Comments (6)
My advice is to have the fuzz function return like so:
int fuzz(int argc, char *argv[])
{
FuncWithParams paramFunc;
paramFunc = (FuncWithParams)GetProcAddress(hDLL, "process");
int result = paramFunc(argc, argv);
return result;
}
But i don't know for sure if failing to do this would cause your issue. I would imagine the pre_fuzz handler would still get called
from winafl.
His function does return implicitly (I don't think there needs to be an explicit call to "return") and it should work as is, but if the got an "target function was never called" and if there aren't any pre_fuzz_handler lines in the debug log then the error means, well, just what it says. :-)
@hugoMeier it's impossible for me to tell what the issue is with just the info provided. Perhaps you recompiled the target and the offset changed. Also note that both the target_offset and target_module need to be correct (but if it works with the offset of main then I assume target_module is correct)
from winafl.
@ivanfratric thanks for supporting us mortals in using the awesomely underappreciated piece of code you built :) . Coverage guided fuzzing on windows is just pure gold.
from winafl.
I modified the example application test_gdiplus
`
#include <stdio.h>
#include <windows.h>
#include <gdiplus.h>
using namespace Gdiplus;
void fuzz()
{
printf("hello fuzz...");
}
wchar_t* charToWChar(const char* text)
{
size_t size = strlen(text) + 1;
wchar_t* wa = new wchar_t[size];
mbstowcs(wa,text,size);
return wa;
}
int main(int argc, char** argv)
{
if(argc < 2) {
printf("Usage: %s \n", argv[0]);
return 0;
}
fuzz();
GdiplusStartupInput gdiplusStartupInput;
ULONG_PTR gdiplusToken;
GdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL);
Image *image = NULL, *thumbnail=NULL;
image = new Image(charToWChar(argv[1]));
if(image && (Ok == image->GetLastStatus())) {
//printf("Image loaded\n");
/*thumbnail = image->GetThumbnailImage(100, 100, NULL, NULL);
if(thumbnail && (Ok == thumbnail->GetLastStatus())) {
//printf("Thumbnail created\n");
}*/
}
//printf("Done\n");
if(image) delete image;
if(thumbnail) delete thumbnail;
GdiplusShutdown(gdiplusToken);
return 0;
}
`
My target offsets are:
main = 0x1300
fuzz = 0x12F0
C:\DynamoRIO-Windows-6.2.0-2\bin32\drrun.exe -c winafl.dll -debug -target_module test_gdiplus.exe -target_offset 0x1300 -fuzz_iterations 5 -nargs 2 -- test_gdiplus.exe in/test.jpeg
hello fuzz...hello fuzz...hello fuzz...hello fuzz...hello fuzz...
C:\DynamoRIO-Windows-6.2.0-2\bin32\drrun.exe -c winafl.dll -debug -target_module test_gdiplus.exe -target_offset 0x12F0 -fuzz_iterations 5 -nargs 2 -- test_gdiplus.exe in/test.jpeg
hello fuzz...
The error log looks like this:
Module loaded, test_gdiplus.exe
Module loaded, drmgr.dll
Module loaded, drx.dll
Module loaded, drreg.dll
Module loaded, drwrap.dll
Module loaded, winafl.dll
Module loaded, MSVCR120.dll
Module loaded, gdiplus.dll
Module loaded, dynamorio.dll
Module loaded, sophos_detoured.dll
Module loaded, bcryptPrimitives.dll
Module loaded, CRYPTBASE.dll
Module loaded, USER32.dll
Module loaded, combase.dll
Module loaded, SECHOST.dll
Module loaded, SspiCli.dll
Module loaded, MSCTF.dll
Module loaded, KERNEL32.dll
Module loaded, GDI32.dll
Module loaded, KERNELBASE.dll
Module loaded, msvcrt.dll
Module loaded, IMM32.dll
Module loaded, PSAPI.DLL
Module loaded, RPCRT4.dll
Module loaded, ntdll.dll
Module loaded, UxTheme.dll
Module loaded, tiptsf.dll
Module loaded, OLEAUT32.dll
Module loaded, WindowsCodecs.dll
WARNING: Target function was never called. Incorrect target_offset?
Coverage map follows:
from winafl.
Ok I solved the problem.
The reason was that I used the CMakeList from WinAFL for building my target -> When I build with VS and use the target from there, it works as expected.
Thanks for helping me and bye the way AFL & WinAFL are awesome!
from winafl.
Closing for now. Not sure why building with cmake or Visual Studio would cause it to behave differently. Please reopen if you figure out the root cause.
from winafl.
Related Issues (20)
- Update docs HOT 3
- Facing Issues with Offset Calculation and Starting Fuzzing in WinAFL HOT 2
- Compilation failed HOT 3
- Documented build commands do not generate winafl.dll HOT 9
- How to stop WinAFL properly? HOT 1
- Winafl + Libprotobuf-mutator
- WinAFL Internal Crash at PC 0x5a1a456e HOT 6
- PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received '' HOT 1
- ERROR while building winafl HOT 1
- Error: Can't open .cur_input
- drrun.exe and afl-fuzz.exe giving error when -fsanitize=address flag given to compile target
- PROGRAM ABORT : Test case 'id_000000' results in a crash HOT 3
- Occur time out when init test case
- Incorrect detection count threads on multiCPU motherboards HOT 2
- Winafl doesn't want to start, reading other issues didn't help
- PROGRAM ABORT : CreateNamedPipe failed, GLE=231 HOT 2
- tmin: Proposing del_len option for improved speed HOT 2
- Is dumb mode (-n) currently implemented? HOT 4
- My output keeps showing a timeout HOT 8
- problem about finding crashes HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winafl.