March 8th, 2006

face

reverse engineering tools tips..

I've today started doing some RE work on i9xx chipsets from Intel,

I've mangled two tools to help me,

I wrote an mmaptrace plugin for valgrind that I can run X under and trap all register writes to the register mmap, this is hacky as hell, it only post traps the write and reads the value after it has been written, but it works for what I need it for now. This is just using an existing tool to do the tracing that people have been talking about using mmap PROT_NONE and trapping all writes to the mmaped area using a SEGV handler.
I'm impressed by valgrind.

I've also mangled lrmi so I can do BIOS tracing, I can trap all the IO read/writes from the int10 calls and log them, the BIOS uses two IO ports to write memory mapped registers on the card, I've hacked up lrmi so it works out whether its doing register reads or writes.....

I've mentioned on IRC yesterday that to do reverse engineering you are better off writing your own tools or hacking up others, writing the tools gives you a lot better idea of how to do RE, and you can tailor them to what you want a lot easier. these hacks I'll probably post at some stage but I don't want to help someone figure them out, again if you have the ability to do reverse engineering you can do it, there are very few shortcuts, if you don't have the ability all the tools and asking stupid questions in the world won't help.