googleprojectzero
[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'
Pre:
- windows11
- latest dynamrio
- latest winafl
dynamrio build according: https://dynamorio.org/page_building.html
$ git clone --recurse-submodules -j4 https://github.com/DynamoRIO/dynamorio.git
# Make a separate build directory. Building in the source directory is not
# supported.
$ cd [dynamorio](https://dynamorio.org/namespacedynamorio.html) && mkdir build && cd build
# Configure using cmake. Pass in the path to your source directory.
$ cmake -G"Visual Studio 16" -A x64 ..
# Build from the command line. Alternatively, open ALL_BUILD.vcproj in Visual
# Studio and build from there. You must pass --config to work around a cmake
# bug. (http://www.cmake.org/Bug/view.php?id=11830)
$ cmake --build . --config RelWithDebInfo
At first check drrun.exe work whether or not
.\afl-fuzz.exe -i in -o out -D D:\source\dynamorio\build64_vs16\bin64 -t 20000 -- -coverage_module gdiplus.dll -coverage_module WindowsCodecs.dll -fuzz_iterations 5000 -target_module test_gdiplus.exe -target_offset 0x10e0 -nargs 2 -- test_gdiplus.exe @@
afl.test_gdiplus.exe.135200.0000.proc.log seems work success.
Module loaded, dynamorio.dll
Module loaded, winafl.dll
Module loaded, drx.dll
Module loaded, drreg.dll
Module loaded, drmgr.dll
Module loaded, drwrap.dll
Module loaded, test_gdiplus.exe
Module loaded, gdiplus.dll
Module loaded, VCRUNTIME140.dll
Module loaded, gdi32full.dll
Module loaded, win32u.dll
Module loaded, msvcp_win.dll
Module loaded, ucrtbase.dll
Module loaded, KERNELBASE.dll
Module loaded, USER32.dll
Module loaded, GDI32.dll
Module loaded, RPCRT4.dll
Module loaded, IMM32.dll
Module loaded, KERNEL32.dll
Module loaded, msvcrt.dll
Module loaded, combase.dll
Module loaded, ntdll.dll
In pre_fuzz_handler
Module loaded, UxTheme.dll
Module loaded, MSCTF.dll
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
In pre_fuzz_handler
In post_fuzz_handler
Everything appears to be running normally.
Coverage map follows:
But when I test afl-fuzz.exe , the program abort
D:\source\winafl\build64_vs2019\bin\Release>.\afl-fuzz.exe -i in -o out -D D:\source\dynamorio\build64_vs16\bin64 -t 20000 -- -coverage_module gdiplus.dll -coverage_module WindowsCodecs.dll -fuzz_iterations 5000 -target_module test_gdiplus.exe -target_offset 0x10e0 -nargs 2 -- test_gdiplus.exe @@
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 18 CPU cores with average utilization of 6%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'
Location : run_target(), D:\source\winafl\afl-fuzz.c:2920
Do I need provided more information ?
I search the same error information in issues list, But cant resolve my problem.
It seems there are some issues with DynamoRIO on the latest windows where calling some Windows API functions (e.g. OpenFileMapping which is needed for coverage map) results in the process crashing.
Until this is fixed, I recommend switching to TinyInst mode, see https://github.com/googleprojectzero/winafl/blob/master/readme_tinyinst.md Note that some flags in TinyInst mode have slightly different names.
It seems there are some issues with DynamoRIO on the latest windows where calling some Windows API functions (e.g.
OpenFileMappingwhich is needed for coverage map) results in the process crashing.Until this is fixed, I recommend switching to TinyInst mode, see https://github.com/googleprojectzero/winafl/blob/master/readme_tinyinst.md Note that some flags in TinyInst mode have slightly different names.
Thank you for your reply, it seems to be working after switching to TingInst.
Is this still not fixed? I can't get past it
c:\Tools\winafl\build64\bin\Release>afl-fuzz.exe -i c:\tmp\input -o c:\tmp\output -D C:\DynamoRIO-Windows-11.90.20322\DynamoRIO-Windows-11.90.20322\bin64 -t 20000 -- -target_module test.exe -coverage_module test.exe -target_offset 0x1000 -fuzz_iterations 5000 -nargs 2 -- test.exe @@
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 20 CPU cores with average utilization of 17%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'c:\tmp\input'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'
Location : run_target(), C:\Tools\winafl\afl-fuzz.c:2920
Dry run works
c:\Tools\winafl\build64\bin\Release>c:\DynamoRIO-Windows-11.90.20322\DynamoRIO-Windows-11.90.20322\bin64\drrun.exe -c winafl.dll -debug -coverage_module test.exe -target_module test.exe -target_offset 0x1000 -fuzz_iterations 10 -nargs 2 -- test.exe c:\tmp\input\test.jpg Error 1 Error 1 Error 1 Error 1 Error 1 Error 1 Error 1 Error 1 Error 1 Error 1
