Tetrane's BLOG
Decoding function arguments
Today I will show you a feature that is pretty useful when analysing an application. We call it the “arguments decoder”, and it displays the content of a function’s arguments when its prototype is known. The latter’s definition can be either extracted from the msdn function and structures, or given...
IE crash analysis
Today we will analyse a crash of Internet Explorer. Reven scenario generation According to Exodus Intelligence, a vulnerability was silently fixed in MS13-055 patch along with other things. They showed on their blog how to exploit it. We generated our REVEN scenario where we give an html file to Internet...
Data painting
http://www.cir.uc.edu/ In this post we’ll present Reven dynamic data tainting capabilities and see some use cases of the tool. Dynamic data tainting The so called data tainting is a well known technique used to analyse the impact of data on a program. The idea is to apply a taint to a...
Exploring text strings
A program’s text strings often carry a lot of information, and are a basic although essential guide while analysing binaries. In this article we’ll see how REVEN handles and presents them. We’ll also see how one can automatically use this data to gain a better understanding a program’s behavior. The...
Following memory history with REVEN-Axion
When working on traces of millions of instructions, one of the biggest challenges can be to detect the small portions of the code that are actually interesting. In this article, we have an application that reads from the network. We will show how to quickly find where the network frames...
Newer Posts