review - new tool [Archive] - RCE Messageboard's Regroupment

PDA

View Full Version : review - new tool

0xf001

04-01-2006, 03:08 PM

yo,

i'm making a new tool where i try to do some interesting stuff ....

http://www.woodmann.net/0xf001/review

src will be released next week (free as in free beer and free speech

)

any inputs are very welcome!

cheers, 0xf001

ps: should compile on any platform

[ edit ] i had to move the page, as that server doesn't respond anymore

dELTA

04-02-2006, 05:17 AM

Hey, you liar, it didn't compile on my Commodore 64! I feel so dirty and deceived...

Jokes aside, very nice tool 0xf001, you da man.

0xf001

04-02-2006, 12:59 PM

thx dELTA!

it definately has some potential with that very abstract search i think ... and applications like finding ie polymorph code among other evil things hehe
expressions and rules can be as long as you want and it includes wildcards, too.

so ... i apologize - should compile when you have a qt-devel package available for your platform and when this platform is not too stone old

i recently was told olly can do code searches, too. the difference to that is that here you can be abstract and are not bound to name an opcode explicitly - you can just use groups like "any block of arithmetic instructions of any size that modifies eax, or ebx but not ebp" for example....
(* x insn_group==insn_arithmetic && reg_used==eax || reg_used==ebx && reg_used != ebp)
hehe

or evil like
insn_group==control_flow && register_used==eax
and such

cheers,

--
0xf001

dELTA

04-04-2006, 04:01 PM

Very nice indeed!

kryshaam

04-07-2006, 10:24 AM

Screenshots looks good ! It seems to be useful and user friendly , i'm waiting for the release

nice work

homersux

05-02-2006, 09:33 PM

Good Job! Looking for the source release as well and will definitely contribute to this work since I deal with Linux day to day. One big problem with ELF32 format is it's so poorly documented and really hard to decipher unlike windows PE header.

My primary platform is itanium2 the intel 64 bit chip. Hopefully I can do something in that regard as well.

yosh64

06-12-2006, 07:34 AM

hey

Looks darn impressive, I look forward to its release

.

cya

cr.ap

09-30-2006, 04:06 PM

looks like a week can be a pretty long time

Silkut

10-01-2006, 03:36 AM

Found on his page

Quote:

[note] review is a spare time project, and under develompment. recent real life
developments have slowed down its development and thereby pushed back the
planned release also (unfortunately).

I think it will be available in the same time that Damn Vulnerable Linux.

homersux

10-06-2006, 10:48 AM

Any chance of a pre-alpha release?