YoVDO

IDA2Obj - Static Binary Instrumentation on Steroids

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Cybersecurity Courses Reverse Engineering Courses Code Coverage Courses Binary Analysis Courses

Course Description

Overview

Explore a powerful tool for static binary instrumentation in this conference talk from Hack In The Box Security Conference. Learn about IDA2Obj, a tool designed to dump multiple object files from a single executable binary, enabling faster code coverage collection and integration with popular fuzzing engines. Discover the implementation process, challenges faced, and solutions developed by the creator, Mickey Jin. Gain insights into integrating IDA2Obj with fuzzing engines and witness a live demonstration of the tool in action. Delve into topics such as COFF object file format, object file writing, instrumentation techniques, and solutions for specific challenges like RVA fixing and compression schemes. Understand the advantages of this static binary instrumentation approach compared to dynamic binary instrumentation solutions, and explore future plans for the tool's development.

Syllabus

MICKEY JIN
# whoami
What is SBI/DBI ?
My First Idea
IDA2MASM: My First Solution
Export ASM File
Split By Segments
Re-Assemble
Tune Grammar List (Partial)
Link Issue
Link Solution
Patch The New Built Binary
Crash Root Cause
Think Of The Essence
My Second Idea (Algorithm)
Linker Does The Magic
Object File Format • Object file is COFF (Common Object File Format)
cough: Object File Writer • Repo : Install: pip install cough Tutorial
Encapsulate Some Primitives
Dump Objects
Instrumentation & Trampoline
Architecture
_afl_maybe_log
Harness
The Real Challenge & The Solu
FixRVA.py
Compression Scheme of FH4
Solution For FH4
Takeaway Two SBI implementations
Future Plan
HITB SECCONF SIN-2021 VIRTUAL EDITION


Taught by

Hack In The Box Security Conference

Related Courses

Continuous Integration and Delivery (CI/CD)
IBM via edX
Confidently Testing Redux Applications with Jest & TypeScript
egghead.io
How to Write an Open Source JavaScript Library
egghead.io
JavaScript Testing Practices and Principles
Frontend Masters
Testing and Modular Front-End
Frontend Masters