Dataflow-0.2.0 released. New: in memory fuzzing means
 Artem Blagodarenko (artemblagodarenko) <artem blagodarenko gmailcom> |
Wednesday, August 18 2010 15:50.22 CDT |
Dataflow-0.2.0 is now available
After month of development new features are available:
1. Module�s functions recovering from binary code without any additional information;
2. Binary program test SDK creation;
3. Test loading to target binary program�s address space. Test executing. An analyzed binary continues executing in same mode as before test loading.
Thus, Dataflow-0.2.0 version can be used for in memory fuzzing performing.
You can download utility, watch screenshots and release history from MaiWay project home page. Dataflow is MaiWay project part. The Dataflow tutorial is also available. Enhanced features are described in The Dataflow tutorial. Part 2. Please, feel free send bug reports, suggestions etc. to authors.
In short.
You can generate functions prototypes from binary module that looks like:
int ( __cdecl *functionstest2_sub_1120__)( void )
= ( int ( __cdecl * ) ( void) ) 0x401120;
inline int __cdecl functionstest2_sub_1120( int a )
{
__asm{
mov EBX, a
}
return functionstest2_sub_1120__( );
}After that you can develope some tests ( may be fuzzing actions ):
#include "functionstest.h"
void StartTest( void )
{
functionstest_sub_10C0( 88, 77, 66, 55 );
functionstest_sub_1080( 33, 44, 55, 66 );
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
void StartTest( void )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
StartTest();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}Buid it and execute in analyzed program address space with one click ( 3 clicks in deed :) ).
Test executed, module's internal functions are fuzzed. After that program countinues its normal execution.
Thanks for attention :)
Comments
 halsten |
Posted: Thursday, August 19 2010 22:10.48 CDT |
|
Great work Artem, always waiting for more updates. Udachi! :) -- halsten |
|