Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected result from pipe! expected 'P', instead received 'C' #454

Open
B14CK-SPID3R opened this issue Dec 29, 2024 · 7 comments
Open

Unexpected result from pipe! expected 'P', instead received 'C' #454

B14CK-SPID3R opened this issue Dec 29, 2024 · 7 comments

Comments

@B14CK-SPID3R
Copy link

Hi
Is there any update to address this issue?

OS: Windows 11 Pro 24H2 26100.2605
DR: DynamoRIO-Windows-11.0.20071
Visual Studio 2022 Developer Command Prompt v17.7.5

C:\Users\user\Desktop\Fuzzing\1\winafl\build64\bin\Release>afl-fuzz.exe -i D:\tmp\gdiplus_input -o D:\tmp\gdiplus_output -D "C:\Users\user\Desktop\Fuzzing\1\DynamoRIO\bin64" -t 2000000 -- -coverage_module gdiplus.dll -fuzz_iterations 5000 -target_module test_gdiplus.exe -target_offset 0x10E0 -nargs 2 -- "C:\Users\user\Desktop\Fuzzing\1\winafl\build64\bin\Release\test_gdiplus.exe" @@
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 32 CPU cores with average utilization of 0%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'D:\tmp\gdiplus_input'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...

[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'

         Location : run_target(), C:\Users\user\Desktop\Fuzzing\1\winafl\afl-fuzz.c:2920

According to my analysis, It returns to windows version. I compiled WinAFL in Windows 10 with the latest version of DR. Then I moved WinAFL and DR to a Windows 10 machine. Surprisingly, it worked on Windows 10, but it still didn't work on the Windows 11 machine.
@ifratric
Copy link
Collaborator

ifratric commented Jan 9, 2025

I don't know what the issue is, but some things you can try is

@B14CK-SPID3R
Copy link
Author

Thanks.
I tried your first two suggestions, but the result was the same.
I also tried using TinyInst instead of DynamoRIO. It worked, but not as I expected; it produced lots of warning messages.

C:\Users\user\Desktop\Fuzzing\1\winafl\build64\bin\Release>afl-fuzz.exe -y -i D:\tmp\gdiplus_input -o D:\tmp\gdiplus_output -t 20000 -- -instrument_module gdiplus.dll -instrument_module WindowsCodecs.dll -target_module gdiplus.exe -target_method main -nargs 2 -iterations 5000 -- "C:\Users\user\Desktop\Fuzzing\1\winafl\gdiplus.exe" @@
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 32 CPU cores with average utilization of 2%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'D:\tmp\gdiplus_input'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
Instrumented module gdiplus.dll, code size: 1478656
[!] WARNING: Executing relative jump otside the current module
[!] WARNING: Executing relative jump otside the current module
[!] WARNING: Executing relative jump otside the current module
[!] WARNING: Executing relative jump otside the current module
[!] WARNING: Executing relative jump otside the current module
...

I tried to debug TinyInst and the result was the same. There was a lot of [!] WARNING: Executing relative jump otside the current module. Is it normal?

@ifratric
Copy link
Collaborator

ifratric commented Jan 9, 2025

If it's otherwise behaving normally, then those warnings can be ignored.

@ifratric
Copy link
Collaborator

I just checked and I don't get those warnings on either my Win10 or Win11 machine against gdiplus.dll and WindowsCodecs.dll. It makes me think that there's maybe some antivirus / antimalware on your machine interfering with instrumentation. This could be the reason for issues with DynamoRIO as well.

@B14CK-SPID3R
Copy link
Author

I just checked and I don't get those warnings on either my Win10 or Win11 machine against gdiplus.dll and WindowsCodecs.dll. It makes me think that there's maybe some antivirus / antimalware on your machine interfering with instrumentation. This could be the reason for issues with DynamoRIO as well.

I've disabled AV and all exploit mitigation mechanisms in Windows Defender, then tried again.
I also tried running it in safe mode, but the result was the same.
Are you using the latest build of Windows 11?

@ifratric
Copy link
Collaborator

I was running on 23H2, I believe.

@B14CK-SPID3R
Copy link
Author

Could you please try it with 24H2 (26100.2894)? I think you can reproduce the error message this way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ifratric @B14CK-SPID3R