winafl: IPT Tracing Error
I compiled my WinAFL binaries using the intel PT flag and im trying to use the example in the docs but I cannot seem to get it to work, I keep getting:
C:\WinAFL\winafl\build64\bin\Release>afl-fuzz.exe -i ..\..\..\testcases\others\elf -o ..\..\out -P -t 20000 -- -coverage_module test_gdiplus.exe -target_module test_gdiplus.exe -target_method main -nargs 2 -- test_gdiplus.exe @@
WinAFL 1.16b by <ifratric@google.com>
Based on AFL 2.43b by <lcamtuf@google.com>
IPT service enebled
[+] You have 8 CPU cores and 0 runnable tasks (utilization: 0%).
[+] Try parallel jobs - see docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning '..\..\..\testcases\others\elf'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
[-] PROGRAM ABORT : ipt tracing error
Location : run_target_pt(), c:\winafl\winafl\winaflpt.c:1455
About this issue
- Original URL
- State: open
- Created 4 years ago
- Comments: 17 (3 by maintainers)
Regarding Intel PT:
Intel PT support in WinAFL is based on https://github.com/ionescu007/winipt, can you compile that and check if it works for you? You didn’t write which version of Windows 10 you were using, note that Intel PT driver is only present on 1809 and up.
@expend20 I can only tell you that the VM software must explicitly support Intel PT, but don’t know the low level details, which I assume is what you’re interested in, sorry!
Regarding DR:
“Test case timed out” can mean different things in WinAFL if the setup is incorrect, this is why you should always run the debug mode as described in https://github.com/googleprojectzero/winafl/blob/master/readme_dr.md and check your debug log before trying to run a fuzzing session. 16gb should definitely not be a problem for test_gdiplus.exe.