grinder
grinder copied to clipboard
stephenfewer
any problem with grinder_logger.dll?? FF and IE not running. CM is ok...
I don't know if this is a good moment to open a new issue, given the known trouble with symbols after the updates, especially on IE.
I just set up a node with Windows 7 x86 SP1 fully updated. And there are the versions of the browsers tried:
- Chrome 38.0.2125.122 m
- IE9, IE10 and IE11 (yes i have also tried different versions)
- Firefox 33.1
The grinder versions is 0.6dev. But i also tried 0.5 and 0.4 with the same results. And i just tried the SimpleExample fuzzer to avoid logs' issues.
My config file has the next values (./node/config.rb):
-
$webstats_baseurl = nil #I want to solve the node issue firstly. ...
-
$symbols_dir = "C:\symbols" #Directory is correctly created. Previous symbols deleted btw.
And the configuration looks well when is fuzzing Chrome. The hooking is done and the logs are being written to the log path (.../Temp/Low/).
This is the output fuzzing firefox:
.... [+D+] Resolved mozjs!num_parseFloat @ 0x6A623330 [-D-] Unable to resolved mozjs!js_strtod [+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000 [+D+] Resolved mozjs!num_parseFloat @ 0x6A623330 [-D-] Unable to resolved mozjs!js_strtod [+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000 [+D+] Resolved mozjs!num_parseFloat @ 0x6A623330 [-D-] Unable to resolved mozjs!js_strtod [+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000 [+D+] Resolved mozjs!num_parseFloat @ 0x6A623330 [-D-] Unable to resolved mozjs!js_strtod [+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000 [+D+] Resolved mozjs!num_parseFloat @ 0x6A623330 [-D-] Unable to resolved mozjs!js_strtod [+D+] mozjs.dll DLL loaded into process 5908 @ 0x6A410000 [+D+] Resolved mozjs!num_parseFloat @ 0x6A623330 [-D-] Unable to resolved mozjs!js_strtod ... (Repeat this) ...
And this is again IE:
[+G+] Starting at 2014-11-14 18:39:12 [+G+] Using the config file 'config'... [+G+] Bringing up Grinder node 'G1' with ruby 1.9.3 (32-bit)... [+G+] Started the Grinder continue process 3400 [+S+] Starting at 2014-11-14 18:39:14 [+S+] Adding fuzzer 'SimpleExample' to the testcase server [+S+] Testcase server running on 127.0.0.1:8080 [+G+] Started the Grinder server process 7852 [+G+] Started the Grinder debugger process 2460 [+D+] Starting at 2014-11-14 18:39:18 [+D+] Using the symbol path 'SRV_C:\symbols_http://msdl.microsoft.com... [+D+] Running 'C:\Program Files\Internet Explorer\iexplore.exe' [+D+] Attached debugger to new 32-bit process 2248. ...No more command-line outputs...
IE9, IE10 and IE11 give me the same output. The attaching is done but the hooking never is reached.
I have just been trying to understand how the affected code works. If i'm not wrong the control flow will be, on IE for ex:
- ./node/grinder.rb -> ./node/browser/internetexplorer.rb -> .node/debug/debugger.rb = Line 390: loaders call.
I have added a line to ./node/browser/internetexplorer.rb on line 62: print_status("Here..."). Firefox and chrome reaches this point. But IE not.
Is it possible to be an issue related to the lastest tuesday patches?? I mean, related to the symbols servers? Checking the symbol dir, there are symbols for chrome and firefox, but none of MS.
At least the issue was solved on IE. I will leave my mistake/solution for interested people.
The problem was not related to the symbols servers for IE as i thought. While i was surfing on the code, i saw some checks about the broker process (in order to avoid the attaching done there) and i remembered that my IE was configured for working as single process ( TabProcGrowth = 0). Restoring the broker process solved the issue.
This may should be noted somewhere at "Troubleshooting Grinder logging failure". IE running as single process will stop before of launching the logger hooks. So the attacher will work but the logger not.
I will give more tries on firefox 33.1 but if somebody could check if this concrete version works for him would be great... What are you using nightly builds?
By the way, as a new user of grinder that i am, thanks for this awesome fuzzing framework :-)
cheers,
Any progress on this report on the Firefox side? I have run into the same issue, getting 'Unable to resolved mozjs!js_strtod'.
I'm running FF 34.0.5 on Win 7 Enterprise inside VirtualBox.
Seems that the stubs need to be updated for both Chrome and Firefox. If you're seeing this error on IE, it's likely due to missing or outdated symbols.
If anyone has already updated the stubs for Chrome or Firefox, would you mind submitting a patch?
grinder is working for me on IE11 @ windows 8.1 64bit without any problem
On 1 February 2015 at 19:55, Santhosh Kumar [email protected] wrote:
still running on the Same issue on IE 11 windows 8.1
— Reply to this email directly or view it on GitHub https://github.com/stephenfewer/grinder/issues/50#issuecomment-72370146.
