Feel free to post vdb / vtrace scripts directly in here, or as links out to separate pages.
I'll fill in a few more examples here shortly... -visi

Vdb Scripts Edit

These assume you are running them from the vdb command prompt with the command "script <>" (or Tools->Python from the vdb gui). This means they can assume that a vtrace Trace() object is mapped into the script's namespace (as well as a bunch of other useful stuff...)

Find Executable Stack Pointers Edit

import envi.memory as e_mem

sp = trace.getStackCounter()   # We could actually use just 'esp' on x86, but this is architecture independent
mmap = trace.getMemoryMap(sp)
if mmap != None:
    mapva, mapsize, mapperms, mapfname = mmap
    # We'll just assume 32 bit for a sec...
    mapoffset = sp - mapva
    ptrcnt = (mapsize - mapoffset) / trace.getPointerSize()
    fmt = '<%dP' % ptrcnt
    for maybeptr in trace.readMemoryFormat(sp, fmt):
        submap = trace.getMemoryMap(maybeptr)
        if submap == None:
        submapva, submapsize, submapperms, submapfname = submap
        if submapperms & e_mem.MM_EXEC:
            print 'Executable Pointer: 0x%.8x found in stack...' % maybeptr

More? Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.