stephenfewer / grinder Goto Github PK
View Code? Open in Web Editor NEWGrinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
License: BSD 3-Clause "New" or "Revised" License
Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
License: BSD 3-Clause "New" or "Revised" License
Hi,
I installed a grinder node version 0.5-dev on a Windows7 with a 32bit ruby installation. Everything was alright until the debugger server process starts. I use ruby 2.0.0:
______ _ __
/ ____/____(_)___ ____/ /__ _____
/ / __/ ___/ / __ \/ __ / _ \/ ___/
/ /_/ / / / / / / / /_/ / __/ /
\____/_/ /_/_/ /_/\__,_/\___/_/
By Stephen Fewer of Harmony Security (www.harmonysecurity.com)
GRINDER - Version 0.5-Dev
[+G+] Starting at 2013-03-01 19:22:26
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'G1'...
[+G+] Started the Grinder continue process 1896
[+S+] Starting at 2013-03-01 19:22:27
[+S+] Adding fuzzer 'SimpleExample' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8888
[+G+] Started the Grinder server process 2652
[+G+] Started the Grinder debugger process 2368C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require': 1
114: A dynamic link library (DLL) initialization routine failed. - C:/Ruby200/
lib/ruby/2.0.0/metasm/dynldr-windows-ia32-19.so (LoadError)
So i thought it was a metasm error but the following statement runs and gave a '1' as a result:
ruby -r metasm -e 'p Metasm::VERSION'
Do you know why? thanks,
Hi Stephen,
I get this error on starting a node with ruby 2.1.5
[+G+] Starting at 2015-02-15 12:56:48
C:/Ruby21-x64/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in require': 1114: A dynamic link library (DLL) initialization routine failed. - C:/github/grinder/node/lib/metasm/metasm/dynldr-windows-x64-19.so (LoadError) from C:/Ruby21-x64/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in
require'
from C:/github/grinder/node/lib/metasm/metasm/dynldr.rb:612:in start' from C:/github/grinder/node/lib/metasm/metasm/dynldr.rb:1297:in
class:DynLdr'
from C:/github/grinder/node/lib/metasm/metasm/dynldr.rb:11:in <module:Metasm>' from C:/github/grinder/node/lib/metasm/metasm/dynldr.rb:10:in
<top (required)>'
from C:/Ruby21-x64/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in require' from C:/Ruby21-x64/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in
require'
from C:/github/grinder/node/lib/metasm/metasm/os/windows.rb:8:in <top (required)>' from C:/github/grinder/node/core/configuration.rb:36:in
config_init'
from grinder.rb:142:in run' from grinder.rb:258:in
C:\github\grinder\node>
Before this I've tried another ruby version and that also failed. What exact version of ruby are you guys using?
Cheers,
An existing connection was forcibly closed the remote host
Server and node all in win7 x86 with virtualbox,
Ram: 1G
Ruby:1.9.3p545
Browser: IE 10
Fuzzer:njuda
So for some reason, the node server sometimes can shutdown and not restart, and the browser gets no more testcases to fuzz. However, the debugger and continue.exe are still alive.
I don't really know why this is happening, but as far as I can tell, I can only guess it's possibly due to one or more of these contributing factors: 1) Low resources, 2) Unsafe threading, 3) Some sort of bad timing? Once again, I'm just guessing so I may be completely wrong the contributing factors.
I actually setup two nodes to test the first theory - one has 1GB of RAM, the other has 2GB. The 1GB RAM setup eventually hits the problem, but the 2GB setup is still alive. So I kind of feel maybe this issue has something to do with low resources.
I also know I'm actually not alone with this issue. Our friend @pyoor has seen something similar, so I would like to invite him to this discussion and maybe better document the problem (or not)
Hi stephenfewer,
Have you tried chrome asan version?
I found it can't resolved the symbol, though I have change the symbols_dir!
http://commondatastorage.googleapis.com/chromium-browser-asan/index.html?prefix=win32-release/
$symbols_dir = 'E:\asan-win32-release-300063'
[+D+] chrome_child.dll DLL loaded into process 3144 at address 0x59C70000
[-D-] Unable to resolved chrome_child.dll!v8::internal::Runtime_StringParseFloat
I can use windbg to load the symbol successfully:
0:011> .reload /f chrome_child.dll
*** WARNING: Unable to verify checksum for E:\asan-win32-release-300063\chrome_child.dll
0:011> x chrome_child!stringparsefloat
5c1e6860 chrome_child!v8::internal::Runtime_StringParseFloat ()
The file, continue.exe, did not work in my environment.
error msg:
[+G+] Bringing up Grinder node 'G1' with ruby 1.9.3 (32-bit)...
grinder.rb:161:in 'spaen': Exec format error - .\data\continue.exe(Errno::ENOEXEC)
from grinder.rb:161:in 'run'
from grinder.rb:258:in '(main)'
I install the ruby 1.9 and done all install for grinder node.
After notice "jscript.dll DLL loaded into process 3168 at address 0x68EF0000"
It will show "unable to resolved jscript!StrToDb" and then repeat these two sentences.
Server and node all in win7 x86 with virtualbox,
Ram: 1G
Ruby:1.9.3p545
Browser: IE 8
so the better handle in internetexplorer.rb will be:
-if( path.include?( 'jscript9' ) )
+if( path.downcase.include?( 'jscript9' ) )
-elsif( path.include?( 'jscript' ) )
+elsif( path.downcase.include?( 'jscript' ) )
Thanks.
Win7 32 bit...
Probably this is how it looks, when a hooking stub needs update?
C:\grinder\node>ruby grinder.rb -browser FF
______ _ __
/ ____/____(_)___ ____/ /__ _____
/ / __/ ___/ / __ \/ __ / _ \/ ___/
/ /_/ / / / / / / / /_/ / __/ /
\____/_/ /_/_/ /_/\__,_/\___/_/
By Stephen Fewer of Harmony Security (www.harmonysecurity.com)
GRINDER - Version 0.6-Dev
[+G+] Starting at 2014-07-26 00:08:46
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'FF_W7_32_G2' with ruby 1.9.3 (32-bit)...
[+G+] Started the Grinder continue process 2992
[+S+] Starting at 2014-07-26 00:08:46
[+S+] Adding fuzzer 'nduja11' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 3696
[+G+] Started the Grinder debugger process 1852
[+D+] Starting at 2014-07-26 00:08:49
[+D+] Using the symbol path 'SRV*C:\symbols\*http://msdl.microsoft.com/download/symbols;SRV*C:\symbols\*http://symbols.mozilla.org/firefox'.
