Peach fuzzing with avpui.exe
-
<p><strong>Real system:</strong></p>
<p><strong>Windows 10 64-bit, Version 1803</strong></p>
<p><strong>KIS 20.0.0.454 de app + drv verifier enabled</strong></p>
<p><strong>Reproduction steps:</strong></p>
<p><span>Important is that Traces are enabled or it wont work!</span></p>
<p><span>When i hand a fuzzed dll file to avpui.exe with Peach Fuzzer ,with the start a process option, Peach logs an Illegal Instruction Violation starting at avpuimain!SoundPlayW+0x00000000000a013b.</span></p>
<p><span>KIS isnt effected because an extra process is started.</span></p>
<p><span>It works with any fuzzed dll and some other filetypes.</span></p>
<p><span>I attached the peach logs.</span></p>
<p><strong></strong></p>
<p><span></span></p> -
<p>@helios_07 hello! Can you create application dump and OS dump also? </p>
-
<p>@helios_07 hello! Can you create application dump and OS dump also? </p>
<p>@dmitriy-pisarets</p>
<p>Hi dmitriy,</p>
<p>I dont think i cant create a dump, i just use the graphical interface of peach to do that and the avpui process runs for about 2 sec only.</p>
<p>Thats the Peach Version i use :<a href="https://cloud.qainfo.ru/s/8mnuwKBQxiv4J8p" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/8mnuwKBQxiv4J8p</a></p>
<p>The gui PeachFuzzBang.exe</p>
<p>Under general, template file any dll, fuzzed file name fuzzed.dll, under debugger start a proces command line the path to avpui.exe fuzzed.dll.</p>
<p>Then start fuzzing, if everything works peach logs the violation as described aboth.</p>
<p>I hope those steps help to reproduce it at your end.</p> -
<p>KIS dump as requested: <a href="https://cloud.qainfo.ru/s/2eGOkCyCrlbJe6D" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/2eGOkCyCrlbJe6D</a></p>
<p>OS dump: <a href="https://cloud.qainfo.ru/s/5WvyeVjRYsqs4OQ" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/5WvyeVjRYsqs4OQ</a></p>