Command options for !exploitable

May 13, 2009 at 11:33 AM

Hi

Can you please provide some more information about command usage of this extension? I have more than 100 crash dump files to analyze. Can you tell me the Command line options to analyze all the 100 dump files using a single command / batch file

 

Thanks

Sumit

Coordinator
Jun 19, 2009 at 7:25 PM

Sumit,

Sorry for the long delay, I've got a batch file for you though, just take the below, throw it in notepad, and then save it as a .bat.  Let us know if you have any questions.

Cheers,

Jason

Code begins==>

@echo off
setlocal ENABLEEXTENSIONS
@REM get local Path of script
for /F %%I in ("%0") do set localDir=%%~dpI

@REM Check for MSEC.dll in current directory, and in script directory
if not exist .\msec.dll (
	if not exist %localDir%\msec.dll (
		echo.
		echo MSEC.dll not in current directory, please copy MSEC.dll locally and 
		echo rerun classify.bat.
		echo.
		goto error
	) else (
		set msecPath=%localdir%\msec.dll
	)
) else (
	set msecPath=.\msec.dll
)

@REM Check that cdb.exe is in the path or local directory
WHERE /Q cdb.exe
IF  ERRORLEVEL 1 (
    echo.
    echo cdb.exe was not found in the local directory or path
    echo.
    goto error
  )

@REM Validate First Parameter 
if /i "%~1" EQU "" goto Usage
if /i "%~1" EQU "/?" goto Usage
if /i "%~1" EQU "-?" goto Usage
if /i "%~1" EQU "/help" goto Usage
if /i "%~1" EQU "-help" goto Usage
if not exit "%~1" (
	echo.
    echo "%~1" could not be found.
    echo.
    goto error
)

@REM Validate second Parameter
if /i "%~2" EQU "" goto Usage
if exist "%~2" (
  dir /a:d "%~2" > nul
  IF  ERRORLEVEL 1 (
    echo.
    echo "%~2" is a file, the second paremeter should be a directory
    echo.
    goto error
  )
)

@REM ERROR Checking Is Over
set Hash=
set Type=
set Exploitability=
set tempLog=.\ExploitableLog-%random%.Log

cdb -z "%~1" -a%msecPath% -c ".symfix+; .reload; .logopen \"%tempLog%\";!exploitable -m;.logclose;q"

for /f "tokens=1* delims=:" %%a in (%tempLog%) do (
	for /f "tokens=1*" %%c in ("%%b") do (
	   if /i "%%a" EQU "MAJOR_HASH" set MajorHash=%%c
	   if /i "%%a" EQU "MINOR_HASH" set MinorHash=%%c
	   if /i "%%a" EQU "SHORT_DESCRIPTION" set Type=%%c
	   if /i "%%a" EQU "CLASSIFICATION" set Exploitability=%%c
	)
)

set ResultDir=%~2\%CrashDir%\%Exploitability%\%type%\%MajorHash%\%MinorHash%
md "%ResultDir%"
copy /b /y "%~1" "%ResultDir%"
copy /b /y %tempLog% "%ResultDir%"
del /q %tempLog%
goto end

:usage
Echo classify.bat ^ ^
echo.
echo Classify.bat will place the specified dump and log into a directory structure as follows:
echo.
echo ^\^\^\^
echo.
echo Examples:
echo ^\EXPLOITABLE\WriteAV\0x6e05193a\0x7505193a
echo ^\PROBABLY_EXPLOITABLE\TaintedDataControlsCodeFlow\0x6e05193a\0x7505193a
echo ^\UNKNOWN\PossibleStackCorruption\0x6e05193a\0x7505193a
echo.
echo Classify.bat requires MSEC.dll to be in the current directory and cdb to be 
echo in the path.
echo.
echo To easily run classify.bat against a set of dumps try the following command:
echo.
echo for /R . ^%%a in (*.dmp) do classify.bat ^%%a C:\Crashes
echo.
goto error
:error
exit /b 1
:end
exit /b 0