Closed jjeongxu closed 6 months ago
Hi @jjeongxu and thanks for the detailed bug report !
I rebuilt the Windows image from scratch and started a new campaign, but couldn't repro the fuzzer or QEMU crashes you experienced.
A couple of things though:
Your kafl fuzz
command has the following additional parameters
-i results.json
--use_call_stack
These parameters aren't in the documentation: https://intellabs.github.io/kAFL/reference/fuzzer_configuration.html
Are you using a kAFL fork by any chance ?
Additionally, regarding the issue of "[QEMU not booting up the VM]", when you boot the VM via kAFL, libvirt isn't involved and can't update its internal state. if you want to start the VM via libvirt, use virsh API, and tweak the QEMU command line (see QEMU command line passthrough)
Hi, @Wenzel I really appreciate your reply! Thank you for reaching out
I'm using a slightly modified version of kAFL, and the issue was that it couldn't load the target driver into the VM Windows 10's vuln_test process, and there was no single issue with kafl.qemu or kAFL. This resulted in the problem of getting stuck in the infinite loop of vuln_test's main() function( while(1) { CreateFile() } ).
Now, everything is resolved, and I sincerely appreciate your response.
Wishing you a Happy New Year with lots of blessings!
Hi,
I really appreciate the project that you built.
I have a problem here.. When I try to run "kafl fuzz" after setting up the fuzzer and environment(Windows 10 VM, target driver, vuln_test.exe, etc..), it crashes few minutes after showing up this message
and the error log varies. Mostly, it says "assertion failure in 'qemu/nyx/snapshot/block/block_cow.c:450' assert(self->offset_primary < self->cow_primary_size);"
but sometimes, it says "error no.32 broken pipe"
Command below is the command that I used to run the fuzzer
And the text below is the command that kAFL used to run the VM with QEMU
I ensured that drive file in '/home/dltkrgksmf/.local/share/libvirt/images/windows_x86_64_vagrant-kafl-windows.img' is totally flawless. Because it runs fine on Vagrant. And I also checked that Windows10 VM runs 'test_vuln.exe' when it boots.
[Kernel info]
[QEMU info]
[QEMU not booting up the VM]
Thank you.