Byakugan WinDBG Plugin Released!
Today, HD merged in an amalgamation of windbg tools and plugins with a funny name into the main metasploit tree. We've been working on this collection for awhile now, and currently it represents (I think) a good step towards turning windbg from simply a good debugger into a powerful platform for exploit development.
The work that's currently released includes:
tenketsu - the vista heap emulator/visualizer which allows you to track how input to a program effects the heap in real time.
jutsu - a set of tools for tracking buffers through memory, determining what is controlled at crash time, and discovery of valid relative return addresses based on it
mushishi - a framework (with examples) for the detection and defeat of anti-debugging methods.
Used in conjunction with metasploit, jutsu in particular can significantly speed up exploit development time as it understands and makes use of msfpattern buffers natively. The README file can be found in the tree at external/source/byakugan/README and details functionality, usage, build, and installation. For the slides from the preliminary release at toorcon seattle, go here.
Currently we're looking for more suggestions for functionality. Anything that you do commonly and think may be automatable is up for discussion.
The work that's currently released includes:
tenketsu - the vista heap emulator/visualizer which allows you to track how input to a program effects the heap in real time.
jutsu - a set of tools for tracking buffers through memory, determining what is controlled at crash time, and discovery of valid relative return addresses based on it
mushishi - a framework (with examples) for the detection and defeat of anti-debugging methods.
Used in conjunction with metasploit, jutsu in particular can significantly speed up exploit development time as it understands and makes use of msfpattern buffers natively. The README file can be found in the tree at external/source/byakugan/README and details functionality, usage, build, and installation. For the slides from the preliminary release at toorcon seattle, go here.
Currently we're looking for more suggestions for functionality. Anything that you do commonly and think may be automatable is up for discussion.
Labels: byakugan
posted by Pusscat at 12:42 PM
5 Comments:
Naruto Namez!
All except mushishi
On two different machines (XPsp2 and XPsp3), I get the following error message whenever I try loading the byakugen.dll as documented in the presentation. That is with the provided DLLs. I also tried compiling from scratch but that failed.
Is there a mailing list or forum where I can get support?
0:001> !load C:\windbg\byakugan.dll
The call to LoadLibrary(C:\windbg\byakugan.dll) failed, Win32 error 0n127
"The specified procedure could not be found."
Please check your debugger configuration and/or network access.
I've cleared up the loading issue. You're trying to load vista specific dlls in xpsp2. Now there are two sets of binaries in the bin directory. The building issue is likely that you're building in the SDK rather than the WDK, or that you're using the 2k3 ddk instead of the wdk?
Hey pusscat, thanks, but I'm getting the same message as previously mentioned on win2k... anyway you can compile this for that as well? It's my testing bitch box, and I just want to play with byakugan... I know I don't really need it for 2k targets.
Post a Comment
Links to this post:
Create a Link
<< Home