From a3392baaaa0faf51eb217d9859a6a517987fafc7 Mon Sep 17 00:00:00 2001 From: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Date: Fri, 21 May 2021 21:58:08 +0200 Subject: Added documentation for wine LoadLibrary workaround (#933) --- qemu_mode/README.wine.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 qemu_mode/README.wine.md (limited to 'qemu_mode') diff --git a/qemu_mode/README.wine.md b/qemu_mode/README.wine.md new file mode 100644 index 00000000..567901cd --- /dev/null +++ b/qemu_mode/README.wine.md @@ -0,0 +1,21 @@ +# How to troubleshoot AFL++'s wine mode + +## 1) Debugging +To turn on wine debugging use the `WINEDEBUG` environment variable, +e.g. `WINEDEBUG=+timestamp,+tid,+loaddll`. + +## 2) LoadLibraryA workaround +The forked process fails to load libraries loaded via `LoadLibrary` +if the load happens after the entry point (error code: 87). To resolve +this issue, one needs to load any external libraries before the fork happens. + +An early DLL load can be achieved by adding the DLL name into the `Import Directory` +in the PE file. Such an entry can be added manually in any PE editor. + +Alternativly, one can generate a `.lib` file from the DLL exports and link +them together with the harness to create an entry in the `Import Directory`. +Use `dumpbin /exports .dll` to extract the exports and paste the +exported function names into a `.def` file. Use `lib /def: /OUT:` +to generate a `.lib` and add the library to the linker options. Once the usage of +an export is detected (`__declspec(dllimport)`), the +linker adds the early DLL load. \ No newline at end of file -- cgit 1.4.1