TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... The DVLabs research team discovered 10 unique Adobe Shockwave vulnerabilities during October and November of 2010.

MindshaRE: Hooking ReadFile and MapViewOfFile for Vulnerability Analysis

The Problem As Aaron mentioned in another MindshaRE here at ZDI we often get submissions containing only a fuzzed file without any analysis. When analysing those cases it is often useful to know exactly when our vulnerable program reads the bytes that have been changed in the file. This can be done using the hooking technique Aaron described earlier. The Solution Most read function available in Windows will ...


MindshaRE: Debugging via Code Injection with Python

Update: Peter was kind enough to whip up some legit web 2.0-ish graphing with some IDAPython to visualize the read() function referenced in this blog post. Check it out here (its draggable, and stuff). Quite often at the ZDI we receive submissions that go something like this: "When ...