Knowledge is not an object, it’s a flow
Save the environment - don’t print this document !
If you want to show your respect for my work - donate : http://www.corelan.be:8800/index.php/donate/
http://www.corelan.be:8800 - Page 1 / 12
Peter Van Eeckhoutte's Blog
:: [Knowledge is not an object, it´s a flow] ::
Exploit writing tutorial part 5 : How debugger modules & plugins can speed
up basic exploit development
Peter Van Eeckhoutte · Saturday, September 5th, 2009
In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits.
Today, I will discuss some other debuggers and debugger plugins that will help you speed up this process.
A typical exploit writing toolkit arsenal should at least contain the following tools :
windbg (for a list of Windbg commands, click here)
●
ollydbg
●
immunity debugger (requires python)
●
metasploit
●
pyDbg (if you are using python and want to build your own custom debugger, as explained in the awesome Gray Hay Python book
●
scripting tools such as perl / python, etc
●
In the previous chapters, we have already played with windbg, and I have briefly discussed a windbg extension / plugin from Microsoft, which will evaluate crashes and
will tell you if they think the crash is exploitable or not. This plugin (MSEC) can be downloaded from http://www.codeplex.com/msecdbg. While MSEC can be handy to
give you a first impression, don’t rely on it too much. It’s always better to manually look at registers, stack values, and try to see if a vulnerability can lead to code
execution or not.
Byakugan : introduction, pattern_offset and searchOpcode
Everybody knows that ollydbg has numerous plugins (I’ll talk about these plugins later). Windbg also has a framework/API for building plugins/extension. MSEC was just
one example… Metasploit has built & released their own windbg plugin about a year ago, called byakugan.
Pre-compiled binaries for WIndows XP SP2, SP3, Vista and Windows 7 ca