External programs

The one of the main purposes of GUI is to manage the external Peach program.

The external Peach program has to carry out the recording and the fuzzing phases.

There are also other external programs, which are start from GUI - a text editor and a debugger. Path to both programs can be set in the Preferences Dialog. (Preferences dialog)

Two types of Peach processes can be started from GUI - a agent process and a server process.

The Agent process is a wrapper around client/server programs. It listens on a specified port and is responsible for managing the application process. It is not recommended to stop these processes during the fuzzing/recording phase. Sometimes may happen that these processes have to be killed manually. It is quite annoying, because these processes block the ports on which they communicate.

The Peach process represents the main fuzzing/recording process. Its parameters and life cycle are quite complex. To provide some basic informations and to influence the process life cycle a special UDP communicator was added into the Peach and GUI. A special UDP communicator was added into Peach and GUI. GUI can query for some basic informations and influence the life cycle of the Peach process through the communicator.

Peach communicator


Peach is considered to be a server process. It listens on a specified port (default 12559). GUI connects to the Peach process port in a separate thread.

A basic GUI requests are:
Pause Peach - A GUI thread sends a pause signal, waits for the answer and changes the state of the Pause button (udpcommunicator::communicatorPauseThread)
UnPause Peach - A GUI thread sends an unpause signal, waits for the answer and changes the state of the Pause button (udpcommunicator::communicatorUnPauseThread)
Register iteration - A GUI thread sends a registration signal to Peach. Peach sends a packet with a iteration number and a crash indicator at the beginning of each iteration. (udpcommunicator::communicatorIterationThread)
Kill Peach - A GUI thread sends this signal to force the Peach process to quit. It does not wait for a return value. GUI started the Peach process and can find out when exactly the process ended. (udpcommunicator::communicatorKillThread)

Staring Peach

The Peach starts from GUI using the Start button in the Peach part of the fuzzing and recording tab. GUI uses a lot of command line parameters (e.g. a communicator port, a debug level, etc.). The most significant of those parameters is the path to the fuzzing or recording XML. GUI stores its current state into the fuzzing or recording XML in the tmp direcotory before it starts Peach. The path to this XML is passed as a command line parameter (it is the most significant parameter on the command line, because the XML contains all fuzzing/recording related things). The complete list of the command line parameters is written to the Status Bar and into standard application output. (window.Window.fuzzingPeachStart, window.Window.recordingPeachStart)

The dialogs also contain the Start All button. This button starts agents, waits until they start to listen on the specified ports and then starts the Peach program. A special class was designed to perform the waiting operation. (testport.portWaiterThread) This waiting operation can be canceled at any time by pressing the Escape key. (window.Window.fuzzingStartAll, window.Window.recordingStartAll)

Stopping Peach

Stopping the Peach process at any time might be a problem. The Peach process has to stop the client/server programs first. So GUI does not kill the Peach process after hitting the Stop button. It only sends a kill signal through the communicator. (Peach communicator) This operation might not be always successful (e.g. when Peach is not listening on the selected port yet). After the process stops, some cleaning actions are performed. (window::Window::recordingPeachProcessClean, window::Window::fuzzingPeachProcessClean)

This approach brings more problems to the Stop All button implementation. It has to terminate Peach first. After Peach is successfully terminated, it can terminate both agents. So it sends a kill signal to Peach and then waits 10 seconds for Peach to exit. If Peach exits within the timeout, no harm is done and both agents are correctly terminated. However when the timeout occurs, it kills Peach instantly. This may cause that the client/server applications still occupy their ports. # (window::Window::fuzzingStopAll, window.Window.recordingStopAll)

Generated on Sun Sep 5 12:41:36 2010 for HotFuzz by  doxygen 1.5.8