I'm trying to fuzz a windows binary in WSL, when I run this
command afl-fuzz -V 30 -W -D -i tests/in/ -o tests/out/ --
build/bin/release/winafl_test.exe @@ I get an error of Fork
server handshake failed.
when I re run the command with AFL_DEBUG set to 1 I get this
output
dylan@DylansSurface:~/Code/fuzz_tests_2$ afl-fuzz -V 30 -W -D -i tests/in/ -o tests/out/ -- build/bin/release/winafl_test.exe @@
[+] Enabled environment variable AFL_DEBUG with value 1
[+] Enabled environment variable AFL_DEBUG with value 1
afl-fuzz++4.06a based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[*] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 12 CPU cores and 1 runnable tasks (utilization: 8%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/fuzzing_in_depth.md#c-using-multiple-cores
[*] Setting up output directories...
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #1.
[*] Scanning 'tests/in/'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] No auto-generated dictionary tokens to reuse.
[*] Attempting dry run with 'id:000000,time:0,execs:0,orig:1.img'...
[*] Spinning up the fork server...
[afl-wine-trace] exec: /usr/local/bin/afl-qemu-trace /usr/bin/wine build/bin/release/winafl_test.exe Z:\home\dylan\Code\fuzz_tests_2\tests\out\\default\.cur_input
Error while loading /usr/bin/wine: Exec format error
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:
- The target binary crashes because necessary runtime conditions it needs
are not met. Try to:
1. Run again with AFL_DEBUG=1 set and check the output of the target
binary for clues.
2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
generated core dump.
- Possibly the target requires a huge coverage map and has CTORS.
Retry with setting AFL_MAP_SIZE=10000000.
Otherwise there is a horrible bug in the fuzzer.
Poke <afl-...@googlegroups.com> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : afl_fsrv_start(), src/afl-forkserver.c:1175
this is saying that there is a format error. but its calling it all correctly. I then went to go and check if that cur_input file was there and it was not. all the other file where in the output directory but not that one. I even deleted everything in the output folder and re ran in case it was somehow like liking stuff being in there and it was still not creating the file.
any ideas? the version of afl-fuzz im using is afl-fuzz++4.06a