[+D+] Running 'C:\Program Files\Mozilla Firefox\firefox.exe'
[+D+] Attached debugger to new 32-bit process 760.
[+D+] Attached debugger to new 32-bit process 760.
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[-D-] Unable to hook JavaScript parseFloat() in process 760, logger dll not injected.
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[-D-] Unable to hook JavaScript parseFloat() in process 760, logger dll not injected.
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[-D-] Unable to hook JavaScript parseFloat() in process 760, logger dll not injected.
[+D+] Logger DLL loaded into process 760 @ 0x72A20000
[+D+] Logging process 760 to log file 'C:\Users\Sicko\AppData\Local\Temp\Low\logger_760.xml'
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A74D530
[+D+] Resolved mozjs!js_strtod @ 0x6A5EF020
[+D+] call to js_strtod @ 0x6A74D5AD
[-D-] Fatal error 'invalid opcode arguments "test dword ptr [ebp+8], dword ptr [ebp+8]", allowed : [[:reg, :modrm], [:reg, :modrm], [:reg_eax, :i], [:reg_eax, :i], [:modrm, :i], [:modrm, :i], [:modrm, :i], [:modrm, :i]] near "test" at "\"<unk>\"" line 6', quitting.
C:/grinder/node/lib/metasm/metasm/parse.rb:59:in `parse_instruction'
Default, just record $debugger_restart_minutes number of last one. If I want to record every xml log, could I do?
I'm using a 32-bit Windows 7 VM with IE8. Everything looks OK but the log file is not created. I used Process Monitor to monitor access to the file and it seems that no CreateFile is issued from the browser process at all, the first access is done by ruby and results in a "file not found" error. I would really appreciate some pointers on how to debug this problem.
Ruby version: ruby 1.9.3p392 (2013-02-22) [i386-mingw32](used the Windows installer)
Grinder version: 0.5-dev
Thank you!
[+G+] Starting at 2013-04-02 11:13:02
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'TestingG'...
[+G+] Started the Grinder continue process 2884
[+S+] Starting at 2013-04-02 11:13:04
[+S+] Adding fuzzer 'SimpleExample' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 3780
[+G+] Started the Grinder debugger process 196
[+D+] Starting at 2013-04-02 11:13:06
[+D+] Using the symbol path 'SRV*C:\symbols\*http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new process 1708
[+D+] Logger DLL loaded into process 1708 @ 0x6FA80000
[+D+] Logging process 1708 to log file 'C:\Users\b\AppData\Local\Temp\Low\logger
_1708.xml'
[+D+] Attached debugger to new process 2528
[+D+] Logger DLL loaded into process 2528 @ 0x6FA80000
[+D+] Logging process 2528 to log file 'C:\Users\b\AppData\Local\Temp\Low\logger
_2528.xml'
[+D+] jscript.dll DLL loaded into process 2528 at address 0x67F40000
[+D+] Resolved jscript!StrToDbl @ 0x67F57C37
[+D+] Hooked JavaScript parseFloat() to grinder_logger.dll via proxy @ 0x01EF000
0
[-D-] Error, unable to save the log file 'C:\Users\b\AppData\Local\Temp\Low\logg
er_2528.xml' (File doesnt exist)
[-D-] Failed to save the log file.
[*D*]
[*D*] Caught a Read Access Violation in IE8 process 2528 at 2013-04-02 11:13:24
with a crash hash of 6AD5B069.76FF3FD4
[*D*]
[+D+] Finished at 2013-04-02 11:13:24
Hi, stepthen:
whenever i try the frame using fuzzer "nduja11" (or the "simpleexample") it comes to "Caught a Rea Access Violation in IE9 process 8016 at 2013-03-12 13:09 with a crash hash of 58749F29.3252F0B7". then terminal IE9.
I can open IE to explore any website normally. But when fuzzing, It cannot be opened completely
OS:win7 x64
Browser: IE9 x64
Ruby:200 x64
Ram :4G
thanks!
Hello,
I'm not a ruby expert, just trying to hack this. I'm declaring some object vars (lile @object_var )in the GrinderServlet class however when I try to access to access them in the do_GET method they're undefined. Can somebody explain me why??
Thanks,
I have a grinder server running on a ubuntu server box and 2 nodes that are actively running njuda all the time, one in a VM on a Hackintosh and another native Win8 Machine. The VM has generated 1 crash which was a buffer overflow, and the native machine has generated over 1000 read and write access violations with only 12ish hashes. I can't get the test cases to reproduce the AV crashes, so it seems this may be a permissions problem, but i haven't modified any permissions. Are there any permissions i should change/verify?
Hi,
I have obtained about a handful of crashes from grinder when I fuzz Chrome on windows XP using the nduja fuzzer. However, for a crash, there's a file called "58DCB01E.0BC01241.crash" could be downloaded through grinder remote server, but the file "58DCB01E.0BC01241.log" has the size of 0 byte when listed on server, and when I click download that file, it resulted in "file not found".
What would be the problem here?
Hi Stephen,
I have started getting issues with grinder_logger.dll. When the test cases are small it's working perfectly.
But as my test cases has grown large in size, the logger is not able to log the complete logged information. I see partial information, basically, it's missing the starting part of the logged messages.
https://github.com/stephenfewer/grinder/blob/master/node/source/logger/logger.c
dwLogMessageSize = 8192;
I need to dig in and rebuild the logger and check.
In the fuzzer HTML, there is a code like "<embed src="aa.swf", ...", the file aa.swf is just in the current directory. But when the grinder run, it cannot find aa.swf. I also put it in the ./data directory. It still cannot find it.
c:\grinder\node>grinder.rb --browser=IE --fuzzer=fuzzer\IE\nduja11.html
______ _ __
/ ____/____(_)___ ____/ /__ _____
/ / __/ ___/ / __ \/ __ / _ \/ ___/
/ /_/ / / / / / / / /_/ / __/ /
\____/_/ /_/_/ /_/\__,_/\___/_/
By Stephen Fewer of Harmony Security (www.harmonysecurity.com)
GRINDER - Version 0.6-Dev
[+G+] Starting at 2014-03-21 02:55:21
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'G1' with ruby 1.9.3 (32-bit)...
[+G+] Started the Grinder continue process 4020
[+S+] Starting at 2014-03-21 02:55:21
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 3620
[+G+] Started the Grinder debugger process 692
[+D+] Starting at 2014-03-21 02:55:24
[+D+] Using the symbol path 'SRV_C:\Symbols_http://msdl.microsoft.com/download/
symbols'.
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new 32-bit process 4064.
[+D+] Attached debugger to new 32-bit process 4064.
