OpenRCE Win32 Call Chains Database

The wrapper, tools, and info you need to get games working

OpenRCE Win32 Call Chains Database

PostPosted by OldBoy2k » Sun Apr 01, 2012 4:29 pm

This reference section was initially contributed to OpenRCE by pedram.

The Win32 Call Chains database attempts to provide a useful and comprehensive interface to the function call trees of the main Microsoft Windows Dynamic Link Libraries (DLLs). The data-set was originally contructed during the development of a proof of concept Windows Intrusion Prevention System (IPS), similar to NAI Entercept and Okena/Cisco CSA. The information provided here was necessary to avoid the common mistake of not hooking "deep enough" (See Phrack 62 - 0x05) and is made available in hopes that others will find it useful and expand on it. The database is sectioned by Operating System and can be browsed and searched interactively. The following quick and dirty scripts were used to generate the data-set:

call_mapper.idc (IDA Pro Script)
gen_mapper_sql.pl (Perl)
gen_prefuse_xml.pl (Perl)

An interactive Java visualization is available for each module under the 'graph' link, some of them are broken and still being debugged. If someone can write a nice custom graphing applet, please share.


Homepage: OpenRCE Win32 Call Chains Database
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Return to Tools & Info

Who is online

Users browsing this forum: No registered users and 0 guests

cron