I'm trying to learn up on the topic of fuzzing, i'm using vmware workstation for the backtrack 3 & unpatched xp sp1 box. What i'm trying to do is the ultravnc 1.0.1 buffer overflow & the realvnc 3.3.7 buffer overflow. Basically when i set up the exploit on backtrack and then attempt to connect to it from the xp box all that happens is the program crashes in both cases (ultra & real). I attempted to look at the crash in olly debug but to little avail. What i would like to do is to recreate the crash manually, find a place for shellcode, and tell the program to jump to the shellcode. I appreciate any help that your willing to give. I'm basically just trying to recreate the buffer overflow to better understand how it all works. Thanks again for all your help.