| |
| |
Foreword | |
| |
| |
| |
Acknowledgments | |
| |
| |
Introduction | |
| |
| |
| |
Setting up Your Development Environment | |
| |
| |
| |
Operating System Requirements | |
| |
| |
| |
Obtaining and Installing Python 2.5 | |
| |
| |
| |
Installing Python on Windows | |
| |
| |
| |
Installing Python for Linux | |
| |
| |
| |
Setting Up Eclipse and PyDev | |
| |
| |
| |
The Hacker's Best Friend: ctypes | |
| |
| |
| |
Using Dynamic Libraries | |
| |
| |
| |
Constructing C Datatypes | |
| |
| |
| |
Passing Parameters by Reference | |
| |
| |
| |
Defining Structures and Unions | |
| |
| |
| |
Debuggers and Debugger Design | |
| |
| |
| |
General-Purpose CPU Registers | |
| |
| |
| |
The Stack | |
| |
| |
| |
Debug Events | |
| |
| |
| |
Breakpoints | |
| |
| |
| |
Soft Breakpoints | |
| |
| |
| |
Hardware Breakpoints | |
| |
| |
| |
Memory Breakpoints | |
| |
| |
| |
Building A Windows Debugger | |
| |
| |
| |
Debuggee, Where Art Thou? | |
| |
| |
| |
Obtaining CPU Register State | |
| |
| |
| |
Thread Enumeration | |
| |
| |
| |
Putting It All Together | |
| |
| |
| |
Implementing Debug Event Handlers | |
| |
| |
| |
The Almighty Breakpoint | |
| |
| |
| |
Soft Breakpoints | |
| |
| |
| |
Hardware Breakpoints | |
| |
| |
| |
Memory Breakpoints | |
| |
| |
| |
Conclusion | |
| |
| |
| |
Pydbg-A Pure Python Windows Debugger | |
| |
| |
| |
Extending Breakpoint Handlers | |
| |
| |
| |
Access Violation Handlers | |
| |
| |
| |
Process Snapshots | |
| |
| |
| |
Obtaining Process Snapshots | |
| |
| |
| |
Putting It All Together | |
| |
| |
| |
Immunity Debugger-The Best Of Both Worlds | |
| |
| |
| |
Installing Immunity Debugger | |
| |
| |
| |
Immunity Debugger 101 | |
| |
| |
| |
PyCommands | |
| |
| |
| |
PyHooks | |
| |
| |
| |
Exploit Development | |
| |
| |
| |
Finding Exploit-Friendly Instructions | |
| |
| |
| |
Bad-Character Filtering | |
| |
| |
| |
Bypassing DEP on Windows | |
| |
| |
| |
Defeating Anti-Debugging Routines in Malware | |
| |
| |
| |
IsDebuggerPresent | |
| |
| |
| |
Defeating Process Iteration | |
| |
| |
| |
Hooking | |
| |
| |
| |
Soft Hooking with PyDbg | |
| |
| |
| |
Hard Hooking with Immunity Debugger | |
| |
| |
| |
DLL and Code Injection | |
| |
| |
| |
Remote Thread Creation | |
| |
| |
| |
DLL Injection | |
| |
| |
| |
Code Injection | |
| |
| |
| |
Getting Evil | |
| |
| |
| |
File Hiding | |
| |
| |
| |
Coding the Backdoor | |
| |
| |
| |
Compiling with py2exe | |
| |
| |
| |
Fuzzing | |
| |
| |
| |
Bug Classes | |
| |
| |
| |
Buffer Overflows | |
| |
| |
| |
Integer Overflows | |
| |
| |
| |
Format String Attacks | |
| |
| |
| |
File Fuzzer | |
| |
| |
| |
Future Considerations | |
| |
| |
| |
Code Coverage | |
| |
| |
| |
Automated Static Analysis | |
| |
| |
| |
Sulley | |
| |
| |
| |
Sulley Installation | |
| |
| |
| |
Sulley Primitives | |
| |
| |
| |
Strings | |
| |
| |
| |
Delimiters | |
| |
| |
| |
Static and Random Primitives | |
| |
| |
| |
Binary Data | |
| |
| |
| |
Integers | |
| |
| |
| |
Blocks and Groups | |
| |
| |
| |
Slaying WarFTPD with Sulley | |
| |
| |
| |
FTP 101 | |
| |
| |
| |
Creating the FTP Protocol Skeleton | |
| |
| |
| |
Sulley Sessions | |
| |
| |
| |
Network and Process Monitoring | |
| |
| |
| |
Fuzzing and the Sulley Web Interface | |
| |
| |
| |
Fuzzing Windows Drivers | |
| |
| |
| |
Driver Communication | |
| |
| |
| |
Driver Fuzzing with Immunity Debugger | |
| |
| |
| |
Driverlib-The Static Analysis Tool for Drivers | |
| |
| |
| |
Discovering Device Names | |
| |
| |
| |
Finding the IOCTL Dispatch Routine | |
| |
| |
| |
Determining Supported IOCTL Codes | |
| |
| |
| |
Building a Driver Fuzzer | |
| |
| |
| |
Idapython-Scripting Ida Pro | |
| |
| |
| |
IDAPython Installation | |
| |
| |
| |
IDAPython Functions | |
| |
| |
| |
Utility Functions | |
| |
| |
| |
Segments | |
| |
| |
| |
Functions | |
| |
| |
| |
Cross-References | |
| |
| |
| |
Debugger Hooks | |
| |
| |
| |
Example Scripts | |
| |
| |
| |
Finding Dangerous Function Cross-References | |
| |
| |
| |
Function Code Coverage | |
| |
| |
| |
Calculating Stack Size | |
| |
| |
| |
Pyemu-The Scriptable Emulator | |
| |
| |
| |
Installing PyEmu | |
| |
| |
| |
PyEmu Overview | |
| |
| |
| |
PyCPU | |
| |
| |
| |
PyMemory | |
| |
| |
| |
PyEmu | |
| |
| |
| |
Execution | |
| |
| |
| |
Memory and Register Modifiers | |
| |
| |
| |
Handlers | |
| |
| |
| |
IDAPyEmu | |
| |
| |
| |
Function Emulation | |
| |
| |
| |
PEPyEmu | |
| |
| |
| |
Executable Packers | |
| |
| |
| |
UPX Packer | |
| |
| |
| |
Unpacking UPX with PEPyEmu | |
| |
| |
Index | |