How to get Dynamic Fuzzing running on Windows 7

[kamilpo...@gmail.com]

Hi,

I have an example application, which runs with drmemory.exe, and also fuzzes specific functions, with the -fuzz parameters.

So far so good.

Now I want to use the DRMF to Fuzz my application dynamicly (described in here: http://drmemory.org/docs/page_drfuzz.html ) but I keep running into multiple problems.

my Project dir is very simple:

_build/

CMakeLists.txt ->

cmake_minimum_required(VERSION 2.8)

project(app_project)

add_executable(myapp testmain.cpp)

install(TARGETS myapp DESTINATION bin)

find_package(DynamoRIO)

find_package(DrMemoryFramework)

use_DynamoRIO_extension(myapp drfuzz)

testMain.cpp ->

#include <stdio.h>

#include <iostream>

#include "drmemory_framework.h"

#include "drfuzz.h"

#include "drfuzz_mutator.h"

#include "drsymcache.h"

#include "drsyscall.h"

#include "umbra.h"

extern "C"

void targetFunc(unsigned char *buffer, size_t size){

if(buffer){

std::cout << "data: " << buffer << "\n";

}

else {

std::cout << "Nullpointer\n"; 

}

}

int main (int argc, char *argv[])

{

//drfuzz_init();

targetFunc(nullptr, 0);

    return 0;

}

This command to create the build.

cmake -G"Visual Studio 12" -DDynamoRIO_DIR="C:\Users\kapopand\Desktop\DynamoRIO-Windows-7.0.17658-0\cmake" -DDrMemoryFramework_DIR="C:\Program Files (x86)\Dr. Memory\drmf" ..

At this point I am not sure what to put in DDynamoRIO_DIR and DDrMemoryFramework_DIR.

I've downloaded and installed the 1.11.0. .msi release (from here: https://github.com/DynamoRIO/drmemory/wiki/Downloads ) And pointed DDrMemoryFramework_DIR to the installed files.

For DDynamoRIO_DIR, I've downloaded the binary .zip package ( from here: https://github.com/DynamoRIO/dynamorio/wiki/Downloads ) and extracted it, since there is no cmake folder.

CMake than builds succefully but when I open my project in VS it shows plenty of errors. drfuzz.h (C:\Program Files (x86)\Dr. Memory\drmf\include) for example contains 

#include "../framework/drmf.h"

#include "drwrap.h"

which are both missing.

So I've tried a different approach: 

I followed this guide: https://github.com/DynamoRIO/drmemory/wiki/How-To-Build 

And this guide: https://github.com/DynamoRIO/dynamorio/wiki/How-To-Build

To properly build DrMemory and DynamoRIO with Visual Studio. The Build succeeded, so I went back to my project, deleted the old builds and did a new CMake command with the new path:

cmake -G"Visual Studio 12" -DDynamoRIO_DIR="C:\Users\kapopand\Desktop\dynamorio\build\cmake" -DDrMemoryFramework_DIR="C:\Users\kapopand\Desktop\drmemory\drmf" ..

After this i get alot of errors ( attached CMakeOutput.log ).

What am I missing? How should I properly install all dependencies to run my example project?

Using: Windows 7 Enterprise SP 1 64 Bit

Appreciate help :)

[Derek Bruening]

The "../framework/drmf.h" erroneous path is a bug that was fixed in https://github.com/DynamoRIO/drmemory/commit/fdbf2d997c0ca52c8d6ee0115ae7572d8a224013 (unfortunately after 1.11.0-2).

You can download the weekly "cronbuild" builds from https://github.com/DynamoRIO/drmemory/releases and https://github.com/DynamoRIO/dynamorio/releases (and linked from the Download wiki pages) to get the latest without having to build from sources.

What you're missing is that Dr. Fuzz is a DynamoRIO ("DR") extension for use in DR clients: i.e., you need to build a shared library DR client, and have that operate on your target program.  (Your program itself will not include or link with Dr. Fuzz or DR.)  For an example client see https://github.com/DynamoRIO/drmemory/blob/master/tests/framework/drfuzz_client_repeat.c.

For running an app under a DR client, you'd run something like "bin32/drrun -c <path-to-client.dll> -- <path-to-app.exe>".

- Derek

--

---
You received this message because you are subscribed to the Google Groups "Dr. Memory Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to drmemory-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[kamilpo...@gmail.com]

Thank you!

