googleprojectzero
Add Support for fuzzing by attaching to running processes on Windows.
I have made some changes to Jackalope that allow someone to fuzz processes that are already running on the system by attaching to them. The current limitations of this new mode are that it only supports file delivery and single threads. The reason for only supporting one thread is that attaching multiple threads to the same process to fuzz results in unreliable. I also plan to add a recovery_script option to this mode which allows the user to specify a script that can be used to restart the running process to a fresh state. Currently, I have tested this mode on processes that have an automatic restart feature after each time they are killed, so I didn't need the recovery_script option. Please let me know if you have any questions or concerns about my commit.
To support this new mode, I needed to make some minor changes to TinyInst as well. Those changes are in a separate pull request on that repository.
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
![google-cla[bot] avatar](https://avatars.githubusercontent.com/in/42202?v=4 "Published by a pub.dev verified publisher"){kind=small}
I have updated my commit with some of the code that used to be in the Tinyinst repository. I have tested the tool and it works pretty well with some of the targets. Let me know if there is anymore work needed to be done. Note: there is some redundancy of code involving process_name in both fuzzer.cpp and tinyinstrumentation.cpp. I wasn't able to move that code outside of fuzzer.cpp because I need that code to set the number of threads to one, which only happens in fuzzer.cpp. When attaching to processes and getting coverage, I've found that the coverage and stability of the target is only really stable when only one thread is attached to it.