Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PROGRAM ABORT : No instrumentation detected - but ran config-run.sh #11

Open
vanhauser-thc opened this issue Jan 26, 2019 · 2 comments
Open
Labels
enhancement New feature or request

Comments

@vanhauser-thc
Copy link
Contributor

Kernel: 4.19.0-kali1-amd64
CPU: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz

I ran config-run.sh and confirmed module msr is loaded.

Then when I try to start fuzzer:

# python ./bin/ptfuzzer.py "-i /tmp/in -o /tmp/out" "/usr/bin/unrar p -inul " 
config MEM_LIMIT to 200
binary type is  executable
Program base by cle:  0x400000
Program entry by cle:  0x403750
reading .text code...
sudo ./bin/afl-ptfuzz -r .unrar-nonfree.text -m 200 -l 4208464 -h 4470928 -e 4208464 -i /tmp/in -o /tmp/out2 /usr/bin/unrar p -inul  @@
afl-fuzz 2.52b by <[email protected]>
raw_bin: .unrar-nonfree.text
min_addr: 4208464
max_addr: 4470928
entry_point: 4208464
init pt fuzzer.
start to disassmble binary...
build_cofi_map, total number of cofi instructions: 11324
cofi map complete percentage: 100%
[+] You have 4 CPU cores and 2 runnable tasks (utilization: 50%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Checking CPU scaling governor...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning '/tmp/in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:test.rar'...
Run ptfuzzer with TIP_MODE
Using perf AUX buffer size: 32 MB.

[-] PROGRAM ABORT : No instrumentation detected
         Location : perform_dry_run(), /prg/tmp/ptfuzzer/afl-pt/afl-ptfuzz.c:2943

from the source location the issue seems to be that no tracebits are in the map.

Can someone help me what the issue is?

@vanhauser-thc
Copy link
Contributor Author

vanhauser-thc commented Jan 29, 2019

OK I found the cause:

recent Linux kernel changes added page table isolation. because of these, intel_pt doesnt work process specific out of the box anymore.

Solution: boot the kernel with "nopti"

I leave the issue open so there is awareness.

The README should be updated.

@zhanggenex
Copy link
Member

@vanhauser-thc
Thanks for your information!

@zhanggenex zhanggenex added the enhancement New feature or request label Apr 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants