Andrzej Dereszowski
Andrzej Dereszowski
some database interface for collected data + UI plugin in IDA - so that right click on a function call in IDA will show the table with links to different...
Re-implementation of funcap as a pintool. This poses some chalenges but I think it is worth the effort, especially for things like obfuscated code where standard debugger breakpoints mess up...
Amd64 stack-based arguments are not always well captured. To reproduce: try 64-bit version of java.exe v1.6.0. - we get too large stack frame
Better call and ret association: build a call tree for each thread instead of current stack pointer-based hashing (this turns out not reliable)
Single step and continue requests are lost sometimes (tried on 32-bit java.exe v1.6.0 - confirmed and logged with hexrays) and sometimes, on the other hand, we get a lot of...
Instead of simple arg frame size calculation (get_num_args_stack()) and argument primitive type guessing (only string and int) - we could read function prototypes guessed by IDA, or even HexRays decompiler...
I am trying to extract http objects via 'http -p 8023|http_extractor' on a packet capture from a proxy server. I pass the right port (8023) yet I can't get any...