WinAFL

什么是WinAFL

编译

0. 安装cmake/Visual Studio

1. 下载项目

git clone --recursive https://github.com/googleprojectzero/winafl.git

2. 创建文件夹

mkdir build32
mkdir build64

2. 生成make文件

cd build32
cmake -G"Visual Studio 17 2022" -A Win32 .. -DDynamoRIO_DIR=E:\我的课程\免费视频课\逆向分析\二进制漏洞挖掘FUZZ\code\DynamoRIO-Windows-10.0.19683\cmake -DINTELPT=1

cd build64
cmake -G"Visual Studio 17 2022" -A X64 .. -DDynamoRIO_DIR=E:\我的课程\免费视频课\逆向分析\二进制漏洞挖掘FUZZ\code\DynamoRIO-Windows-10.0.19683\cmake -DINTELPT=1

3. 编译项目

cmake --build . --config Release

WINAFL文档

Required parameters:

  -i dir        - input directory with test cases
  -o dir        - output directory for fuzzer findings
  -t msec       - timeout for each run

Instrumentation type:

  -D dir       - directory with DynamoRIO binaries (drrun, drconfig)
  -w winafl    - Path to winafl.dll
  -P           - use Intel PT tracing mode
  -y           - use TinyInst tracing mode
  -Y           - enable the static instrumentation mode

Execution control settings:

  -f file       - location read by the fuzzed program (stdin)
  -m limit      - memory limit for the target process
  -p            - persist DynamoRIO cache across target process restarts
  -c cpu        - the CPU to run the fuzzed program

Fuzzing behavior settings:

  -d            - quick & dirty mode (skips deterministic steps)
  -n            - fuzz without instrumentation (dumb mode)
  -x dir        - optional fuzzer dictionary (see README)

Other stuff:

  -I msec       - timeout for process initialization and first run
  -T text       - text banner to show on the screen
  -M \ -S id   - distributed mode (see parallel_fuzzing.txt)
  -C            - crash exploration mode (the peruvian rabbit thing)
  -e            - expert mode to run WinAFL as a DynamoRIO tool
  -l path       - a path to user-defined DLL for custom test cases processing
  -V            - show version number and exit

Attach:

  -A module     - attach to the process that loaded the provided module