P. 1
Trace Surfing Presentation (1)

Trace Surfing Presentation (1)

|Views: 1,206|Likes:
Published by anon_9868845

More info:

Published by: anon_9868845 on Sep 26, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/05/2012

pdf

text

original

# White listed image `calc.exe`
# Loading hooks from file hooks.hks
# Loaded hook alloc:test_custom_alloc:00000774:0:my_alloc_
# Loaded hook free:test_custom_alloc:000007b6:0:my_free_
L:calc.exe:0x003a0000:0x0045ffff
# Thread 0x0 started
# Instrumented malloc at 0x75619cee
# Instrumented free at 0x75619894
# Instrumented realloc at 0x7561b10d
# Instrumented calloc at 0x7561c456
W:0x003a76c6:0x01d125e0:0x01d125e0:0x00000004:0x0000000f
W:0x003a76cc:0x01d125e0:0x01d125e4:0x00000004:0x0000000f

F:0x003b8f9a
I:0x003b8f9a:0x00000031:0x00000000
F:0x003b8fdc
I:0x003b8fdc:0x00000031:0x00000000
# Thread 0x1 did not finish but application exited.

Introduction

●Why do we care about recovering data
structures?

Large binaries are a pain to reverse

–Specially Object Oriented Code

●Virtual Function Tables and friends

Makes reverse engineering happier

Saves time

●Why not?

Computers got fast enough to trace every single
memory access

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->