kafl.targets
kafl.targets copied to clipboard
IntelLabs
Failed VSIX on templates/windows
I was following the tutorial: https://intellabs.github.io/kAFL/tutorials/windows/windows_template.html#build-the-windows-vm-template When building the template Windows I got an error at the VSIX installation:
qemu.windows: TASK [install WDK VSIX extension] **********************************************
qemu.windows: fatal: [default]: FAILED! => changed=true
qemu.windows: cmd: '"C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\VSIXInstaller.exe" /quiet /admin /logFile:C:\wdk_vsix.log WDK.vsix'
qemu.windows: delta: '0:00:22.125011'
qemu.windows: end: '2025-01-27 21:05:15.964369'
qemu.windows: msg: non-zero return code qemu.windows: rc: 2148734217 qemu.windows: start: '2025-01-27 21:04:53.839357' qemu.windows: stderr: '' qemu.windows: stderr_lines: <omitted> qemu.windows: stdout: '' qemu.windows: stdout_lines: <omitted>
qemu.windows:
qemu.windows: PLAY RECAP *********************************************************************
qemu.windows: default : ok=12 changed=11 unreachable=0 failed=1 skipped=4 rescued=0 ignored=0 qemu.windows: 2025/01/27 22:05:16 [INFO] (telemetry) ending ansible
==> qemu.windows: Provisioning step had errors: Running the cleanup provisioner, if present...
2025/01/27 22:05:16 packer-plugin-qemu_v1.1.0_x5.0_linux_amd64 plugin: 2025/01/27 22:05:16 failed to unlock port lockfile: close tcp [::]:5929: use of closed network connection
2025/01/27 22:05:16 packer-plugin-qemu_v1.1.0_x5.0_linux_amd64 plugin: 2025/01/27 22:05:16 failed to unlock port lockfile: close tcp [::]:2433: use of closed network connection
2025/01/27 22:05:16 packer-plugin-qemu_v1.1.0_x5.0_linux_amd64 plugin: 2025/01/27 22:05:16 Deleting floppy disk: /tmp/packer3500442997
==> qemu.windows: Deleting output directory...
2025/01/27 22:05:16 [INFO] (telemetry) ending qemu.windows
==> Wait completed after 24 minutes 14 seconds
2025/01/27 22:05:16 machine readable: error-count []string{"1"}
==> Some builds didn't complete successfully and had errors:
2025/01/27 22:05:16 machine readable: qemu.windows,error []string{"Error executing Ansible: Non-zero exit status: exit status 2"}
==> Builds finished but no artifacts were created.
Build 'qemu.windows' errored after 24 minutes 14 seconds: Error executing Ansible: Non-zero exit status: exit status 2
2025/01/27 22:05:16 [INFO] (telemetry) Finalizing.
==> Wait completed after 24 minutes 14 seconds
==> Some builds didn't complete successfully and had errors:
--> qemu.windows: Error executing Ansible: Non-zero exit status: exit status 2
==> Builds finished but no artifacts were created.
2025/01/27 22:05:16 waiting for all plugin processes to complete...
2025/01/27 22:05:16 /home/zeropio/.config/packer/plugins/github.com/hashicorp/ansible/packer-plugin-ansible_v1.1.2_x5.0_linux_amd64: plugin process exited
2025/01/27 22:05:16 /home/zeropio/.config/packer/plugins/github.com/hashicorp/qemu/packer-plugin-qemu_v1.1.0_x5.0_linux_amd64: plugin process exited
2025/01/27 22:05:16 /home/zeropio/.config/packer/plugins/github.com/hashicorp/vagrant/packer-plugin-vagrant_v1.1.5_x5.0_linux_amd64: plugin process exited
make[1]: *** [Makefile:14: build] Error 1
make[1]: Leaving directory '/home/zeropio/kAFL/kafl/examples/templates/windows'
I'm just running the build (currently with errors output):
$ PACKER_LOG=1 make build
I see there was a similar error before: https://github.com/IntelLabs/kafl.targets/issues/44#issuecomment-2317686079 Any fix? Am I doing something wrong?
Hi @zeropio
Thanks for reporting this. I'm aware of this issue with VSIX, and I started to explore a fix in https://github.com/IntelLabs/kafl.targets/pull/45
However it's not conclusive yet. If you don't fuzz the vulnerable driver, you can just remove the VSIX installation from the playbook
Hi @zeropio I updated a PR at #45 which will fix the VSIX extension setup and driver compilation issue. Can you test it on your side and confirm ?
Hey @Wenzel
I tried the PR and the machine works fine, but I was following the tutorial so I wanted to fuzz the driver.
While trying to fix the problem I discovered that the VSIX folder under Windows Kits\10\Vsix doesn't exists. I tried installing some components that seems missing:
- name: Install Windows Driver Kit
win_command:
cmd: vs_community.exe --quiet --wait --norestart --add Component.Microsoft.Windows.DriverKit
args:
chdir: "{{ ansible_facts['env']['TEMP'] }}"
- name: Install MSVC v143 - VS 2022 C++ x64 Spectre-mitigated libs (Latest)
win_command:
cmd: vs_community.exe --quiet --wait --norestart --add Microsoft.VisualStudio.Component.VC.Runtimes.x86.x64.Spectre
args:
chdir: "{{ ansible_facts['env']['TEMP'] }}"
- name: Install C++ ATL for latest v143 build tools with Spectre Mitigations (x64)
win_command:
cmd: vs_community.exe --quiet --wait --norestart --add Microsoft.VisualStudio.Component.VC.ATL.Spectre
args:
chdir: "{{ ansible_facts['env']['TEMP'] }}"
- name: Install C++ MFC for latest v143 build tools with Spectre Mitigations (x64)
win_command:
cmd: vs_community.exe --quiet --wait --norestart --add Microsoft.VisualStudio.Component.VC.ATLMFC.Spectre
args:
chdir: "{{ ansible_facts['env']['TEMP'] }}"
With that the file exists, check:
- name: Check for WDK.vsix
win_command:
cmd: cmd.exe /c dir "{{ wdk_vsix_dir }}\WDK.vsix"
register: vsix_result
I tried hardcoding the path (a bit clumsy), but the error is still around:
- name: Install WDK VSIX extension
win_command: '"C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\VSIXInstaller.exe" /quiet /admin "{{ wdk_vsix_dir }}\WDK.vsix"'
I think the error is around the Windows Driver Kit and all the Spectre components that are missing. Sadly I don't have the time to continue looking at it right now, so if anyone wants to continue this.
Hi @zeropio
I can confirm here that my latest work on #48 installs the Vsix folder:
And the vulnerable driver compilation works again with msbuild.
I'll just go ahead and merge this PR. Can you confirm that it works on your side as well ?
Thanks !
Hey @Wenzel !
I can build the machine but I can't compile the driver, I think this error may be because VSIX is not installed? As far as I know, this error should only appear if WDK or Windows Driver Kit is not installed.
I got the error while running make provision_driver, the error is:
error C1083: Cannot open include file: 'ntddk.h': No such file or directory
Full output:
(.venv) zeropio@kafl:~/kAFL/kafl/examples/windows_x86_64$ make provision_driver
make[1]: Entering directory '/home/zeropio/kAFL/kafl/examples/windows_x86_64'
mkdir -p bin/{userspace,driver}
x86_64-w64-mingw32-gcc src/userspace/selffuzz_test.c -I ../ -o bin/userspace/selffuzz_test.exe -Wall -mwindows
x86_64-w64-mingw32-gcc src/driver/vuln_test.c -I ../ -o bin/driver/vuln_test.exe -Wall -lntdll -lpsapi
vagrant snapshot restore 'ready_provision'
[fog][WARNING] Unrecognized arguments: libvirt_ip_command
==> vagrant-kafl-windows: Restoring the snapshot 'ready_provision'...
TARGET_HARNESS='driver' vagrant provision
[fog][WARNING] Unrecognized arguments: libvirt_ip_command
==> vagrant-kafl-windows: Running action triggers after provision ...
==> vagrant-kafl-windows: Running trigger...
==> vagrant-kafl-windows: Provisioning
vagrant-kafl-windows: Running local: Inline script
vagrant-kafl-windows: bash -c 'source ../venv/bin/activate && ./setup_target.sh -e target_harness=driver'
vagrant-kafl-windows: [fog][WARNING] Unrecognized arguments: libvirt_ip_command
vagrant-kafl-windows:
vagrant-kafl-windows:
vagrant-kafl-windows: PLAY [Setup target] ************************************************************
vagrant-kafl-windows:
vagrant-kafl-windows: TASK [Gathering Facts] *********************************************************
vagrant-kafl-windows:
vagrant-kafl-windows: ok: [192.168.122.184]
vagrant-kafl-windows:
vagrant-kafl-windows: TASK [Set default value for target_harness] ************************************
vagrant-kafl-windows:
vagrant-kafl-windows: skipping: [192.168.122.184]
vagrant-kafl-windows:
vagrant-kafl-windows: TASK [Upload binaries] *********************************************************
vagrant-kafl-windows:
vagrant-kafl-windows: changed: [192.168.122.184]
vagrant-kafl-windows:
vagrant-kafl-windows: TASK [Setup userspace target to run at user login] *****************************
vagrant-kafl-windows:
vagrant-kafl-windows: skipping: [192.168.122.184]
vagrant-kafl-windows:
vagrant-kafl-windows: TASK [Upload vuln driver sources] **********************************************
vagrant-kafl-windows:
vagrant-kafl-windows: ok: [192.168.122.184]
vagrant-kafl-windows:
vagrant-kafl-windows: TASK [Compile driver with MSBuild] *********************************************
vagrant-kafl-windows:
vagrant-kafl-windows: fatal: [192.168.122.184]: FAILED! => changed=true
vagrant-kafl-windows: cmd: '"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat" && msbuild'
vagrant-kafl-windows: delta: '0:00:03.858720'
vagrant-kafl-windows: end: '2025-02-26 01:40:06.373649'
vagrant-kafl-windows: msg: non-zero return code
vagrant-kafl-windows: rc: 1
vagrant-kafl-windows: start: '2025-02-26 01:40:02.514928'
vagrant-kafl-windows: stderr: ''
vagrant-kafl-windows: stderr_lines: <omitted>
vagrant-kafl-windows: stdout: |-
vagrant-kafl-windows: **********************************************************************
vagrant-kafl-windows: ** Visual Studio 2022 Developer Command Prompt v17.12.4
vagrant-kafl-windows: ** Copyright (c) 2022 Microsoft Corporation
vagrant-kafl-windows: **********************************************************************
vagrant-kafl-windows: [vcvarsall.bat] Environment initialized for: 'x64'
vagrant-kafl-windows: MSBuild version 17.12.12+1cce77968 for .NET Framework
vagrant-kafl-windows: Build started 2/25/2025 5:40:05 PM.
vagrant-kafl-windows:
vagrant-kafl-windows: Project "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.sln" on node 1 (default targets).
vagrant-kafl-windows: ValidateSolutionConfiguration:
vagrant-kafl-windows: Building solution configuration "Debug|x64".
vagrant-kafl-windows: Project "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.sln" (1) is building "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.vcxproj" (2) on node 1 (default targets).
vagrant-kafl-windows: PrepareForBuild:
vagrant-kafl-windows: Structured output is enabled. The formatting of compiler diagnostics will reflect the error hierarchy. See https://aka.ms/cpp/structured-output for more details.
vagrant-kafl-windows: InitializeBuildStatus:
vagrant-kafl-windows: Touching "kAFL vul.C64F5645\x64\Debug\kAFL vul.C64F5645.tlog\unsuccessfulbuild".
vagrant-kafl-windows: ClCompile:
vagrant-kafl-windows: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.42.34433\bin\HostX64\x64\CL.exe /c /ZI /JMC /nologo /W1 /WX- /diagnostics:column /Od /Gm- /EHsc /RTC1 /MDd /GS /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /Fo"kAFL vul.C64F5645\x64\Debug\\" /Fd"kAFL vul.C64F5645\x64\Debug\vc143.pdb" /external:W1 /Gd /TC /FC /errorReport:queue driver.c
vagrant-kafl-windows: driver.c
vagrant-kafl-windows: C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\driver.c(7,10): error C1083: Cannot open include file: 'ntddk.h': No such file or directory [C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.vcxproj]
vagrant-kafl-windows: Done Building Project "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.vcxproj" (default targets) -- FAILED.
vagrant-kafl-windows: Done Building Project "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.sln" (default targets) -- FAILED.
vagrant-kafl-windows:
vagrant-kafl-windows: Build FAILED.
vagrant-kafl-windows:
vagrant-kafl-windows: "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.sln" (default target) (1) ->
vagrant-kafl-windows: "C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.vcxproj" (default target) (2) ->
vagrant-kafl-windows: (ClCompile target) ->
vagrant-kafl-windows: C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\driver.c(7,10): error C1083: Cannot open include file: 'ntddk.h': No such file or directory [C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\kAFL vulnerable driver.vcxproj]
vagrant-kafl-windows:
vagrant-kafl-windows: 0 Warning(s)
vagrant-kafl-windows: 1 Error(s)
vagrant-kafl-windows:
vagrant-kafl-windows: Time Elapsed 00:00:01.26
vagrant-kafl-windows: stdout_lines: <omitted>
vagrant-kafl-windows:
vagrant-kafl-windows: PLAY RECAP *********************************************************************
vagrant-kafl-windows: 192.168.122.184 : ok=3 changed=1 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
vagrant-kafl-windows:
vagrant-kafl-windows:
==> vagrant-kafl-windows: Trigger run failed
==> vagrant-kafl-windows: A script exited with an unacceptable exit code 2.
A script exited with an unacceptable exit code 2.
make[1]: *** [Makefile:28: provision_driver] Error 1
make[1]: Leaving directory '/home/zeropio/kAFL/kafl/examples/windows_x86_64'
I tried installing VSIX in the playbook.yml, but even after checking the path to the VSIX file is correct I get an error (Non zero return).
Thanks for the feedback.
I'm confused as to why the Windows driver kit was not found.
Can you confirmed that you are using my feature branch on #48 and rebuilt the VM from scratch, as well as cleaned up the previous kafl-windows vagrant box ?