This paper will examine how DTrace, a kernel-based dynamic scriptable tracer, can be effectively used for reverse engineering tasks. DTrace offers an unprecedented view of both user and kernel space, which has many interesting implications for security researchers. In this paper we will introduce DTrace, comparing it to existing debuggers and tracers. We will then walk the reader through various applications of DTrace. We will show how to monitor for stack and heap overflows, generate code coverage graphs, trace code paths visually in target applications over the network with IDA Pro, and discuss intrusion detection and evading DTrace.
Recommended Comments
Create an account or sign in to comment