winafl icon indicating copy to clipboard operation
winafl copied to clipboard

Published 20 hours ago verified publisher icon googleprojectzero

Intel PT error

Open Mizari opened this issue 3 years ago • 4 comments

Hello! I'm getting invalid parameter (getlasterror == 0x57) while trying to fuzz with IPT. The error happens here https://github.com/googleprojectzero/winafl/blob/master/winaflpt.c#L1455 Debugging showed me, that device is opened correctly at https://github.com/ionescu007/winipt/blob/master/libipt/win32.c#L267 but DeviceIoControl fails at https://github.com/ionescu007/winipt/blob/master/libipt/win32.c#L276.

I am running under admin privileges Windows version 1909, 18363.1256 Earlier fuzzing was running OK, did something change? I tried old version and new, same thing happens

Mizari avatar Feb 08 '21 04:02 Mizari

Hmm not sure why it fails on 1909, but I know on later versions (2004 and above) there was an issue that was fixed in WinIPT in https://github.com/ionescu007/winipt/pull/10. Note also that WinIPT version in WinAFL repo is out-of-date and should be updated.

ifratric avatar Feb 08 '21 09:02 ifratric

Using current winipt and libipt submodules did not solve the ipt tracing error

Mizari avatar Feb 09 '21 05:02 Mizari

If you get WinIPT from https://github.com/ionescu007/winipt and build and run it standalone (without WinAFL), do you still get the same error?

ifratric avatar Feb 09 '21 10:02 ifratric

Yes, I got it there, didnt help. BUT Turns out the trace_size I gave is too big (0x1000000), the exact same trace_size earlier was fine. No idea what changed Should I close?

Mizari avatar Feb 09 '21 10:02 Mizari