Dailydave mailing list archives
Re: VPC
From: Thierry Zoller <Thierry () Zoller lu>
Date: Fri, 22 Feb 2008 11:12:08 +0100
Dear Dave, DA> There's another one called CWSandbox that has a free web form you can DA> send exe's to. (They hook a bunch of things but I think you can escape DA> the hooking by calling system calls directly?) CWSandbox [1] uses Vmware (afaik) cws_[pid]_mutex cws_[pid]_event_data cws_[pid]_event_result cws_[pid]_mapping 290 hooked apis 10 hooked methods [1] http://pferrie.tripod.com/papers/attacks2.ppt -- http://secdev.zoller.lu Thierry Zoller _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave