Debugging `No new instrumentation output, test case may be useless.`
772 views
Skip to first unread message
mathew...@gmail.com
May 17, 2016, 10:37:19 AM5/17/16
to afl-users
When running afl-fuzz on a binary I am receiving the following output:
[*] Attempting dry run with 'id:000000,orig:capabilities.txt'...
[*] Spinning up the fork server...
[+] All right - fork server is up.
len = 20, map size = 875, exec speed = 15408 us
[*] Attempting dry run with 'id:000001,orig:select.txt'...
len = 30, map size = 875, exec speed = 15218 us
[!] WARNING: No new instrumentation output, test case may be useless.
I am fairly certain that the test cases should cause very different behavior on the binary, but I am not sure if it is actually running properly. Specifically I can see that the target binary actually `execve`'s out to another config file, which then runs the original target back again with some envp variables set in `execve` again. I am thinking that may be the cause for the instrumentation problems, however I am not sure.
Is there any way to debug this? Specifically, it would be nice to see the output of the dry runs. I was going to just modify the afl-fuzz binary, but figured I would ask here before going down that path. Thanks.
Michal Zalewski
May 17, 2016, 10:39:22 AM5/17/16
to afl-users
> I am fairly certain that the test cases should cause very different behavior
> on the binary, but I am not sure if it is actually running properly.
> Specifically I can see that the target binary actually `execve`'s out to
> another config file, which then runs the original target back again with
> some envp variables set in `execve` again.
I'm not entirely sure what behavior you're describing here, but yeah,
> on the binary, but I am not sure if it is actually running properly.
> Specifically I can see that the target binary actually `execve`'s out to
> another config file, which then runs the original target back again with
> some envp variables set in `execve` again.
calling non-instrumented binaries (or even instrumented ones, but with
the environment not passed through) could cause issues.
> Is there any way to debug this? Specifically, it would be nice to see the
> output of the dry runs. I was going to just modify the afl-fuzz binary, but
> figured I would ask here before going down that path. Thanks.
program behaves with various inputs.
/mz
Reply all
Reply to author
Forward
0 new messages