Re: Tool announce: user mode single stepping

["Dave Korn" <dave.korn () artimi com>]

On 29 November 2006 18:26, Rafal_Wojtczuk () McAfee com wrote:

> Hello,
> There is a small project named "umss", created in McAfee labs, which
> readers
> of this list may find interesting. It implements fast single stepping of
> Win32 binaries. It is ca 100x faster than WaitForDebugEvent() and 10x
> faster
> than in-process EXCEPTION_SINGLE_STEP trapping. Umss works by (kind of)
> disassembling the binary on-the-fly and placing logging hooks after each
> executed instruction (so, it does not use the TF flag). More information
> and
> the project source can be found at
> http://www.avertlabs.com/research/blog/?p=140



  You're kind-of reinventing the gdb stub technique (as implemented on
platforms without a hardware single-step mode) here.

  Not that that invalidates anything you say, but it's a relevant comparison
and you may find it informative to browse some of the sample gdbstubs; your
blog post says umss is still a work-in-progress, so there might be useful
insights[*] to be had there.


    cheers,
      DaveK

[*] - Pun entirely accidental, but then again I didn't go to any great lengths
to excise it once I'd spotted it either...
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave