Comments (15)
from winafl.
Which WinAFL version are you using?
I'm not sure this is the cause of your crash, but
-target_module should take just the name, not a path, so -target_module FuzzSample.exe
-nargs is missing (unless it's intended to be 0)
Does the debug log get created at all?
Can you run your target under DynamoRIO but without WinAFL like this:
C:\Users\in3o\Desktop\acrobat\dynamorio\build\bin32\drrun.exe -- "C:\Users\in3o\Documents\FuzzSample\Release\FuzzSample.exe" in\sample.txt
from winafl.
I got the latest winAFL from the github. Compiled with latest DynamoRio.
When I tried to run
C:\Users\in3o\Desktop\acrobat\dynamorio\build\bin32\drrun.exe -c winafl.dll -debug -target_module FuzzSample.exe -target_method Fuzz -coverage_module vulnerable.dll -fuzz_iterations 10000 -nargs 0 -- "C:\Users\in3o\Documents\FuzzSample\Release\FuzzSample.exe" in\sample.txt
I got the following log:
Module loaded, MFC140ENU.DLL
Module loaded, drreg.dll
Module loaded, FuzzSample.exe
Exception caught: c0000005
crashed
WARNING: Target function was never called. Incorrect target_offset?
Coverage map follows:
If you need the sample Fuzz Code which I am fuzzing, I can provide you that too.
I tried - C:\Users\in3o\Desktop\acrobat\dynamorio\build\bin32\drrun.exe -- "C:\Users\in3o\Documents\FuzzSample\Release\FuzzSample.exe" in\sample.txt. Its giving me the same error.
<Application C:\Users\in3o\Desktop\acrobat\winafl\bin32\test_gdiplus.exe (8616). WinAFL internal crash at PC 0x702bcffb. Please report this at . Program aborted.
0xc0000005 0x00000000 0x702bcffb 0x702bcffb 0x00000003 0x00000000
Base: 0x701f0000
Registers: eax=0x00000000 ebx=0x009af118 ecx=0xd27a70b4 edx=0x00000000
esi=0x1a65db10 edi=0x1a65db04 esp=0x009af138 ebp=0x009af1e8
eflags=0x0001020
version 6.2.17367, custom build
-no_dynamic_options -client_lib 'C:\Users\in3o\Desktop\acrobat\winafl\bin32\winafl.dll;0;"-debug" "-target_module" "FuzzSample.exe" "-target_method" "Fuzz" "-coverage_module" "vulnerable.dll" "-fuzz_iterations" "10000" "-nargs" "0"' -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignore
0x009af1e8 0x702976f4
0x009af214 0x70297591
0x009af720 0x702972db
0x009af760 0x7022095d
0x009af788 0x70290f2c
0x009af7a8 0x702bc8c8>
from winafl.
Wait, how can you get the same error when the command line doesn't incude WinAFL at all and the error log references winafl.dll (that shouldn't even exist in the same address space). Can you doublecheck and try again? Your error log also references test_gdiplus.exe that isn't present anywhere in the command line.
from winafl.
Sorry, I added the wrong log. Here is the correct log.
<Application C:\Users\in3o\Documents\FuzzSample\Release\FuzzSample.exe (3804). DynamoRIO internal crash at PC 0x7063cffb. Please report this at http://dynamorio.org/issues/. Program aborted.
0xc0000005 0x00000000 0x7063cffb 0x7063cffb 0x00000003 0x00000000
Base: 0x70570000
Registers: eax=0x00000000 ebx=0x00aff6c8 ecx=0xd27a70b4 edx=0x00000000
esi=0x24ee2080 edi=0x24ee207c esp=0x00aff6e8 ebp=0x00aff798
eflags=0x0001
version 6.2.17367, custom build
-no_dynamic_options -code_api -probe_api -stack_size 56K -max_elide_jmp 0 -max_elide_call 0 -no_inline_ignored_syscalls -native_exec_default_list '' -no_native_exec_managed_code -no_indcall2direct -no_aslr_dr -pad_jmps_mark_no_trace
0x00aff798 0x706176f4
0x00aff7c4 0x70617591
0x00affcd0 0x706172db
0x00affd10 0x705a095d
0x00affd38 0x70610f2c
0x00affd58 0x7063c8c8>
Apologies.
from winafl.
Hmm in that case the issue seems to be with how DR interacts with your target and not in WinAFL. Can you try disabling your antivirus? Antivirus software caused similar issues in the past.
from winafl.
Seems like it. Can you confirm which version of DR would work perfectly with winafl?
I don't have any antivirus, just windows defender but I don't think that's interfering here.
from winafl.
I'm using 6.2.0-2 from https://github.com/DynamoRIO/dynamorio/wiki/Downloads
from winafl.
I tried it the with version 6.2.0-2, its working there. I don't know what bug DynamoRIO introduced.
Anyways, I am running Winafl on linked code.
I am getting following statistics.
WinAFL 1.09 based on AFL 2.43b (FuzzSample.exe)
+- process timing -------------------------------------+- overall results ----+
| run time : 0 days, 0 hrs, 10 min, 35 sec | cycles done : 1 |
| last new path : none seen yet | total paths : 2 |
| last uniq crash : none seen yet | uniq crashes : 0 |
| last uniq hang : none seen yet | uniq hangs : 0 |
+- cycle progress --------------------+- map coverage -+----------------------+
| now processing : 0 (0.00%) | map density : 0.00% / 0.01% |
| paths timed out : 0 (0.00%) | count coverage : 1.00 bits/tuple |
+- stage progress --------------------+ findings in depth --------------------+
| now trying : splice 7 | favored paths : 2 (100.00%) |
| stage execs : 1/16 (6.25%) | new edges on : 2 (100.00%) |
| total execs : 420 | total crashes : 0 (0 unique) |
| exec speed : 0.69/sec (zzzz...) | total tmouts : 0 (0 unique) |
+- fuzzing strategy yields -----------+---------------+- path geometry -------+
| bit flips : 0/0, 0/0, 0/0 | levels : 1 |
| byte flips : 0/0, 0/0, 0/0 | pending : 0 |
| arithmetics : 0/0, 0/0, 0/0 | pend fav : 0 |
| known ints : 0/0, 0/0, 0/0 | own finds : 0 |
| dictionary : 0/0, 0/0, 0/0 | imported : n/a |
| havoc : 0/306, 0/96 | stability : 100.00% |
| trim : n/a, n/a +-----------------------+
^C----------------------------------------------------+
exec speed : 0.69/sec (zzzz...) speed is way to slow. What do you think is the problem?
Here is the command line I am using ->
afl-fuzz.exe -i - -o out -D C:\Users\in3o\dynamorio-6.2.0-2\bin32 -t 20000+ -- -fuzz_iterations 50000 -covtype edge -target_module FuzzSample.exe -target_method Fuzz -nargs 0 -coverage_module vulnerable.dll -- "C:\Users\in3o\FuzzSample.exe" @@
Here is the log during my test run. I dont see any issue here but still.
afl.FuzzSample.exe.27696.0000.proc.txt
from winafl.
Please see "WinAFL runs slower than expected" in the FAQ section of the readme. I'd say that "return;" without first closing the file is the problem.
from winafl.
Yes. That was the problem. Thanks ivanfrantic.
from winafl.
@ivanfratric Is there any tool or feature for visualization of code coverage?
I can't see if my code is reaching certain function or not.
from winafl.
@0vercl0k I have to do it automatically also can't afford IDA Pro as of now. Nice tool btw, useful during CTFs for sure.
Looking for something like https://github.com/mrash/afl-cov if there is, otherwise I will have to write it myself.
from winafl.
@iN3O I'd also suggest filing a bug with DynamoRIO and mention yo have an app that works fine on DR 6 but crashes on DR 7, perhaps DR devs will be interested in this.
from winafl.
Hi, I have the same issue with both winafl and dynamorio crashing with "internal crash; program aborted" as reported above. Following the thread, i thought it was because I used dynamorio 7 but I downloaded and used Dynamorio6 and still get same error.
Anti-virus (defender) disabled from real-time scanning.
Even running it directly with drrun, I still get the same error (and its not just adobe, almost any binary I have run thus far).
C:\DynamoRIO\bin32>drrun.exe -- "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\winafl\testcases\others\pdf\small.pdf
Any pointers?
Thanks
from winafl.
Related Issues (20)
- PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received '' HOT 1
- ERROR while building winafl HOT 1
- Error: Can't open .cur_input
- drrun.exe and afl-fuzz.exe giving error when -fsanitize=address flag given to compile target
- PROGRAM ABORT : Test case 'id_000000' results in a crash HOT 3
- Occur time out when init test case
- Incorrect detection count threads on multiCPU motherboards HOT 2
- Winafl doesn't want to start, reading other issues didn't help
- PROGRAM ABORT : CreateNamedPipe failed, GLE=231 HOT 2
- tmin: Proposing del_len option for improved speed HOT 2
- Is dumb mode (-n) currently implemented? HOT 4
- My output keeps showing a timeout HOT 8
- problem about finding crashes HOT 6
- not running under DR HOT 4
- No expected output when using standalone debug mode of WinAFL client HOT 3
- WinAFL internal crash HOT 2
- winafl.dll : fatal error LNK1120 HOT 2
- Timeout Options Madness HOT 2
- Unable to load client library: winafl.dll: library initializer failed.. HOT 2
- Inconsistent Execution of instrument_bb_coverage Function A HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winafl.