On Python, Ruby and dangling handlers

Last time we saw how to build a fuzzing engine with Python and vtrace. Unfortunately the implementation I presented in that post generated certain issues once a decent amount of iterations were completed. Apparently Python doesn't like simultaneous thread's launching and finishing every 5 seconds. Analysis with Process Explorershowed that although past threads aren't used anymore the garbage collector fails coping with them. This ultimately lead to handle exhaustion (+10000 danglingthread+file handles) and subsequent fuzzer crash. A change in the approach failed as well. In this case the second tree architecture tested looked like so:

• Main fuzz controller
  • Iteration monitor
    • Debuggee

Making extensive use of the subprocessmodule in this case led to the same result, the only difference in this case is that process handles get leaked instead of thread handles. Somebody might shed more light on this but looks more like a Python garbage collector issue than anything else. Annoyed by this apparent fact, we move onto the next section. #### Fuzzing engine with Ruby and Ragweed This seemed like a nice chance to get a good grasp of Ruby and it's low-level foo capabilities. Looking for a already proven programmatic debugging choices are few; ragweedseems like the most mature decision. I'm not going to extend myself much on how to get a hand of the tool but I'll point a few steps:

1. Download the latest package from the FFI branch (0.2.0.pre2 right now).
2. Install any ruby release from the 1.8 branch.
3. Install dependencies (CMD.exe commands):

• gem install rake
• cd tduehr-ragweed/
• gem build ragweed.gemspec
• gem install ragweedXXXXX.gem

And that's about it. In this incarnation of the fuzzing engine I followed a slightly different approach to the one described in the beginning:

• Main fuzz controller
  • Debuggee
  • Iteration Monitor

It's worth mentioning that both the debuggeeand the iteration monitor are launched as full-fledged processes. The code that accompanies this post is still fairly dirty and definitely not polished, but it works and does NOT leave dangling handlers messing around with OS resources. Also, note that the code is essentially a file fuzzer that lacks certain (albeit fundamental) features like sample logging and so on. This lacking features might make it as a future release Egurra, who knows... :-) To make the PoC code work you'll need to satisfy a couple more of dependencies, namely:

• win32-process from Win32Utils.
• sys-proctable from Sys Utils.

References:

• ragweed on github.
• ruby fuzzing engine.