Ivan Fratric

It isn't practical to take an absolute address because, due to ASLR, it's going to change each time the OS is rebooted and potentially even for each run. There is...

Such errors usually indicate either incorrect usage or incompatibility between the target and DynamoRIO. To diagnose the first type of issue, use debug mode as explained in https://github.com/googleprojectzero/winafl/blob/master/readme_dr.md For the...

Ah, sorry, I see this is an error already with the Debug mode. Would try TinyInst and see if that runs without issues.

Unfortunately, neither WinAFL nor (AFAIK) DynamoRIO currently support Windows on ARM.

Nothing comes to mind off the top of my head. Jackalope (my other fuzzer) has support for ARM64 coverage, but so far this is only being used on MacOS with...

Please see https://github.com/googleprojectzero/winafl/blob/master/readme_dr.md#:~:text=Example%20command%20line%3A&text=Example%20command%20line%3A for an example using the debug mode. It's used by invoking drrun.exe directly, not using afl-fuzz.exe.

For fuzzing Windows services, you most likely want to use "Attach" functionality, see https://github.com/googleprojectzero/winafl#attaching-to-a-running-process

The process does not need to exit in order to get coverage. WinAFL collects coverage when the target_method exits, not the process.

Hmm, IIRC afl-fuzz will mute output by default, but running DynamoRIO with winafl.dll directly should not. Does switching to latest DynamoRIO from https://github.com/DynamoRIO/dynamorio/releases help? Note: You might need to rebuild...

The only thing I notice is that in afl-fuzz command line, you use `target` instead of `target.exe`. One thing you might try is using TinyInst instead of DynamoRIO instrumentation. TinyInst...