Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzer timeout with custom test case dll #399

Open
rmachnee opened this issue Jan 19, 2023 · 0 comments
Open

Fuzzer timeout with custom test case dll #399

rmachnee opened this issue Jan 19, 2023 · 0 comments

Comments

@rmachnee
Copy link

I created a custom dll for sending fuzz over the network to my target. I can see the target receiving the fuzz (through wireshark and also having the target prints results) however the winafl results in a timeout. Below is the command line and result.

C:\winafl-master\build32\bin\Release>afl-fuzz.exe -d -l C:\Dll1\Dll1.dll -i in -o outdec -D C:\winafl-master\DynamoRIO-Windows-9.0.1\bin32 -t 20000 -- -coverage_module FakeIPMSWin.exe -target_offset 0x400 -fuzz_iterations 5000 -- FakeIPMSWin.exe
WinAFL 1.16b by <[email protected]>
Based on AFL 2.43b by <[email protected]>
Loading custom winAFL server library
dll_init is defined.
dll_run_ptr is defined.
dll_run_target isn't defined.
dll_write_to_testcase isn't defined.
dll_mutate_testcase isn't defined.
dll_trim_testcase isn't defined.
dll_mutate_testcase_with_energy isn't defined.
Sucessfully loaded and initalized
[+] You have 2 CPU cores with average utilization of 5%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...

1 processes nudged

[-] The program took more than 20000 ms to process one of the initial test cases.
    In WinAFL, this error could also mean incorrect instrumentation params.
    Please make sure instrumentation runs correctly using the debug mode
    (see the README) before attempting to run afl-fuzz.

[-] PROGRAM ABORT : Test case 'id_000000' results in a timeout
         Location : perform_dry_run(), C:\winafl-master\afl-fuzz.c:3232

afl-fuzz.c:3232 directly me to the dry run but I dont see other possible debugging information.

I have also run with -debug where I sent the messages from an independent source as I am not sure if -debug has a networking mode

drrun.exe -c C:\winafl-master\build32\bin\Release\winafl.dll -debug -target_module C:\winafl-master\build32\bin\Release\FakeIPMSWin.exe -target_offset 0x400 -fuzz_iterations 10 -nargs 1 -- C:\winafl-master\build32\bin\Release\FakeIPMSWin.exe

Module loaded, FakeIPMSWin.exe
Module loaded, drwrap.dll
Module loaded, drmgr.dll
Module loaded, dynamorio.dll
Module loaded, drreg.dll
Module loaded, drx.dll
Module loaded, winafl.dll
Module loaded, RPCRT4.dll
Module loaded, WS2_32.dll
Module loaded, KERNELBASE.dll
Module loaded, KERNEL32.dll
Module loaded, ntdll.dll
Module loaded, MSWSOCK.dll
In recvfrom
In recvfrom
In recvfrom
In recvfrom
In recvfrom
In recvfrom
In recvfrom

Wondering if any one has come across a similar issue or has some insight into what the cause could be?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rmachnee