 |
|
 |
|
|
|
The materials shown on this page are copyright protected by
their authors and/or respective institutions. |
|
|
|
|
Win32 Call Chains |
|
Author(s):
Pedram Amini |
Institution:
OpenRCE.org |
Year:
(unknown) |
URL:
http://www.openrce.org/reference_library/win32_call_chains |
Project Description:
Founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more.
The Win32 Call Chains database, initially contributed to OpenRCE by Pedram Amini, attempts to provide a useful and comprehensive interface to the function call trees of the main Microsoft Windows Dynamic Link Libraries (DLLs). The data-set was originally contructed during the development of a proof of concept Windows Intrusion Prevention System (IPS), similar to NAI Entercept and Okena/Cisco CSA.
The database is organized by each Windows Operating System version (2000, 2003 SE, XP) and can be easily browsed and searched. Within each OS version, there's an interactive Java visualization for every module which creates some of the most amazingly complex graphs. The first image shows the resulting graph of Windows XP SP2 GDI32 module, while the second represents the NETAPI32 module of the same OS.
|
|
|
|
|
|
|
|
|
Comments (0):
|
|
|
|
|
| *Note* Before you submit your comment, bear in mind there's no guarantee it will be seen by this project's author. In case you want to contact the author directly, please follow the provided URL. |
| Leave a Comment: |
|
|
|
* COMMENTS HAVE BEEN TEMPORARILY DISABLED *
(We're looking for the best solution to avoid unwanted SPAM)
|
|
