search

HexHive / T-Fuzz

247 stars 39 forks source link

Fuzzer says no program left #19

Closed geldkang closed 4 years ago

geldkang commented 5 years ago

Deprecation warning: Use main_object instead of main_bin WARNING | 2019-07-18 18:55:31,206 | tfuzz.tfuzz_sys | </home/ubuntu/T-Fuzz/workdir_who/who_tfuzz/who_tfuzz> failed to start, skip, but there still might be some crashes in crashing seeds WARNING | 2019-07-18 18:55:31,207 | tfuzz.tfuzz_sys | No program left I saw these messages and there was no progess in fuzzing for hours at all.

Maybe manually installing python package shellphish-afl caused this error? I installed shellphish-afl 1.2.1 with source code, and installed other packages by req.txt

Deprecation warning: Use main_object instead of main_bin

at first, after above line, fuzzer had error because there was no ~/.virtual_envs/tfuzz_env/bin/afl-unix/afl-fuzz so i manually copied afl-fuzz to ~/.virtual_envs/tfuzz_env/bin/afl-unix/ does it caused problem?

zjuchenyuan commented 5 years ago

please take a look at log generated by afl, which is located fuzzing_NAME_tfuzz/NAME_tfuzz/fuzzer-master.log

A possible guess: you need to modify utils.py to get rid of Deprecation warning: line, see #12

geldkang commented 4 years ago

Your answer helped me to advance, thanks but still it says same error message. In fuzzer-master.log,

[-] Looks like the target binary is not instrumented! The fuzzer depends on compile-time instrumentation to isolate interesting test cases while mutating the input data. For more information, and for tips on how to instrument binaries, please see docs/README.

When source code is not available, you may be able to leverage QEMU
mode support. Consult the README for tips on how to enable this.
(It is also possible to use afl-fuzz as a traditional, "dumb" fuzzer.
For that, you can use the -n option - but expect much worse results.)

)B[?25h [-] PROGRAM ABORT : No instrumentation detected Location : check_binary(), afl-fuzz.c:6920

zjuchenyuan commented 4 years ago

Looks like the target binary is not instrumented! The fuzzer depends on compile-time instrumentation to isolate interesting test cases while mutating the input data. For more information, and for tips on how to instrument binaries, please see docs/README.

T-Fuzz levearage AFL to do the fuzzing work, you need to compile target program using afl-gcc or afl-clang-fast. Take a look at AFL and it's documentation first. http://lcamtuf.coredump.cx/afl/

If source code not available, you can use afl qemu mode, add this line to tfuzz_sys.py line 65

self.afl_opts.append("-Q")