[-D-] Fatal error 'undefined method <' for nil:NilClass', quitting. [+D+] Finished at 2014-03-21 02:55:26 [+G+] Started the Grinder debugger process 3836 [+D+] Starting at 2014-03-21 02:55:27 [+D+] Using the symbol path 'SRV*C:\Symbols\*http://msdl.microsoft.com/download/ symbols'. [+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe' [+D+] Attached debugger to new 32-bit process 3000. [+D+] Attached debugger to new 32-bit process 3000. [-D-] Fatal error 'undefined method
<' for nil:NilClass', quitting.
[+D+] Finished at 2014-03-21 02:55:31
[+G+] Started the Grinder debugger process 3540
Windows 8.1 32 bit + IE 11, and I read the heaphook.rb code and found that "grinder_heaphook.dll" doesn't exist. please take a look. thanks
After sucessfuly installing the application, it fails to login. HTTPS is not enabled.
If session doesn't start automatically, it was not possible to log in. I tried adding "session_start();" to index.php and everything started working as usual.
Hi, I read "Re-producing a crash" issued by kernelGadaffi, and I encounter the same problem when I fuzzed IE using nduja fuzzer.
"It is also important to get logging working correctly in situations such as event callbacks, which need to execute the generated javascript in the callback itself " was refered from your comment, I also think that the fuzzer is getting logging working uncorrectly about event callbacks, would you please give me some sample about fuzzer logging event callbacks correctly?
Thanks a lot!
On the grinder node: I got a crash for the browser.
Now, it posts the crash information to grinder server's status.php
I am able to see the crash data being sent in the HTTP POST request to the grinder server and also a 200OK response from it as shown below:
POST /status.php HTTP/1.1
Accept: */*
User-Agent: Ruby
Content-Type: application/x-www-form-urlencoded
Connection: close
Host: xxx.xxx.xxx.xxx
Content-Length: 16957
key=xxxxxx&action=add_crash&time=2012-01-10+16%3A13%3A55&node=G1&browser=&hash_quick=xxxxxxxx&hash_full=xxxxxxxx&type=Read+Access+Violation&fuzzer=custom&crash_data=CkNh....&log_data=&verified=0
HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 10:43:56 GMT
Server: Apache/2.4.4 (Win32) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Length: 0
Connection: close
Content-Type: text/html
I have masked some information above.
Now, on grinder server: It does not report the crash on grinder server's web interface and does not show in crashes section either.
I checked the database tables, "crashes" using phpmyadmin on grinder server and no data specific to crash was inserted in the Database either.
The only statistics being updated on the grinder server are that the node is active and number of test cases tested per minute.
I checked the add_crash function defined in status.php and it should be inserting data in the crashes table when it receives the crash information from a grinder node
function add_crash( $time, $node, $target, $hash_quick, $hash_full, $type, $fuzzer, $log_data, $crash_data, $verified )
{
......
$sql = "INSERT INTO crashes ( time, node, target, hash, hash_quick, hash_full, type, fuzzer, count, log_data, crash_data, verified ) VALUES ";
$sql .= "( '" . $time . "', '" . $node . "', '" . $target . "', '" . $hash . "', '" . $hash_quick . "', '" . $hash_full . "', '" . $type . "', '" . $fuzzer . "', '1', '" . $log_data . "', '" . $crash_data . "', '" . $verified . "' );";
$result = mysql_query( $sql );
I am not sure why it is not inserting the data in the table.
Also, I can see that the grinder server responds with a 200OK response code.
And in status.php, if there was an error in processing the request, it would return 404 not found:
if( $success )
header( 'HTTP/1.0 200 OK' );
else
header( 'HTTP/1.0 404 Not Found' );
There should not be an issue in inserting data into the DB because the "nodes" table does get updated.
Help would be appreciated.
Thanks.
I know that has been discussed a bit in other issues but I thought it deserved it's own thread. There's an issue right now logging crash data for Firefox 38.0.5 and 39.0. Grinder reports no errors attaching to the process but no log file is created:
[+G+] Starting at 2015-07-05 19:03:23
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'Test-1' with ruby 1.9.3 (32-bit)...
[+G+] Started the Grinder continue process 5016
[+S+] Starting at 2015-07-05 19:03:25
[+S+] Adding fuzzer 'Fuzzer_15-07-05_18-42-18' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 6052
[+G+] Started the Grinder debugger process 5148
[+D+] Starting at 2015-07-05 19:03:29
[-D-] Found an instance of firefox.exe already running, killing...
[-D-] Received an interrupt in main debugger loop.
./browser/firefox.rb: Interrupt
[+G+] Started the Grinder debugger process 5876
[+D+] Starting at 2015-07-05 19:04:14
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/symbols;SRV*C:\symbols\*http://symbols.mozilla.org/firefox'.
[+D+] Running 'C:\Program Files\Mozilla Firefox\firefox.exe'
[+D+] Attached debugger to new 32-bit process 4932.
[+D+] Logger DLL loaded into process 4932 @ 0x6C4C0000
[+D+] Logging process 4932 to log file 'C:\Users\Crash Analysis - 2\AppData\Local\Temp\Low\logger_4932.xml'
Any suggestions?
Is there any reason why special characters aren't allowed in passwords for authentication? I'm going to issue a patch for this unless there's not some unforeseen issue that I'm not aware of.
On a Windows 7 32bit with IE 8 inside VMWare
I have this problem....
there is a full dump as follows๏ผ
[+G+] Starting at 2014-05-06 11:01:12
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'G1' with ruby 1.9.3 (32-bit)...
[+G+] Started the Grinder continue process 1812
[+S+] Starting at 2014-05-06 11:01:12
[+G+] Started the Grinder server process 3428
[+G+] Started the Grinder debugger process 2552
[+D+] Starting at 2014-05-06 11:01:15
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'.
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new 32-bit process 3504.
[+D+] Attached debugger to new 32-bit process 3504.
