1

I am running the Sulley fuzzing tool, which uses pydbg to debug the target process. The pydbg threads are spawned in the process_monitor.py module of the Sulley environment. My problem is that when a test case (malformed packet) causes the process to crash, the debugger thread continues to run, and the following test case triggers an access violation.,This is then sent to the session module saying the wrong packet, the second test case caused the access violation. I am trying to print the log information from pydbg to debug exactly what is happeneing, but nothing I do seems to be working. Obviously since this a thread it has no console to print to, so I've tried many different methods of writing to a file. Even a very straight forward logFile = open('C:\sulley_build\sulley\logFile.txt', 'w') logFile.write("test") won't create a file at that location. I know the pydbg thread is spawned, yet even putting that code in the _init__ function does nothing. Help?

Stephen McKeon
  • 31
  • 4

1 Answers1

1

It's been a while since I've worked with the process monitor, but here's my advice:

  1. Sulley had several procmon bugs when I used it. I submitted two patches here:

    These bug fixes may be related to your issue (hard to tell with Sulley's architecture). I would give them a try. The fixes are already applied on my fork, or you can manually apply them in your own fork.

  2. It sounds like the procmon is not reporting the crash properly. I distinctly remember this issue, but can't recall if the fixes mentioned above resolve it. If you do try to get it working, the key method is ProcessMonitorPedrpcServer.post_send.

  3. If you want to report more crash details, try writing them into self.last_synopsis. See ProcessMonitorPedrpcServer.get_crash_synopsis.

Happy fuzzing!

jtpereyda
  • 6,987
  • 10
  • 51
  • 80