SlideShare une entreprise Scribd logo

Debugging With Id

Télécharger en tant que ODP, PDF
G
guest215c4e
BusinessTechnologie
1  sur  79
Using Immunity Debugger to Write Exploits ,[object Object],Dave Aitel, Nicolas Waisman [email_address] [email_address]
Who am I? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Software vendors now understand the value of security ,[object Object],[object Object],[object Object]
Immunity Debugger is a strategic answer to defensive advances ,[object Object],[object Object],[object Object],[object Object]
But attackers have their own resources ,[object Object],[object Object],[object Object],[object Object]
Attackers will defeat the current generation of defensive technologies through profound and rapid tool innovation ,[object Object],[object Object],[object Object],[object Object]
Better interfaces save valuable time WinDBG-like commandline Pure-Python Graphing Usable GUI
Python integration offers useful analysis ,[object Object],[object Object],[object Object],[object Object]
Existing toolsets are also in Python ,[object Object],[object Object],[object Object],[object Object],[object Object]
Hackers already work in teams... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Two examples of how Immunity Debugger changes assessment and exploitation ,[object Object],[object Object]
SQL Injection/File Include ,[object Object],[object Object],[object Object],[object Object],[object Object]
Heap overflows are dead, long live heap overflows ,[object Object],[object Object]
And so... heap protection has been introduced ,[object Object],[object Object],[object Object],[object Object]
XP SP2 makes our work hard ,[object Object],[object Object],blink = chunk ->blink flink = chunk ->flink if blink ->flink == flink ->blink and blink ->flink == chunk
and harder... ,[object Object],[object Object],Chunk been unlinked
XP SP2 ( and Vista) introduced more heap protections ,[object Object],[object Object],subsegment = chunk ->subsegmentcode subsegment ^= RtlpLFHKey subsegment ^= Heap subsegment ^= chunk >> 3
Vista heap algorithm changes make unlink() unlikely ,[object Object],[object Object],*(chunk) ^= HEAP->EncodingKey checksum = (char) *( chunk + 1) checksum ^= (char) *( chunk ) checksum ^= (char) *( chunk + 2) if checksum == chunk ->Checksum
Checksum makes it hard to predict and control the header ,[object Object],[object Object],0 1 2 3 Xor against HEAP->EncodingKey
Other protections in Vista are not heap specific ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A lot of excellent work has been done to bypass heap protections ,[object Object],[object Object],[object Object]
We no longer use heap algorithms to get write4 primitives ,[object Object],[object Object],[object Object],[object Object]
We have been working on this methodology for years ,[object Object],[object Object],[object Object],[object Object]
Previous exploits already carefully crafted the heap ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
The heap, piece by piece ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
A quick look at the lookaside ,[object Object],0 1 2 3 4 5 8 bytes 8 bytes 24 bytes Note: 24 bytes is the total size. The actual data size is: 24 - 8 = 16 byes
A quick look at the FreeList data structure ,[object Object],0 1 2 3 24 bytes 24 bytes 4 n n*8 bytes 1600 bytes 2000 bytes 5 Where n < 128
Chunk coalescing: contiguous free chunks are joined to minimize fragmentation ptr Back_chunk PSize= *( ptr +2) Back_chunk = ptr - (PSize*8) if Back_chunk is not BUSY: unlink( Back_chunk )
Chunks are split into two chunks when necessary ,[object Object],[object Object]
The life-cycle of a heap overflow ,[object Object],[object Object],[object Object],[object Object],[object Object],} Might be the same
An alternate heap overflow lifecycle that requires emphasis on surviving with a broken heap ,[object Object],[object Object],[object Object],[object Object],[object Object]
Heaps do not all start in the same layout ,[object Object],[object Object],[object Object]
Heap Holes ,[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”); Chunk is part of the FreeList[97]
Heap Holes ,[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”);
Heap Holes ,[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”);
Heap Holes ,[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”);
Heap Holes ,[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”);
Two types of memory leaks are used in heap exploitation ,[object Object],[object Object],[object Object],[object Object]
Several bad coding practises lead to hard memleaks ,[object Object],[object Object],[object Object],[object Object]
Soft memory leaks are almost as useful to exploit writers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
We correct our heap layout with memory leaks ,[object Object],[object Object],[object Object],[object Object],} Both have the same objective: to allow us to have consecutive chunks
Heap Rule #1: Force and control the layout ,[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”);
[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”); Heap Rule #1: Force and control the layout Calculating size: 768 + 8 = 776 776/8 = entry 97
[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”); Heap Rule #1: Force and control the layout
[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”); Heap Rule #1: Force and control the layout
[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”); Heap Rule #1: Force and control the layout
[object Object],Vulnerable(function) A = Allocate(0x300); B = Allocate(0x300); [...] Overwrite(A); fn_ptr = B[4]; fn_ptr(“hello world”); Heap Rule #1: Force and control the layout
Good exploits are the result of Intelligent Debugging ,[object Object],[object Object]
Immunity Debugger is the first debugger specifically for vulnerability development ,[object Object],[object Object],[object Object]
Immunity Debugger's specialized heap analysis tools ,[object Object],[object Object],[object Object],[object Object]
Immunity Debugger ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
Searching the heap using Immlib ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Comparing a heap before and after you break it ,[object Object],[object Object],[object Object],[object Object],[object Object]
Heap Fingerprinting ,[object Object],[object Object]
Heap Fingerprinting ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Automated data type discovery using Immlib ,[object Object],[object Object],[object Object]
Immunity Debugger offers simple runtime analysis of heap data to find data types ,[object Object],[object Object],[object Object],[object Object]
Data Discovery ,[object Object],[object Object]
 
