winafl: Cannot change input file extensions

Hi, I am fuzzing this soft called VUPlayer. This software requires the file extension to be m3u to work. So I am trying to change the input file name to xxx.m3u otherwise the input file name will be .cur_input and no crash will be made even using a poc input. I am using the following command to achieve this purpose but it seems I failed since it keeps telling me 1 process nudged and Succeeded terminating process with PID xxxx. Am I using the -f option in a bad way?

C:\Program Files (x86)\VUPlayer> afl-fuzz.exe -i in -o out -f test.m3u -D C:\Users\Administrator\Desktop\DynamoRIO-Windows-6.2.0-2\bin32 -t 20000 -- -fuzz_iterations 5000 -coverage_module VUPlayer.exe -target_module VUPlayer.exe -target_offset 0x532a0 -nargs 2 -- UPlayer.exe @@

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 20 (7 by maintainers)

Most upvoted comments

About your last point; no because WinMain does not return by itself. The trick is to find the function that parses the file, and then returns without user interaction. The coverage module will also probably not be the main executable, but the dll used to handle the specific file format you’re targeting.

+1
mrpeppels on Oct 27, 2016

Yes, I only have 2 samples so maybe it makes sense? However, I think maybe my target function is not good. I set my target function to WinMain and when I started winafl it will open the VUPlayer’s UI. So I shutdown the VUPlayer’s UI and the fuzzer will go on.

Do you know if this behavior is normal? If the pc register is reset to the beginning of the target function (WinMain in this case) in every pass, shouldn’t the UI be turned on in every pass?

+1
nevermoe on Oct 27, 2016
Read more comments on GitHub
← halfempty: Hangs when using musl libc
winafl: IPT Tracing Error →