For
those who may be unfamiliar with the tool, !Exploitable (pronounced
“bang exploitable”) is a Windows debugging extension (Windbg) that
provides automated crash analysis and security risk assessment. Its
primary use is in evaluating crashes found by fuzzing.
The first new
feature involves changes to the stack hashing portion of !Exploitable.
!Exploitable provides two hashes of the stack at the point of the crash.
One important part of creating the hashes is determining if a specific
frame of the stack should, or should not be included in the hash
calculation. By default !Exploitable uses a set of patterns to filter
out stack frames which are used in processing exceptions, providing clr
functionality, or are OS resource functions. !Exploitable 1.6 allows
this list to be extended via a configuration file.
This allows teams to filter out parts of the stack they specifically do
not care about, resulting in hashes that are more relevant to them.
The
second new feature is support for processing crash dump files from
Windows RT. This means !Exploitable has a working knowledge of ARM
assembly and can translate the ARM instructions into its meta assembly,
allow for the current rules to be applied. http://blogs.msdn.com
No hay comentarios:
Publicar un comentario