Fuzzing with winafl

[Ayberk-Hal]

Hi All

When I running winafl in order to fuzzing mspaint.exe , below error happens. whats wrong?

E:\work\winafl-master\bin64>afl-fuzz.exe -t 1000+ -i in -o  out -D E:\work\winafl-master\bin64\DR\bin64 -fuzz_iterations 5000 -target_module mspaint.exe -nargs 0 -target_offset 0x2F17B -coverage_module mspaint.exe  -debug  c:\windows\system32\mspaint.exe p @@

WinAFL 1.08 by <ifra...@google.com>

Based on AFL 1.96b by <lca...@google.com>

[-] PROGRAM ABORT : Multiple -t options not supported

         Location : main(), ..\afl-fuzz.c:7216

[Michal Zalewski]

> When I running winafl in order to fuzzing mspaint.exe , below error happens.
> whats wrong?

This is not a great place to ask winafl questions (since it's a
separate project and I'm not sure that its author is watching
afl-users@), but I think you're supposed to delimit afl-fuzz
parameters and DR parameters with "--".

/mz

[Ayberk-Hal]

Ok, Thank you.

[Richard Johnson]

The error doesn't seem to fit your command line, but you are missing the "--" that are used as delimiters between the 3 argument sets: afl args, dynamorio args, and the target command line . 

try: 

E:\work\winafl-master\bin64>afl-fuzz.exe -t 1000+ -i in -o  out -D E:\work\winafl-master\bin64\DR\bin64 -- -fuzz_iterations 5000 -target_module mspaint.exe -nargs 0 -target_offset 0x2F17B -coverage_module mspaint.exe  -debug -- c:\windows\system32\mspaint.exe p @@

You'll likely want coverage on the underlying DLLs and would be better off writing a wrapper for the APIs you are interested in rather than using mspaint.