Comments (9)
It is not supposed to close automatically, that's not how WinAFL works. You need to select a target_offset of a function that will return when processing of your input file is done. See another discussion on this in https://github.com/ivanfratric/winafl/issues/6
from winafl.
after the manual intervention i am able to get the iterations but again running AFL results in hangs
1 processes nudged
[!] WARNING: Test case results in a hang (skipping)
[*] Attempting dry run with 'id_000002'...
this is the command line i am using
afl-fuzz.exe -i in -o new -D c:\winafl-master\dyno\bin64 -t 1000+ -- -coverage_module notepad.exe -target_offset 0x3a14 -target_module notepad.exe -fuzz_iterations 5000 -nargs 4 -- C:\Windows\system32\notepad.exe
from winafl.
Please read the other thread I linked. I assume you are trying to fuzz the WinMain function of notepad.exe. That function won't return without user interaction and WinAFL won't handle that user interaction for you.
from winafl.
@ivanfratric thanks for the help now i have a fair understanding of the issue
from winafl.
thanks @ivanfratric i was able to fuzz programs like internet explorer 64 bit but do you have any recommendation for finding the target function for any generic program
from winafl.
That's a difficult question and I don't think there really is a generic way, it will usually take some reversing of the target to figure out what a good target function might be. Some approaches that might work:
- If you know where some of the functionality (e.g. file parsing) that you want to fuzz is implemented, you can set a breakpoint somewhere into that and when you hit that breakpoint list a call stack. Your target function should be something on that call stack.
- Another approach might be to set a breakpoint on file opening functions (e.g. CreateFileA/CreateFileW), look where your input file is opened and do the callstack from there.
from winafl.
hi @ifratric @ivanfratric i was successfully able to fuzz many programs any suggestions on how to create valid testcases from the raw fuzzer output in windows some sort of crash analyzer
from winafl.
I'm not sure if that's what you mean but all samples with new coverage as well as all samples that caused a crash are stored in the WinAFL output directory (same as AFL).
from winafl.
to be precise how can we produce straightforward reproduction cases from the sample in crash folder , such as an HTML for a browser or as specific file format
from winafl.
Related Issues (20)
- How to stop WinAFL properly? HOT 1
- Winafl + Libprotobuf-mutator
- WinAFL Internal Crash at PC 0x5a1a456e HOT 6
- PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received '' HOT 1
- ERROR while building winafl HOT 1
- Error: Can't open .cur_input
- drrun.exe and afl-fuzz.exe giving error when -fsanitize=address flag given to compile target
- PROGRAM ABORT : Test case 'id_000000' results in a crash HOT 3
- Occur time out when init test case
- Incorrect detection count threads on multiCPU motherboards HOT 2
- Winafl doesn't want to start, reading other issues didn't help
- PROGRAM ABORT : CreateNamedPipe failed, GLE=231 HOT 2
- tmin: Proposing del_len option for improved speed HOT 2
- Is dumb mode (-n) currently implemented? HOT 4
- My output keeps showing a timeout HOT 8
- problem about finding crashes HOT 6
- not running under DR HOT 4
- No expected output when using standalone debug mode of WinAFL client HOT 3
- WinAFL internal crash HOT 2
- winafl.dll : fatal error LNK1120 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winafl.