search

googleprojectzero / winafl

A fork of AFL for fuzzing Windows binaries
Apache License 2.0
2.36k stars 533 forks source link

How to stop WinAFL properly? #414

Closed bits4beethoven closed 1 year ago

bits4beethoven commented 1 year ago

In the source code, I have seen the following lines that affect the stop_soon flag:

1)

if (!dumb_mode && cycles_wo_finds > 50 && !pending_not_fuzzed &&  getenv("AFL_EXIT_WHEN_DONE"))
      stop_soon = 2;

2) (commented out)

/* Handle stop signal (Ctrl-C, etc). */

/* 
static void handle_stop_sig(int sig) {
  stop_soon = 1;  // Set the flag to stop the fuzzer soon
  if (child_pid > 0) kill(child_pid, SIGKILL); // If there's a child process, kill it
  if (forksrv_pid > 0) kill(forksrv_pid, SIGKILL); // If there's a fork server process, kill it
}
*/

So, I do not see directly that something sets the flag e.g. to 1. Every time I press "Ctrl+C" I get an assertion failure from the line 707 in winafl.c: "unrecodnized command received over pipe". So to be sure, these are the lines:

if (!options.debug_mode)
    {
        WriteCommandToPipe('P'); 

        command = ReadCommandFromPipe();

        if (command != 'F') 
        {
            if (command == 'Q') 
            {
                dr_exit_process(0); 
            }
            else     
            {
                DR_ASSERT_MSG(false, "unrecognized command received over pipe"); 
            }
        }
    }

I am wondering of how to terminate the program correctly. I've tried to add the following lines:

BOOL WINAPI ConsoleHandler(DWORD dwType) {
    if (dwType == CTRL_C_EVENT) {
        stop_soon++; 
        return TRUE;  
    }
    return FALSE;
}

But this did not help. Then I observed that Ctrl+C leads to a P char to be sent over pipe and this results into the assert failure.

I would be glad to know how to terminate WinAFL softly. Is it "bad" that the program does not terminate normally? Does it corrupt virgins_bits, a coverage map or something else?

ifratric commented 1 year ago

I'm not aware of any negative effects of terminating a WinAFL process using Ctrl+C. At that point, the WinAFL process terminates while the target process may continue running and assert on the pipe being in a broken state. The target process may still write bits in the shared memory, but at this point there is nothing that reads this shared memory anymore.