Pedram Amini??™s Process Stalker is a powerful, freely available code coverage tool
designed to perform in the black box testing environment. Process Stalker consists of two
principal components and some post-processing utilities. The heart of Process Stalker is
its tracing module, which requires a list of breakpoints and the name or process ID of a
Gray Hat Hacking: The Ethical Hacker??™s Handbook
340
PART IV
process to stalk as input. Breakpoint lists are currently generated using an IDA Pro plug-in
module that extracts the block structure of the program from an IDA disassembly and
generates a list of addresses that represent the first instruction in each basic block within
the program. At the same time, the plug-in generates GML (Graph Modeling Language)
files to represent each function in the target program. These graph files form the basis of
Process Stalker??™s visualization capabilities when they are combined with runtime information
gathered by the tracer. As an aside, these graph files can be used with third-party
graphing tools such as GDE Community Edition from www.oreas.com to provide an alternative
to IDA??™s built-in graphing capabilities. The tracer is then used to attach to or launch
the desired process, and it sets breakpoints according to the breakpoint list.
Pages:
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615