[fuzzing] Fuzzing a Windows PE Application

[Jared DeMott]

> Problem A:
>
> How 'd I frame my input strings (only strings are considered valid,
> program wont accept numeric or negative values).
>
> I have coded a perl script wherein I gave the strings (incremental
> with each successive steps of iteration as discussed on the list
> earlier in many posts) and tried it on the application but it always
> gave me the following message
>
> "unknown command/ option please use help for list of commands."
>
> Should I consider that this application is safely coded and can't be
> fuzzed?
I doubt it.  Consider the format of the strings.  Are there special
characters ( like [, {, `, ~, !, @, #, $, %, ^, &, *, (, etc.) it will
accept?  Consider building or mutating some strings that play games with
those.  For example, a strait long string might not find an overflow,
but I've seen plenty of case where something like cmd option [long sub
option], etc might find one...  Think of this one phrase: deliver
semi-valid data.
>
>
> Problem B:
>
> (I'm a new bie) What
> would I achive if I disturb the format of the app binary like many fuzz tools do?
>
umm...not sure what you mean here.  fuzzers don't fuzz the actual target
executable, they fuzz data that is consumed by the target executable. 
An important thing to remember, make sure you already know what you'll
see if a failure does occur.
>
> Is there any tool that can help me out, most of the tools (except file
> fuzz) are written for protocol fuzzng and not of console application
> fuzzing.
Should be too hard too adapt or write a tool to deliver data to a local
front end.  In fact, if you want to get weird proxy's that convert from
network fuzzers to local applications can be written.  This is
particularly useful in gray-box fuzzing when a debugger that monitors CC
or something is already working for a network fuzzer.

Good luck!
Jared
>
> I have gone through the archive of the list from the April 2006 but
> was unable to find anything that fits my specific purpose
>