Project

General

Profile

ENG frm #5873

Peach fuzzing with avpui.exe

Added by Forum Synchronizer 9 months ago. Updated 4 months ago.

Status:
Fixed
Priority:
2
Assignee:
-
Target version:
β-tester:
Helios_07
Product:
KIS
Language:
de-DE
OS:
Win 10, x64
Fixed in:
20.0.8.895

#1 Updated by Forum Synchronizer 7 months ago

Dmitriy.Pisarets:
<p>@helios_07 hello! Can you  create application dump and OS dump also? </p>

#2 Updated by Forum Synchronizer 7 months ago

Helios_07:
<p>@dmitriy-pisarets</p>
<p>Hi dmitriy,</p>
<p>I dont think i cant create a dump, i just use the graphical interface of peach to do that and the avpui process runs for about 2 sec only.</p>
<p>Thats the Peach Version i use :<a href="https://cloud.qainfo.ru/s/8mnuwKBQxiv4J8p" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/8mnuwKBQxiv4J8p&lt;/a&gt;&lt;/p>
<p>The gui PeachFuzzBang.exe</p>
<p>Under general, template file any dll, fuzzed file name fuzzed.dll, under debugger start a proces command line the path to avpui.exe fuzzed.dll.</p>
<p>Then start fuzzing, if everything works peach logs the violation as described aboth.</p>
<p>I hope those steps help to reproduce it at your end.</p>

#3 Updated by Forum Synchronizer 7 months ago

Helios_07:
<p>KIS dump as requested: <a href="https://cloud.qainfo.ru/s/2eGOkCyCrlbJe6D" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/2eGOkCyCrlbJe6D&lt;/a&gt;&lt;/p>
<p>OS dump: working on it</p>

#4 Updated by Forum Synchronizer 7 months ago

<p>KIS dump as requested: <a href="https://cloud.qainfo.ru/s/2eGOkCyCrlbJe6D" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/2eGOkCyCrlbJe6D&lt;/a&gt;&lt;/p>
<p>OS dump: <a href="https://cloud.qainfo.ru/s/5WvyeVjRYsqs4OQ" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/5WvyeVjRYsqs4OQ&lt;/a&gt;&lt;/p>


Description

<p><strong>Real system:</strong></p>
<p><strong>Windows 10 64-bit, Version 1803</strong></p>
<p><strong>KIS 20.0.0.454 de app + drv verifier enabled</strong></p>
<p><strong>Reproduction steps:</strong></p>
<p><span>Important is that Traces are enabled or it wont work!</span></p>
<p><span>When i hand a fuzzed dll file to avpui.exe with Peach Fuzzer ,with the start a process option, Peach logs an Illegal Instruction Violation starting at avpuimain!SoundPlayW+0x00000000000a013b.</span></p>
<p><span>KIS isnt effected because an extra process is started.</span></p>
<p><span>It works with any fuzzed dll and some other filetypes.</span></p>
<p><span>I attached the peach logs.</span></p>
<p><strong></strong></p>
<p><span></span></p>

Also available in: Atom PDF