[+D+] Logger DLL loaded into process 3504 @ 0x6D380000
[+D+] Logging process 3504 to log file 'C:\Users\Administrator\AppData\Local\Tem
p\Low\logger_3504.xml'
[+D+] jscript.dll DLL loaded into process 3504 at address 0x6B520000
[+D+] Resolved jscript!StrToDbl @ 0x6B537D17
[+D+] Hooked JavaScript parseFloat() to grinder_logger.dll via proxy @ 0x0387000
0
When Grinder Node instance create a HTTP server to serve out the fuzzers to the target browser,an error occurs.the request url: http://127.0.0.1:8080/grinder
C:/Ruby193/lib/ruby/1.9.1/net/http.rb:763:in initialize': No connection could b e made because the target machine actively refused it. - connect(2) (Errno::ECON NREFUSED) from C:/Ruby193/lib/ruby/1.9.1/net/http.rb:763:in
open'
from C:/Ruby193/lib/ruby/1.9.1/net/http.rb:763:in block in connect' from C:/Ruby193/lib/ruby/1.9.1/timeout.rb:55:in
timeout'
from C:/Ruby193/lib/ruby/1.9.1/timeout.rb:100:in timeout' from C:/Ruby193/lib/ruby/1.9.1/net/http.rb:763:in
connect'
from C:/Ruby193/lib/ruby/1.9.1/net/http.rb:756:in do_start' from C:/Ruby193/lib/ruby/1.9.1/net/http.rb:745:in
start'
from C:/Ruby193/lib/ruby/1.9.1/net/http.rb:1285:in request' from C:/grinder-master/node/core/webstats.rb:125:in
_send_request2'
from C:/grinder-master/node/core/webstats.rb:93:in _send_request1' from C:/grinder-master/node/core/webstats.rb:47:in
update_job_status'
from ./core/server.rb:209:in initialize' from ./core/server.rb:348:in
new'
from ./core/server.rb:348:in <main>' grinder.rb:217:in
wait': Interrupt
from grinder.rb:217:in run' from grinder.rb:258:in
..................
Any ideas?
Thanks
I have written a custom fuzzer for grinder. But I'm getting Error, Failed to parse the xml crash log file error message when generating POC html. I'm not sure whether I've done any silly mistake when logging the fuzzing activities or not. So,I'm unable to track this error down.
So I wanted to know whether I can debug this error message in any way and fix this .log file and generate POC html from that log?
Thanks in Advance!
Debasish
I have tried the install.php page on both IE8 and Chrome. It doesn't work on either. Specifically: I press the "install" button at the bottom of the page and nothing happens.
IE8 indicates there are errors on the page which prevent it from working properly. Chrome gives no feedback.
IE8 error:
Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Timestamp: Wed, 11 Dec 2013 06:48:22 UTC
Message: Object expected
Line: 38
Char: 4
Code: 0
URI: http://10.0.200.107/install.php
The query used to display crashes improperly groups results and may be unpredictable.
SELECT id, hash_quick, hash_full, verified, node, target, fuzzer, type, time, count, SUM(count) FROM crashes GROUP BY ...
If results are removed from the table (i.e. a hash_quick group is deleted), crashes.php will no longer display crashes and their verification status correctly.
A groupwise max query can be used to solve this:
http://jan.kneschke.de/projects/mysql/groupwise-max/
Grouping by MIN(id) will ensure that the earliest appearance of a crash, that with the lowest id value associated with it, is marked as verified when displaying and updating crashes.
Hi Stephen,
I've been trying to capture crashes from Chrome unsuccessfully. It looks like the injected processes are terminated (PIDs not active) yet grinder hooks are still in a waiting state and the server appears operational. The Chrome Frame displays the generic "He's Dead Jim".
BTW, thanks for the quick update to the previous issue.
Raed.
hi there!
Firstly, thx to the author of "Grinder" cauz it's very usefull !!
Need just a little fix about the log files as you can see below...
My config :
The problem is when a crash occur, no log file is created or one with the first xml tag but nothing else.
(fuzzer name="fuzz" browser="IE")
Stephen, did you have the same problem recently (or not) ?
[+G+] Starting at 2013-06-15 18:08:13
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'G1'...
[+G+] Started the Grinder continue process 3456
[+S+] Starting at 2013-06-15 18:08:13
[+S+] Adding fuzzer 'fuzzv2' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 2388
[+G+] Started the Grinder debugger process 736
[+D+] Starting at 2013-06-15 18:08:15
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new process 2264
[+D+] Logger DLL loaded into process 2264 @ 0x10000000
[+D+] Logging process 2264 to log file 'C:\Documents and Settings\XXX\Local Sett
ings\Temp\logger_2264.xml'
[+D+] Attached debugger to new process 3648
[+D+] Logger DLL loaded into process 3648 @ 0x10000000
[+D+] Logging process 3648 to log file 'C:\Documents and Settings\XXX\Local Sett
ings\Temp\logger_3648.xml'
[+D+] Debug message from process 3648: CRecorderBarBHOSite::SetSite
[-D-] Error, unable to save the log file 'C:\Documents and Settings\XXX\Local Se
ttings\Temp\logger_3648.xml' (File doesnt exist)
[-D-] Failed to save the log file.
[D]
[D] Caught a Read Access Violation in IE8 process 3648 at 2013-06-15 18:08:17
...
Grinder cannot currently handle 64bit processes, this also effects fuzzing IE10 on x64 Windows, as the broker process will be 64bit even if the protected mode process is 32 bit.
Support for the IE10 edge case is needed (we should be able to gracefully ignore the 64bit broker in this instance so long as we can detect child process creation).
Support for fuzzing in x64 processes is also needed. This will include a x64 build of grinder_logger.dll, as well as the hooking stubs and there support routines to be updated for x64. Finally we need to sync Metasm as a git submodule and keep it up to date.
This ticket will be a placeholder for tracking this issue.
Hey
When a crash happens, we get a .crash file and a .log file. but we are not able to analyze .crash file inside windbg as it has different file format than actual memory dump file. So is there a way, I can get the dump file from .crash file or I can analyze .crash itself by any other means?
Hi,
I have obtained about a handful of crashes from grinder when I fuzz Safari on windows using the nduja fuzzer. However, when I run the testcase.rb using the .log file in the crashes folder, the html file generated did not re-produce the crash. How do we modify the grinder framework to get all non-crashing test cases generated before up to the one that crash? Could it be a cumulative effect of a few test cases causing the crash instead thanks.
[-D-] Fatal error 'undefined method `gen_logger_filename' for #Grinder::Browser::InternetExplorer:0x13f4208', quitting.
