- Version
- Download 910
- File Size 0.00 KB
- File Count 1
- Create Date 30.12.2014
- Last Updated 09.05.2019
Dataflow 0.3.0
Dataflow-0.3.0 is now available
New features are available:
1. Module’s functions recovering from binary code without any additional information;
2. Binary program test SDK creation;
3. Test loading to target binary program’s address space. Test executing. An analyzed binary continues executing in same mode as before test loading.
Thus, Dataflow-0.3.0 version can be used for in memory fuzzing performing.
You can download utility, watch screenshots and release history from MaiWay project home page . Dataflow is MaiWay project part. The Dataflow tutorial (http://artem.ufoctf.ru/?p=164&lang=en) is also available. Enhanced features are described in The Dataflow tutorial. Part 2 (http://artem.ufoctf.ru/?p=339&lang=en). Please, feel free send bug reports, suggestions etc. to authors.
In short.
You can generate functions prototypes from binary module that looks like:
= ( int ( __cdecl * ) ( void) ) 0x401120;inline int __cdecl functionstest2_sub_1120( int a )
{
__asm{
mov EBX, a
}
return functionstest2_sub_1120__( );
}
After that you can develope some tests ( may be fuzzing actions ):
void StartTest( void )
{
functionstest_sub_10C0( 88, 77, 66, 55 );
functionstest_sub_1080( 33, 44, 55, 66 );
}BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)void StartTest( void )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
StartTest();case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
Buid it and execute in analyzed program address space with one click ( 3 clicks in deed ).
Test executed, module's internal functions are fuzzed. After that program countinues its normal execution.
Thanks for attention