Dailydave mailing list archives

Re: VPC

From: Thierry Zoller <Thierry () Zoller lu>
Date: Fri, 22 Feb 2008 11:12:08 +0100

Dear Dave,
DA> There's another one called CWSandbox that has a free web form you can
DA> send exe's to. (They hook a bunch of things but I think you can escape
DA> the hooking by calling system calls directly?)
CWSandbox [1] uses Vmware (afaik)
cws_[pid]_mutex
cws_[pid]_event_data 
cws_[pid]_event_result 
cws_[pid]_mapping
290 hooked apis
10 hooked methods


[1]
http://pferrie.tripod.com/papers/attacks2.ppt

-- 
http://secdev.zoller.lu
Thierry Zoller

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: VPC, (continued)
- - - Re: VPC Thierry Zoller (Feb 23)
    - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC dan (Feb 25)
    - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC Kurt Baumgartner (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
- Re: VPC Thorsten Holz (Feb 21)
  - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
  - Re: VPC Halvar Flake (Feb 27)
- Re: VPC Thierry Zoller (Feb 22)
- Re: VPC Alexander Sotirov (Feb 24)
- Re: VPC Anthony Lineberry (Feb 28)
  - Re: VPC Matt Richard (Feb 29)
    - Re: VPC Jon Oberheide (Feb 29)
    - Re: VPC Andrew R. Reiter (Mar 03)
- Re: VPC Thierry Zoller (Feb 23)
  - Re: VPC Tyler (Feb 23)
    - Re: VPC J.M. Seitz (Feb 24)
    - Re: VPC Jared DeMott (Feb 25)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Feb 29)

(Thread continues...)