Dataflow 0.3.0

  • Version
  • Download 910
  • File Size 0.00 KB
  • File Count 1
  • Create Date 30.12.2014
  • Last Updated 09.05.2019

Dataflow 0.3.0

Dataflow-0.3.0 is now available

New features are available:
1. Module’s functions recovering from binary code without any additional information;
2. Binary program test SDK creation;
3. Test loading to target binary program’s address space. Test executing. An analyzed binary continues executing in same mode as before test loading.

Thus, Dataflow-0.3.0 version can be used for in memory fuzzing performing.

You can download utility, watch screenshots and release history from MaiWay project home page . Dataflow is MaiWay project part. The Dataflow tutorial (http://artem.ufoctf.ru/?p=164&lang=en) is also available. Enhanced features are described in The Dataflow tutorial. Part 2 (http://artem.ufoctf.ru/?p=339&lang=en). Please, feel free send bug reports, suggestions etc. to authors.

In short.

You can generate functions prototypes from binary module that looks like:

Code:
int ( __cdecl *functionstest2_sub_1120__)( void )
= ( int ( __cdecl * ) ( void) ) 0x401120;inline int __cdecl functionstest2_sub_1120( int a )
{
__asm{
mov EBX, a
}
return functionstest2_sub_1120__( );
}



After that you can develope some tests ( may be fuzzing actions ):

Code:
#include "functionstest.h"
void StartTest( void )
{
functionstest_sub_10C0( 88, 77, 66, 55 );
functionstest_sub_1080( 33, 44, 55, 66 );
}BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)void StartTest( void )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
StartTest();case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}



Buid it and execute in analyzed program address space with one click ( 3 clicks in deed  ).



Test executed, module's internal functions are fuzzed. After that program countinues its normal execution.

Thanks for attention