i'm learning to fuzz right now and i thought app 7 would be nice to start with, since you can fuzz a certain variable in that mission to get an encrypted text.
now phyton and pydbg seem like a good way. people often recommend it, since you can throw together a little script for each individual problem. i also have several ebooks on fuzzing (so far i've read one) and understand assembler using IDA pro.
so if you're still reading, to my problem:
i have my bp adresses (0x004014C0 snapshot, 0x004010E0 rewrite, 0x004011AD restore) now there's no need to look it up, those values are correct and it has been done before.
but when i use my script it either doesn't restore the snapshot correctly and stops working (that is when i attached it to a process) or it crashed with an access violation (which i don't want to see, i want to get to the end where it sais "Congratulations"). This happens when i start the .exe directly from python.
I also tried out inMemoryFuzzer.py but i can't get it to mutate EBP - 1C (just ESP-x) is allowed. so i tried some random esp var and it works... it's just not what i'm looking for.
oh yea system: win 7, python 2.6, paimei's pydbg
any ideas what i'm doing wrong?
i understand this is a very specific question. what i'm looking for is similar experience, any way to get ESP-x from EBP-1C, some reasons why access violations usually happen, where to look in such a case etc.
I'd appreciate any comments on this.
Thanks.
-- Sun Jun 05, 2011 5:33 am --
and is there a way i can change my name? i don't know, probably i was high when i registered.