Data Discovery can be scripted easily ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Heap Fuzzing helps you discover a way to obtain the correct layout ,[object Object],[object Object]
Heap Fuzzing ,[object Object],[object Object],[object Object],[object Object]
Heap Fuzzing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
Inject Hook ,[object Object],[object Object],[object Object],[object Object]
Inject Hooks into the target process speeds things up ,[object Object],[object Object]
Inject Hook process VirtualAllocEx mapped mem
Inject Hook process InjectHooks mapped mem
Inject Hook process Redirect Function mapped mem RtlAllocateHeap RtlFreeHeap
Inject Hook process Run the program mapped mem RtlAllocateHeap RtlFreeHeap
Inject Hook process Inspect the result mapped mem
Inject Hook ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The future ,[object Object],[object Object],[object Object]
Automating exploitation ,[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]

Recommandé

6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharman|u - The Open Security Community
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryptionMizi Mohamad
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer OverflowsSumit Kumar
 
Class3
Class3Class3
Class3ankitasinghbsc
 
Java Concurrency
Java ConcurrencyJava Concurrency
Java ConcurrencyCarol McDonald
 
EKON 23 Code_review_checklist
EKON 23 Code_review_checklistEKON 23 Code_review_checklist
EKON 23 Code_review_checklistMax Kleiner
 

Recommandé

6 buffer overflows
6 buffer overflows6 buffer overflows
6 buffer overflowsdrewz lin
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
Buffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh SharmaBuffer Overflow Demo by Saurabh Sharma
Buffer Overflow Demo by Saurabh Sharman|u - The Open Security Community
 
Slide cipher based encryption
Slide cipher based encryptionSlide cipher based encryption
Slide cipher based encryptionMizi Mohamad
 
Buffer Overflows
Buffer OverflowsBuffer Overflows
Buffer OverflowsSumit Kumar
 
Class3
Class3Class3
Class3ankitasinghbsc
 
Java Concurrency
Java ConcurrencyJava Concurrency
Java ConcurrencyCarol McDonald
 
EKON 23 Code_review_checklist
EKON 23 Code_review_checklistEKON 23 Code_review_checklist
EKON 23 Code_review_checklistMax Kleiner
 
Attackboard slides dac12-0605
Attackboard slides dac12-0605Attackboard slides dac12-0605
Attackboard slides dac12-0605Yoshi Shih-Chieh Huang
 
Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionTharindu Weerasinghe
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern CryptographyJames McGivern
 
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningJava 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningCarol McDonald
 
Ch07
Ch07Ch07
Ch07Joe Christensen
 
22 multi threading iv
22 multi threading iv22 multi threading iv
22 multi threading ivRavindra Rathore
 
Outsourced database
Outsourced databaseOutsourced database
Outsourced databasefaraz Safarpour
 
Ani hilate this week
Ani hilate this weekAni hilate this week
Ani hilate this weekUltraUploader
 
Python multithreading
Python multithreadingPython multithreading
Python multithreadingJanu Jahnavi
 
Python multithreading
Python multithreadingPython multithreading
Python multithreadingJanu Jahnavi
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5guestff64339
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
 
An effective RC4 Stream Cipher
An effective RC4 Stream CipherAn effective RC4 Stream Cipher
An effective RC4 Stream CipherTharindu Weerasinghe
 
Information and network security 18 modern techniques block ciphers
Information and network security 18 modern techniques block ciphersInformation and network security 18 modern techniques block ciphers
Information and network security 18 modern techniques block ciphersVaibhav Khanna
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
I mage encryption using rc5
I mage encryption using rc5I mage encryption using rc5
I mage encryption using rc5Suramrit Singh
 
Software Security
Software SecuritySoftware Security
Software SecurityRoman Oliynykov
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksSandun Perera
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 

Contenu connexe

Tendances

Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionTharindu Weerasinghe
 
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningJava 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningCarol McDonald
 
