Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trying to fuzz 7z using Winnie #14

Open
omkarbhat1995 opened this issue Dec 23, 2021 · 19 comments
Open

Trying to fuzz 7z using Winnie #14

omkarbhat1995 opened this issue Dec 23, 2021 · 19 comments

Comments

@omkarbhat1995
Copy link

I'm new to fuzzing and was trying to understand how your fuzzer works. When I try to Fuzz the 7z (trying to recreate on of the applications mentioned in the paper and I'm getting this error. Can you help me with it?
Also what did you put in the in folder? I tried using a location and a file I know exists should I be doing something else?

image
@stong
Copy link
Member

stong commented Dec 27, 2021
edited
Loading

Hi, could you please post the command line you used?

@omkarbhat1995
Copy link
Author

afl-fuzz -i in -o out -t 1000 -I 1000 -- -bbfile basicblocks.bb -- -harness harness.dll -no_minidumps -- 7z2106-x64.exe @@

@stong
Copy link
Member

stong commented Dec 30, 2021 via email
edited
Loading

@omkarbhat1995
Copy link
Author

I figured out the problem was in harness generation, when I try you Tracer.dll to create a harness I'm getting an error: Failure to map DLL ~\pin\source\tools\Tracer\x64\Release\Tracer.dll. I checked and the dll file is there. Do you know why that maybe be the case.

@Vulmatch
Copy link

I figured out the problem was in harness generation, when I try you Tracer.dll to create a harness I'm getting an error: Failure to map DLL ~\pin\source\tools\Tracer\x64\Release\Tracer.dll. I checked and the dll file is there. Do you know why that maybe be the case.

It's because you trying to trace 64 bit exe with 32 bit tracer or vice versa. Make sure the .exe and the tracer compiled in the same architecture.

@mineechor
Copy link

Can you tell me how to generate the harness(command)? Thank you very much!!!

@Vulmatch
Copy link

Can you tell me how to generate the harness(command)? Thank you very much!!!

I can't remember specifically what I did to successfully generate the harness code. I just followed their tutorial both in home directory and harnessgen folder.

@mineechor
Copy link

Can you tell me how to generate the harness(command)? Thank you very much!!!

I can't remember specifically what I did to successfully generate the harness code. I just followed their tutorial both in home directory and harnessgen folder.

Thanks

@KB-bit
Copy link

KB-bit commented Dec 23, 2022

Can you tell me how to generate the harness(command)? Thank you very much!!!

Have you successfully generated the harness? I encountered a problem:

File ".../harness/common.py", line 513, int typedef
assert mod
AssertionError

Have you encountered the similar problem?

@mineechor
Copy link

mineechor commented Dec 24, 2022
edited
Loading

@KB-bit Sorry, I didn't encounter the problem.

@KB-bit
Copy link

KB-bit commented Dec 26, 2022

@KB-bit Sorry, I didn't encounter the problem.

Can you tell me the cmd to generate the harness for toy_example.exe? I followed the tutorial in harnessgen folder , but I failed to generate the harness for toy_example.exe in "../winnie-master/samples/toy_example".

@mineechor
Copy link

@KB-bit .\pin.exe -t source/tools/Tracer/Release/Tracer.dll -logdir "cor1_1" -trace_mode "all" -only_to_target "toy_example.exe" -only_to_lib "example_library.dll" -- D:\2022\final\w2\winnie\samples\toy_example\Release\toy_example.exe D:\2022\final\w2\winnie\samples\toy_example\in\input
python synthesizer.py harness -t D:\2022\final\w2\winnie\harnessgen\lib\pin\cor1_1\drltrace.23944.log -d D:\2022\final\w2\winnie\harnessgen\lib\pin\cor1_1\memdump -s test -sample input

@KB-bit
Copy link

KB-bit commented Dec 27, 2022

@KB-bit .\pin.exe -t source/tools/Tracer/Release/Tracer.dll -logdir "cor1_1" -trace_mode "all" -only_to_target "toy_example.exe" -only_to_lib "example_library.dll" -- D:\2022\final\w2\winnie\samples\toy_example\Release\toy_example.exe D:\2022\final\w2\winnie\samples\toy_example\in\input python synthesizer.py harness -t D:\2022\final\w2\winnie\harnessgen\lib\pin\cor1_1\drltrace.23944.log -d D:\2022\final\w2\winnie\harnessgen\lib\pin\cor1_1\memdump -s test -sample input

Thank you so much : )

@mineechor
Copy link

@KB-bit Hello, have you figured it out? If so, can you share the result with me?

