I think the issue here was (once again) with our timeout logic: when fuzzing, we first use taskkill, then wait a bit, then try os.kill() for each PID. In this case, it looks like the wait wasn't long enough, so we ended up calling os.kill() on at least one PID in Honeyview and violently killing the process halfway through on_dr_exit.
I've changed the logic from:
if fuzzing:
os.system("taskkill /T /PID {}".format(pid))
time.sleep(1)
os.kill(pid, signal.SIGTERM)
to:
if fuzzing or tracing:
os.system("taskkill /T /PID {}".format(pid))
else:
os.kill(pid, signal.SIGTERM)
This might expose an edge case where a fuzzing/triaging process might not obey taskkill, but I've yet to see that happen in practice.
I think the issue here was (once again) with our timeout logic: when fuzzing, we first use
taskkill, then wait a bit, then tryos.kill()for each PID. In this case, it looks like the wait wasn't long enough, so we ended up callingos.kill()on at least one PID in Honeyview and violently killing the process halfway throughon_dr_exit.I've changed the logic from:
to:
This might expose an edge case where a fuzzing/triaging process might not obey
taskkill, but I've yet to see that happen in practice.