Various scripts and programs that support my Windows CE 4.2/6.0 exploit development and fuzzing efforts
Current Bugs:
Windows Media Player 10 for Pocket PC
- Buffer overflow caused by a malformed ASX playlist file
- DOS, pursuing RCE
Current Files:
HarnessHandler.cpp
- A harness to facilitate the remote fuzzing of Windows CE 4.2 programs using Peach Community Edition
- Facilitates hook/injection based file format fuzzing
- Acts as both the remote file recipient and remote monitor for Peach fuzzer
- Can easily be adapted to other network based fuzzers
ImageFuzz.cpp
- An example of the harness described in HarnessHAndler.cpp
- Puts thread into kernel mode and fuzzes LoadKernelLibrary function
HarnessAgentExample.xml
- Example Peach fuzzer description that works with the harness
- Current state model based off of ImageFuzz.cpp
DebugTest.cpp
- Example of debugging a process, waiting a few seconds for a crash, and terminating the process
KeyPressTest.cpp
- Tests the ability to click a link in an Internet Explorer window generated by the program
html3.xml
- A basic HTML template for peach fuzzer
- Based off of example.com
- Now includes updated strategies and timeouts
ExampleDbgFuzz.cpp
- An example of a fault detecting fuzzer for remote processes
- Keypress code removed to uncomplicate example
Windowsmediapl.cpp
- Successfully found DOS vulnerability in Windows Media Player 10 for Pocket PC
- Based off of ExampleDbgFuzz.cpp
- Will be utilized more in future to find more WMP based bugs
WMPTest.cpp
- Tested DOS bug in Windows Media Player 10 for Pocket PC 2003
asx.xml
- ASX file fuzzer description file for Peach Fuzzer
- Tests one element at a time, important for manual crash minimization
WMP10PPCPOC.py
- Generates the POC file for the WMP Buffer Overflow DOS exploit