Dailydave mailing list archives
Re: Problems to solve
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 10 Aug 2006 11:34:21 -0700
Dave Aitel wrote:
One problem Immunity has is that invariably we're all working on different virtual machines - everyone at once trying to write one exploit. Each VM we work on has it's own DLL's and invariably mine are different from everyone else's. To solve this problem, I want to graph the DLL and then actually name every function based on that graph, instead of based on their memory address, which is changing on a per-DLL basis and therefor means nothing.
Just to be clear, you're talking about different dll versions, right? As in, not the same byte-for-byte DLL that happens to have loaded at a different address on a different machine? Otherwise, you could just use fixed offsets. I'm assuming that you're talking about the "same" dll on Win2K and XP. As far as I know, Halvar has done the best work on mapping similar-but-not-identical binaries. Halvar, you have a way to serialize the path to a particular function? BB _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Problems to solve, (continued)
- Re: Problems to solve Chris Eagle (Aug 10)
- Re: Problems to solve CIRT.DK (Aug 10)
- Re: Problems to solve Nicolas RUFF (Aug 14)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Nicolas RUFF (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve CIRT.DK (Aug 10)
- Re: Problems to solve Chris Eagle (Aug 10)
- Re: Problems to solve Blue Boar (Aug 14)