2011
10.14

Here a little paper written during this summer, I finally decided to release it on my blog. This paper gives you a little introduction on the metasm framework and how it can be used in an exploitation way. I let you read a part of the introduction :

The metasm framework is a very powerful weapon that allows you to disassemble, assemble, compile C on-the-y or to debug a binary (yeah you can do a lot of things). It is written in pure ruby by Yoann Guillot (special greets for his job if he reads me o/) since 2007 and the project is very active: check the latest commits!

The main purpose of this paper is to introduce you with my friend metasm and to show how metasm can be very useful in a « real » exploitation case. I don’t know if you remember my latest article on the CVE-2010-3970 but I will use this vulnerability as an example. We will use metasm to create an exploit able to bypass SafeSEH/DEP thanks to the msacm32.drv module, and not l3codeca.acm.

Follow this link: How I Met Your Metasm

Aucun commentaire.

Ajoutez votre commentaire

Get Adobe Flash player