Comments (10)
from wtf.
I also seem to be having this exact issue. For a bit of background, I'm using WHV for the backend and took a snapshot using bdump.js in WinDBG preview on a HyperV VM with 4G ram and 1 core. Earlier I was having an issue where my memory dumps weren't being read in, but after further investigation I discovered it was due to this issue: #101 and I resolved it by adding code from https://github.com/hugsy/kdmp-parser/tree/new_type_support
The output and server exiting described by Flerov is exactly what I am experiencing. I did a virtual read of RIP at Init and InsertTestCase within my harness and they both returned the correct bytes. I should also mention that both of those functions are stripped down to the bare minimum, with Init only setting the end breakpoint and InsertTestCase not actually modifying the state of the program.
Any help would be greatly appreciated.
from wtf.
from wtf.
Hmmm I see. After copying the HEVD.cov file into my target directory I can see it's trying to apply coverage breakpoints now, so that is most likely the issue. I've tried to run gen_coveragefile_ida.py by loading it as a script in IDA but it's throwing an error at line 6392 "AttributeError: 'NoneType' object has no attribute 'Characteristics'". I couldn't really find any documentation for this script so I'm not sure if my setup is incorrect.
I'm running IDA Pro 7.5 with python3
from wtf.
The expected way to run this script is to open HEVD.sys
(for example) in IDA and then run the script via the File
/ run
menu. I also can't remember if I tested it out on the 7.5 version (which is getting old).
Cheers
from wtf.
Ok, that's the method I've been using to run it (while also having the correct IDB open). I know pretty much nothing about ida python API. Any pointers on what my issue may be? Exact stacktrace + error is:
error: Traceback (most recent call last):
File "", line 6416, in
File "", line 6392, in main
AttributeError: 'NoneType' object has no attribute 'Characteristics'
from wtf.
Hmmm, it seems like https://github.com/0vercl0k/wtf/blob/main/scripts/gen_coveragefile_ida.py#L6391 returns None
? The loop basically goes through every functions that IDA found, and then try to find PE section in which it belongs and it isn't finding any which I don't think I've run into.
Are you looking at some kind of special executable? Is this a user-mode application or kernel-mode?
You can also try to replace:
discardable = (sect.Characteristics & SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_DISCARDABLE']) != 0
by:
discardable = (sect is not None) and (sect.Characteristics & SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_DISCARDABLE']) != 0
And see if it does the trick!
Cheers
from wtf.
This worked! Coverage breakpoints were added successfully
Unrelated to this issue, is it possible to load coverage to a module that isn't loaded in the dump file used for the state? For example, say you breakpoint on a user-mode process and you know it will send an IOCTL that will later send input to a second user-mode process. If you wanted to track the coverage for both user-mode processes, how would you do this? I've noticed that loading coverage will fail if it can't find the base. I'm guessing this is because when you scope into a process using .Process it won't contain modules of other processes
from wtf.
from wtf.
Closing this thread as it seems the issues were addressed and there hasn't been any new activity :)
Cheers
from wtf.
Related Issues (20)
- std::abort is too annoying on Windows
- If --target is not specified and the current directory looks like a target, use it!
- fuzzing different cpu architectures HOT 1
- Handle timeout testcases better
- Translation of GVA 0x1cdbb0e2000 failed HOT 4
- Trace memory and directly manipulate memory HOT 4
- New Feature: Redqueen/cmplog implementation
- [Question] Memory for testcase HOT 4
- Return failed of InsertTestcase() in RunTestcaseAndRestore() HOT 8
- wtf: cabi/mem-cabi.cc:34: static bool BX_MEM_C::dbg_fetch_mem(BX_CPU_C*, bx_phy_address, unsigned int, Bit8u*): Assertion `false' failed. HOT 18
- wtf on multi-threaded program HOT 3
- socket fuzzing error
- During bochscpu simulation, data from the heap is not fetched correctly. HOT 2
- Cannot reproduce HEVD because of OpenDumpFile(state\mem.dmp) failed with hr=-0x7ff8ffa9 or nt!ExGenRandom's code has changed HOT 4
- Try to find a way to copy WinDbgX dbgeng's DLLs instead of legacy WinDbg HOT 5
- Inserting a test-case in the SetBreakpoint() routine HOT 3
- Revert to latest clang when libgold.so is part of llvm18-linker-tools
- Implement RIP traces for KVM
- Implement RIP traces for winhv
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wtf.