[+D+] Attached debugger to new process 816
[+D+] Logger DLL loaded into process 816 @ 0x70B10000
[+D+] Logging process 816 to log file 'C:\node2\tmplog\logger_816.xml'
[+D+] jscript9.dll DLL loaded into process 816 @ 0x69FC0000
[+D+] Resolved jscript!StrToDbl @ 0x6A010CF7
[+D+] Hooked JavaScript parseFloat() to grinder_logger.dll via proxy @ 0x02B7000
0
c:/node2/lib/metasm/metasm/parse_c.rb:150:in include?': stack level too deep (S ystemStackError) from c:/node2/lib/metasm/metasm/parse_c.rb:150:in
integral?'
from c:/node2/lib/metasm/metasm/parse_c.rb:189:in integral?' from c:/node2/lib/metasm/metasm/dynldr.rb:882:in
block (2 levels) in ne
w_caller_for'
from c:/node2/lib/metasm/metasm/dynldr.rb:880:in map' from c:/node2/lib/metasm/metasm/dynldr.rb:880:in
block in new_caller_fo
r'
from c:/node2/lib/metasm/metasm/os/windows.rb:1287:in continuedebugeven t' from c:/node2/lib/metasm/metasm/os/windows.rb:1270:in
loop'
from c:/node2/core/debug/debugger.rb:536:in monitor' from c:/node2/core/debug/debugger.rb:634:in
main'
from ./browser/internetexplorer.rb:262:in `
Hi, the node get the error about every 30 seconds. If I run the same fuzzer to fuzz Chrome, there is no error. I get the error even if i run the SimpleExample.html, the difference is only getting the error every longer time, maybe 1 minute.
Any idea? Thank you very much!
http://www.exeproblems.com/exe-file-error/continue.exe-fix-29881/
Seriously???????? I'd really like to hear an explanation for this!!!
I don't know if this is a good moment to open a new issue, given the known trouble with symbols after the updates, especially on IE.
I just set up a node with Windows 7 x86 SP1 fully updated. And there are the versions of the browsers tried:
The grinder versions is 0.6dev. But i also tried 0.5 and 0.4 with the same results. And i just tried the SimpleExample fuzzer to avoid logs' issues.
My config file has the next values (./node/config.rb):
$webstats_baseurl = nil #I want to solve the node issue firstly.
...
$symbols_dir = "C:\symbols" #Directory is correctly created. Previous symbols deleted btw.
And the configuration looks well when is fuzzing Chrome. The hooking is done and the logs are being written to the log path (.../Temp/Low/).
This is the output fuzzing firefox:
....
[+D+] Resolved mozjs!num_parseFloat @ 0x6A623330
[-D-] Unable to resolved mozjs!js_strtod
[+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A623330
[-D-] Unable to resolved mozjs!js_strtod
[+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A623330
[-D-] Unable to resolved mozjs!js_strtod
[+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A623330
[-D-] Unable to resolved mozjs!js_strtod
[+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A623330
[-D-] Unable to resolved mozjs!js_strtod
[+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A623330
[-D-] Unable to resolved mozjs!js_strtod
... (Repeat this) ...
And this is again IE:
[+G+] Starting at 2014-11-14 18:39:12
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'G1' with ruby 1.9.3 (32-bit)...
[+G+] Started the Grinder continue process 3400
[+S+] Starting at 2014-11-14 18:39:14
[+S+] Adding fuzzer 'SimpleExample' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 7852
[+G+] Started the Grinder debugger process 2460
[+D+] Starting at 2014-11-14 18:39:18
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com...
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new 32-bit process 2248.
...No more command-line outputs...
IE9, IE10 and IE11 give me the same output. The attaching is done but the hooking never is reached.
I have just been trying to understand how the affected code works. If i'm not wrong the control flow will be, on IE for ex:
I have added a line to ./node/browser/internetexplorer.rb on line 62: print_status("Here..."). Firefox and chrome reaches this point. But IE not.
Is it possible to be an issue related to the lastest tuesday patches?? I mean, related to the symbols servers? Checking the symbol dir, there are symbols for chrome and firefox, but none of MS.
I was trying to execute grinder following error is occurred. May be it is not a grinder issue but I couldn't fixed it.
Could you please help me to fix this problem.
C:\grinder\node>ruby grinder.rb --browser=FF
______ _ __
/ ____/____(_)___ ____/ /__ _____
/ / __/ ___/ / __ \/ __ / _ \/ ___/
/ /_/ / / / / / / / /_/ / __/ /
\____/_/ /_/_/ /_/\__,_/\___/_/
By Stephen Fewer of Harmony Security (www.harmonysecurity.com)
GRINDER - Version 0.5
[+G+] Starting at 2014-05-26 16:31:06
C:/grinder/node/lib/metasm/metasm/dynldr-windows-ia32-19.so: [BUG] Segmentation fault
ruby 2.0.0p481 (2014-05-08) [i386-mingw32]
-- Control frame information -----------------------------------------------
c:0014 p:-10349332 s:0062 e:000061 TOP [FINISH]
c:0013 p:---- s:0060 e:000059 CFUNC :require
c:0012 p:0115 s:0056 e:000055 METHOD C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55
c:0011 p:0089 s:0046 e:000045 METHOD C:/grinder/node/lib/metasm/metasm/dynldr.rb:612
c:0010 p:0620 s:0042 e:000041 CLASS C:/grinder/node/lib/metasm/metasm/dynldr.rb:1297
c:0009 p:0011 s:0040 e:000039 CLASS C:/grinder/node/lib/metasm/metasm/dynldr.rb:11
c:0008 p:0009 s:0038 e:000037 TOP C:/grinder/node/lib/metasm/metasm/dynldr.rb:10 [FINISH]
c:0007 p:---- s:0036 e:000035 CFUNC :require
c:0006 p:0115 s:0032 e:000031 METHOD C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55
c:0005 p:0023 s:0022 e:000021 TOP C:/grinder/node/lib/metasm/metasm/os/windows.rb:8 [FINISH]
c:0004 p:0185 s:0020 e:000019 METHOD C:/grinder/node/core/configuration.rb:36
c:0003 p:0012 s:0013 e:000012 METHOD grinder.rb:142
c:0002 p:0403 s:0007 E:001d98 EVAL grinder.rb:258 [FINISH]
c:0001 p:0000 s:0002 E:001b54 TOP [FINISH]
grinder.rb:258:in <main>' grinder.rb:142:in
run'
C:/grinder/node/core/configuration.rb:36:in config_init' C:/grinder/node/lib/metasm/metasm/os/windows.rb:8:in
<top (required)>'
C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in
require'
C:/grinder/node/lib/metasm/metasm/dynldr.rb:10:in <top (required)>' C:/grinder/node/lib/metasm/metasm/dynldr.rb:11:in
module:Metasm'
C:/grinder/node/lib/metasm/metasm/dynldr.rb:1297:in <class:DynLdr>' C:/grinder/node/lib/metasm/metasm/dynldr.rb:612:in
start'
