win_fuzz_note

编译dynamorio x86/x64

编译的时候将告警转换为报错的取消:在Makefile搜索/WX改成/WX-

编译winafl

编译时候因为cmake限制报错,修改cmake版本最小需要即可,比如:

1
cmake_minimum_required(VERSION 3.5)

测试

测试代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#define _CRT_SECURE_NO_WARNINGS

#include <stdio.h>
#include <windows.h>


int main(int argc, char* argv[])
{
    char tmp[30];
    char buff[1024];
    FILE* fp;
    printf("stack overflow demo.\n");
    if (argc >= 2)
    {
        fp = fopen(argv[1], "rb");
        if (fp == NULL)
        {
            printf("can not load file!\n");
            return 1;
        }
        fgets(buff, 1024, fp);    //读取文件内容
        fclose(fp);
        strcpy(tmp, buff);        //存在栈溢出漏洞
        printf("%s\n", tmp);
        return 1;
    }
    return 0;
}//test1.exe