Flag: Tornado! Hurricane!
|
OpenRCE Win32 Call Chains Database This reference section was initially contributed to OpenRCE by pedram. The Win32 Call Chains database attempts to provide a useful and comprehensive interface to the function call trees of the main Microsoft Windows Dynamic Link Libraries (DLLs). The data-set was originally contructed during the development of a proof of concept Windows Intrusion Prevention System (IPS), similar to NAI Entercept and Okena/Cisco CSA. The information provided here was necessary to avoid the common mistake of not hooking "deep enough" (See Phrack 62 - 0x05) and is made available in hopes that others will find it useful and expand on it. The database is sectioned by Operating System and can be browsed and searched interactively. The following quick and dirty scripts were used to generate the data-set:
gen_mapper_sql.pl (Perl) gen_prefuse_xml.pl (Perl)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}