RCE Messageboard's Regroupment   Woodmann.com Swag Woodmann.com Swag Woodmann.com Swag

Go Back   RCE Messageboard's Regroupment > Blogs > _g_
Reload this Page IOCTL-Proxy
Register Blogs FAQ Calendar Search Today's Posts Mark Forums Read


To keep track of the posts in all our local blogs, subscribe to this RSS feed
To keep track of new threads (in all forums) of the RCE Messageboard, subscribe to this RSS feed
To keep track of all updates to the Collaborative RCE Tool Library, subscribe to this RSS feed
To get your own (reversing related) blog here, simply login and then click "Post to my Blog" below!

Rate this Entry

IOCTL-Proxy

Posted 12-21-2008 at 01:10 PM by _g_
This is a POC of IOCTL fuzzer. It gave surprisingly good results.

IOCTL-Proxy works by hooking NtDeviceIoControlFile, manipulating its' parameters and feeding them to the real function.

Load the driver and simply click around in application you want to test.

You will get a lot of BSODS, be careful.

PreviousMode==KernelMode is ignored, since we are only interested in calls from UserMode to KernelMode, not Kernel->Kernel.

Get it here:
http://www.orange-bat.com
Posted in Uncategorized
Views 1034 Comments 7
« Prev     Main     Next »
Total Comments 7

Comments

 
Post or View Comments
Total Trackbacks 0

Trackbacks

No other blogs currently reference this blog entry
 
Just in case...Please update your bookmarks to http://woodmann.cjb.net
Direct link : http://71.6.196.237/forum/
Some Useful Places
Fravia's Searchlores
Fravia's Original Reversing Site
Krobars Collection of tutorials
OllyStuph OllyDbg Resources
A complete searchable archive of the forum in .CHM format is available (updated Jan 3, 2009)
here (25.8 Mb zip)
Please do not ask for cracks, instead read this.

Started 10 May 1999

All times are GMT -5. The time now is 07:05 AM.

Contact Us - RCE Messageboard's Regroupment - Archive - Top

Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.