Target function was never called. Incorrect target_offset? about winafl HOT 6 CLOSED

My advice is to have the fuzz function return like so:

int fuzz(int argc, char *argv[])
{
FuncWithParams paramFunc;
paramFunc = (FuncWithParams)GetProcAddress(hDLL, "process");
int result = paramFunc(argc, argv);
return result;
}

But i don't know for sure if failing to do this would cause your issue. I would imagine the pre_fuzz handler would still get called

from winafl.

His function does return implicitly (I don't think there needs to be an explicit call to "return") and it should work as is, but if the got an "target function was never called" and if there aren't any pre_fuzz_handler lines in the debug log then the error means, well, just what it says. :-)

@hugoMeier it's impossible for me to tell what the issue is with just the info provided. Perhaps you recompiled the target and the offset changed. Also note that both the target_offset and target_module need to be correct (but if it works with the offset of main then I assume target_module is correct)

from winafl.

@ivanfratric thanks for supporting us mortals in using the awesomely underappreciated piece of code you built :) . Coverage guided fuzzing on windows is just pure gold.

from winafl.

I modified the example application test_gdiplus

`
#include <stdio.h>
#include <windows.h>
#include <gdiplus.h>

using namespace Gdiplus;

void fuzz()
{
printf("hello fuzz...");
}

wchar_t* charToWChar(const char* text)
{
size_t size = strlen(text) + 1;
wchar_t* wa = new wchar_t[size];
mbstowcs(wa,text,size);
return wa;
}

int main(int argc, char** argv)
{
if(argc < 2) {
printf("Usage: %s \n", argv[0]);
return 0;
}
fuzz();

GdiplusStartupInput gdiplusStartupInput;
ULONG_PTR gdiplusToken;
GdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL);

Image *image = NULL, *thumbnail=NULL;

image = new Image(charToWChar(argv[1]));
if(image && (Ok == image->GetLastStatus())) {
    //printf("Image loaded\n");
    /*thumbnail = image->GetThumbnailImage(100, 100, NULL, NULL);
    if(thumbnail && (Ok == thumbnail->GetLastStatus())) {
        //printf("Thumbnail created\n");
    }*/
}

//printf("Done\n");

if(image) delete image;
if(thumbnail) delete thumbnail;

GdiplusShutdown(gdiplusToken);

return 0;

}
`

My target offsets are:
main = 0x1300
fuzz = 0x12F0

C:\DynamoRIO-Windows-6.2.0-2\bin32\drrun.exe -c winafl.dll -debug -target_module test_gdiplus.exe -target_offset 0x1300 -fuzz_iterations 5 -nargs 2 -- test_gdiplus.exe in/test.jpeg
hello fuzz...hello fuzz...hello fuzz...hello fuzz...hello fuzz...

C:\DynamoRIO-Windows-6.2.0-2\bin32\drrun.exe -c winafl.dll -debug -target_module test_gdiplus.exe -target_offset 0x12F0 -fuzz_iterations 5 -nargs 2 -- test_gdiplus.exe in/test.jpeg
hello fuzz...

The error log looks like this:
Module loaded, test_gdiplus.exe
Module loaded, drmgr.dll
Module loaded, drx.dll
Module loaded, drreg.dll
Module loaded, drwrap.dll
Module loaded, winafl.dll
Module loaded, MSVCR120.dll
Module loaded, gdiplus.dll
Module loaded, dynamorio.dll
Module loaded, sophos_detoured.dll
Module loaded, bcryptPrimitives.dll
Module loaded, CRYPTBASE.dll
Module loaded, USER32.dll
Module loaded, combase.dll
Module loaded, SECHOST.dll
Module loaded, SspiCli.dll
Module loaded, MSCTF.dll
Module loaded, KERNEL32.dll
Module loaded, GDI32.dll
Module loaded, KERNELBASE.dll
Module loaded, msvcrt.dll
Module loaded, IMM32.dll
Module loaded, PSAPI.DLL
Module loaded, RPCRT4.dll
Module loaded, ntdll.dll
Module loaded, UxTheme.dll
Module loaded, tiptsf.dll
Module loaded, OLEAUT32.dll
Module loaded, WindowsCodecs.dll
WARNING: Target function was never called. Incorrect target_offset?
Coverage map follows:

from winafl.

Ok I solved the problem.

The reason was that I used the CMakeList from WinAFL for building my target -> When I build with VS and use the target from there, it works as expected.

Thanks for helping me and bye the way AFL & WinAFL are awesome!

from winafl.

Closing for now. Not sure why building with cmake or Visual Studio would cause it to behave differently. Please reopen if you figure out the root cause.

from winafl.