debugging Archives - Corelan | Exploit Development & Vulnerability Research

Debugging - WinDBG(X) Automation & Scripting - Part 1

Stop just using WinDBG—start bending it to your will. Discover powerful automation, event-driven breakpoints, MASM & C++ expression evaluator, scripting, and PyKD techniques to level up your exploit development and crash analysis. Read more

Debugging - WinDBG & WinDBGX Fundamentals

Table of Contents

Introduction
Why WinDBG?
- Symbols?
Installing WinDBG Classic and WinDBGX
Connecting to a process
- Open executable vs Read more

Heap Layout Visualization with mona.py and WinDBG

Introduction

Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime. We improved stability and performance, updated to pykd.pyd 0.2.0.14 Read more

Jingle BOFs, Jingle ROPs, Sploiting all the things... with Mona v2 !!

Ho Ho Ho friends,

It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing ... stuff and things, here and there. Nevertheless, as the year is close Read more

Debugging Fun - Putting a process to sleep()

Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located. Read more

HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)

Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011. This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge... Read more

Codegate 2011 CTF - Binary200 - Anti Debugging Techniques Explained

Aloha, Again I stumbled upon a nice reverse-me, binary200 from the Codegate 2011 CTF. And again there are some really interesting anti-debugging tricks implemented, so I decided to produce another video. Read more

The Honeypot Incident - How strong is your UF (Reversing FU)

Interested in capturing, documenting and analyzing scans and malicious activity, Corelan Team decided to set up a honeypot and put it online. In the first week of december 2010, Obzy built a machine (default Windows XP SP3 installation, no patches, firewall turned off), named it "EGYPTS-AIRWAYS", set up a honeypot + some other monitoring tools, and connected it to the internet. Read more

Starting to write Immunity Debugger PyCommands : my cheatsheet

When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to Read more

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development

In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins Read more

debugging (10)

Introduction