C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in
require'
-- C level backtrace information -------------------------------------------
C:\Windows\SYSTEM32\ntdll.dll(KiFastSystemCallRet+0x0) [0x77A064F4]
C:\Windows\system32\kernel32.dll(WaitForSingleObjectEx+0x43) [0x75E6F003]
C:\Windows\system32\kernel32.dll(WaitForSingleObject+0x12) [0x75E6EFB2]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_vm_bugreport+0xa7) [0x668F8107]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_name_err_mesg_new+0x69d) [0x667BE36D]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_bug+0x2e) [0x667BF16E]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_check_safe_str+0x180) [0x6687E480]
[0x00401866]
C:\Windows\SYSTEM32\ntdll.dll(RtlGetThreadErrorMode+0x3c) [0x77A35A74]
-- Other runtime information -----------------------------------------------
Loaded script: grinder.rb
Loaded features:
0 enumerator.so
1 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/encdb.so
2 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/iso_8859_1.so
3 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/trans/transdb.so
4 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/rbconfig.rb
5 C:/Ruby200/lib/ruby/2.0.0/rubygems/compatibility.rb
6 C:/Ruby200/lib/ruby/2.0.0/rubygems/defaults.rb
7 C:/Ruby200/lib/ruby/2.0.0/rubygems/deprecate.rb
8 C:/Ruby200/lib/ruby/2.0.0/rubygems/errors.rb
9 C:/Ruby200/lib/ruby/2.0.0/rubygems/version.rb
10 C:/Ruby200/lib/ruby/2.0.0/rubygems/requirement.rb
11 C:/Ruby200/lib/ruby/2.0.0/rubygems/platform.rb
12 C:/Ruby200/lib/ruby/2.0.0/rubygems/specification.rb
13 C:/Ruby200/lib/ruby/2.0.0/rubygems/exceptions.rb
14 C:/Ruby200/lib/ruby/2.0.0/rubygems/defaults/operating_system.rb
15 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/utf_16le.so
16 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/trans/utf_16_32.so
17 C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_gem.rb
18 C:/Ruby200/lib/ruby/2.0.0/thread.rb
19 C:/Ruby200/lib/ruby/2.0.0/monitor.rb
20 C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb
21 C:/Ruby200/lib/ruby/2.0.0/rubygems.rb
22 C:/grinder/node/lib/metasm/metasm/main.rb
23 C:/grinder/node/lib/metasm/metasm/encode.rb
24 C:/grinder/node/lib/metasm/metasm/render.rb
25 C:/grinder/node/lib/metasm/metasm/decode.rb
26 C:/grinder/node/lib/metasm/metasm/preprocessor.rb
27 C:/grinder/node/lib/metasm/metasm/parse.rb
28 C:/grinder/node/lib/metasm/metasm/exe_format/serialstruct.rb
29 C:/grinder/node/lib/metasm/metasm/os/main.rb
30 C:/grinder/node/lib/metasm/metasm/exe_format/main.rb
31 C:/grinder/node/lib/metasm/metasm.rb
32 C:/grinder/node/core/configuration.rb
33 C:/grinder/node/core/logging.rb
34 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/digest.so
35 C:/Ruby200/lib/ruby/2.0.0/digest.rb
36 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/digest/sha2.so
37 C:/Ruby200/lib/ruby/2.0.0/digest/sha2.rb
38 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/trans/single_byte.so
39 C:/grinder/node/config.rb
40 C:/grinder/node/lib/metasm/metasm/debug.rb
41 C:/grinder/node/lib/metasm/metasm/cpu/ia32/main.rb
42 C:/grinder/node/lib/metasm/metasm/cpu/ia32/opcodes.rb
43 C:/grinder/node/lib/metasm/metasm/cpu/ia32/encode.rb
44 C:/grinder/node/lib/metasm/metasm/cpu/ia32/parse.rb
45 C:/grinder/node/lib/metasm/metasm/cpu/ia32/decode.rb
46 C:/grinder/node/lib/metasm/metasm/cpu/ia32/render.rb
47 C:/grinder/node/lib/metasm/metasm/parse_c.rb
48 C:/grinder/node/lib/metasm/metasm/compile_c.rb
49 C:/grinder/node/lib/metasm/metasm/cpu/ia32/compile_c.rb
50 C:/grinder/node/lib/metasm/metasm/cpu/ia32/decompile.rb
51 C:/grinder/node/lib/metasm/metasm/cpu/ia32/debug.rb
52 C:/grinder/node/lib/metasm/metasm/cpu/ia32.rb
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
C:\grinder\node>ruby grinder.rb --browser=FF > salla.txt
C:/grinder/node/lib/metasm/metasm/dynldr-windows-ia32-19.so: [BUG] Segmentation fault
ruby 2.0.0p481 (2014-05-08) [i386-mingw32]
-- Control frame information -----------------------------------------------
c:0014 p:-10334652 s:0062 e:000061 TOP [FINISH]
c:0013 p:---- s:0060 e:000059 CFUNC :require
c:0012 p:0115 s:0056 e:000055 METHOD C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55
c:0011 p:0089 s:0046 e:000045 METHOD C:/grinder/node/lib/metasm/metasm/dynldr.rb:612
c:0010 p:0620 s:0042 e:000041 CLASS C:/grinder/node/lib/metasm/metasm/dynldr.rb:1297
c:0009 p:0011 s:0040 e:000039 CLASS C:/grinder/node/lib/metasm/metasm/dynldr.rb:11
c:0008 p:0009 s:0038 e:000037 TOP C:/grinder/node/lib/metasm/metasm/dynldr.rb:10 [FINISH]
c:0007 p:---- s:0036 e:000035 CFUNC :require
c:0006 p:0115 s:0032 e:000031 METHOD C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55
c:0005 p:0023 s:0022 e:000021 TOP C:/grinder/node/lib/metasm/metasm/os/windows.rb:8 [FINISH]
c:0004 p:0185 s:0020 e:000019 METHOD C:/grinder/node/core/configuration.rb:36
c:0003 p:0012 s:0013 e:000012 METHOD grinder.rb:142
c:0002 p:0403 s:0007 E:000978 EVAL grinder.rb:258 [FINISH]
c:0001 p:0000 s:0002 E:0005b4 TOP [FINISH]
grinder.rb:258:in <main>' grinder.rb:142:in
run'
C:/grinder/node/core/configuration.rb:36:in config_init' C:/grinder/node/lib/metasm/metasm/os/windows.rb:8:in
<top (required)>'
C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in
require'
C:/grinder/node/lib/metasm/metasm/dynldr.rb:10:in <top (required)>' C:/grinder/node/lib/metasm/metasm/dynldr.rb:11:in
module:Metasm'
C:/grinder/node/lib/metasm/metasm/dynldr.rb:1297:in <class:DynLdr>' C:/grinder/node/lib/metasm/metasm/dynldr.rb:612:in
start'
C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in
require'
-- C level backtrace information -------------------------------------------
C:\Windows\SYSTEM32\ntdll.dll(KiFastSystemCallRet+0x0) [0x77A064F4]
C:\Windows\system32\kernel32.dll(WaitForSingleObjectEx+0x43) [0x75E6F003]
C:\Windows\system32\kernel32.dll(WaitForSingleObject+0x12) [0x75E6EFB2]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_vm_bugreport+0xa7) [0x668F8107]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_name_err_mesg_new+0x69d) [0x667BE36D]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_bug+0x2e) [0x667BF16E]
C:\Ruby200\bin\msvcrt-ruby200.dll(rb_check_safe_str+0x180) [0x6687E480]
[0x00401866]
C:\Windows\SYSTEM32\ntdll.dll(RtlGetThreadErrorMode+0x3c) [0x77A35A74]
