winafl icon indicating copy to clipboard operation
winafl copied to clipboard
verified publisher icon googleprojectzero

drrun.exe and afl-fuzz.exe giving error when -fsanitize=address flag given to compile target

Open faran1512 opened this issue 2 years ago • 1 comments

Hi, I am trying to run drrun on my harness compiled with the following command: clang VLC_Harness.c -o VLC_Harness.exe -fsanitize=address -I C:\Users\user\Desktop\Fuzzing\vlc-3.0.7.1\sdk\include -L C:\Users\user\Desktop\Fuzzing\vlc-3.0.7.1\sdk\lib -l libvlc -l libvlccore

I used the following command to for drrun: C:\Users\user\Desktop\winafl\DynamoRIO-Windows-10.0.19678\bin64\drrun.exe -c winafl.dll -debug -fuzz_iterations 10 -coverage_module libvlc.dll -target_module VLC_Harness.exe -target_method fuzz -nargs 2 -- VLC_Harness.exe in\a.mp4

Now, Without ASAN the drrun.exe and afl-fuzz.exe work fine. But with ASAN on, drrun gives following output: Module loaded, dynamorio.dll Module loaded, winafl.dll Module loaded, drx.dll Module loaded, drreg.dll Module loaded, drmgr.dll Module loaded, drwrap.dll Module loaded, drsyms.dll Module loaded, VLC_Harness.exe Module loaded, libvlccore.dll Module loaded, libvlc.dll Module loaded, RSAENH.dll Module loaded, CRYPTSP.dll Module loaded, CRYPTBASE.dll Module loaded, gdi32full.dll Module loaded, bcryptPrimitives.dll Module loaded, msvcp_win.dll Module loaded, KERNELBASE.dll Module loaded, win32u.dll Module loaded, bcrypt.dll Module loaded, ucrtbase.dll Module loaded, msvcrt.dll Module loaded, IMM32.dll Module loaded, SHELL32.dll Module loaded, SECHOST.dll Module loaded, ADVAPI32.dll Module loaded, GDI32.dll Module loaded, WS2_32.dll Module loaded, USER32.dll Module loaded, KERNEL32.dll Module loaded, RPCRT4.dll Module loaded, ntdll.dll Exception caught: c0000005 crashed WARNING: Target function was never called. Incorrect target_offset? Coverage map follows:

any solution will be appreciated

faran1512 avatar Nov 24 '23 05:11 faran1512

@faran1512 You, cannot use ASAN-instrumented binaries with DynamoRIO/WinAFL . ASAN is a seperate instrumentation and while winafl already uses dynamorio which is its instrumentation tool it doesnt support ASAN if u want to use clang/asan , work with Libfuzzer.

Reason is simple ASAN adds instrumentation at compile time while Dynamorio adds at runtime

ISH2YU avatar Jun 07 '25 16:06 ISH2YU