Uninformed: Informative Information for the Uninformed

Vol 1» 2005.May

Known Issues

There a couple of known issues with this plug-in. It does not deal with rep* instructions, nor does it deal with mov** instructions that might result in copied buffers. Future versions will deal with these instructions, but since it is open-sourced the user can make changes as they see fit. Another issue is that of ``no-interest''. By this the author means detecting loops that aren't of interest or don't pose a security risk. These loops, for example, may be just counting loops that don't write memory. Halvar Flake describes this topic in his talk that was given at Blackhat Windows 2004[3]. Feel free to read his paper and make changes accordingly. The author will also update the plug-in with these options at a later date.