Marsmenschen
November 30th, 2007, 18:16
One of the top priorities on my todo list is definitely having a look at the PaiMei ("http://pedram.redhive.com/PaiMei/") Framework and corresponding extensions.
I’m planning to use PaiMei mainly for protocol analysis and fuzzing, which it should be perfectly suited for. Being bored and having way too much free time this weekend, im especially interested in the “Novel approach to binary analysis on UNIX ("https://www.openrce.org/blog/view/494")” described in codypierce’s Blog ("https://www.openrce.org/blog/browse/codypierce") at OpenRCE ("https://www.openrce.org/").
Codypierce implemented a script ("https://www.openrce.org/repositories/users/codypierce/module2dir.py") which essentially allows to “convert” a PaiMei PIDA file to a UNIX directory structure.
Here an example from the blog to show some useful output:
$ find . -type f -exec egrep -H ’sprintf|sscanf|recv|bind|accept’ {} \;
./0×401050/0×401094/0×4010aa:call ds:_imp__sprintf ./0×401700/0×401700/0×401716:call ds:_imp__sprintf ./0×404850/0×4048e6/0×4048f9:call ds:_imp__accept ./0×406090/0×4061d9/0×4061e6:call ds:_imp__sscanf ./0×406090/0×40624d/0×40625a:call ds:_imp__sscanf ./0×4062e0/0×406340/0×406353:call ds:_imp__sscanf ./0×406c90/0×406d64/0×406d7a:call ds:_imp__sprintf ./0×404060/0×4040a7/0×4040b1:call ds:_imp__recv ./0×40dd20/0×40dd62/0×40dd6b:call ds:_imp__bind
What an interesting hack! http://www.marsmenschen.com/wp-includes/smilies/icon_biggrin.gif
Hopefully my Python-Fu is not too rusty - we’ll see… http://www.marsmenschen.com/blog/wp-content/uploads/2006/10/paimei-1-cutout.thumbnail.jpg
Share This ("http://www.marsmenschen.com/?p=42&akst_action=share-this")
http://www.marsmenschen.com/2006/10/27/paimei-pida-fun/
I’m planning to use PaiMei mainly for protocol analysis and fuzzing, which it should be perfectly suited for. Being bored and having way too much free time this weekend, im especially interested in the “Novel approach to binary analysis on UNIX ("https://www.openrce.org/blog/view/494")” described in codypierce’s Blog ("https://www.openrce.org/blog/browse/codypierce") at OpenRCE ("https://www.openrce.org/").
Codypierce implemented a script ("https://www.openrce.org/repositories/users/codypierce/module2dir.py") which essentially allows to “convert” a PaiMei PIDA file to a UNIX directory structure.
Here an example from the blog to show some useful output:
$ find . -type f -exec egrep -H ’sprintf|sscanf|recv|bind|accept’ {} \;
./0×401050/0×401094/0×4010aa:call ds:_imp__sprintf ./0×401700/0×401700/0×401716:call ds:_imp__sprintf ./0×404850/0×4048e6/0×4048f9:call ds:_imp__accept ./0×406090/0×4061d9/0×4061e6:call ds:_imp__sscanf ./0×406090/0×40624d/0×40625a:call ds:_imp__sscanf ./0×4062e0/0×406340/0×406353:call ds:_imp__sscanf ./0×406c90/0×406d64/0×406d7a:call ds:_imp__sprintf ./0×404060/0×4040a7/0×4040b1:call ds:_imp__recv ./0×40dd20/0×40dd62/0×40dd6b:call ds:_imp__bind
What an interesting hack! http://www.marsmenschen.com/wp-includes/smilies/icon_biggrin.gif
Hopefully my Python-Fu is not too rusty - we’ll see… http://www.marsmenschen.com/blog/wp-content/uploads/2006/10/paimei-1-cutout.thumbnail.jpg
Share This ("http://www.marsmenschen.com/?p=42&akst_action=share-this")
http://www.marsmenschen.com/2006/10/27/paimei-pida-fun/