googleprojectzero / winafl

A fork of AFL for fuzzing Windows binaries
Apache License 2.0
2.36k stars 533 forks source link

My output keeps showing a timeout #439

Closed AndyElGang closed 6 months ago

AndyElGang commented 6 months ago

When I use the command afl-fuzz -i C:\Users\andye\Desktop\inputs -o C:\Users\andye\Desktop\output -t 25000+ -Y -D C:\Users\andye\Desktop\DynamoRIO\bin64 -- -fuzz_iterations 5000 -covtype edge -nargs 1 -target_module example.exe -- example.exe @@ I get this output no matter how hard I try to fix it, can someone tell me what's going on? I'm pretty new to fuzzing and literally don't know why it still times out

Based on AFL 2.43b by <lcamtuf@google.com>
[+] You have 12 CPU cores with average utilization of 0%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'C:\Users\andye\Desktop\inputs'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
[!] WARNING: Test case results in a timeout (skipping)

[-] PROGRAM ABORT : All test cases time out, giving up!
         Location : perform_dry_run(), C:\Users\andye\Desktop\winafl\afl-fuzz.c:3352
ifratric commented 6 months ago

The timeout error isn't necessarily a timeout, it can also be received due to incorrect parameters, such as is likely the case here. For example

AndyElGang commented 6 months ago

this is my new command, but it still doesn't work, and yes I prefer using -Y afl-fuzz -i C:\Users\andye\Desktop\inputs -o C:\Users\andye\Desktop\output -t 25000+ -Y -- -target_method main -fuzz_iterations 5000 -covtype edge -nargs 1 -target_module example.exe -- example.exe @@

ifratric commented 6 months ago

For -Y (static instrumentation) please read https://github.com/googleprojectzero/winafl/blob/master/readme_syzygy.md Did you successfully prepare and instrument your target as described in that readme?

AndyElGang commented 6 months ago

Nevermind, it requires me to switch to 32 bit because it only supports that, if I use DynamoRIO, do I need to implement anything? Or as it suggests it can do it in real time

ifratric commented 6 months ago

Both DynamoRIO and TinyInst are dynamic binary instrumentation solutions that instrument the target as it runs and support both 32- and 64- bit targets.

AndyElGang commented 6 months ago

Do you know what this assert failure means? And yeah if ask about my code implementation it is this one and this is the command I used = afl-fuzz -i C:\Users\andye\Desktop\inputs -o C:\Users\andye\Desktop\output -t 25000+ -D C:\Users\andye\Desktop\DynamoRIO\bin64 -- -target_method main -fuzz_iterations 5000 -covtype edge -nargs 1 -target_module example.exe -- example.exe @@

#include <iostream>
#include <string>

int main() {
    std::string userInput;

    // Prompting user for input
    std::cout << "Enter something: ";
    std::getline(std::cin, userInput); // Allowing spaces in input

    // Printing the input
    std::cout << "You entered: " << userInput << std::endl;

    return 0;
}
![Capture](https://github.com/googleprojectzero/winafl/assets/132935097/0dcdc048-81ef-4d07-b8d2-2964216ae835)
AndyElGang commented 6 months ago

can someone give me a step by step i'm actually lost, like based on my code can someone compile it and show me how it's done?

AndyElGang commented 6 months ago

Nevermind I just copied the exact command of another person and adapted it to my file and it works fine now