Re: Problems to solve

[Blue Boar <BlueBoar () thievco com>]

Dave Aitel wrote:
> One problem Immunity has is that invariably we're all working on
> different virtual machines - everyone at once trying to write one
> exploit. Each VM we work on has it's own DLL's and invariably mine are
> different from everyone else's. To solve this problem, I want to graph
> the DLL and then actually name every function based on that graph,
> instead of based on their memory address, which is changing on a
> per-DLL basis and therefor means nothing.

Just to be clear, you're talking about different dll versions, right? 
As in, not the same byte-for-byte DLL that happens to have loaded at a 
different address on a different machine?  Otherwise, you could just use 
fixed offsets.  I'm assuming that you're talking about the "same" dll on 
Win2K and XP.

As far as I know, Halvar has done the best work on mapping 
similar-but-not-identical binaries.  Halvar, you have a way to serialize 
the path to a particular function?

                                        BB
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave