Skip navigation.
Home

Blackhat USA 2009: Reverse Engineering by Crayon

My Blackhat talk is over and I think things went really well. As promised here is the latest information on the slides. To be able to use VERA you will need to follow the installation instructions from the Ether project. Thanks again to everyone who attended and thank you for all the great questions.

VERA Info and Download Page
Reverse Engineering by Crayon Slides from the Blackhat talk.

If you're going to try and use Ether (which you definitely should) make sure you run Debian Sarge (or Etch or Lenny) with a 64-bit installation. From there the installation instructions from the Ether site should be all you need.

Read more for usage instructions.

To use the Vera code, you'll need to execute Ether with the instrtrace option and the binary you want to analyze. To do that, simply start your Xen Windows image.

xm create /etc/xen/your-windows-config.cfg

Once it is completely booted, copy your file on the system. From there you will need to start ether. The command-line to use is:

./ether ID_GOES_HERE instrtrace file-to-analyze.exe > file-to-analyze.trace

Start the executable on the virtual machine. Let it run for a little while and then kill the process inside of your virtual machine. Once that is done, copy the .trace file to your windows box.

The next step will be to run gengraph.exe on the resulting file. You will need the tracefile and the original executable in order to properly parse it.

gengraph.exe file-to-analyze.trace file-to-analyze.exe file-to-analyze.gml

This will generate two files: all-file-to-analyze.gml and bbl-file-to-analyze.gml. Now it's time to use the VERA program. You can simply open the GML files and begin exploring the file.

I hope you find it useful. If you run into problems please feel free to email me. dquistoffensivecomputing(DoOT)net.

Great Talk!!!

Danny the talk was awesome! The work you have put into this is great. Can't wait to install it!

Chad

Thanks Chad!

Thanks Chad!

I attended your talk at

I attended your talk at defcon.. I did enjoy the puppy :) excellent stuff tho, going to try and set it up soon.

Awesome Talk

I enjoyed your talk. Good Job!

Newbie lost

How do I setup and install VERA ? Where can I find info on the Ether project ?

This page may be a little

This page may be a little helpful for installing Ether.

http://www.offensivecomputing.net/?q=node/1379

As for Vera, just decompress the .zip and run it the executable in the resulting directory.

Can I get the VERA source

Can I get the VERA source code for my studies?

I'm working on releasing it.

I'm working on releasing it. This will most likely happen in May.

Great Job

I was looking for software like this for my honours project that I need to start planning for! This is great Danny, thanks alot!