MindshaRE: Hooking ReadFile and MapViewOfFile for Vulnerability Analysis
- By Peter Vreugdenhil
- Tue 26 Jul 2011 14:52pm
- 9485 Views
- 3 Comments
- Link
The Problem As Aaron mentioned in another MindshaRE here at ZDI we often get submissions containing only a fuzzed file without any analysis. When analysing those cases it is often useful to know exactly when our vulnerable program reads the bytes that have been changed in the file. This can be done using the hooking technique Aaron described earlier. The Solution Most read function available in Windows will ...
MindshaRE: Debugging via Code Injection with Python
- By Aaron Portnoy
- Tue 19 Jul 2011 18:00pm
- 12771 Views
- 5 Comments
- Link
Update: Peter was kind enough to whip up some legit web 2.0-ish graphing with some IDAPython to visualize the read() function referenced in this blog post. Check it out here (its draggable, and stuff). Quite often at the ZDI we receive submissions that go something like this: "When ...
