• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
[2013 CodeEngn Conference 09] BlueH4G - hooking and visualization
 

[2013 CodeEngn Conference 09] BlueH4G - hooking and visualization

on

  • 332 views

2013 CodeEngn Conference 09 ...

2013 CodeEngn Conference 09

리버서들이나 어플리케이션 분석가 들에게 hooking이란 뗄레야 뗄수가 없는 존재이다. 이러한 후킹을 위해 detours 등 매우 많은 라이브러리도 나와 있지만, 많은 수의 어플리케이션을 분석하거나, 심플하게 내부 플로우만 살펴보기에는 생각보다 손이 많이가는게 사실이다. 이를 좀 더 손쉽고 심플하도록 구현해 보고, visualization 을 도입하여 좀더 직관적으로 분석할 수 있도록 해 볼 것이다.

http://codeengn.com/conference/09
http://codeengn.com/conference/archive

Statistics

Views

Total Views
332
Views on SlideShare
332
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    [2013 CodeEngn Conference 09] BlueH4G - hooking and visualization [2013 CodeEngn Conference 09] BlueH4G - hooking and visualization Presentation Transcript

    • hooking & visualization Jaeyong Kim (BlueH4G at gmail dot com) 2013 CodeEngn Conference 09 www.CodeEngn.com 2013 CodeEngn Conference 09
    • AGENDA 1. Introduce 2. about this presentation 3. why did i do it? 4. what is hooking? 5. what to do with hooking? 6. Demo 7. QnA
    • who is me? 김재용 26세 (xx 염색체) 이글루시큐리티 & B10S & Hackerschool WG http://wargame.kr blueh4g at gmail dotcom
    • about this presentation
    • why did i do it?
    • why did i do it? Carnegie Mellon 의 FOE pydbg 를 이용한 커스텀 퍼저 기타 등등….
    • why did i do it?
    • why did i do it? EIP 4141414 1 ????? did you dream about dragon?
    • why did i do it? vtable! OLE Structure!
    • why did i do it?
    • what is hooking? I want to know flow application flow! Basic block? or… other?
    • what is hooking? WinAPI - Windows Application Programming Interface 윈도우에서 사용되는 모든 어플리케이션은 winapi를 사용한다. 모든 WinAPI에 후킹을 걸어두고 flow 를 tracing 한다면?
    • what to do with hooking? What is hooking?
    • what to do with hooking? APPLICATION APPLICATION Custom Func WinAPI WinAPI
    • so, what? 1. Application Flow Analysis 2. WinAPI Parameter, return value monitoring 3. Crash & Original sample diffing (in App) 4. Call Stack log of WinAPI 5. memcpy, heapalloc etc.. API tagging 6. invalid param & invalid ret tagging 7. basic rule is readability
    • hooking tools
    • hooking tools WinAPIOverride32/64 - Opensource (Thx!) - jacquelin.potier.free.fr/winapioverride32/ API Monitor v2 32/64 - not opensource (but free) - www.rohitab.com
    • Demo Demo
    • another episode.. 1. RtlWriteDecodedUcsDataIntoSmartLBlobUcsWritingContext 2. full GUI interface?
    • QnA Question & Answer …? 질문은 없는걸로...
    • thx 이후에도 궁금한점이 있으시면 메일 보내주세요 :D blueh4g [at] gmail {dot} com www.CodeEngn.com 2013 CodeEngn Conference 09