Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using WinAFL on native code that part of .NET program. #453

Closed
ofir-tan opened this issue Dec 22, 2024 · 8 comments
Closed

Using WinAFL on native code that part of .NET program. #453

ofir-tan opened this issue Dec 22, 2024 · 8 comments

Comments

@ofir-tan
Copy link

ofir-tan commented Dec 22, 2024

My .NET program initializes by starting the backend using wrapper.dll, which contains mixed code (managed and unmanaged). The managed code is solely used as an interface to interact with the unmanaged code. After completing the necessary initialization and configuration of the native code, the program transitions to running exclusively with native code from wrapper.dll and additional native DLLs included in the program.

For example, let's say my target is coverage_target.dll, which is purely native. The issue arises when I attempt to run the program—it fails due to the inability to load wrapper.dll:

Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly 'Wrapper.dll' or one of its dependencies. Attempt to access invalid address. (Exception from HRESULT: 0x800701E7)
   at ConsoleRunner.Program.Main(String[] args)

So how can I solve this?

@ifratric
Copy link
Collaborator

ifratric commented Jan 7, 2025

Does your program run OK without DynamoRIO / WinAFL? One thing you can try is TinyInst mode (see https://github.com/googleprojectzero/winafl/blob/master/readme_tinyinst.md). TinyInst is different in that it does not touch any other modules except the one you want to instrument, so it might work better for your case.

@ofir-tan
Copy link
Author

ofir-tan commented Jan 8, 2025

Hi, thanks for the answer. It run OK without DynamoRIO / WinAFL. I try to use Tinyinst but get this error in build time:

tinyinst.lib(common.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MD_DynamicRelease' doesn't mat
ch value 'MT_StaticRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\1000296391\source\repos\winafl\build32\a
fl-fuzz.vcxproj]
tinyinst.lib(debugger.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MD_DynamicRelease' doesn't m
atch value 'MT_StaticRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\1000296391\source\repos\winafl\build32
\afl-fuzz.vcxproj]
tinyinst.lib(tinyinst.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MD_DynamicRelease' doesn't m
atch value 'MT_StaticRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\1000296391\source\repos\winafl\build32
\afl-fuzz.vcxproj]
tinyinst.lib(x86_assembler.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MD_DynamicRelease' does
n't match value 'MT_StaticRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\1000296391\source\repos\winafl\bu
ild32\afl-fuzz.vcxproj]

@ifratric
Copy link
Collaborator

ifratric commented Jan 8, 2025

Which OS / VS version is that on?

@ofir-tan
Copy link
Author

ofir-tan commented Jan 8, 2025

windows 11, VS 2019.

@ifratric
Copy link
Collaborator

ifratric commented Jan 9, 2025

I could not reproduce this build error. I don't have your exact configuration but on Win10+VS2019 and Win11+VS2022 it builds without issues for me. Some things you can try:

  • Use a clean build directory
  • Update cmake
  • Try building only with -DTINYINST=1 (without -DDynamoRIO_DIR and without -DINTELPT)

@ofir-tan
Copy link
Author

Hi, so I'm now trying a different direction, the question now is can WINAFL work on a VM?

@ifratric
Copy link
Collaborator

Yes, except Intel PT, all other modes should work in a VM.

@ofir-tan
Copy link
Author

ofir-tan commented Jan 13, 2025

Why do you think the issue occurs only on the VM and only when using a custom mutator? I’ve tried several custom mutators, even ones that perform no operations or allocate no additional memory, yet I still encounter a failure at that assertion:

if(command != 'F') { if(command == 'Q') { dr_exit_process(0); } else { DR_ASSERT_MSG(false, "unrecognized command received over pipe"); } }
(winafl.c, line 530)
Thanks a lot for the help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants