Re: Problems to solve

["Halvar Flake" <halvar () gmx de>]

Hey Chris, BB,

BD creates a full mapping between the instructions internally, and one could
easily dump this mapping into a sql database containing all the 
disassemblies of
the various DLL versions. This would immediately allow synching between
people working on different versions.

Concerning serializing the path: This can be done by starting at a root 
function,
computing basicblock iso's, then taking the n-th subfunction call in the 
given basicblock
and iterate. But at that point one might as well calculate a full BinDiff --  
it is reasonably
cheap even for large executables these days.

Cheers,
Halvar
----- Original Message ----- 
From: "Chris Eagle" <cseagle () redshift com>
To: "dailydave" <dailydave () lists immunitysec com>
Sent: Thursday, August 10, 2006 8:39 PM
Subject: Re: [Dailydave] Problems to solve


> Dave Aitel wrote:
> > One problem Immunity has is that invariably we're all working on
> > different virtual machines - everyone at once trying to write one
> > exploit. Each VM we work on has it's own DLL's and invariably mine are
> > different from everyone else's. To solve this problem, I want to graph
> > the DLL and then actually name every function based on that graph,
> > instead of based on their memory address, which is changing on a
> > per-DLL basis and therefor means nothing.
>
> Doesn't BinDiff solve this same problem internally?  It needs to
> recognize two functions as being the same, independent of address so
> that it can do its magic across updates to the dll.  Sounds like you
> need some Halvar magic.
>
> Chris
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave