kAFL cov didn't work??

[5angjun]

The number of gui's edge and cov plot's edge matching failed.

I think there is an error in kafl cov functioning.
kafl cov -w work

Now, i'm trying to find root cause of this, i think that caused by PT range.

In kafl cov's qemu option is -device nyx,chardev=nyx_socket,workdir=/home/b/kAFL/kafl/examples/windows_x86_64/work_Process-1,worker_id=1337,bitmap_size=65536,input_buffer_size=131072,dump_pt_trace,ip0_a=0xfffff80025610000,ip0_b=0xfffff8002563f000

but the real range is 0xFFFFF8063DDA0000 0xFFFFF8063DDCF000 target.sys and libxdc decode failed.

[Wenzel]

Hi @5angjun

If I understand correctly, there is a mismatch between the range used kafl cov and the real range of your target.sys driver ?

kafl cov will start will reloading the Intel PT ranges, if they have been dumped by kafl fuzz previously:
https://github.com/IntelLabs/kafl.fuzzer/blob/master/kafl_fuzzer/coverage/__init__.py#L485
dumping config by kafl fuzz:
https://github.com/IntelLabs/kafl.fuzzer/blob/master/kafl_fuzzer/manager/core.py#L129

Do you have a minimal example i can repro and investigate ?

[5angjun]

yes, there is a mismatch in intelRange.

when booting the qemu with kafl cov,
the target.sys pt range will set below value by dump file.
ip0_a=0xfffff80025610000,ip0_b=0xfffff8002563f000

but after qemu is loaded , the target.sys's mapped different addresss.