winafl icon indicating copy to clipboard operation
winafl copied to clipboard
verified publisher icon googleprojectzero

Binary OK in drrun - fails in afl-fuzz.exe (nudge operation failed, verify permissions and parameters)

Open MrMacG opened this issue 5 years ago • 0 comments

Hi, Trying to fuzz a binary. It runs fine in drrun: C:\dynamorio\bin64\drrun.exe -c C:\winafl\build64\bin\Release\winafl.dll -debug -coverage_module binary.exe -target_module binary.exe -target_offset 0x293c -fuzz_iterations 10 -nargs 4 -- binary.exe test1.txt test2.txt /M

output:

Module loaded, dynamorio.dll Module loaded, winafl.dll Module loaded, drx.dll Module loaded, drreg.dll Module loaded, drmgr.dll Module loaded, drwrap.dll Module loaded, binary.exe Module loaded, ulib.dll Module loaded, KERNELBASE.dll Module loaded, KERNEL32.dll Module loaded, msvcrt.dll Module loaded, ntdll.dll Instrumenting binary.exe with the 'bb' mode Module loaded, FSUTILEXT.dll In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler In pre_fuzz_handler In post_fuzz_handler Everything appears to be running normally. Coverage map follows:

And then when I try to fuzz it with: C:\winafl\build64\bin\Release>afl-fuzz.exe -i in -o out -D C:\dynamorio\bin64 -t 10000+ -- -target_module binary.exe -coverage_module binary.exe -target_offset 0x293c -nargs 4 -- binary.exe @@ test2.txt /M (/M is a target switch, tried with and without)

I get:

WinAFL 1.16b by [email protected] Based on AFL 2.43b by [email protected] [+] You have 4 CPU cores and 0 runnable tasks (utilization: 0%). [+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt. [] Checking CPU core loadout... [+] Found a free CPU core, binding to #0. [+] Process affinity is set to 1. [] Setting up output directories... [+] Output directory exists but deemed OK to reuse. [] Deleting old session data... [+] Output dir cleanup successful. [] Scanning 'in'... [+] No auto-generated dictionary tokens to reuse. [] Creating hard links for all input files... [] Attempting dry run with 'id_000000'... process 7736 is not running under DR [!] WARNING: Test case results in a timeout (skipping) [-] PROGRAM ABORT : All test cases time out, giving up! Location : perform_dry_run(), C:\winafl\afl-fuzz.c:3111 0 processes nudged nudge operation failed, verify permissions and parameters.

WinAFL version WinAFL 1.16b DynamoRIO version 8.0.0-1 Windows 10 version 2004 (Build 19041.630)

I have tried to increase timeout as well. I've tried to change syntax multiple times, but I can't seem to find the issue.

Any ideas?

Thanks in advance

MrMacG avatar Nov 26 '20 11:11 MrMacG