0
REDBG Code Posted
posted on November 19th, 2008 by Tiller Beauchamp in Uncategorized
After five months of procrastination we have finally posted the REDBG code from BlackHat/Defcon 2008. REDBG, a programmatic debugger for OS X, is something we put together to compliment the RE:Trace framework. There are certain things we just cannot accomplish with RE:Trace that we need, like writing registers and setting breakpoints. The goal is to use RE:Trace to effectively trace the application until a certain point and then transfer control to redbug and have it carry out some programmatic task, like search memory for specific op codes. More information on REDBG can be found in the Black Hat 2008 slidedeck starting on slide 38.
If you have any feedback please contact David Weston or myself.
SHA1 = 5b8dd7ef493e62229c3b70ebd0f3f7bdff40c32e
MD5 = 1966ba126735fced7af751c8cec34dcf
0
RECON 2008 Presentation Materials
posted on June 18th, 2008 by Tiller Beauchamp in OS X, exploitation
Our slides and videos from RECON 2008 are now up. The presentation, titled RE:Trace - Applied Reverse Engineering on OS X, covers many uses of dtrace, retrace and redbg for vulnerability pinpointing and analysis. We also discuss using dtrace defensively and kernel debugging.
During the presentation I had to cut the stack video short, but you might be interested in seeing the rest of it. I show how to use retrace to dump and search the memory segments of a running process.
- RE:Trace - Applied Reverse Engineering on OS X slides (8.9 MB)
- Stack trace video (7.5 MB)
- Heap trace video (7.5 MB)
- HIDs video (1.3 MB)
After five months of procrastination we have finally posted the REDBG code from BlackHat/Defcon 2008. REDBG, a programmatic debugger for OS X, is something we put together to compliment the RE:Trace framework. There are certain things we just cannot accomplish with RE:Trace that we need, like writing registers and setting breakpoints. The goal is to use RE:Trace to effectively trace the application until a certain point and then transfer control to redbug and have it carry out some programmatic task, like search memory for specific op codes. More information on REDBG can be found in the Black Hat 2008 slidedeck starting on slide 38.
If you have any feedback please contact David Weston or myself.
SHA1 = 5b8dd7ef493e62229c3b70ebd0f3f7bdff40c32e
MD5 = 1966ba126735fced7af751c8cec34dcf
0
RECON 2008 Presentation Materials
posted on June 18th, 2008 by Tiller Beauchamp in OS X, exploitation
Our slides and videos from RECON 2008 are now up. The presentation, titled RE:Trace - Applied Reverse Engineering on OS X, covers many uses of dtrace, retrace and redbg for vulnerability pinpointing and analysis. We also discuss using dtrace defensively and kernel debugging.
During the presentation I had to cut the stack video short, but you might be interested in seeing the rest of it. I show how to use retrace to dump and search the memory segments of a running process.
- RE:Trace - Applied Reverse Engineering on OS X slides (8.9 MB)
- Stack trace video (7.5 MB)
- Heap trace video (7.5 MB)
- HIDs video (1.3 MB)
Our slides and videos from RECON 2008 are now up. The presentation, titled RE:Trace - Applied Reverse Engineering on OS X, covers many uses of dtrace, retrace and redbg for vulnerability pinpointing and analysis. We also discuss using dtrace defensively and kernel debugging.
During the presentation I had to cut the stack video short, but you might be interested in seeing the rest of it. I show how to use retrace to dump and search the memory segments of a running process.
- RE:Trace - Applied Reverse Engineering on OS X slides (8.9 MB)
- Stack trace video (7.5 MB)
- Heap trace video (7.5 MB)
- HIDs video (1.3 MB)
