MSEC.dll BETA v1.0.1.0 Source and Bins x86 x64

Rating:        Based on 1 rating
Reviewed:  1 review
Downloads: 12326
Released: Mar 20, 2009
Updated: Mar 20, 2009 by jasoshi
Dev status: Beta Help Icon

Recommended Download

Source Code MSECExtensions.zip
source code, 983K, uploaded Mar 20, 2009 - 7863 downloads

Other Available Downloads

Documentation readme.txt
documentation, 5K, uploaded Mar 13, 2009 - 4463 downloads

Release Notes

Requirements:

Windows Debugger (windbg.exe)

Installation Instructions :

Copy the correct version (x86 or x64) to your Windows Debugger winext sub-directory

Usage Instructions:

You may need to explicitly load the MSEC DLL. If you installed it to the winext sub-directory, you can load
it with !load winext\msec.dll

{preserving formatting

!exploitable
Gives an analysis, including a proposed bug title

!exploitable -v
Gives a verbose analysis

!exploitable -m
Gives the same output as -v, but formatted for easy machine parsing

!exploitable -jit:address
Use the JIT Exception Record to determine the exception

!ror [-n <Rotation Count> [-c] <Value>
Get the API name for hash value <Value> using rotation count <Rotation Count>. Use -c to do a reverse lookup from an API name to a hash value. Run !ror without options for examples.


!xoru [-b] <addr> [<length>] <key>
Do the Xor transformation on the buffer from address <addr> to address <addr> + <length> using the key <key> and disassemble the buffer. Use -b to leave the transformed buffer in memory. Run !xoru without options for examples. You can do other types of transformation using xora, xorui, xorua, suba, subu, adda, addu, rola, or rolu.}

End of format preservation}

Known Issues:

!exploitable

The instruction set is known to be incomplete.

KERNELMODEEXCEPTIONNOTHANDLED / KERNELMODEEXCEPTIONNOTHANDLED_M does not currently differentiate between read and write access violations.

Reviews for this release

     
Amazing resource, hard to find advanced knowledge. Thanks for the ppt deck. Very professional.
by Faithdusk on Apr 16, 2009 at 5:32 PM