search

RUB-SysSec / nyx-net

183 stars 20 forks source link

No vm.img #7

Closed juniorprincewang closed 8 months ago

juniorprincewang commented 9 months ago

When I run the forked-daapd target, no vm.img was found in targets/packed_targets directory. So where can I find the vm image or how can I create that?

schumilo commented 9 months ago

You will need to create an image by yourself. I recommend to stick to the same OS as on the host (or in this case the docker container, which is Ubuntu 18.04). The process of creating a full VM snapshot is described here more in detail:

https://github.com/nyx-fuzz/Nyx/blob/main/docs/01-Nyx-VMs.md

Just make sure that you use the same version of the packer and QEMU-Nyx as used by Nyx-Net (as it is still based on older versions of both components).

juniorprincewang commented 9 months ago

@schumilo Thank you for your instruction, but there was something wrong. I create a 20.04.6-desktop ubuntu vm which is the same version of the host. When I launch the loader program to create snapshot, qemu crashes.

loader program outputs

Kernel Panic Handler Address: 18446744072577967094

And qemu outputs:

CREATE_SNAPSHOT WARNING: Image format was not specified for 'ubuntu.img' and probing guessed raw. Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. Specify the 'raw' format explicitly to remove the restrictions. [QEMU-Nyx] Could not access KVM-PT kernel module! [QEMU-Nyx] Trying vanilla KVM... [QEMU-Nyx] NYX runs in fallback mode (no Intel-PT tracing or nested hypercall support)! WARNING: Nyx has disabled KVM's dirty-ring (required to enable full VGA support during pre-snapshot creation procedure) [QEMU-Nyx] Warning: Attempt to use unsupported CPU model (PT) without KVM-PT (Hint: use '-cpu kAFL64-Hypervisor-v2' instead) qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11] [QEMU-NYX] Preparing to create pre image...

Could you please help me to solve this? Thanks a lot.

juniorprincewang commented 8 months ago

It turns out that HYPERCALL_KAFL_LOCK hypercall will take a snapshot and terminate QEMU.