Re: Tool announce: user mode single stepping

[Jared DeMott <demottja () msu edu>]

> Hello,
> There is a small project named "umss", created in McAfee labs, which
> readers
> of this list may find interesting. It implements fast single stepping of
> Win32 binaries. It is ca 100x faster than WaitForDebugEvent() and 10x
> faster
> than in-process EXCEPTION_SINGLE_STEP trapping. Umss works by (kind of)
> disassembling the binary on-the-fly and placing logging hooks after each
> executed instruction (so, it does not use the TF flag). More information
> and
> the project source can be found at
> http://www.avertlabs.com/research/blog/?p=140
>
> RW
>
>   
Very cool.  How hard to you think it would be to port this technology to
PaiMei?  I know python is slow, but if it could be done the dependence
on a PIDA file (func/basic block granularity) could possibly be removed
for Code Coverage tracking.  This would not only save time preparing a
PIDA file for difficult binaries, but could give a better measure of
CC.  (I'm in the process of upgrading PaiMei to be remotely controlled
by GPF for evolutionary fuzzing and was talking with Pedram about this
very thing a couple weeks ago.)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave