📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  Brainstorms - General  >>  IDC and Bug Hunting

Topic created on: September 7, 2007 19:02 CDT by stwu .

There�s an alternative to find bugs in code different of idc scripts like bugscam ?

  jms     September 8, 2007 00:20.44 CDT
Well, not really something out of the box no. Or else we all wouldn't be spending vast amounts of time RE'ing and fuzzing, etc.

But you can of course write some IDAPython scripts to look for bugs statically, then share them with us :)

  stwu     September 9, 2007 19:21.04 CDT
I'm writting some idc scripts and I tried idapython but I dont have enough time to learn another language. Anyway I'm wonder if it's a good idea write idc scripts to scan for arithmetic bugs because most of them are very particular to their related functions.

  jms     September 9, 2007 22:08.05 CDT
Well there are all kinds of bugs you can use an automated scan to do. I personally find one part static one part dynamic helps, this is where Python is useful, as you can use PyDBG or ImmunityDebugger to do ALL of your magic.

  stwu     September 18, 2007 22:19.50 CDT
I'm coding an idc script to scan for memmove and memcpy bugs, The thing is that I would like to know if there's a way to calculate var. length as the one used in this instruction.
mov     ecx, [esp+6Ch+arg_4]

  jms     September 18, 2007 22:57.58 CDT
If you are looking to do this type of thing, then you could take a look at ImmunityDebugger and its stackanalyze library, it will tell you all that useful information :)

So are you scanning for the functions memmove and memcpy or are you including inline memcpys that are rep instructions or inside loops

  stwu     September 19, 2007 07:23.07 CDT
First Im doing a search for memmove and memcpy functions but I will expand it to inline. I want to do some analysis on signed/unsigned bugs too.

  jms     September 19, 2007 09:23.37 CDT
Awesome, I hope you share your findings! Happy hunting.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit