search

mxmssh / manul

Manul is a coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS
Apache License 2.0
337 stars 66 forks source link

It seems manul afl new path not increase on windows, but winafl can detected more path for same exe #53

Closed chbest0102 closed 4 years ago

chbest0102 commented 4 years ago

I use latest manul on windows 10 1903, I found afl not increase new path for additional client libs, it only can detect 3 new path, but tested on winafl for same windows exe, it can detect 36 new path shortly, I tested not worked on DynamoRIO-Windows-7.91.18299-0 and DynamoRIO-Windows-7.91.18157-0,

mxmssh commented 4 years ago

can you provide an executable to test please?

chbest0102 commented 4 years ago

I find the issue root cause, it is caused by manul_utils.py save_content fd.flush() not actually write file content to disk, so the test case file content not updated, so manul cannot find new path. I add os.fsync(fd) after fd.flush() desnot work either. I still haven't solved it now

I used python is python-3.7.6, I see fd.flush have following comment: Note flush() does not necessarily write the file’s data to disk. Use flush() followed by os.fsync() to ensure this behavior. https://docs.python.org/2/library/stdtypes.html#file.flush

mxmssh commented 4 years ago

Well, the doc relevant to python2 while you are running Python3, not sure if it helps at all. A simple test source code or binary would help.

chbest0102 commented 4 years ago

Sorry I paste python2 doc, The Python3 doc also have same request for fd.flush, https://docs.python.org/3/library/os.html #search os.fsync

mxmssh commented 4 years ago

I see, then it is definitely needed :)

chbest0102 commented 4 years ago

The manul still doesnot increase new path on windows 1903 after I fixed test case generate, I try test_gdiplus.exe in dbi_persistence_mode in manul, manul only detect 4 new path after long run, but winafl detect 11 new path shortly

My test environ: Python 3.8.2 x86, DynamoRIO-Windows-7.91.18299-0 The test_gdiplus comes with winafl, I attched test_gdiplus.zip

chbest0102 commented 4 years ago

The test bmp file attached not_kitty.zip

chbest0102 commented 4 years ago

the client lib is gdiplus.dll,gdi32full.dll,GDI32.dll

chbest0102 commented 4 years ago

Correction: The windows 10 I tested is version 1909

mxmssh commented 4 years ago

Thank you @chbest0102, It helps a lot. I will take a look what's going on today.

mxmssh commented 4 years ago

I was able to reproduce that. Seems like manul doesn't receive everything from shared libraries.

chbest0102 commented 4 years ago

Nice to hear this, hope to fix it soon, thanks

mxmssh commented 4 years ago

Fixed, Manul can explore paths at the same speed as winAFL.

chbest0102 commented 4 years ago

I tested this issue has been fixed, thanks