[Owasp-o2-platform] Code tracing

Dinis Cruz dinis at ddplus.net
Mon Jul 26 18:36:17 EDT 2010


That is REALY interesting Colin, nice catch :)

These guys should really be moving into the security space since, if that
actually works the way it looks, it could really help with security
analysis.

It looks like their (closed-source tool) works by instrumenting code (i.e.
using Aspect technology) to grab the call-flow data. I have played a bit
with similar concepts in some previous O2 modules, and a lot of the building
blocks to create something like this (at least for .NET) are already in
place.

For example the '_CSharpScripts (O2 Tool).exe' module (which consumes the
'O2_Debugger_Mdbg.exe' module) already has 'recording' and 'animate trace'
features which would allow the storage of detailed information of ALL
instructions executed (It even includes a PoC to create O2Findings from
execution Flow :) ).

Another module that has something similar is the '_O2_Scanner_DotNet.exe'
which was a PoC that I wrote a while back that used PostSharp to instrument
a specific method,class or dll with .NET Aspect calls (on function enter and
function leave). I used this module to log execution flow and to apply
dynamic patches to vulnerable methods (i.e. dynamic patch/fix of known
vulnerabilities).

Let me know if anybody is interrested in these PoCs and I'll create a quick
video showing it in action.

Dinis Cruz

On Mon, Jul 26, 2010 at 11:36 AM, Colin Watson <colin.watson at owasp.org>wrote:

> I stumbled across this "PurePath" for Java/.Net which seems to offer
> tracing of the "complete execution path" "through all tiers including
> remoting calls and external services"
>
> http://www.youtube.com/watch?v=qJ96PaILU-M
>
> Although it relates to an application performance testing product, I
> though the similarity with O2's code transaction views was
> interesting.  It uses "lightweight agents" deployed through the
> infrastructure, extending the information sources into the database
> for example.  They say "patent pending trace and capture technology we
> call PurePath".  Not open source then :-(
>
> Colin
> _______________________________________________
> Owasp-o2-platform mailing list
> Owasp-o2-platform at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100726/4900a97e/attachment.html 


More information about the Owasp-o2-platform mailing list