I also have problems with the logger. IE8 on WIn7. Anybody used this configuration and got it working? I've tried to hack it myself but it's crazy....
solved the problem with symbols. When it reaches these lines (674-677) in debugger.rb:
if( use_logger?( e.pid ) )
lfile = logger_file( e.pid )
shouldn't It have already written the log file in the low directory?? I don't have the log file there, therefore there is nothing to copy in the log dir. Thanks!
where's the file in the LOW integrity folder actually written? IE doesn't run as single process I can see the broker process running fine at Medium integrity.
to answer that please consult your node config file: https://github.com/stephenfewer/grinder/blob/master/node/config.rb
the $logger_dir variable sets that, and its by default in 'C:\Users
%USERNAME%\AppData\Local\Temp\Low'
On 28 June 2015 at 00:51, am06 [email protected] wrote:
where's the file in the LOW integrity folder actually written? IE doesn't run as single process I can see the broker process running fine at Medium integrity.
— Reply to this email directly or view it on GitHub https://github.com/stephenfewer/grinder/issues/50#issuecomment-116140098 .
oh yeah, sorry I ment the code...... I knew about the location of that file as I said above nothing is written there.....therefore nothing is copied in my crashes folder(just the crash no log). For some reason the logger.dll doesn't write anything there.....not sure how to debug it. I'll do some more checks today.
any ideas where should I start with this? Where should I start checking why my log file isn't written in LOW folder?
since your config file points to the LOW foulder then it is not a access permission problem, otherwise you will need to "icacls.exe $yourLogDir /setintegritylevel low"
then the problem might be in your:-
- fuzzer (try to use the standard fuzzer coming with grinder ie: SimpleExample.html https://github.com/stephenfewer/grinder/blob/master/node/fuzzer/SimpleExample.html ).
- browser version that is not supported (i am working with IE11@win7-32bit and its working great).
test these two potential root causes and let us know.
found a bug
if( use_logger?( e.pid ) )
lfile = logger_file( e.pid )
# If we don't have a log file for this PID, try to use the last modified log file.
# This is a last ditch effort in case the crash occurred in a separate process
# than the one being fuzzed. E.G. a Chrome GPU process crashes due to fuzzing in
# the renderer. YMMV.
puts("lfile 1 is " + lfile.to_s)
if( not ::File.exists?( lfile ) )
lfile = ::Dir.glob( gen_logger_filename( "*" ) ).max_by { | f | ::File.mtime( f ) }
end
puts("lfile 2 is" + lfile.to_s)
log_data = e.save_log( lfile )
if( not log_data )
print_error( "Failed to save the log file." )
end
end
First time it will crash it will not log anything . Lfile1 doesn't exist as you can see below, the log dir is empty so lfile2 is ""
Crash!! debugger Exc lfile 1 is C:\Users\Fuzzer\AppData\Local\Temp\Low\logger_212.xml lfile 2 is [-D-] Error, unable to save the log file '' (can't convert nil into String) [-D-] Failed to save the log file. Log (crash_data, log_data) [D] [D] Caught a Read Access Violation in IE8 process 212 at 2015-06-29 21:47:45 with a crash hash of 2A3784F1.A55894B0 Add crash #Net::HTTPOK:0x1a64300 [D] Posted crash to '192.168.1.67/fuzzer/status.php'
I suspect logger.dll has some problems first time when it's trying to write in the "Low" folder....grinder can't find the file therefore it can't copy it....
i can see from the log above that you are using IE8 (Read Access Violation in IE8 process), and to my knowledge, Grinder DOSE NOT support IE8.
Ie8 64 bit doesnt support. 32 bit should work. what settings are you using for ie11? I imagine you disable memoryprotector and maybe other stuff....thanks
nothing special with IE11, normal settings, and yes, memory protector is disabled, as well page heap is enabled.
i installed IE 11, tested some public poc's now It doesn't crash:(.....uninstalled all updates, still nothing..... can you tell me please a poc that I could test against IE11 to see that it works? Thanks!
unfortunately i do not have a case that i can share in hand, however you can call logger.debugbreak() to trigger an access violations as per https://github.com/stephenfewer/grinder/blob/master/node/data/logging.js
cheers man, that seems to crash it:) however it doesn't log anything other than this line: logger.log( "// we are now begining to fuzz...", "grind", 1 );.....wierd.
in the xml file produced, you should not see the "logger.log" part, it should be whats inside the logger.log(XYZ) call, meaning XYZ
oh, yeah I know that, those were the lines from my POC file. anyway, It works now, there was a problem with the POC.....I've rewritten it simpler and it works now, don't know what the problem was.