-- Other runtime information -----------------------------------------------
Loaded script: grinder.rb
Loaded features:
0 enumerator.so
1 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/encdb.so
2 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/iso_8859_1.so
3 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/trans/transdb.so
4 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/rbconfig.rb
5 C:/Ruby200/lib/ruby/2.0.0/rubygems/compatibility.rb
6 C:/Ruby200/lib/ruby/2.0.0/rubygems/defaults.rb
7 C:/Ruby200/lib/ruby/2.0.0/rubygems/deprecate.rb
8 C:/Ruby200/lib/ruby/2.0.0/rubygems/errors.rb
9 C:/Ruby200/lib/ruby/2.0.0/rubygems/version.rb
10 C:/Ruby200/lib/ruby/2.0.0/rubygems/requirement.rb
11 C:/Ruby200/lib/ruby/2.0.0/rubygems/platform.rb
12 C:/Ruby200/lib/ruby/2.0.0/rubygems/specification.rb
13 C:/Ruby200/lib/ruby/2.0.0/rubygems/exceptions.rb
14 C:/Ruby200/lib/ruby/2.0.0/rubygems/defaults/operating_system.rb
15 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/utf_16le.so
16 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/trans/utf_16_32.so
17 C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_gem.rb
18 C:/Ruby200/lib/ruby/2.0.0/thread.rb
19 C:/Ruby200/lib/ruby/2.0.0/monitor.rb
20 C:/Ruby200/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb
21 C:/Ruby200/lib/ruby/2.0.0/rubygems.rb
22 C:/grinder/node/lib/metasm/metasm/main.rb
23 C:/grinder/node/lib/metasm/metasm/encode.rb
24 C:/grinder/node/lib/metasm/metasm/render.rb
25 C:/grinder/node/lib/metasm/metasm/decode.rb
26 C:/grinder/node/lib/metasm/metasm/preprocessor.rb
27 C:/grinder/node/lib/metasm/metasm/parse.rb
28 C:/grinder/node/lib/metasm/metasm/exe_format/serialstruct.rb
29 C:/grinder/node/lib/metasm/metasm/os/main.rb
30 C:/grinder/node/lib/metasm/metasm/exe_format/main.rb
31 C:/grinder/node/lib/metasm/metasm.rb
32 C:/grinder/node/core/configuration.rb
33 C:/grinder/node/core/logging.rb
34 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/digest.so
35 C:/Ruby200/lib/ruby/2.0.0/digest.rb
36 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/digest/sha2.so
37 C:/Ruby200/lib/ruby/2.0.0/digest/sha2.rb
38 C:/grinder/node/config.rb
39 C:/Ruby200/lib/ruby/2.0.0/i386-mingw32/enc/trans/single_byte.so
40 C:/grinder/node/lib/metasm/metasm/debug.rb
41 C:/grinder/node/lib/metasm/metasm/cpu/ia32/main.rb
42 C:/grinder/node/lib/metasm/metasm/cpu/ia32/opcodes.rb
43 C:/grinder/node/lib/metasm/metasm/cpu/ia32/encode.rb
44 C:/grinder/node/lib/metasm/metasm/cpu/ia32/parse.rb
45 C:/grinder/node/lib/metasm/metasm/cpu/ia32/decode.rb
46 C:/grinder/node/lib/metasm/metasm/cpu/ia32/render.rb
47 C:/grinder/node/lib/metasm/metasm/parse_c.rb
48 C:/grinder/node/lib/metasm/metasm/compile_c.rb
49 C:/grinder/node/lib/metasm/metasm/cpu/ia32/compile_c.rb
50 C:/grinder/node/lib/metasm/metasm/cpu/ia32/decompile.rb
51 C:/grinder/node/lib/metasm/metasm/cpu/ia32/debug.rb
52 C:/grinder/node/lib/metasm/metasm/cpu/ia32.rb
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
C:\grinder\node>
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 3116
[+D+] Debug message from process 3116: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:15
[+G+] Started the Grinder debugger process 3716
[+D+] Starting at 2013-06-19 04:24:16
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 2036
[+D+] Debug message from process 2036: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:16
[+G+] Started the Grinder debugger process 1032
[+D+] Starting at 2013-06-19 04:24:16
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 1348
[+D+] Debug message from process 1348: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:16
[+G+] Started the Grinder debugger process 88
[+D+] Starting at 2013-06-19 04:24:17
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 740
[+D+] Debug message from process 740: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:17
[+G+] Started the Grinder debugger process 2212
[+D+] Starting at 2013-06-19 04:24:17
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 3040
[+D+] Debug message from process 3040: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:17
[+G+] Started the Grinder debugger process 4032
[+D+] Starting at 2013-06-19 04:24:18
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 3672
[+D+] Debug message from process 3672: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:18
[+G+] Started the Grinder debugger process 3032
[+D+] Starting at 2013-06-19 04:24:18
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 2508
[+D+] Debug message from process 2508: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:18
[+G+] Started the Grinder debugger process 980
[+D+] Starting at 2013-06-19 04:24:19
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 3384
[+D+] Debug message from process 3384: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:19
[+G+] Started the Grinder debugger process 3844
[+D+] Starting at 2013-06-19 04:24:19
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 2068
[+D+] Debug message from process 2068: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:19
[+G+] Started the Grinder debugger process 1436
[+D+] Starting at 2013-06-19 04:24:20
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 3456
[+D+] Debug message from process 3456: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:20
[+G+] Started the Grinder debugger process 3516
[+D+] Starting at 2013-06-19 04:24:20
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 1612
[+D+] Debug message from process 1612: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:20
[+G+] Started the Grinder debugger process 3212
[+D+] Starting at 2013-06-19 04:24:21
[+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com/download/
symbols'
[+D+] Running 'C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff -pr
ivate'
[+D+] Attached debugger to new process 3288
[+D+] Debug message from process 3288: SHIMVIEW: ShimInfo(Complete)
[+D+] Finished at 2013-06-19 04:24:21
[+G+] Started the Grinder debugger process 1680
grinder.rb:195:in wait': Interruptnn from grinder.rb:195:in
run'
from grinder.rb:236:in `
I dont know whats going on here but my guess is IE 10 is quitting itself on detection of grinder or maybe some access right issues.