@ElaineYao
Copy link

Hello @KB-bit and @mineechor, I am writing to ask for your help with a similar issue that I'm facing. After running the command $ python3 synthesizer.py harness -t drltrace.PID.log -d memdump -s "test", I received the following outputs:

Traceback (most recent call last):
File "\path\to\winnie\harnessgen\synthesizer.py", line 147, in
main()
File "\path\to\winnie\harnessgen\synthesizer.py", line 135, in main
syn = SingleSynthesizer(args.trace_file, args.dump_dir,
File "\path\to\winnie\harnessgen\common.py", line 485, in init
self.defined_types, self.defined_funcs = self.typedef()
File "\path\to\winnie\harnessgen\common.py", line 518, in typedef
assert mod
AssertionError
exit status 1
I was wondering if you have some idea of why this is happening and the possible solutions. Any advice would be helpful. Thanks in advance!

@kirito999
Copy link

@KB-bit Hello, have you figured it out? If so, can you share the result with me?

hello, I meet this problem when I use the following command
python synthesizer.py harness -t lib\pin\cor1_1\drltrace.12064.log -d lib\pin\cor1_1\memdump -s test

And solve this problem when append "-sample path\input" as you say :)

but I don't see the argument of "-sample" in https://github.com/sslab-gatech/winnie/tree/master/harnessgen#one-trace
what's usage of this argument? like AFL's @@?

@kirito999
Copy link

Hello @KB-bit and @mineechor, I am writing to ask for your help with a similar issue that I'm facing. After running the command $ python3 synthesizer.py harness -t drltrace.PID.log -d memdump -s "test", I received the following outputs:

Traceback (most recent call last): File "\path\to\winnie\harnessgen\synthesizer.py", line 147, in main() File "\path\to\winnie\harnessgen\synthesizer.py", line 135, in main syn = SingleSynthesizer(args.trace_file, args.dump_dir, File "\path\to\winnie\harnessgen\common.py", line 485, in init self.defined_types, self.defined_funcs = self.typedef() File "\path\to\winnie\harnessgen\common.py", line 518, in typedef assert mod AssertionError exit status 1 I was wondering if you have some idea of why this is happening and the possible solutions. Any advice would be helpful. Thanks in advance!

maybe you can try $ python3 synthesizer.py harness -t drltrace.PID.log -d memdump -s "test" -sample input if you still paying attention to this paper :)

@ElaineYao
Copy link

Hello @KB-bit and @mineechor, I am writing to ask for your help with a similar issue that I'm facing. After running the command $ python3 synthesizer.py harness -t drltrace.PID.log -d memdump -s "test", I received the following outputs:
Traceback (most recent call last): File "\path\to\winnie\harnessgen\synthesizer.py", line 147, in main() File "\path\to\winnie\harnessgen\synthesizer.py", line 135, in main syn = SingleSynthesizer(args.trace_file, args.dump_dir, File "\path\to\winnie\harnessgen\common.py", line 485, in init self.defined_types, self.defined_funcs = self.typedef() File "\path\to\winnie\harnessgen\common.py", line 518, in typedef assert mod AssertionError exit status 1 I was wondering if you have some idea of why this is happening and the possible solutions. Any advice would be helpful. Thanks in advance!

maybe you can try $ python3 synthesizer.py harness -t drltrace.PID.log -d memdump -s "test" -sample input if you still paying attention to this paper :)

Thank you @kirito999 ! I'll try this out.

@De3mond
Copy link

De3mond commented Mar 6, 2024
edited
Loading

I'm new to fuzzing and was trying to understand how your fuzzer works. When I try to Fuzz the 7z (trying to recreate on of the applications mentioned in the paper and I'm getting this error. Can you help me with it? Also what did you put in the in folder? I tried using a location and a file I know exists should I be doing something else?

image

Hello, I'd like to know if you have successfully fuzzed 7z. The confusion I'm currently facing is that, when using synthesizer.py to generate a harness, I'm unsure about what the -s parameter represents. Since it's a closed-source software, we have no way of knowing its START_FUNCTION, making it impossible to automatically generate a harness for testing.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@stong @omkarbhat1995 @kirito999 @ElaineYao @KB-bit @Vulmatch @mineechor @De3mond