Flinkd!

fuzzing, reverse engineering, exploit development, pure gibberish

  • Home
  • Projects
    • Advisories
    • Exploits
    • Code
    • Peach Pits
      • ZIP File Format
      • RAR File Format
      • ASF File Format
      • AVI File Format
      • MOV/MP4 File Format
      • CAB File Format
    • Research
  • About
30
Nov/11

Fuzzing with Peach – Part 2 (Fixups)

by pyoor under Fuzzing
file format, fixup, fuzzer, peach, rar, tutorial

3 Comments for this entry

  • Mo
    July 24th, 2012 on 11:06 am

    I’m orking with this Peach Pit file. File is parsed without errors, but when I try to run the file, the local agent window says:

    ] Peach 2.3.9 DEV Runtime
    ] Copyright (c) Michael Eddington

    ] Peach Agent

    //-> Listening on [9000] with no password

    Agent: clientHello()
    Agent: Session ID: 084a2ce1-d57e-11e1-b115-e839355f54fa
    Agent: clientHello() all done
    Agent: startMonitor(Named_64)
    code: debugger.WindowsDebugEngine(msg.params)
    WindowsDebugEngine::__init__()
    Agent: Sending Ack
    Agent: startMonitor(Named_67)
    code: process.PageHeap(msg.params)
    Warning: pageheap.exe is running inside WOW64.
    This scenario can be used to test x86 binaries (running inside WOW64)
    but not native (IA64) binaries.

    Error: Cannot open image registry key for winrar.exe
    Agent: Sending Ack
    Agent: onTestStarting()
    _StopDebugger() – force: False
    Agent: onPublisherCall(): ScoobySnacks
    WindowsDebugEngineProcess_run
    Process Process-1:
    Traceback (most recent call last):
    File “C:\Python27\lib\multiprocessing\process.py”, line 258, in _bootstrap
    self.run()
    File “C:\Python27\lib\multiprocessing\process.py”, line 114, in run
    self._target(*self._args, **self._kwargs)
    File “C:\Peach2.3\Peach\Agent\debugger.py”, line 364, in WindowsDebugEnginePro
    cess_run
    dbg_eng_dll_path = WinDbg)
    File “C:\Python27\lib\site-packages\PyDbgEng\ProcessCreator.py”, line 30, in _
    _init__
    self.idebug_client.CreateProcess(Server=UserModeSession.NO_PROCESS_SERVER, C
    ommandLine = command_line, CreateFlags = creation_flags)
    COMError: (-2147024846, ‘Beg\xe4ran st\xf6ds inte.’, (None, None, None, 0, None)
    )

    • pyoor
      July 24th, 2012 on 3:43 pm

      I typically don’t fuzz on x64 so not sure if it’s something specific to that archtecture that could be causing your issue. The only thing I can recommend is verifying that CommandLine parameter in your publisher. If you’re still not having any luck, your best bet would be to ask on the Peach Fuzzer Google Groups page.

      • dragonltx
        October 11th, 2012 on 3:12 am

        hi pyoor,can you leave your email adrress?I have read your tutorials,and have some questions!I want to discuss with you via email!

RSS feed for this post (comments)
  • Categories

    • Android
    • App-Sec
    • Burp
    • Exploits
    • Fuzzing
    • iOS
    • Metasploit
    • Uncategorized
  • Blogroll

    • 0Entropy
    • Corelan Team
    • Nullthreat Security
    • Phed
  • Copyright © 1996-2010 Flinkd!. All rights reserved.
    iDream theme by Templates Next | Powered by WordPress