windbg ext


# 유용한 Windbg 확장 모듈    



1. !exploitable  


  - MSEC 에서 개발한 crash analyze 모듈로, exception 이 발생한 상태에서 해당 명령을 통해 실제 exploitable 한 

     지 여부를 알려준다. 


  - down: http://msecdbg.codeplex.com/releases/view/28935

  

  - 설치 : msec.dll 모듈을 디버거가 설치된 폴더의 winext 서브폴더에 복사(windbg 재시작)


  - usage : 

    > !load winext/msec.dll

    > !exploitable


ex) 아래와 같이 소프트웨어에서 예외가 발생하였을때 exploitable 한지 확인하기 위해 사용 가능


 0:000> !exchain

TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x86\triage\oca.ini, error 2

TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x86\winxp\triage.ini, error 2

TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x86\triage\user.ini, error 2

0012fa84: 41414141


0:000> !exploitable

Exploitability Classification: EXPLOITABLE

Recommended Bug Title: Exploitable - User Mode Write AV starting at SoriTong!MmutilityC8_4+0x0000000000000c53 (Hash=0x62360131.0x10454c60)


User mode write access violations that are not near NULL are exploitable.





+ Recent posts