winafl_cmin.py stuck at [*] Testing the target binary

[SebastianVoigt]

I compiled WinAfl (1.17) with TinyInst on same machine, where fuzzing is executed. Fuzzing itself works well.

For corpus minimization I called: python winafl-cmin.py -Y -t 1000 -i origin_test_data -o minimized -covtype edge -coverage_module mymod.dll -target_module myharness.exe -target_method main -nargs 2 -- myharness.exe "@@"

Even after one day it still shows:

corpus minimization tool for WinAFL by <[email protected]>
Based on WinAFL by <[email protected]>
Based on AFL by <[email protected]>
[+] CWD changed to C:\fuzzing\***\bin.
[+] Dynamorio-less mode is enabled.
[*] Testing the target binary...

Should the minimization work when TinyInst is used?

Beside that I also considered to implement my own minimization using afl-showmap:

.\afl-showmap.exe -Y -o ..\map.txt -t 5000 -e -- .\harness.exe ..\testdata\testfile.txt

The used file is very small. Here it hangs on Processing file.

Any ideas? DynamoRio instrumentation isn't working at all for me.

Update: Did some more investigations with afl-showmap:

It could be a deadlock. There are two threads. One is not returning from afl_showmap!create_target_process, when calling ConnectNamedPipe. The second is not returning from afl_showmap!ILT+275(watchdog_timer) on CloseHandle

Thanks, Sebastian

[ifratric]

AFAIK, winafl_cmin doesn't currently work with TinyInst. If you would like to do corpus minimization with TinyInst, then I suggest using Jackalope with the -dry_run flag, where the out/samples directory will contain the minimized corpus after the dry run.