When I try to fuzz chrome I get this error:
[-D-] Unable to resolved chrome.dll!v8::internal::Runtime_StringParseFloat
Is there a different symbol that should be defined??
Thanks,
AlienatorZ
Hello,
I was just setting up a quick Grinder POC with Windows Server 2k3 and WAMP (Apache 2.2 PHP 5.4) and the installation went fine, but post-install, the redirect to index.php doesn't contain a login form.
Image can be seen at http://i.imgur.com/RUF2v2C.png
Any input would be appreciated and in the mean time, I'll keep poking around for a fix.
Thanks,
Andrew
File: grinder / node / source / logger / logger.c
Line 167: if( dwLengthA > dwLogMessageSize )
{
...............
}
if dwLengthA == dwLogMessageSize, the following statement will cause the overflow:
Line 188: cpLogMessage[dwLengthA] = 0;
I've noticed on more than one occasion extremely large log files are created filled with "??..etc" because the logger might dump deallocated/non-string terminated memory. A small boundary check would fix this.
On a Windows 7 32bit with IE 8 inside Virtualbox
I have this problem....
[-D-] Failed to post crash to '127.0.0.1/grinder/status.php
I also see this:
-D-] Error, unable to save the log file 'C:\Users\Adam\AppData\Local\Temp\Low\l
ogger_3752.xml' (File doesnt exist)
[-D-] Failed to save the log file.
I dont know if they have the same cause but I cant figure out how to fix. here is a full dump:
[+G+] Starting at 2013-08-15 07:33:19
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'localIE'...
[+G+] Started the Grinder continue process 3532
[+S+] Starting at 2013-08-15 07:33:20
[+S+] Adding fuzzer 'SimpleExample' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 3508
[+G+] Started the Grinder debugger process 3584
[+D+] Starting at 2013-08-15 07:33:23
[+D+] Using the symbol path 'SRV_C:\Users\Adam\symbols_http://msdl.microsoft.co
m/download/symbols'
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new process 3600
[+D+] Logger DLL loaded into process 3600 @ 0x74A40000
[+D+] Logging process 3600 to log file 'C:\Users\Adam\AppData\Local\Temp\Low\log
ger_3600.xml'
[+D+] Attached debugger to new process 3752
[+D+] Logger DLL loaded into process 3752 @ 0x74A40000
[+D+] Logging process 3752 to log file 'C:\Users\Adam\AppData\Local\Temp\Low\log
ger_3752.xml'
[+D+] jscript.dll DLL loaded into process 3752 at address 0x6B8C0000
[+D+] Resolved jscript!StrToDbl @ 0x6B8D7C37
[+D+] Hooked JavaScript parseFloat() to grinder_logger.dll via proxy @ 0x02C0000
0
[-D-] Error, unable to save the log file 'C:\Users\Adam\AppData\Local\Temp\Low\l
ogger_3752.xml' (File doesnt exist)
[-D-] Failed to save the log file.
[D]
[D] Caught a Read Access Violation in IE8 process 3752 at 2013-08-15 07:33:33
with a crash hash of 6AD5B069.D9D65F1C
[-D-] Failed to post crash to '127.0.0.1/grinder/status.php'
[D]
[+D+] Finished at 2013-08-15 07:33:33
[+G+] Started the Grinder debugger process 3168
[+D+] Starting at 2013-08-15 07:33:34
[+D+] Using the symbol path 'SRV_C:\Users\Adam\symbols_http://msdl.microsoft.co
m/download/symbols'
[+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe'
[+D+] Attached debugger to new process 2288
[+D+] Logger DLL loaded into process 2288 @ 0x749E0000
[+D+] Logging process 2288 to log file 'C:\Users\Adam\AppData\Local\Temp\Low\log
ger_2288.xml'
[+D+] Attached debugger to new process 2888
[+D+] Logger DLL loaded into process 2888 @ 0x749E0000
[+D+] Logging process 2888 to log file 'C:\Users\Adam\AppData\Local\Temp\Low\log
ger_2888.xml'
[+D+] jscript.dll DLL loaded into process 2888 at address 0x6B890000
[+D+] Resolved jscript!StrToDbl @ 0x6B8A7C37
[+D+] Hooked JavaScript parseFloat() to grinder_logger.dll via proxy @ 0x0260000
.........
Any ideas?
Thanks
Hi,
I seem to be having some issues with getting started with Grinder. I just installed Grinder Server, following the instructions. After running the install script, which seemed to work just fine, I tried logging in, but the login does not seem to work. When I enter my login details the page appears to refresh, but it keeps showing the login form.
I can find the session cookies that are created for the session, and an entry is added to the login table in the database. Those parts appear to work just fine. The page then appears to reload (as expected, I believe), but just keeps showing the login form.
I am running Grinder Server on a localhost, set up with XAMPP on Windows 7 Home Premium (x64) on a VM. XAMPP was started with adminstrative rights. I tested the login using both Chrome and IE8.
Does anyone know what might be wrong with my setup that is causing this issue?
Thanks in advance for any help!
Hi,
I'm trying to hack this to implement my fuzzer......I always get 500 http code, I don't know where it fails....I don't see any method which implements 500 status code, how do I debug this better?
Also what is with the continue.exe process?
Thanks,
On Internet Explorer 10, it seems window.location.href
demonstrated in SimpleExample.html doesn't actually send a new request to the node's server for the next testcase. If there are no requests being made by the fuzzer, @@count
in server.rb will not update, therefore it will not able to move on to the next fuzzer. The code I'm talking about is here:
https://github.com/stephenfewer/grinder/blob/master/node/core/server.rb#L84
My solution to this is this:
http://msdn.microsoft.com/en-us/library/ie/ms536691(v=vs.85).aspx
Use location.reload(true)
with a timeout, it has to be true because that reloads the document from the server. It has to be in a timeout because it looks like if you're requesting too rapidly, it doesn't seem to want to reload from the server, either.
However, I have not done enough testing on different versions of IE, and different browsers. So even though this solution works for me, it's not enough as a pull request.
Recent Windows update clobbered resolution of StrToDbl..
IE 11 Unable to resolve jscript9!StrToDbl
Raed.
is grinder support mac osx ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.