Open-Source Hangover

“Open-Source Hangover: The feeling you have the morning after staying up way too late hacking on an OSS library.”

No regrets though, had a really productive evening with Karl Trygve, doing pair-programming on our dynamic (runtime) x86 re-compiler, which is part of Frida. It is used for tracing execution entirely in user-space without relying on hardware or kernel support, which means it’s blazingly fast and hard to detect. Last night we made the first successful call-trace deep inside of Spotify, which we like to use as our guinea pig for making sure we cope well with obfuscated code. (Next level up will be Skype, which contains even more nasty anti-RE tricks.)

Previously only got a partial call-trace where we lost control of the thread after about 300 CALLs. Late last night we made it all the way through the anti-RE mine-field and collected 50 000 CALL events in seconds. Next up is call depth tracking and live argument list type inference, this is gonna be even more fun! :-)

Advertisement

~ by oleandre on June 5, 2010.

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.