Results 1 to 4 of 4

Thread: Observation Techniques

  1. #1
    ned
    Guest

    Observation Techniques

    Hello all! My name is Harris.

    I wanna ask what is the difference between hooking and DBI(dynamic binary instrumentation)?

    I am asking this because i wanna know also what is the best observation technique.
    eg You have a client communicating with a server sending data with a send() function.. I want that intercepted! printing me the data that is about to send on the connected socket or saving them in a file or i want to sit for 10 hours playing with my client ,take a break and look for all the printed data.

    This is a quick example but i want you try and think another ,something that has to do with observing how a program works and how to achieve that and is related to hooking or DBI or these are the same thing?

    Thx in advance i hope my question is clear.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,512
    Blog Entries
    15
    well in a crude level you can call one the other
    refining a bit you can describe dbi as a sanctioned locksmith breaking a safe
    while hooking can be termed as an art performed by a unsanctioned connoisseur of lock smithy on the same safe
    with dbi you can probably advertise yourself but with hooking you need the word of the mouth publicity

    with dbi you can pick locks in broad daylight while onlookers are staring at you
    to hook you need the dark of night with no one near you

    ah enough bs

    iirc skywing wrote a paper in uninformed about dynamorio and
    dynamorio itself has published a few pdfs and provide a precompiled package that you can play as far as DBI is concerned
    GIYF for hooking

  3. #3
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    WOW, I didn't know anything of DynamoRIO, thanks for the tip, Blabberer. It is a superset of hooking, it is a complete virtual machine... I should have known it is listed in RCE Tool Library, sorry for my laziness...
    Unfortunately, it is a pain for debugging, due to the way it injects its DLL's

    Best regards, bilbo

    P.S. maybe the article you are referring to is "http://www.uninformed.org/?v=7&a=18&t=txt", by skape?
    Last edited by bilbo; September 16th, 2012 at 02:00.
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  4. #4
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,512
    Blog Entries
    15
    yes bilbo you are right it seems i didn't recall correctly it was a paper by skape not skywing

Similar Threads

  1. ARTeam: Introduction To Malware Techniques and Logics Part 1
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 9
    Last Post: July 16th, 2013, 11:07
  2. nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: May 29th, 2011, 12:33
  3. LINK: A Quick Survey on Automatic Unpacking Techniques
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: December 25th, 2008, 21:49
  4. A Catalog of Local Windows Kernel-mode Backdoor Techniques
    By Uninformed Journal in forum Blogs Forum
    Replies: 0
    Last Post: October 22nd, 2007, 12:22
  5. Linux Anti Anti Debugging Techniques
    By JMI in forum Linux RCE
    Replies: 2
    Last Post: July 17th, 2005, 12:10

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •