() is  enough  to
       monitor  all  standard  IO streams functions. On other systems, such as
       Linux, each function is reimplemented on a  case  by  case  basis.  One
       important   unimplemented   function   is   fscanf(),  because  of  its
       complexity. Missing functions will be added upon user request.




       Copyright © 2002-2010 Sam Hocevar <>.

       libzzuf and this manual page are free software. They come  without  any
       warranty,   to   the  extent  permitted  by  applicable  law.  You  can
       redistribute them and/or modify them under the terms of the Do What The
       Fuck  You  Want  To  Public  License,  Version  2,  as published by Sam
       Hocevar. See for more details.

       zzuf's webpage  can  be  found  at   An
       overview    of    the    architecture    and    inner   works   is   at

  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to
Page load time: 0.117 seconds. Last modified: November 04 2018 12:49:43.