Dailydave mailing list archives
Re: Tool announce: user mode single stepping
From: Jared DeMott <demottja () msu edu>
Date: Wed, 29 Nov 2006 15:44:33 -0500
Hello, There is a small project named "umss", created in McAfee labs, which readers of this list may find interesting. It implements fast single stepping of Win32 binaries. It is ca 100x faster than WaitForDebugEvent() and 10x faster than in-process EXCEPTION_SINGLE_STEP trapping. Umss works by (kind of) disassembling the binary on-the-fly and placing logging hooks after each executed instruction (so, it does not use the TF flag). More information and the project source can be found at http://www.avertlabs.com/research/blog/?p=140 RW
Very cool. How hard to you think it would be to port this technology to PaiMei? I know python is slow, but if it could be done the dependence on a PIDA file (func/basic block granularity) could possibly be removed for Code Coverage tracking. This would not only save time preparing a PIDA file for difficult binaries, but could give a better measure of CC. (I'm in the process of upgrading PaiMei to be remotely controlled by GPF for evolutionary fuzzing and was talking with Pedram about this very thing a couple weeks ago.) _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Tool announce: user mode single stepping Rafal_Wojtczuk (Nov 29)
- Re: Tool announce: user mode single stepping Jared DeMott (Nov 29)
- Re: Tool announce: user mode single stepping Dave Korn (Nov 29)
- Re: Tool announce: user mode single stepping Thomas Ptacek (Nov 29)
- Re: Tool announce: user mode single stepping Matt Conover (Nov 29)
- Re: Tool announce: user mode single stepping Thomas Ptacek (Nov 29)
- <Possible follow-ups>
- Re: Tool announce: user mode single stepping Rafal_Wojtczuk (Nov 30)
- Re: Tool announce: user mode single stepping Matt Conover (Nov 30)