Bugs can only be found dur­ring fuzzing code, which is exe­cut­ed. But which parts of the code of a tar­get sys­tem is exe­cut­ing dur­ing a fuzzing ses­sion? And how we can improve our fuzzer to include also tests for code blocks which weren’t cov­ered before? Dynamorio We’ll use now Dynamor­io — a run­time code manip­u­la­tion…