Re: PocketPC exploitation

[Nicolas RUFF <nicolas.ruff () gmail com>]

> i would like to know if some of you have experience with exploitation of
> PocketPCs and could give me some ways and tools (debugger...).
> since some vulns come ( http://www.securityfocus.com/bid/13807 )
> I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded),
> so a "download and execute"-like shellcode could be amazing...

Pointers to begin with :

- Microsoft Embedded Visual C++, with on-target debugging :
http://www.microsoft.com/downloads/details.aspx?FamilyID=1dacdb3d-50d1-41b2-a107-fa75ae960856&displaylang=en

- Phrack #63 "Hacking Windows CE"
http://www.phrack.org/phrack/63/p63-0x06_Hacking_WindowsCE.txt

- And the upcoming IDA Pro 4.9 with Windows CE on-target debugging :
http://www.datarescue.com/idabase/wince/index.htm

Regards,
- Nicolas RUFF
Security researcher @ EADS-CCR