winafl icon indicating copy to clipboard operation
winafl copied to clipboard
verified publisher icon googleprojectzero

PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'

Open hooki opened this issue 6 years ago • 8 comments

afl-fuzz.exe` -D ........\DynamoRIO\bin32 -t 50000+ -i in -o out -- -target_module [ProgramPath].exe -target_offset 0x16fe4c -nargs 2 -- "[ProgramPath]" -E @@ C:\Users[USER]\Downloads

[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'

     Location : run_target(), c:\users\blackcow1987\downloads\fuzzing\winafl-master\afl-fuzz.c:2651

drrun.exe -version drrun version 7.1.0 -- build 1

OS Version Windows 10 Home(x64)

drrun.exe works normally, and I have confirmed that the coverage data is output.

hooki avatar May 12 '19 08:05 hooki

This could mean one of 2 things.

  • If we assume the instrumentation is working correctly, the message can be interpreted as "the target crashed before reaching the target function" and it could mean that one of your input samples is causing a crash, but the crash happened before the target function was reached.

  • Alternately, it could be interpreted as "there was an issue with the instrumentation that caused the target to crash". I've heard some reports that this happens more often on Windows 10 v1809, so if you are running that version you might try on an older windows version or running Windows inside a VM as I've heard this resolved similar issues for some people.

ifratric avatar May 13 '19 09:05 ifratric

@ifratric

According to the analysis of the winafl.c, if the ACCESS_VIOLATION exception occurs before the target_offset is executed, the log message like the above appears.

Can I pass an exception to the application that occurred before target_offset was executed?

hooki avatar May 14 '19 05:05 hooki

@ifratric

The solution I chose is to pass the exception that occurred at the specified address to the application.

static bool
onexception(void *drcontext, dr_exception_t *excpt) {
    DWORD exception_code = excpt->record->ExceptionCode;

    if(options.debug_mode)
        dr_fprintf(winafl_data.log, "Exception caught: %x\n", exception_code);

    if((exception_code == EXCEPTION_ACCESS_VIOLATION) ||
       (exception_code == EXCEPTION_ILLEGAL_INSTRUCTION) ||
       (exception_code == EXCEPTION_PRIV_INSTRUCTION) ||
       (exception_code == EXCEPTION_INT_DIVIDE_BY_ZERO) ||
       (exception_code == STATUS_HEAP_CORRUPTION) ||
       (exception_code == EXCEPTION_STACK_OVERFLOW) ||
       (exception_code == STATUS_STACK_BUFFER_OVERRUN) ||
       (exception_code == STATUS_FATAL_APP_EXIT)) {
            if(options.debug_mode) {
                dr_fprintf(winafl_data.log, "crashed addr:%p\n", excpt->record->ExceptionAddress);
				if (0x0040bd7f == (DWORD)excpt->record->ExceptionAddress || 0x0091306a == (DWORD)excpt->record->ExceptionAddress)
					return true;
            } else {

hooki avatar May 14 '19 08:05 hooki

@hooki did you solve this issue? I'm getting the same thing.

shuidixu avatar Nov 07 '19 18:11 shuidixu

Having the same issue on Win7-x64, 32 bit version of latest WinAFL and DynamoRIO 7.1 (tried also other DRIO versions as well)

WinAFL 1.16b by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 4 CPU cores and 0 runnable tasks (utilization: 0%).
[+] Try parallel jobs - see docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.

[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'c:\users\test\Desktop\in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...

[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'

         Location : run_target(), c:\users\test\desktop\winafl-master\afl-fuzz.c:2651

uf0o avatar Nov 12 '19 12:11 uf0o

Hello, anyone solved this issue? I got this problem too on win10 OS.

GeneBlue avatar Nov 21 '19 02:11 GeneBlue

Hello, I get the issue too. This is my solution: put winafl-cmin.py winafl.dll and other winafl program in the same directory as your test program.

test winafl-cmin.py

python winafl-cmin.py -D D:\Dropbox\fuzzing\DynamoRIO\bin64 -t 20000 -i  D:\Dropbox\fuzzing\test\input  -o D:\Dropbox\fuzzing\test\minset -covtype edge -coverage_module user32.dll -target_module TestLoadSimple.exe -target_offset 0x11910 -nargs 2 -v -- TestLoadSimple.exe @@

test afl-fuzz.exe

afl-fuzz.exe -i D:\Dropbox\fuzzing\test\minset -o output -M master -D D:\Dropbox\fuzzing\DynamoRIO\bin64 -t 20000 -- -coverage_module user32.dll -target_module TestLoadSimple.exe -target_offset 0x11910 -nargs 2 -- TestLoadSimple.exe @@

And I compile winafl without intel-pt

xinali avatar Dec 24 '19 03:12 xinali

Hi Team! I'm having the same issue across different OS... DynamoRIO instrumentation worked but WinAFL just keep failing...

hdbreaker avatar Feb 25 '22 20:02 hdbreaker