Comments (8)
0vercl0k
commented on July 24, 2024
If you want to use -target_method, your function must be in the export
address table of your executable; you can try to use __declspec(dllexport)
for that. Otherwise you should use -target_offset :).
Cheers
2017-03-08 8:05 GMT-08:00 abhishiktvv <[email protected]>:
… i have a method , which is basically a constructor. whenever i provide
target_method with method name it pops error saying cant find specific
module in fuzz_method.
i also have the debug symbols located in same directory of binary.
please help me out in writing proper syntax for executing code
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<https://github.com/ivanfratric/winafl/issues/48>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABaHRfTlQcG687VIwZXtWUVZB0Hs92Piks5rjtHLgaJpZM4MW98e>
.
from winafl.
abhishiktvv
commented on July 24, 2024
Thanks @0vercl0k , actually i cannot use offset since i want to fuzz a managed code application . where we get MSIL so it's offset will be not static. could you give me any idea of fuzzing managed code applications
Thanks in advance. :)
from winafl.
0vercl0k
commented on July 24, 2024
I think the best shot you have is to wrap the execution around some sort of
"main" / entry-point function (assuming a lot of other things go well too)
- did you give that a shot?
Cheers
2017-03-08 11:08 GMT-08:00 abhishiktvv <[email protected]>:
… Thanks @0vercl0k <https://github.com/0vercl0k> , actually i cannot use
offset since i want to fuzz a managed code application . where we get MSIL
so it's offset will be not static. could you give me any idea of fuzzing
managed code applications
Thanks in advance. :)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://github.com/ivanfratric/winafl/issues/48#issuecomment-285136829>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABaHRTGmPKU3JgJWbtVD4yiKGKGIPoO9ks5rjvyrgaJpZM4MW98e>
.
from winafl.
ivanfratric
commented on July 24, 2024
Out of curiosity, what do you hope to achieve by fuzzing a managed code application? WinAFL is primarily designed to catch memory safety issues (memory access violations etc.) and those shouldn't be present in managed code (unless your intention is to fuzz the interpreter itself). If your managed code app loads a native code library and you want to fuzz that, then writing your own harness around the library might be a better approach.
from winafl.
abhishiktvv
commented on July 24, 2024
Yes, exactly 1. I want to fuzz the native components that are being used
inside the application.
2.i want to check for unhandled exceptions.
…On Thu, Mar 16, 2017 at 4:09 AM, ivanfratric ***@***.***> wrote:
Out of curiosity, what do you hope to achieve by fuzzing a managed code
application? WinAFL is primarily designed to catch memory safety issues
(memory access violations etc.) and those shouldn't be present in managed
code (unless your intention is to fuzz the interpreter itself). If your
managed code app loads a native code library and you want to fuzz that,
then writing your own harness around the library might be a better approach.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/ivanfratric/winafl/issues/48#issuecomment-286902173>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AL2vFvs-Kn1JJBLFs1kFdqCpUtsYRK7lks5rmGiagaJpZM4MW98e>
.
from winafl.
ivanfratric
commented on July 24, 2024
-fuzz_method is now going to look up debug symbols as well as exported symbols
from winafl.
florax-k
commented on July 24, 2024
Is there a way to indicate where the debug symbols are located? I have the pdb file in the same directory as the exe, and I'm able to see the debug symbols in WinDbg, but when I run drrun.exe (step 2 of general steps) with the same format as the example command, it's unable to find the debug symbol (I'm using the symbol Main).
from winafl.
florax-k
commented on July 24, 2024
The other way I tried to attach it was with target_offset instead, but the offset I calculated from the addresses in WinDbg resulted in "WARNING: Target function was never called. Incorrect target_offset?" in the log.
from winafl.
Related Issues (20)
- Yes, I am use attach by add option -A, But it seems no function. below is my command. HOT 1
- Cannot run simple test due to timeout HOT 4
- Update docs HOT 3
- Facing Issues with Offset Calculation and Starting Fuzzing in WinAFL HOT 2
- Compilation failed HOT 3
- Documented build commands do not generate winafl.dll HOT 9
- How to stop WinAFL properly? HOT 1
- Winafl + Libprotobuf-mutator
- WinAFL Internal Crash at PC 0x5a1a456e HOT 6
- PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received '' HOT 1
- ERROR while building winafl HOT 1
- Error: Can't open .cur_input
- drrun.exe and afl-fuzz.exe giving error when -fsanitize=address flag given to compile target
- PROGRAM ABORT : Test case 'id_000000' results in a crash HOT 3
- Occur time out when init test case
- Incorrect detection count threads on multiCPU motherboards HOT 2
- Winafl doesn't want to start, reading other issues didn't help
- PROGRAM ABORT : CreateNamedPipe failed, GLE=231 HOT 2
- tmin: Proposing del_len option for improved speed HOT 2
- Is dumb mode (-n) currently implemented? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winafl.