Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C' #179

Closed
hooki opened this issue May 12, 2019 · 8 comments · Fixed by #436
Closed

PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C' #179

hooki opened this issue May 12, 2019 · 8 comments · Fixed by #436

Comments

@hooki
Copy link

hooki commented May 12, 2019

afl-fuzz.exe` -D ........\DynamoRIO\bin32 -t 50000+ -i in -o out -- -target_module [ProgramPath].exe -target_offset 0x16fe4c -nargs 2 -- "[ProgramPath]" -E @@ C:\Users[USER]\Downloads

[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'

     Location : run_target(), c:\users\blackcow1987\downloads\fuzzing\winafl-master\afl-fuzz.c:2651

drrun.exe -version
drrun version 7.1.0 -- build 1

OS Version
Windows 10 Home(x64)

drrun.exe works normally, and I have confirmed that the coverage data is output.
@ifratric
Copy link
Collaborator

This could mean one of 2 things.

  • If we assume the instrumentation is working correctly, the message can be interpreted as "the target crashed before reaching the target function" and it could mean that one of your input samples is causing a crash, but the crash happened before the target function was reached.

  • Alternately, it could be interpreted as "there was an issue with the instrumentation that caused the target to crash". I've heard some reports that this happens more often on Windows 10 v1809, so if you are running that version you might try on an older windows version or running Windows inside a VM as I've heard this resolved similar issues for some people.

@hooki
Copy link
Author

hooki commented May 14, 2019

@ifratric

According to the analysis of the winafl.c, if the ACCESS_VIOLATION exception occurs before the target_offset is executed, the log message like the above appears.

Can I pass an exception to the application that occurred before target_offset was executed?

@hooki
Copy link
Author

hooki commented May 14, 2019

@ifratric

The solution I chose is to pass the exception that occurred at the specified address to the application.

static bool
onexception(void *drcontext, dr_exception_t *excpt) {
    DWORD exception_code = excpt->record->ExceptionCode;

    if(options.debug_mode)
        dr_fprintf(winafl_data.log, "Exception caught: %x\n", exception_code);

    if((exception_code == EXCEPTION_ACCESS_VIOLATION) ||
       (exception_code == EXCEPTION_ILLEGAL_INSTRUCTION) ||
       (exception_code == EXCEPTION_PRIV_INSTRUCTION) ||
       (exception_code == EXCEPTION_INT_DIVIDE_BY_ZERO) ||
       (exception_code == STATUS_HEAP_CORRUPTION) ||
       (exception_code == EXCEPTION_STACK_OVERFLOW) ||
       (exception_code == STATUS_STACK_BUFFER_OVERRUN) ||
       (exception_code == STATUS_FATAL_APP_EXIT)) {
            if(options.debug_mode) {
                dr_fprintf(winafl_data.log, "crashed addr:%p\n", excpt->record->ExceptionAddress);
				if (0x0040bd7f == (DWORD)excpt->record->ExceptionAddress || 0x0091306a == (DWORD)excpt->record->ExceptionAddress)
					return true;
            } else {

@shuidixu
Copy link

shuidixu commented Nov 7, 2019

@hooki did you solve this issue? I'm getting the same thing.

@uf0o
Copy link

uf0o commented Nov 12, 2019
edited

Having the same issue on Win7-x64, 32 bit version of latest WinAFL and DynamoRIO 7.1 (tried also other DRIO versions as well)

WinAFL 1.16b by <ifratric@google.com>
Based on AFL 2.43b by <lcamtuf@google.com>
[+] You have 4 CPU cores and 0 runnable tasks (utilization: 0%).
[+] Try parallel jobs - see docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.

[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'c:\users\test\Desktop\in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...

[-] PROGRAM ABORT : Unexpected result from pipe! expected 'P', instead received 'C'

         Location : run_target(), c:\users\test\desktop\winafl-master\afl-fuzz.c:2651

@GeneBlue
Copy link

Hello, anyone solved this issue? I got this problem too on win10 OS.

@xinali
Copy link

xinali commented Dec 24, 2019

Hello,
I get the issue too. This is my solution:
put winafl-cmin.py winafl.dll and other winafl program in the same directory as your test program.

test winafl-cmin.py

python winafl-cmin.py -D D:\Dropbox\fuzzing\DynamoRIO\bin64 -t 20000 -i  D:\Dropbox\fuzzing\test\input  -o D:\Dropbox\fuzzing\test\minset -covtype edge -coverage_module user32.dll -target_module TestLoadSimple.exe -target_offset 0x11910 -nargs 2 -v -- TestLoadSimple.exe @@

test afl-fuzz.exe

afl-fuzz.exe -i D:\Dropbox\fuzzing\test\minset -o output -M master -D D:\Dropbox\fuzzing\DynamoRIO\bin64 -t 20000 -- -coverage_module user32.dll -target_module TestLoadSimple.exe -target_offset 0x11910 -nargs 2 -- TestLoadSimple.exe @@

And I compile winafl without intel-pt

@hdbreaker
Copy link

Hi Team! I'm having the same issue across different OS... DynamoRIO instrumentation worked but WinAFL just keep failing...

This was referenced Apr 8, 2024
Closed
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
7 participants
@hooki @hdbreaker @xinali @ifratric @GeneBlue @uf0o @shuidixu