Dailydave mailing list archives
Re: Problems to solve
From: "Ferguson, Justin (IARC)" <FergusonJ () nv doe gov>
Date: Thu, 10 Aug 2006 13:43:23 -0700
I believe Pedram has on his website (openrce) a database of win32 call chains, I don't think its exactly what you're looking for Dave, but possibly close? http://openrce.org/reference_library/win32_call_chains It also has a couple scripts there for generating the call chains. Best Regards, Justin Ferguson Reverse Engineer NNSA IARC 702.942.2539 "It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." -- Sir Arthur Conan Doyle
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Blue Boar Sent: Thursday, August 10, 2006 11:34 AM To: Dave Aitel Cc: dailydave Subject: Re: [Dailydave] Problems to solve Dave Aitel wrote:One problem Immunity has is that invariably we're all working on different virtual machines - everyone at once trying to write one exploit. Each VM we work on has it's own DLL's andinvariably mine aredifferent from everyone else's. To solve this problem, Iwant to graphthe DLL and then actually name every function based on that graph, instead of based on their memory address, which is changing on a per-DLL basis and therefor means nothing.Just to be clear, you're talking about different dll versions, right? As in, not the same byte-for-byte DLL that happens to have loaded at a different address on a different machine? Otherwise, you could just use fixed offsets. I'm assuming that you're talking about the "same" dll on Win2K and XP. As far as I know, Halvar has done the best work on mapping similar-but-not-identical binaries. Halvar, you have a way to serialize the path to a particular function? BB _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Problems to solve, (continued)
- Re: Problems to solve CIRT.DK (Aug 10)
- Re: Problems to solve Nicolas RUFF (Aug 14)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Nicolas RUFF (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve Matt Oh (Aug 15)
- Re: Problems to solve CIRT.DK (Aug 10)
- Re: Problems to solve Blue Boar (Aug 14)