I am now getting an idea after reading through the documentation of dynamoRIO API (http://dynamorio.org/docs/page_deploy.html)

But I now got some new problems:

I've downloaded the latest builds (DrMemory-Windows-1.11.17622-1) and (DynamoRIO-Windows-7.0.17662-0)

I've created a new dir called shared_lib which contains drfuzz_client.c (exact copy of https://github.com/DynamoRIO/drmemory/blob/master/tests/framework/drfuzz_client_repeat.c that you posted ).

Alongside with this CMakeLists.txt:

CMAKE_MINIMUM_REQUIRED(VERSION 2.8)

add_library(drfuzzClientLib SHARED drfuzz_client.c)

find_package(DynamoRIO)

if (NOT DynamoRIO_FOUND)

  message(FATAL_ERROR "DynamoRIO package required to build")

endif(NOT DynamoRIO_FOUND)

configure_DynamoRIO_client(drfuzzClientLib)

find_package(DrMemoryFramework)

if (NOT DrMemoryFramework_FOUND)

  message(FATAL_ERROR "DrMemoryFramework package required to build")

endif(NOT DrMemoryFramework_FOUND)

use_DynamoRIO_extension(drfuzzClientLib drfuzz)

First question: Is this right? All my info about a proper CMakeLists.txt for the share library i got from here http://drmemory.org/docs/page_drfuzz.html and here http://dynamorio.org/docs/using.html#sec_build

After Building with (from /build subdir)

cmake -DDynamoRIO_DIR="C:\Users\kapopand\Desktop\dependencies\DynamoRIO-Windows-7.0.17662-0\cmake" -DDrMemoryFramework_DIR="C:\Users\kapopand\Desktop\dependencies\DrMemory-Windows-1.11.17622-1\drmf" ..

(Also tried with -G"Ninja", -G"Visual Studio 12" and -G"Visual Studio 14"

and right after

cmake --build . --config RelWithDebInfo

I get an error: 
fatal error C1083: ...  "drmgr.h": No such file or directory

-> Build failed

another Bug?

Nevertheless I've found a workaround by just copying everything from \\DynamoRIO-Windows-7.0.17662-0\ext\include to \\DynamoRIO-Windows-7.0.17662-0\include

After that, the build is succesfull, so I tried to run my testApp which now looks like that:

#include <stdio.h>

#include <iostream>

extern "C"

void targetFunc(unsigned char *buffer, size_t size){

if(buffer){

std::cout << "data: " << buffer << "\n";

}

else {

std::cout << "Nullpointer\n"; 

}

}

int main (int argc, char *argv[])

{

targetFunc(nullptr, 0);

    return 0;

}

bin32\drrun.exe -c "C:\Users\kapopand\Desktop\abschlussarbeit\fuzzing\first_fuzz\shared_lib\build\RelWithDebInfo\drfuzzClientLib.dll" -- "C:\Users\kapopand\Desktop\abschlussarbeit\fuzzing\first_fuzz\testProj\build\RelWithDebInfo\myapp.exe"

After executing, a small error windows pops on and says: 

Application C:\Users\kapopand\Desktop\abschlussarbeit\fuzzing\first_fuzz\testProj\build\RelWithDebInfo\myapp.exe (5404). Unable to load client library: drfuzz.dll
Cannot find library.

I hit ok, an another window says the same thing but with drfuzzClientLib.dll instead. My App doesnt even start. I tried it with notepad.exe instead, same thing.

I've also tried to set the proper function name in drfuzz_client.c to targetFunc.

Tried CMake 3.2.0-rc1 and 3.11.1. , using Cmder and windows cmd 32bit and cmd 64bit as admin.

What am I doing wrong?

Also, is it possible to build a client that fuzzes the target with codeCoverage, for knowing where the fuzzer is hitting the code?

To unsubscribe from this group and stop receiving emails from it, send an email to drmemory-user...@googlegroups.com.

[kamilpo...@gmail.com]

I hit ok, an another window says the same thing but with drfuzzClientLib.dll instead. My App doesnt even start. I tried it with notepad.exe instead, same thing.

solution (workaround) : copy lib32/debug/drfuzz.dll into the directory containing my shared library dll.

Now with that I am able to fuzz the target app from the drmemory /test dir.

My own target app still doesnt work, even though it's the same code as the drmemory test file drfuzz_client_repeat.c .

Still trying to figure out why...