|
There a couple of known issues with this plug-in. It does not deal
with rep* instructions, nor does it deal with
mov** instructions that might result in copied buffers.
Future versions will deal with these instructions, but since it is
open-sourced the user can make changes as they see fit. Another
issue is that of ``no-interest''. By this the author means detecting
loops that aren't of interest or don't pose a security risk. These
loops, for example, may be just counting loops that don't write
memory. Halvar Flake describes this topic in his talk that was given
at Blackhat Windows 2004[3]. Feel free to read his paper
and make changes accordingly. The author will also update the
plug-in with these options at a later date.
|