search

hunter-ht-2018 / ptfuzzer

Improving AFL by using Intel PT to collect branch information
289 stars 54 forks source link

PROGRAM ABORT : No instrumentation detected - but ran config-run.sh #11

Open vanhauser-thc opened 5 years ago

vanhauser-thc commented 5 years ago

Kernel: 4.19.0-kali1-amd64 CPU: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz

I ran config-run.sh and confirmed module msr is loaded.

Then when I try to start fuzzer:

# python ./bin/ptfuzzer.py "-i /tmp/in -o /tmp/out" "/usr/bin/unrar p -inul " 
config MEM_LIMIT to 200
binary type is  executable
Program base by cle:  0x400000
Program entry by cle:  0x403750
reading .text code...
sudo ./bin/afl-ptfuzz -r .unrar-nonfree.text -m 200 -l 4208464 -h 4470928 -e 4208464 -i /tmp/in -o /tmp/out2 /usr/bin/unrar p -inul  @@
afl-fuzz 2.52b by <lcamtuf@google.com>
raw_bin: .unrar-nonfree.text
min_addr: 4208464
max_addr: 4470928
entry_point: 4208464
init pt fuzzer.
start to disassmble binary...
build_cofi_map, total number of cofi instructions: 11324
cofi map complete percentage: 100%
[+] You have 4 CPU cores and 2 runnable tasks (utilization: 50%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Checking CPU scaling governor...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning '/tmp/in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:test.rar'...
Run ptfuzzer with TIP_MODE
Using perf AUX buffer size: 32 MB.

[-] PROGRAM ABORT : No instrumentation detected
         Location : perform_dry_run(), /prg/tmp/ptfuzzer/afl-pt/afl-ptfuzz.c:2943

from the source location the issue seems to be that no tracebits are in the map.

Can someone help me what the issue is?

vanhauser-thc commented 5 years ago

OK I found the cause:

recent Linux kernel changes added page table isolation. because of these, intel_pt doesnt work process specific out of the box anymore.

Solution: boot the kernel with "nopti"

I leave the issue open so there is awareness.

The README should be updated.

zhanggenex commented 5 years ago

@vanhauser-thc Thanks for your information!