MohamedG's Log



!exploitable is a crash analyzer plug-in for windows debugger (windbg) that does post-mortem analysis of a crash and assists its security risk, very cool! The project is licensed under Microsoft Public License (Ms-PL) and you can download it at codeplex. The analyzer rates the crash one of the following ratings: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown. Here are the usage instructions as listed on the project’s website:

Gives an analysis, including a proposed bug title

!exploitable -v
Gives a verbose analysis

!exploitable -m
Gives the same output as -v, but formatted for easy machine parsing

!exploitable -jit:address
Use the JIT Exception Record to determine the exception

!ror [-n <Rotation Count> [-c] <Value>
Get the API name for hash value <Value> using rotation count <Rotation Count>. Use -c to do a reverse lookup from an API name to a hash value. Run !ror without options for examples.

!xoru -b <addr> <length> <key>
Do the Xor transformation on the buffer from address <addr> to address <addr> + <length> using the key <key> and disassemble the buffer. Use -b to leave the transformed buffer in memory. Run !xoru without options for examples. You can do other types of transformation using xora, xorui, xorua, suba, subu, adda, addu, rola, or rolu.

For more info about the project please visit msec.