Manul ignores dbi=dynamorio in config file on Windows.

[wes-sleeman]

Continuation from #28. Config file below for reference.

#   Manul - configuration file
#   -------------------------------------
#   Maksim Shudrak <mshudrak@salesforce.com> <mxmssh@gmail.com>
#
#   Copyright 2019 Salesforce.com, inc. All rights reserved.
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at:
#     http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

# Manul config file
# Format: <option_name> = <value>
# -----------------

# absolute path to dictionary with usefull tokens
#dict = dictionaries/test.dict

# Mutator weights (should be 10 in total). Use my_mutator:x,my_mutator_2:x to define and use your own
# custom mutator (should be 10 in total). Specify 0 to disable certain mutators. Weights basically are
# used to tell manul how many mutations per 10 executions should be performed by certain fuzzer.
# example afl:5,radamsa:2,my_awesome_fuzzer:3
# afl will be used to mutate 5 out of 10 cases, 2 out of 10 for radamsa and 3 out of 10 for my_awesome_fuzzer
# Your custom mutator's main file should be located in the same folder as manul.py.
# Two default mutators should always be defined (afl, radamsa)
mutator_weights=afl:10,radamsa:0
#mutator_weights=afl:6,radamsa:0,example_mutator:4

# Use determenistic seed for test cases generation (only radamsa option).
determenistic_seed = False

# Print fuzzing summary per thread instead of total summary
print_per_thread = False

# disable volatile bytes suppression algorithm
#disable_volatile_bytes = True

# Choose DBI framework to provide coverage back to Manul ("dynamorio" or "pin"). Example dbi = dynamorio
dbi = dynamorio
# If dbi param is not None the path to dbi engine launcher and dbi client should be specified.
dbi_root = C:\Users\Wes\source\repos\AutoFuzz\AutoFuzz\bin\Debug\netcoreapp3.0\manul\DynamoRIO-Windows-7.0.0-RC1\bin64\drrun.exe
dbi_client_root = C:\Users\Wes\source\repos\AutoFuzz\AutoFuzz\bin\Debug\netcoreapp3.0\manul\manul\win\dbi_64\binafl.dll
dbi_client_libs = None

# Timeout for target binary
timeout = 10

# net_config_master and net_config_slave below are used to share manul instances over network. 
# Path to network configuration file with a list of IP:port slave addresses. Specified for master instance.
net_config_master = None

# IP and port to listen for connections from master (e.g. net_config_slave = 0.0.0.0:1337)
net_config_slave = None

# Run in debug mode, print details in console
debug = False

# Print Manul ASCII logo at the beginning
manul_logo = False

# Disable stats saving in the manul working dir
#no_stats = True

# Save debug messages to log files (one per thread)
logging_enable = False

# Bitmap sync frequency (5000 recommended for DBI mode)
sync_freq = 10000

# Custom path to save input file
#custom_path = test_path

# Command line fuzzing (experimental)
#cmd_fuzzing = True

# define signals to be ignored by manul
user_signals = 6

# Network fuzzing. Target IP address
#target_ip_port = 127.0.0.1:7715
# tcp | udp
#target_protocol = tcp
# wait time before actually start sending test cases in the socket
#net_init_wait = 1
# wait time between test cases
#net_sleep_between_cases = 0.0

[wes-sleeman]

--debug shows that Manul is trying to run drrun. Running the DynamoRIO command as provided returns 0xC0000005 with no output.

[mxmssh]

0xC0000005 is usually access is denied. Could you try to run it with admin privileges?

[wes-sleeman]

Ran in an Admin CMD, same issue.

[wes-sleeman]

Can you check to make sure nothing in the client lib is causing it? I don't know enough C (or DynamoRIO) to effectively check it. If it isn't a problem in the client lib, I'll file an issue against the DynamoRIO repo.

[mxmssh]

Well, it works fine in my environment. Again, the easiest solution to check that is to run drrun with some other client from samples folder in DynamoRIO.

[wes-sleeman]

The other sample clients have the same problem. Older versions of Windows don't seem to like it either.