Ani hilate this week
Ani hilate this weekAni hilate this week
Ani hilate this weekUltraUploader
 
Python multithreading
Python multithreadingPython multithreading
Python multithreadingJanu Jahnavi
 
Python multithreading
Python multithreadingPython multithreading
Python multithreadingJanu Jahnavi
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Mateus S. H. Cruz
 
Information and network security 18 modern techniques block ciphers
Information and network security 18 modern techniques block ciphersInformation and network security 18 modern techniques block ciphers
Information and network security 18 modern techniques block ciphersVaibhav Khanna
 
I mage encryption using rc5
I mage encryption using rc5I mage encryption using rc5
I mage encryption using rc5Suramrit Singh
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackTechSecIT
 

Tendances (20)

Attackboard slides dac12-0605
Attackboard slides dac12-0605Attackboard slides dac12-0605
Attackboard slides dac12-0605
 
Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryption
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern Cryptography
 
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, TuningJava 5 6 Generics, Concurrency, Garbage Collection, Tuning
Java 5 6 Generics, Concurrency, Garbage Collection, Tuning
 
Ch07
Ch07Ch07
Ch07
 
22 multi threading iv
22 multi threading iv22 multi threading iv
22 multi threading iv
 
Outsourced database
Outsourced databaseOutsourced database
Outsourced database
 
Ani hilate this week
Ani hilate this weekAni hilate this week
Ani hilate this week
 
Python multithreading
Python multithreadingPython multithreading
Python multithreading
 
Python multithreading
Python multithreadingPython multithreading
Python multithreading
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
Fast, Private and Verifiable: Server-aided Approximate Similarity Computation...
 
An effective RC4 Stream Cipher
An effective RC4 Stream CipherAn effective RC4 Stream Cipher
An effective RC4 Stream Cipher
 
Information and network security 18 modern techniques block ciphers
Information and network security 18 modern techniques block ciphersInformation and network security 18 modern techniques block ciphers
Information and network security 18 modern techniques block ciphers
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
I mage encryption using rc5
I mage encryption using rc5I mage encryption using rc5
I mage encryption using rc5
 
Software Security
Software SecuritySoftware Security
Software Security
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security Professionals
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 

Similaire à Debugging With Id

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksSandun Perera
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksKapil Nagrale
 
Exploring .NET memory management - JetBrains webinar
Exploring .NET memory management - JetBrains webinarExploring .NET memory management - JetBrains webinar
Exploring .NET memory management - JetBrains webinarMaarten Balliauw
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineSource Conference
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksSandun Perera
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3Diane Allen
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...Arnaud Joly
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and ExploitationMattia Salvi
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersMichael Smith
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
DotNetFest - Let’s refresh our memory! Memory management in .NET
DotNetFest - Let’s refresh our memory! Memory management in .NETDotNetFest - Let’s refresh our memory! Memory management in .NET
DotNetFest - Let’s refresh our memory! Memory management in .NETMaarten Balliauw
 
Automatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsAutomatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsElasticsearch
 

Similaire à Debugging With Id (20)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Lab 1 Essay
Lab 1 EssayLab 1 Essay
Lab 1 Essay
 
Exploring .NET memory management - JetBrains webinar
Exploring .NET memory management - JetBrains webinarExploring .NET memory management - JetBrains webinar
Exploring .NET memory management - JetBrains webinar
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual Machine
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
 
Return oriented programming (ROP)
Return oriented programming (ROP)Return oriented programming (ROP)
Return oriented programming (ROP)
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworks
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitation
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
DotNetFest - Let’s refresh our memory! Memory management in .NET
DotNetFest - Let’s refresh our memory! Memory management in .NETDotNetFest - Let’s refresh our memory! Memory management in .NET
DotNetFest - Let’s refresh our memory! Memory management in .NET
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
Automatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsAutomatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifs
 

Dernier

MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxtrishalcan8
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 

Dernier (20)

MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 

Debugging With Id

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Better interfaces save valuable time WinDBG-like commandline Pure-Python Graphing Usable GUI
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. Chunk coalescing: contiguous free chunks are joined to minimize fragmentation ptr Back_chunk PSize= *( ptr +2) Back_chunk = ptr - (PSize*8) if Back_chunk is not BUSY: unlink( Back_chunk )
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.  
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.  
  • 59.
  • 60.
  • 61.
  • 62.  
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.  
  • 68.
  • 69.
  • 70. Inject Hook process VirtualAllocEx mapped mem
  • 71. Inject Hook process InjectHooks mapped mem
  • 72. Inject Hook process Redirect Function mapped mem RtlAllocateHeap RtlFreeHeap
  • 73. Inject Hook process Run the program mapped mem RtlAllocateHeap RtlFreeHeap
  • 74. Inject Hook process Inspect the result mapped mem
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.