0xf001
January 12th, 2005, 18:09
definately a cool tool!
did anyone get it to run? I tried (just quick, no "analysis"

with kernel 2.6.x, 2.4.x, on mdk, knoppix, suse and "out of the box" it segfaults
but they say currently they expect many problems with it as it is under development.
I can't wait to get a running copy and play around with it. I potentionally
see weaknesses when one patches (wrapps) ptrace(), is using other kernel modules to load the executable, or implements tracer / debugger which do
not use ptrace(); Also luckily one can patch the /proc modules so ....
we will see...
Next came to my mind that code analysis using intermediate representation is missing a good tool, isn't it? (meaning I do not know one

) At least the obfuscation could be cleaned up by that.
Those are all "approaches" of course, or - some initial thoughts

haha
thanks for this link!!
0xf001