Comments (10)
Does running ./tools/repro.py <crasherfile>
reproduce the crash?
from certfuzz.
Thanks for reply
Yes and i see the command line of cdb, looks fine, but when run bff crash outside
eax=16f0bc20 ebx=77bd5920 ecx=00000001 edx=00000021 esi=00000002 edi=1ba24d80
eip=77b99a8a esp=16f0bbfc ebp=16f0bc8c iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll_77ac0000!RtlIsNonEmptyDirectoryReparsePointAllowed+0xaa:
77b99a8a eb33 jmp ntdll_77ac0000!RtlIsNonEmptyDirectoryReparsePointAllowed+0xdf (77b99abf)
from certfuzz.
I can't make sense out of this bug report. If you can clearly convey how this is a BFF bug, feel free to open this ticket.
from certfuzz.
Sorry if I was not clear.
Basically what I want to say is that I have an application and a file that is vulnerable to it.
I confirm this with windbg and other debuggers.
What happens is that trying to fuzz with BFF I see that it does not find faults.
What I do to confirm if oka is working is to change the config (bff.yaml) to verify.
And what happens is that instead of the cdb.exe of the bff capturing the crash, the windbg runs outside.
It is as if the bff executes an "os.system" with the application alone and not with the cdb.
When I run the repro.py I see that the cdb is executed.
That is the difference, I repeat never before had this happened to me with the bff, I do not understand why it has this behavior
from certfuzz.
from certfuzz.
The first invocation of a fuzzing campaign doesn't use a debugger. It does this for target app caching purposes, as well as allowing the user to see that it's launching the target app as expected.
In a "verify" run, where the seed files are all crashers, then yeah, it may be a little confusing.
If you let BFF continue, does it categorize the crashes? The screenshot you provided is what you'll see before the campaign starts.
from certfuzz.
Is that that's the weird thing?
I execute it with several files but the others capture them either.
It catches my attention because it started happening to me recently, maybe the application incorporates some mechanism.
I have dep and asrl deactivated :(
from certfuzz.
You know something that you notice is very strange adding the debug "-d"
DEBUG certfuzz.file_handlers.tmp_reaper - Failed to delete
As the process is taking the tmp and can not eliminate it, maybe that influences.
Is there a way to change the tmp by default ?.
from certfuzz.
already modified the tmp and it remains the same .. how strange, consult the repro.py how should I end up facing a crash?
Currently only gives me access violation, is that okay? or does it also generate the folder with the testcase and execute the exploitable?
from certfuzz.
In the end you can solve the problem.
For some reason by default under vcredist_x86 2013 and it is not compatible.
I worked with the 2010 version
regards
from certfuzz.
Related Issues (20)
- Fuzz static read files instead of cmdline target file HOT 5
- BFF Installer does not download .msi files on Windows XP 32 bits HOT 1
- fuzzing MSFT Edge
- Fuzz project files HOT 1
- Binary to read a specific file from the directory HOT 3
- not found crash HOT 1
- Contact fuzzer crash HOT 1
- BFF won't minimize a case that starts out as total_stack_corruption on Linux
- struct.error: unpack requires a string argument of length 8 at drillresults\testcasebundle_base.py HOT 1
- WindowsIteration terminating abnormally due to MemoryError HOT 5
- support for Winapps
- mtsp_enum.py breaks if the directory name contains a dot
- Can BFF fuzz form based GUI application? HOT 1
- CertBFF isn't logging crashes as Microsoft visual c++ runtime library handles them HOT 6
- Manually enabling CPU monitoring for apps detected as CLI doesn't work on post XP
- WindowsError: [Error 2] The system cannot find the file specified HOT 9
- BFF 2.8 ISO includes Visual C++ Runtime 2013 rather than 2010
- Question: Parallel Fuzzing HOT 1
- Run BFF on win11 arm64 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certfuzz.