Dailydave mailing list archives
Re: Tool announce: user mode single stepping
From: "Thomas Ptacek" <thomasptacek () gmail com>
Date: Wed, 29 Nov 2006 16:20:02 -0600
Which gdbstub does what umss does? SH-2? It finds jump targets, but it does TRAPA on every step. That's what UMSS is trying to avoid, and I don't think you could exploit that code (or even the logic) to reproduce UMSS on X86. On 11/29/06, Dave Korn <dave.korn () artimi com> wrote:
On 29 November 2006 18:26, Rafal_Wojtczuk () McAfee com wrote:Hello, There is a small project named "umss", created in McAfee labs, which readers of this list may find interesting. It implements fast single stepping of Win32 binaries. It is ca 100x faster than WaitForDebugEvent() and 10x faster than in-process EXCEPTION_SINGLE_STEP trapping. Umss works by (kind of) disassembling the binary on-the-fly and placing logging hooks after each executed instruction (so, it does not use the TF flag). More information and the project source can be found at http://www.avertlabs.com/research/blog/?p=140You're kind-of reinventing the gdb stub technique (as implemented on platforms without a hardware single-step mode) here. Not that that invalidates anything you say, but it's a relevant comparison and you may find it informative to browse some of the sample gdbstubs; your blog post says umss is still a work-in-progress, so there might be useful insights[*] to be had there. cheers, DaveK [*] - Pun entirely accidental, but then again I didn't go to any great lengths to excise it once I'd spotted it either... -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Tool announce: user mode single stepping Rafal_Wojtczuk (Nov 29)
- Re: Tool announce: user mode single stepping Jared DeMott (Nov 29)
- Re: Tool announce: user mode single stepping Dave Korn (Nov 29)
- Re: Tool announce: user mode single stepping Thomas Ptacek (Nov 29)
- Re: Tool announce: user mode single stepping Matt Conover (Nov 29)
- Re: Tool announce: user mode single stepping Thomas Ptacek (Nov 29)
- <Possible follow-ups>
- Re: Tool announce: user mode single stepping Rafal_Wojtczuk (Nov 30)
- Re: Tool announce: user mode single stepping Matt Conover (Nov 30)