BugID automatically performs common crash analysis steps. Goal was make more $ by reporting faster to bounty programs.
-
-
Replying to @dguido
BugID is a wrapper around CDB on Windows. It is similar to !exploitable but with more useful output. !exploitable was never useful for him.
1 reply 0 retweets 0 likes -
Replying to @dguido
BugID reports contain lots of raw data plus a human readable summary.pic.twitter.com/eYIdJ7ej79
1 reply 0 retweets 2 likes -
Replying to @dguido
BugID detects 1st and 2nd chance exceptions. Then asks, what kind of bug causes this kind of exception?pic.twitter.com/dQ1Ihlkijg
1 reply 0 retweets 1 like -
Replying to @dguido
Needed a method to identify unique bugs. Encodes where, what, and how into a "bug id." Attempts to resolve differences in 32/64-bit builds.pic.twitter.com/IDV6LRwCmD
1 reply 2 retweets 5 likes -
Replying to @dguido
Stages of BugID development: 1. Run tests unattended 2. Don't waste time on known issues 3. Filter by type (filter non-issues) 4. Print $$$
2 replies 0 retweets 1 like -
Replying to @dguido
If symbols are available, BugID tries to look up location in Chrome/Firefox src code. Grades UAFs by estimated control of allocations. Neat!
1 reply 0 retweets 2 likes -
Replying to @dguido
BugID tracks distance between AVs and poison values to estimate control. Works for every bug type. Encoded on "bug id hash", easy to grep.pic.twitter.com/u5370K9VC4
2 replies 1 retweet 2 likes -
Replying to @dguido
Umm
@berendjanwever are you sure? Or do you just mean the normal PageHeap (not full)? B/c: https://msdn.microsoft.com/en-us/library/ms220938(v=vs.90).aspx …1 reply 0 retweets 0 likes -
That structure seems to be gone after free. I think the info is available, just don't know where. May be the page is just not accessible?...
1 reply 0 retweets 0 likes
Need to see if that's true: I could then make it accessible and extract the info. If anybody knows, let me know.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.