wiseone13
wiseone13
We also need to be able to redefine sections of data as: db - 1 byte dd - 2 bytes dw - 4 bytes dq - 8 bytes s -...
In addition, you should be able to search for sequences of bytes to use for ROP. Maybe add an integrated ROP gadget finder? On Fri, Jun 20, 2014 at 7:47...
http://winappdbg.sourceforge.net/ can be used for Windows debugging.
To follow up on this, an issue we have is when you have code flow outside of a push ebp ... ret statement. For example, code is considered parentless if...
This seems helpful: http://my.safaribooksonline.com/book/software-engineering-and-development/software-testing/9781593273750/12dot-library-recognition-using-flirt-signatures/creating_flirt_signature_files