Update Windows target and others

Question

Update Windows target and others

fuzzah opened this issue 3 years ago · 7 comments

Hi. I wish to contribute.
What needs to be done in order to migrate targets from kafl_user.h to nyx_api.h? I'm most interested in the Windows target.
I guess I would also need to read some additional info on the topic (kAFL, QEMU, snapshot fuzzing etc.). Any recommendations for that?

Answer 1 · 2022-03-10T10:12:50.000Z

Hi, welcome!

For an overview on the tool, I think the original kAFL paper and more recent Nyx paper are probably the best intro.
https://nyx-fuzz.com/papers/ => kAFL Feedback Fuzzer and Nyx Greybox Hypervisor Fuzzer.

If you ignore the Hypervisor and structure-aware fuzzer part in the Nyx paper, it basically shows an extension of kAFL with fast snapshots (and other capabilities merged in the code base as well).

Migrating to the new interface is not difficult. Here is my change for the Zephyr sample: IntelLabs/kafl.targets@6cece87

include new nyx_api.h
query host_config and set agent_config as part of fuzzer handshake.
start fuzzing loop

The config query/set hypercalls are now required. The various new options are not tested at all, I basically just set it up for PT tracing + validate the payload buffer size expected by fuzzer frontend.

Answer 2 · 2022-05-24T20:22:45.000Z

Someone did the hard work, would be great to cleanup and integrate: https://github.com/Kharos102/kafl.targets

Answer 3 · 2023-06-12T17:03:45.000Z

Hello @Kharos102, i'm trying to integrate the work you did on fixing the Windows targets for kAFL.

I have a WIP branch here:
https://github.com/Wenzel/kafl.targets/tree/fix_windows

I'm stuck at trying to find the right environment and cl.exe command line to compile the Driver.c

I'm working with a Windows 10, Visual studio 2017 SDK and MSVC compiler is installed + WDK (10.0.17763.0)
Basically what i'm doing right now:

C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\BuildTools\\VC\\Auxiliary\\Build\\vcvars64.bat
# append env vars with WDK Include and Lib dirs
# include: C:\\Program Files (x86)\\Windows Kits\\10\\include\\10.0.17763.0\\km
# lib: C:\\Program Files (x86)\\Windows Kits\\10\\Lib\\10.0.17763.0\\km\\x64
cl Driver.c <cl_options>

I know it's been a long time, but if you recall how you approached it, it would help.
Thanks !

Answer 4 · 2023-06-12T21:27:06.000Z

Hey!

Pretty sure I just create a new project in Visual Studio based on the empty WDM project template, then replace the main .c code with the Driver.c code, don't usually compile it via cl directly.

Answer 5 · 2023-06-14T12:33:45.000Z

Hey @Kharos102

I managed to compile it with cl.exe, but I will update that later on with a real VS project and use msbuild, that's more convenient

Thanks !

Answer 6 · 2023-06-28T16:20:47.000Z

A PR has been that should fix this issue:
IntelLabs/kafl.targets#21

Answer 7 · 2023-07-19T12:51:40.000Z

Closed with https://github.com/IntelLabs/kAFL/releases/tag/v0.7